“Is Your Privacy at Risk? Securit and Privacy Chalenges in te Digital Modernit”

CyberCyber DefenseDefense InitiativeInitiative ConferenceConference 201120112020th th –– 2121stst March 2012, Grand Hall, BITEC, Bangna, Bangkok March 2012, Grand Hall, BITEC, Bangna, Bangkok

www.cdicconference.com

Public/Private Cloud SecurtiyTrends & Awareness

Assoc.Prof. Dr. Thanachart Numnonda

DirectorSoftware Park Thailand

2

6 Million SmartPhones in Thailand

3

More than 400,000 Tablets sold in Thailand

4

Source: wikipedia

5

iCloud

Deployment Model

Source : Wikipedia

8

Three layers of Cloud services

9

A Subset of Cloud Landscape

Source : Cloud Computing for Developers & Architects: Qcon 2008

Apps & Data Everywhere

Diverse Access Points

Browser

Windows

Mac

iOS

Android

Universal App Catalog and

Workflow

Broker

Entitlements, Policies and Reporting

SaaSServices

Windows

Legacy Apps

Data Services

Mobile Apps

The New Reality for Users

Source : From Datacenter to Device: Security in the Enterprise 2012 and Beyond : VMWare

11

2011-2014: The Hybrid Enterprise

enterprise boundary

public clouds

private clouds

cloud of users

Notional organizational

boundary

Cloud + Mobile

Dispersal of applications

Dispersal of data

Dispersal of users

Dispersal of endpoint devices

Hybrid Cloud Computing

Source : Achieving Security Assurance and Compliance in the Cloud: CSA

“At year-end 2016, more than 50 percent of Global 1000 companies

will have stored customer-sensitive data in the public cloud.”.

Gartner Prediction 2012

13

Top 5 Cloud Computing Trends

IT departments will be forever changed

Cloud security will no longer be an issue

Custom cloud computing services

Custom software development will shift towards the cloud

Innovation

Source : http://www.rickscloud.com/

Cloud Readiness Index 2011

Source : Asia Cloud Computing Association: September 2011

BSA GlobalCloud Computing Scorecard

Source : BSA GlobalCloud Computing Scorecard: Feb 2012

BSA GlobalCloud Computing Scorecard

Source : BSA GlobalCloud Computing Scorecard: Feb 2012

17

Cloud Forcing Key Issues

Critical mass of separation between data owners and data processors

Anonymity of geography of data centers & devices

Anonymity of provider

Transient provider relationships

Physical controls must be replaced by virtual controls

Identity management has a key role to play

Cloud WILL drive change in the security status quo

Reset button for security ecosystemSource : Achieving Security Assurance and Compliance in the Cloud: CSA

18

What are the Trust Issues?

Will my cloud provider be transparent about governance and operational issues?

Will I be considered compliant?

Do I know where my data is?

Will a lack of standards drive unexpected obsolescence?

Is my provider really better at security than me?

Are the hackers waiting for me in the cloud?

Will I get fired?

Source : Achieving Security Assurance and Compliance in the Cloud: CSA

19

Key Problems of Tomorrow

Keeping pace with cloud changes

Globally incompatible legislation and policy

Non-standard Private & Public clouds

Lack of continuous Risk Management & Compliance monitoring

Incomplete Identity Management implementations

Haphazard response to security incidents

Source : Achieving Security Assurance and Compliance in the Cloud: CSA

20

21

Thank You

www.cdicconference.com

thanachart@swpark.or.thtwitter.com/thanachartwww.facebook.com/thanachartwww.swpark.or.thwww.facebook.com/softwareparkthailand