MIMOS Develops Private Enterprise Blockchain Applications ...
US Patriot Act: Making the Case for Enterprise Private Cloud
-
Upload
activestate -
Category
Technology
-
view
2.226 -
download
0
description
Transcript of US Patriot Act: Making the Case for Enterprise Private Cloud
![Page 1: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/1.jpg)
US Patriot Act:Making the Case for Enterprise Private Cloud
![Page 2: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/2.jpg)
Who am I? & Why am I paranoid?
Diane MuellerDirector, Enterprise Product Management Member, XBRL International
![Page 3: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/3.jpg)
Founded 19972 million developers, 97% of Fortune 1000Development, management, distribution & cloud deployment for dynamic languagesCloud Solution: Stackato – Private PaaSSome of Our Customers
About ActiveState
![Page 4: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/4.jpg)
Business Drivers for Cloud ComputingUS Patriot Act & Data PrivacyImplications for Cloud Computing
Agenda
![Page 5: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/5.jpg)
Savings of physical IT costsFaster Deployment TimesHigher Levels of Application Availability Reliability & Fault ToleranceAccess AnywhereCapacity scales as needs changeImproved Time to Market
Cloud Computing Business Drivers
![Page 6: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/6.jpg)
Maintain privacy & confidentialityPreserve intellectual property rightsPotential for intervention by foreign governments Manage operational & commercial risksComply with industry & jurisdictional regulatory requirements
Complex Balancing Act
![Page 7: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/7.jpg)
Information is no longer in your direct custody or control.handed over to a third party to manageresident in a different jurisdiction or multiple jurisdictions
Mass-market cloud services are subject to “take it or leave it” service agreementsInformation and data may not be “portable” – you can’t take it with you
Cloud Computing Privacy Issues
![Page 8: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/8.jpg)
Signed into law in October 2001 Extended in May 2011
grants privileges to access private data in case of suspected terrorist threats significantly increased the surveillance and investigative powers of law enforcement agencies in the United States
Enter the US Patriot Act
![Page 9: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/9.jpg)
http://www.google.com/transparencyreport/governmentrequests/userdata/
Who is complying?
![Page 10: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/10.jpg)
Example: Dropbox
https://www.dropbox.com/privacy
![Page 11: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/11.jpg)
Where your data lives matters
![Page 12: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/12.jpg)
New powers of surveillance and search/seizure extend to records of anyone (including Foreign Nationals) in the US.
Extends to records in the custody of US companies in Foreign CountriesForeign-based subsidiaries of US companiesForeign-based companies with presence in US
US Patriot Act Expands Surveillance
![Page 13: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/13.jpg)
Changes to Rules of Engagement
Cloud Computing is premised on the concept of infrastructure pooling
regardless of geographic location.
Users may not have visibility in relation to the ultimate location of data.
Data may not in fact be pooled in one place
could be spread across a cloud service provider's network.
![Page 14: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/14.jpg)
Data that is housed or passes through the United States is vulnerable to interception by authorities
applies to:
Everyone living and visiting the country, including any foreign national who spends time on U.S. soil as part of a visa arrangement. Companies based in the U.S., whether they are headquartered there or not
Data effected by US Patriot Act
![Page 15: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/15.jpg)
BBC Worldwide HQ in Londonalso has studios and offices in the U.S making these U.S.-based offices vulnerable to the Act.
Example: BBC
![Page 16: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/16.jpg)
National Security Letters can involve a gag orderprevents the organization from ever disclosing receipt of a letter requiring the handover of records.
Vendors cannot provide a guarantee that their customers would be informedThis contravenes the EU Data Protection Directive which requires organisations to inform users when personal information is disclosed.
Gag Orders & the Cloud
![Page 17: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/17.jpg)
Regulatorsmay restrict the international transfer of certain kinds of data, even require certain kinds of data to be kept separate and not be intermixed with other data.
Examples:AustraliaCanadaEUHIPPA, PHI
Add Jurisdictional & Industry Regulations
![Page 18: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/18.jpg)
MSFT could not guarantee the sovereignty of European customers’ data in its data centers
If the US Patriot Act was invoked, MSFT would be compelled to hand data over to US authorities and would keep the data transfer secret
This contravenes the new EU Data Protection Directive which requires organizations to inform users when personal information is disclosed
Extremely difficult for US HQ companies to refuse to comply with the Patriot’s Act in deference to the EU Directive
Example: Microsoft Warning
![Page 19: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/19.jpg)
Cloud computing fragmenting along national boundary lines
CEO, Reinhard Clemens
"The Americans say that no matter what happens I'll release the data to the government if I'm forced to do so, from anywhere in the world, certain German companies don't want others to access their systems. That's why we're well-positioned if we can
say we're a European provider in a European legal sphere and no American can get to them."
