IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt

The document discusses security issues with software as a service (SaaS) and platform as a service (PaaS) models and the need for greater transparency from cloud providers. It mentions several large data breaches and outlines efforts by the Cloud Security Alliance (CSA) to establish standards and best practices through research groups and guidance documents. While compliance does not guarantee security, the CSA works to educate organizations and help negotiate security understandings between vendors and customers.

Common concerns regarding cloud security are increasingly being recognized as speculative cases, compared to the reality of how IT governance often fails in traditional on-premise environments: failure modes that the cloud model greatly offsets

This document discusses the implications of cloud computing for information privacy from an Australian perspective. It notes that cloud computing provides large data repositories accessible as a service, and that 14 million Australians and 900,000 small-medium businesses in Australia actively use cloud services. However, cloud computing also poses information privacy and data security risks for users regarding the use and disclosure of personal information without consent, as well as security threats from data location, access controls and long-term viability. The article explores the need for new privacy laws to protect consumer information stored in the cloud and support cloud industry growth in Australia, drawing comparisons to laws in the United States.

The document discusses the adoption of cloud computing across various parts of the US Department of Defense (DoD) and intelligence community. It outlines several early cloud computing projects from 2009 including the DoD DISA RACE and JFCOM Valiant Angel programs. It also discusses the National Security Agency's adoption of Hadoop and MapReduce for intelligence gathering. The document concludes that cloud computing adoption in the DoD and intelligence community has been rapid as the benefits are seen to outweigh security concerns, with system integrators building cloud offerings to support operational use cases.

This document discusses IBM's offering for a private cloud solution targeted at smaller enterprises. It begins by explaining the benefits of cloud computing for improving resource utilization and reducing costs. It then discusses the differences between public and private clouds, noting that private clouds can provide higher security and service level agreements. The document outlines IBM's BladeCenter Foundation for Cloud (BCFC) which provides the virtualized infrastructure that a cloud solution is built upon. It specifically highlights IBM's SmartCloud Entry solution, which sits on top of the BCFC and provides tools to simplify deployment and management of the private cloud, making it a suitable option for smaller enterprises seeking such a solution.

The document discusses security issues related to cloud computing. It identifies three main areas of concern: security and privacy of data, compliance with regulations, and legal/contractual issues. It provides checklists of specific security topics and concerns to evaluate for each area when considering adopting cloud services, such as data protection, identity management, business continuity, and liability. The goal is to help users properly assess cloud providers' security practices to protect their data and investments in the cloud.

This document discusses the top 10 security risks of cloud computing. It begins with an introduction by Ludovic Petit and provides background on cloud security risks. It then lists and describes each of the 10 risks: 1) Accountability and data risk, 2) User identity federation, 3) Legal and regulatory compliance, 4) Business continuity and resiliency, 5) User privacy and secondary usage of data, 6) Service and data integration, 7) Multi-tenancy and physical security, 8) Incidence analysis and forensics, 9) Infrastructure security, and 10) Non-production environment exposure. The document aims to help organizations assess cloud security risks and ensure cloud providers address these top risks.

This document discusses security issues and challenges related to cloud computing. It begins with an abstract that introduces cloud computing and notes that while it provides advantages like scalability and efficiency, security concerns have slowed its adoption. The document then provides details on three types of cloud deployments (private, public, hybrid) and three service delivery models (IaaS, PaaS, SaaS). It discusses specific security issues related to each deployment type and service model. The document also outlines some key challenges to cloud computing adoption, with security ranked as the top challenge by organizations according to surveys. Other challenges discussed are costing models and charging models in cloud computing.

This document proposes a novel framework for dependable cloud computing. It discusses security risks associated with cloud computing including vulnerabilities, accessibility issues, authentication, data tampering and privacy concerns. The framework aims to address these issues by involving all stakeholders to securely store and transfer encrypted data between private clouds and cloud service providers. An encryption system was designed using Java programming to encrypt and decrypt data in transit to test the dependability of stored and transferred data from the cloud. The goal is to improve security techniques and build trust in cloud computing by preventing and detecting security flaws.