www.eduserv.org.uk
Is the cloud secure?Ed Zedlewski, CIO, Eduserv
www.eduserv.org.uk
Cloud defined…
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
[National Institute of Standards and Technology]
www.eduserv.org.uk
Cloud defined…On-demand self-serviceBroad network accessResource poolingRapid elasticityMeasured service consumptionIaaS
SaaSPaaSPrivate CloudCommunity CloudPublic CloudHybrid Cloud
www.eduserv.org.uk
Cloud defined…
I want to buy only the computing I need, when I need it
www.eduserv.org.uk
What is Cloud Security?
I want my information and my services protected from the bad guys and from accidents
www.eduserv.org.uk
What could possibly go wrong?
www.eduserv.org.uk
Cloud scepticism
• 37% of businesses cite security concerns• 13% (and rapidly rising) complexity of IT systems
integration• 13% resistance to change
… yet growth in cloud services is rising faster than ever • 71% of local government organisations are using
cloud computing • 37% of local government are currently using
cloud applications • UK adults accessing the internet through a mobile
device doubled between 2010 and 2012: source: Ofcom
www.eduserv.org.uk
Who is looking after your service at 03:00 hours?
www.eduserv.org.uk
Is the security model fit for purpose?
www.eduserv.org.uk
Do you have effective MI and understand your risks?
www.eduserv.org.uk
Where is your data?
www.eduserv.org.uk
How do you access your cloud service• 8bn people• 12bn MID• 2bn houses• 2bn TV’s• 1.5bn bicycles• 1bn cars
www.eduserv.org.uk
How secure is your own IT shop?
• You will be subject to the same security challenges• Do you have all the necessary skills• Are you prepared to pay the cost of providing
service elasticity
www.eduserv.org.uk
Increase in cyber-attacks
On average 54 significant attacks by an unauthorised outsider were made on each large organisation in the last year
(twice the level seen in 2010)
www.eduserv.org.uk
Security breaches by staffComputer fraud; data loss; regulatory breaches; lack of education about security
• 19% of organisations suffered staff IT fraud • 20% of small businesses lost confidential data
www.eduserv.org.uk
Security Investment?67% of large organisations expect more security breaches next year
50% of large organisations expect to spend more on security next year
The challenge is getting value from the investment
MYTH: An in-house (xxx) server is more secure than a hosted solutionTRUTH: for a business without dedicated, in-house IT Professionals to monitor the security of its network, in-house server solutions have less physical security, digital security and backup security than hosted solutions
MYTH: An in-house solution offers more control than a Cloud solution• Maybe, but is this good or bad?• Who is counting the cost of change?• Heavy customisation increases cost and
reduces reliability • Application servers are very complex,
requiring high levels of skill 24x7 • Often cloud services abstract complexity
So what’s the difference?• Robust authentication & authorisation• Applications need to be architected for cloud
deployment - Never trust user input - Encode all output
• Consider data encryption • Effective service and contract management
www.eduserv.org.uk
Professionally built cloud services• Offer flexible levels of performance & security • Security designed in (not bolted on)• High availability designed in• Are monitored 7x24x365• Expertly managed
- Delivering appropriate CIA
www.eduserv.org.uk
Questions?
Ed Zedlewski, CIO, [email protected] 470431 Or visit the Eduserv stand
Top Related