Embed Size (px)
DESCRIPTION
Here is a quick presentation of ideas I used for a job interview last year.
Citation preview
Corporate IT Systems & Services
Richard | Diver 16th June 2011
…to the Cloud
Security considerations for migrating
Cloud computing: security
Computer Security
Network Security
Information Security
People
Technologies
Process
Boundaries
We are moving the boundaries of security, administration,
responsibility, and scalability
Boundaries
Security concerns with current trends in IT:
Flexibilityusers want more control over where they work, how and when. Data in the cloud is easier for them to access than connecting to the corporate network, and cheaper for the company too.
Boundaries
Security concerns with current trends in IT:
New devices & BYO
with consumerisation of IT we are seeing new device types enter the market, which themselves may not be secure, certainly not as secure as your corporate managed Windows 7 clients.
Boundaries
Does all the data stay in your datacentre, or is it replicated to the clients?(email, documents etc)
How good is your security? Really!
Boundaries
What do we care about most?
integrity vs. confidentiality vs. availability
• With hosted solution, physical security increases, as does operational efficiency. Requirement for deep skills in servers, network and storage are decreased
• This leaves your own team to focus on business support activities, providing the services critical to keeping the business driving forwards.
Secure Your Cloud Architecture: Step-by-Step
1. Establish service-oriented architecture (SOA) to ensure that we can safely relocate each component
2. Use federated identity management to ensure every user is known at every point in the cloud
3. Assign roles and other attributes to each user to verify data-access claims
4. Assign access-control rules to applications and data that can move with them to the cloud
5. Authorize access to applications and data based on verified user-access claims
In summary we need to:
• Identify the stages of our Information Lifecycle
• Clearly define roles and responsibilities, create Data Governance policies
• Understand the benefits and the true costs, legal & compliancy implications and risks
• Rethink our security policies to cover new aspects of IT
• Partner with the right service providers, that we can trust
• Use the Cloud service to increase organisational security and resilience
OUR data, our responsibilityeven when in the cloud!
Questions?
