6. There Are Different Types of Public Clouds
Fully functional applications provided such as
SaaS CRM, ERP, email, Project Management,
Software s a Travel Services, etc.
Service
PaaS Operating environments included such as
Platform as a Service Windows/.NET, Linux/J2EE, applications of
choice deployed
Virtual Data Centers
IaaS
Infrastructure
Virtual platform on which required operating
Cloud Centers
as a Service environment and application are deployed.
Also includes storage as a service offerings
Data Centers
6
7. Market Landscape
Gartner September 2012
Public cloud services market is forecast to grow
19.6 percent in 2012 to $109 billion
Business process as a service (BPaaS) represents
77 percent of the total market
Infrastructure as a service (IaaS) is forecast to be
$6.2 billion in 2012 and growing at a rate of 45.4
percent
The total public cloud services market is forecast
to grow to $206.6 billion in 2016
7
10. Cloud Adoption Need for Data Security
Data = Cash
• Reputation, Compliance, Penalties
Layers of Network Security Applied Today
• Next Gen Firewalls, VPNs, IPS, SIEM, DAM/DAP,
Move to Include Data Security
• Encryption, Key and Policy Management
12. Why does encryption make data secure in
the cloud?
Cloud is inherently multi-tenant
All infrastructure i.e. compute and storage are shared among different customers
(serially)
In the event there is a physical theft at the service provider facilities unprotected
data is left vulnerable
In the event there is unauthorized access (malicious or inadvertent) unprotected
data ends up in the wrong hands
Sensitive data must be protected to meet regulatory
requirements
Payment Card Industry (PCI) Data Security Standard (DSS)
HIPAA HITECH
Safe Harbor
Enable governance for hybrid clouds
Seamlessly manage private and public clouds by complying with the corporate
regulatory and security standards
13. Two Different Perspectives
Cloud Service Provider
• Want to provide assurances to their
customers that the service is secure
• This is a competitive differentiator
Cloud Service Provider Customer
• Some will trust that their data is being
properly secured
• Some will demand that they maintain
complete control of their data
15. 3 Components of Data Security in the Cloud
Policy
Management
Key
Management
Encryption
16. Encryption, Policy and Key Management
Policy and key management are extremely
important aspects of encryption
Keys are used to encrypt/decrypt data
Policies, which are tied to business need, define
how keys are distributed and authorized for use
Enterprises typically have several encryption
solutions and keys are not centrally managed
Centralized policy and key management is essential
to meet the business needs, governance and
regulatory requirements
17. Centralized Key Management
Benefits
Central repository for secure storage of keys
Key life cycle management (creation, deletion, expiry
notification, reporting)
Policies (define how keys will be used)
Separation of duties
Secure backup
Compliance with standards such as FIPS 140-2
Manage encryption solutions using industry standards
e.g. PKCS #11, KMIP
18. Centralized Key Management
Key Management: As a service or On Premise?
Approach Tradeoffs
Custodianship Risk Cost Separation of Multi-
duties Tenancy
On-Premise
solution High (can be
Low Lines of
Customer amortized across Yes
(customized) business
large deployment)
Key
Management
Yes. But only if data is
as a Service Depends on not managed by key Multiple
Service Provider Low
the SLA management service customers
provider
19. Understanding Data Security with Software
as a Service (SaaS)
Doing your research: Data security due diligence
Customer does not control how information is handled but can effect it
The risk: data security threats
Data exposure
By SaaS provider
By IaaS partner
By customer through application controls
SaaS touch points: SaaS controls that customer can effect
Data handling and protection agreements in contractual negotiations
Security administration for access controls
Solutions
Data encryption used by SaaS providers to fulfill customer requirements
Tokenization by on-premise network appliances (Cloud Gateways)
20. Understanding Data Security for
Infrastructure as a Service (IaaS)
Doing your research: data security due diligence
Customer does not control how infrastructure security is handled
Customer responsible for data security
The risk: data security threats
Data exposure
By IaaS provider
By customer through application controls
IaaS touch points: IaaS controls that customer can effect
Data handling and protection agreements in contractual negotiations
Security administration for access controls
Encryption/Key Management for data protection
Solutions
Customer encrypts data; Customer is custodian of keys
Customer encrypts data; Different service provider for key management
21. Summary
Cloud computing is a pervasive trend with
compelling economics
Ensuring data security and privacy is necessary to
embracing cloud computing
Encryption protects data and makes it safer to
migrate to cloud
Policies, separation of duties and key management
are the underpinnings of encryption
Tradeoffs in risk, costs and compliance to
regulations must be considered in choosing a
solution