Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical tips for securing your cloud James Turner, IBRS Advisor August 2012.

Published byIsabella Maynard Modified over 11 years ago

Similar presentations

Presentation on theme: "Practical tips for securing your cloud James Turner, IBRS Advisor August 2012."— Presentation transcript:

1 Practical tips for securing your cloud James Turner, IBRS Advisor August 2012

2 Building a smarter planet Warning This presentation has a lot of pictures of clouds 2

3 Building a smarter planet Practical tips to securing your cloud Defining the cloud What IBRS clients are asking & What the experts say Four interesting areas of risk Summary A glimpse of the future Questions 3

4 Building a smarter planet Defining cloud The most widely accepted definition of cloud comes from the National Institute of Science and Technology (NIST) : 1.On demand self-service 2.Broad network access 3.Resource pooling 4.Rapid elasticity 5.Pay-per-use measured service Im talking about SaaS 4 Morning Glory clouds – Gulf of Carpentaria. Source: NASA. Credit: Mick PetroffMick Petroff

5 Building a smarter planet What IBRS clients are asking & what the experts say Review our SaaS contracts for technical risks –Defence Signals Directorate (DSD) availability of data and business functionality; protecting data from unauthorised access; and, handling security incidents. –Australian Government Information Management Office (AGIMO) Liability Performance management Ending the arrangement –National Archives of Australia 5

6 Building a smarter planet Four SaaS vendor contract reviews Findings – there are 4 core areas of risk in these vendor MSAs: 1.Light on specifics 2.Heavy on indemnity 3.Default customer referencing 4.Flimsy data portability 6

7 Building a smarter planet Light on specifics Will protect customer data in a manner consistent with general industry standards reasonably applicable Will use commercially reasonable efforts to make the purchased services available 24 hours a day, 7 days a week. Impact: nothing to hold them to! 7 Light and wispy cirrus clouds

8 Building a smarter planet Heavy on indemnity They will not be held liable for any loss of data, or revenue, or profits. Service credits, if available, are like eating lettuce –You expend more energy chewing than you get from the consumption Impact: nothing to hold them to! –(and look at how well that worked in the software industry!) 8

9 Building a smarter planet Customer reference by default Customer agrees to work with Marketing Department to produce a news release to Customers use of the Service Risks of being outed as a customer: –kick me –Collateral damage –Target rich environment –Economy of effort for attackers Impact: what has this done to your risk profile? 9

10 Building a smarter planet Flimsy data portability Only 1 of the 4 mentioned a format Proprietary data formats help create lock-in One source of truth? Migrating to another vendor? –Who owns the metadata? –Can you access security logs? Impact: Vendor lock in, paying for migration, rivals being sold your work 10 Storm front over Phillip Island, Nov 11, 2011. Source: ABC.net.au

11 Building a smarter planet Conclusion: Practical tips to securing your cloud Understand the risks –Create a list of the technical risks –War game different scenarios, attacks, or failures –Walk these through with business stakeholders Contract management –involved vs. committed? –Be biased toward vendors who commit to standards –Note: Take-it-or-leave-it contracts are positively viewed by some 11 Asperatus Cloud, New Zealand, undated photo. Source: National Geographic

12 Building a smarter planet An interconnected world... 12... leads to exponential complexity and unforeseen interdependencies!

13 Building a smarter planet Questions? 13

14 Building a smarter planet References Cloud Computing Security Considerations, Defence Signals Directorate (Australian Department of Defence), April 2011.Cloud Computing Security Considerations Better Practice Guide: Negotiating the cloud – legal issues in cloud computing agreements, Australian Government Information Management Office, February 2012.Better Practice Guide: Negotiating the cloud – legal issues in cloud computing agreements A Checklist for Records Management and the Cloud, National Archives of Australia, 2011.A Checklist for Records Management and the Cloud IBRS research: –"The Next Perfect IT Storm: The Red Shift, Utility Computing", IBRS, April 2008.The Next Perfect IT Storm: The Red Shift, Utility Computing –"Cloud computing, you may need a parachute", IBRS, April 2009.Cloud computing, you may need a parachute –"Legal considerations that apply in cloud computing", IBRS, May 2009.Legal considerations that apply in cloud computing –"Cloud computing and the law - data considerations", IBRS, June 2009.Cloud computing and the law - data considerations –"Cloud computing and the law - business implication", IBRS, July 2009.Cloud computing and the law - business implication –"A legal checklist before taking off into the cloud", IBRS, August 2009.A legal checklist before taking off into the cloud –"APRA offers timely advice against losing your head in the cloud", IBRS, November 2010.APRA offers timely advice against losing your head in the cloud –"Two tests to evaluate Cloud economics", IBRS, March 2011.Two tests to evaluate Cloud economics –"A matrix for cloud computing risk analysis", IBRS, October 2011.A matrix for cloud computing risk analysis –"Cloud security - the real risks", IBRS, January 2012.Cloud security - the real risks –How do you catch a cloud and pin it down? Part 1, IBRS, May 2012How do you catch a cloud and pin it down? Part 1 –How do you catch a cloud and pin it down? Part 2, IBRS, July 2012How do you catch a cloud and pin it down? Part 2 14

Download ppt "Practical tips for securing your cloud James Turner, IBRS Advisor August 2012."