![Page 20: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/20.jpg)
Remains responsible for protecting and safeguarding informationNeeds to make informed choices
Take a risk-based approachWhat is the sensitivity of the information?What is the risk to the data?What role does the jurisdiction play in that risk?
If the risk is high and the safeguards cannot be assured, then don’t use the service provider
In principle, the original custodian:
![Page 21: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/21.jpg)
Own the infrastructureRun your own cloud in your data center
Minimizes US Patriot Act
effect
If the Risk High: Consider Private Clouds
![Page 22: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/22.jpg)
Why a Private Cloud?
Keep all your data within your own firewalls Avoids the Gag IssueIf the US Gov’t wants information – they have to ask you, not some cloud provider
Keep all your data within secure containersMulti-tenancy Security by IsolationEnsure Privacy within your organization
Encrypt your data when you transmit it beyond your firewallsControl & Manage your own resources
![Page 23: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/23.jpg)
![Page 24: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/24.jpg)
Greater oversight & control Maintaining security of dataGreater control over computational resourcesExclusive to an organizationManaged either by the organization or a third partyHosted in the organization’s data center or outside
Benefits of Private Clouds
![Page 25: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/25.jpg)
Applications (SaaS)
Application Middleware/Platform (PaaS)
Infrastructure (IaaS)
Security comes in Layers on the Cloud
![Page 26: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/26.jpg)
Cloud Computing Infrastructure IaaS Layer:
Gives you an Elastic PlaygroundPooled ResourcingShared Operating SystemShared Services
Security byUnix User Separation
![Page 27: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/27.jpg)
PaaS Layer:gives your applications individual Playgrounds
Everyone gets their own Operating systemNo Shared ServicesSecurity by IsolationSecure Multi-tenancy
PaaS Layer Gives Containerization
![Page 28: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/28.jpg)
Applications need more than just infrastructure!Applications Need Secure EnvironmentsApplications need middleware components: languages, modules, databases, web serversApps don’t deploy themselvesA PaaS automatically configures and deploys the middleware,
so your SaaS apps practically deploy themselves
Why add a PaaS layer?
![Page 29: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/29.jpg)
Multi-Choice, End-to-End, Portable
![Page 30: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/30.jpg)
Setup & Scale
• Create an AUTO-CONFIGURING private PaaS on top of private cloud or IaaS in minutes
Develop & Deploy
• Deploy NEW, migrating EXISTING applications to the cloud in 3 steps, < 15 minutes
Manage & Monitor
• Manage updates, upgrades
• Monitor application performance
Cloud Platform for Creating a PaaS
![Page 31: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/31.jpg)
Large enterprise, government:
Private PaaS for large # custom apps, security, compliance
ISVs/Systems Integrators:
Self-manage, migrate and host SaaS applications
Private cloud/Managed
Service Providers:
Add private PaaS to IaaS for clients
Who is deploying Private PaaS today?
![Page 32: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/32.jpg)
Hybrid Clouds
Private CloudsPublic Clouds
Enables Application Portability across Clouds
![Page 33: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/33.jpg)
Easy sign-up at http://activestate.com/cloudTry it on a free Micro CloudTry it in the sandbox on an Amazon EC2 instance
Try Stackato on your private Cloud
![Page 34: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/34.jpg)
Maintain accountability and ensure securityKeep your & your clients’ data private & secureEnsure that you are notified requests for information based US Patriot ActStill get all the benefits of cloud (elasticity, pooling resources within your organization, with faster time-to-market) on a private cloudMake migration and deployment with private cloud easier with a private PaaS
Wrap-Up
![Page 35: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/35.jpg)
Questions?
![Page 36: US Patriot Act: Making the Case for Enterprise Private Cloud](https://reader033.fdocuments.in/reader033/viewer/2022061211/54795ae4b4af9f49348b466f/html5/thumbnails/36.jpg)
www.activestate.com/cloud
Twitter: @activestate (#stackato)Blog: www.activestate.com/blog
Email: [email protected]
#stackato IRC channel on Freenode
Thank you!