Post on 01-Nov-2014
description
“Is Your Privacy at Risk? Securit and Privacy Chalenges in te Digital Modernit”
CyberCyber DefenseDefense InitiativeInitiative ConferenceConference 201120112020th th –– 2121stst March 2012, Grand Hall, BITEC, Bangna, Bangkok March 2012, Grand Hall, BITEC, Bangna, Bangkok
www.cdicconference.com
Public/Private Cloud SecurtiyTrends & Awareness
Assoc.Prof. Dr. Thanachart Numnonda
DirectorSoftware Park Thailand
2
6 Million SmartPhones in Thailand
3
More than 400,000 Tablets sold in Thailand
4
Source: wikipedia
5
iCloud
Deployment Model
Source : Wikipedia
8
Three layers of Cloud services
9
A Subset of Cloud Landscape
Source : Cloud Computing for Developers & Architects: Qcon 2008
Apps & Data Everywhere
Diverse Access Points
Browser
Windows
Mac
iOS
Android
Universal App Catalog and
Workflow
Broker
Entitlements, Policies and Reporting
SaaSServices
Windows
Legacy Apps
Data Services
Mobile Apps
The New Reality for Users
Source : From Datacenter to Device: Security in the Enterprise 2012 and Beyond : VMWare
11
2011-2014: The Hybrid Enterprise
enterprise boundary
public clouds
private clouds
cloud of users
Notional organizational
boundary
Cloud + Mobile
Dispersal of applications
Dispersal of data
Dispersal of users
Dispersal of endpoint devices
Hybrid Cloud Computing
Source : Achieving Security Assurance and Compliance in the Cloud: CSA
“At year-end 2016, more than 50 percent of Global 1000 companies
will have stored customer-sensitive data in the public cloud.”.
Gartner Prediction 2012
13
Top 5 Cloud Computing Trends
IT departments will be forever changed
Cloud security will no longer be an issue
Custom cloud computing services
Custom software development will shift towards the cloud
Innovation
Source : http://www.rickscloud.com/
Cloud Readiness Index 2011
Source : Asia Cloud Computing Association: September 2011
BSA GlobalCloud Computing Scorecard
Source : BSA GlobalCloud Computing Scorecard: Feb 2012
BSA GlobalCloud Computing Scorecard
Source : BSA GlobalCloud Computing Scorecard: Feb 2012
17
Cloud Forcing Key Issues
Critical mass of separation between data owners and data processors
Anonymity of geography of data centers & devices
Anonymity of provider
Transient provider relationships
Physical controls must be replaced by virtual controls
Identity management has a key role to play
Cloud WILL drive change in the security status quo
Reset button for security ecosystemSource : Achieving Security Assurance and Compliance in the Cloud: CSA
18
What are the Trust Issues?
Will my cloud provider be transparent about governance and operational issues?
Will I be considered compliant?
Do I know where my data is?
Will a lack of standards drive unexpected obsolescence?
Is my provider really better at security than me?
Are the hackers waiting for me in the cloud?
Will I get fired?
Source : Achieving Security Assurance and Compliance in the Cloud: CSA
19
Key Problems of Tomorrow
Keeping pace with cloud changes
Globally incompatible legislation and policy
Non-standard Private & Public clouds
Lack of continuous Risk Management & Compliance monitoring
Incomplete Identity Management implementations
Haphazard response to security incidents
Source : Achieving Security Assurance and Compliance in the Cloud: CSA
20
21
Thank You
www.cdicconference.com
thanachart@swpark.or.thtwitter.com/thanachartwww.facebook.com/thanachartwww.swpark.or.thwww.facebook.com/softwareparkthailand