Similar presentations

A 2030 framework for climate and energy policies Marten Westrup

A 2030 framework for climate and energy policies Marten Westrup
1. 2 Partners in Procurement Steve Hagar Deputy Director Central Purchasing Division Department of Central Services August 24th, 2009.

1. 2 Partners in Procurement Steve Hagar Deputy Director Central Purchasing Division Department of Central Services August 24th, 2009.
Evidence of a Double Dip Recession June 2010 Daryl Montgomery June 24, 2010 Copyright 2010, All Rights Reserved The contents of this presentation are not.

Evidence of a Double Dip Recession June 2010 Daryl Montgomery June 24, 2010 Copyright 2010, All Rights Reserved The contents of this presentation are not.
Ad Hoc Bulk Electric System Task Force Update RPIC February 19, 2009.

Ad Hoc Bulk Electric System Task Force Update RPIC February 19, 2009.
- GDP 2011 versus 2010 – increase by 5.5%

- GDP 2011 versus 2010 – increase by 5.5%
Months of the year December January November October February

Months of the year December January November October February
Summary of Cloud Computing (CC) from the paper Abovce the Clouds: A Berkeley View of Cloud Computing (Feb. 2009)

Summary of Cloud Computing (CC) from the paper Abovce the Clouds: A Berkeley View of Cloud Computing (Feb. 2009)
A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
FIDIC 2005 Beijing Workshop 14 Risk and Liability for Consulting Engineers: An Australian Perspective Tony Barry, President and Therese Charles CEO Association.

FIDIC 2005 Beijing Workshop 14 Risk and Liability for Consulting Engineers: An Australian Perspective Tony Barry, President and Therese Charles CEO Association.
THE ROLE OF INSURANCE REQUIREMENTS WITHIN AN ORGANIZATION By Aaron Hardiman, MBA, ARM.

THE ROLE OF INSURANCE REQUIREMENTS WITHIN AN ORGANIZATION By Aaron Hardiman, MBA, ARM.
FINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE, MINING AND COMMODITIES TRANSPORT TECHNOLOGY AND INNOVATION PHARMACEUTICALS AND LIFE SCIENCES Break out session:

FINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE, MINING AND COMMODITIES TRANSPORT TECHNOLOGY AND INNOVATION PHARMACEUTICALS AND LIFE SCIENCES Break out session:
1 Contract Costing Every clause in a contract, regardless of whether it applies to economic or non- economic issues, can have cost implications. However,

1 Contract Costing Every clause in a contract, regardless of whether it applies to economic or non- economic issues, can have cost implications. However,
Green Building Ordinance Transportation and Environment Committee

Green Building Ordinance Transportation and Environment Committee
Prepared for [xxxx] – Commercial in Confidence connect transform protect A Cloudy Cyberspace? Tony Roadknight – Technical Architect.

Prepared for [xxxx] – Commercial in Confidence connect transform protect A Cloudy Cyberspace? Tony Roadknight – Technical Architect.
The Lucernex Cloud: A software-as-a-service solution delivered via the Cloud What is the Cloud? Cloud Computing is the future of all software applications,

The Lucernex Cloud: A software-as-a-service solution delivered via the Cloud What is the Cloud? Cloud Computing is the future of all software applications,
TechFire Conference Cloud Made Simple - Dispelling the Hype. Brian Larkin Operations Director Digital Planet Brian Larkin Operations Director Digital Planet.

TechFire Conference Cloud Made Simple - Dispelling the Hype. Brian Larkin Operations Director Digital Planet Brian Larkin Operations Director Digital Planet.
Managing Commodity Price Risk with Futures & Options.

Managing Commodity Price Risk with Futures & Options.
Market Research on Car Restriction for First-Year Students: Impact on Undergraduate Recruitment Final Report Overview – May 12, 2010.

Market Research on Car Restriction for First-Year Students: Impact on Undergraduate Recruitment Final Report Overview – May 12, 2010.
U.S. Views on Remanufacturing and Trade in Remanufactured Goods

U.S. Views on Remanufacturing and Trade in Remanufactured Goods
Revision of the Working Time Directive CBSP Committee 7 November 2012 Jorma Rusanen.

Revision of the Working Time Directive CBSP Committee 7 November 2012 Jorma Rusanen.

Similar presentations

Ads by Google