The emergence of the Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) models are just two of many inflection points as IT migrates away from the traditional data centers and into the cloud, shifting more control over security from the enterprise to the service provider. How will your security and compliance strategy change when this transformation is complete? This presentation will explore technologies and strategies you need to adopt today to prepare to support security and compliance in the cloud age.
2. Introduction Misha Govshteyn – CTO, Alert Logic Work in security and web-scale architecture; operate high performance LAMP environment and Erlang-based compute grid Help hosting/cloud service providers deliver security services Secure Cloud Review blog -> http://www.securecloudreview.com/ What we do at Alert Logic
3. About this session Objective:Help you make security & compliance decisions that prepare your company for the future This presentation addresses a broad trend of consuming IT as a service Cloud in this context includes IaaS PaaS SaaS Why take such a broad view? Because each of these models has potential to significantly alter the way you protect your most critical assets
4. Putting 2010 questions in perspective Questions of today are less important than this fact : IT is increasingly delivered as a service Your IT footprint is already changing… probably adopting some form of cloud services network is already becoming decentralized Some of your data may already be off-premise IaaS? PaaS? SaaS? Private vs Public? IT vs Cloud?
8. Your enterprise 5 years from now Perimeter is less important than ever More than 50% of your critical data is offsite Some in environments you do not control Some users don’t need your VPN to do their jobs Securing the enterprise will be characterized by Continuous transfer of security responsibility to service providers of all types Application/protocol level attacks Even more compliance requirements than today
24. X-Factor: the Auditors Passing a compliance audit in the cloud in next 5 years will require equal parts luck and planning Improving your chances Distant future: find an auditor that understands and has experience in cloud environments Today: help your auditor understand your environment API? CSA? XML? A6? Hadoop? EC2? VPC? XEN?
25. First steps Engage with your IT security and auditors Build a roadmap for dealing with the dissolving perimeter and set realistic goals for your team Understand how Security SaaS fits into your current and future strategy Explore technologies/efforts important to secure cloud adoption: IDM, OWASP, WAF, CSA, A6 Choose cloud environments that understand and plan to address your evolving security needs