Upload
cloudexpoeurope
View
808
Download
1
Embed Size (px)
DESCRIPTION
Cloud Security and Cyber Security, David Spinks, HP
Citation preview
Cyber Security in Real-Time Systems
CSIRS
David Spinks - Chairman
February 2011
Quote by : Sun Tzu
As Sun Tzu, the military theoretician and strategist extraordinaire of
ancient China, wrote in his seminal work "The Art of War", "The skilful
leader subdues the enemy’s troops without any fighting; he captures their
cities without laying siege to them; he overthrows their kingdom without
lengthy operations in the field.”
Lush
Stuxnet
LSE
NYSE
E-Trading
RBS ATM
The Cloud Defined:
Cloud (IAAS) Pressures
Instant now
any time anywhere
Continued cost reduction
beyond OutsourcingLimitless
Flexibility
Limitless Volumes
Up and Down
IT Utility
Managed
Services
Secure
Services
What are the obstacles to Cloud Services ?
2008
What are the obstacles to Cloud Services ?
2009
2010
8
Into the (Cloud) Futurewith hp
SOURCING MODELS
TRADITIONAL
CONFIGURED
SERVICES
MANAGED
HOSTING
ENTERPRISE
CLOUD
SERVICES
ADVANCED
CLOUD
AUTOMATED
HOSTING
UTILITY
SERVICES
TECHNOLOGY
ISLAND
SYSTEMS
INTEGRATION
SERVICES
ECOSYSTEM
AG
ILIT
Y
So what are the security hot buttons?
Robust acceptable pan-client Information Security policies and procedures.
One single independent assurance certificate - no your auditors and will
not be allowed access.
Identity and access management need to get this working anyway!
Business continuity and IT DR acceptance of standard RTO and RPO.
Encryption (key management) will be a client responsibility this issue is
related to IdM!
Flexibility in contracts and please kill off the “old school” purchasing and
contracts departments!
Solutions and Best Practice :
11 April 20th, 2010 - v1
Review InfoSec Program Documentation Interview Subject Matter Experts (SME) Inspect Infrastructure & Controls
Complete Security/Continuity Checklists Cloud Computing Readiness Workshop Analyze Data & Determine Gaps
Cloud Computing Security Roadmap WorkshopCreate Service Improvement Plan (SIP) Create Remediation Roadmap
Cloud Computing Security Assessment Process Flow
1
4
7
2
5
8
3
6
9
Week 1 Week 2 Week 2
Week 2 Week 2 Week 3
Week 4 Week 4 Week 4
Confidential & Proprietary
Information of Hewlett-Packard
Company
Conclusions
Adoption of Cloud lessons leant not available
Implementation experiences limited
Security and risk management methods immature
Best practice evolving but gaps exist still
Views of regulators and auditors still not clear
Legal and regulatory issues (e-Discovery Jury is still out!)
Watch this space ....
Finally
Linkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623430
http://www.cloudsecurityalliance.org/
http://www.hp.com/hpinfo/newsroom/press/2009/090331xa.html
Q and A