SlideShare a Scribd company logo

Identity privacy and data protection in the cloud – what is being done is it enough goal capgemini m skilton v1

Download as PPTX, PDF
Mark Skilton
Mark Skilton

“Identity, Privacy, and Data Protection in the Cloud – What is Being Done? Is it Enough?” GOAL Global Outsourcing Lawers Conference. Cpagemini Mark Skilton

Related slideshows

Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011
 
What changes for Internet of Things technologies with the EU Data Protection ...
What changes for Internet of Things technologies with the EU Data Protection ...What changes for Internet of Things technologies with the EU Data Protection ...
What changes for Internet of Things technologies with the EU Data Protection ...
 
NSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access ManagementNSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access Management
 
1 of 6
Mark Skilton, Director, Strategy Office, Global Infrastructure Services Co-Chair, Cloud Computing Work Group, The Open Group Member, ISO JC38 UK Mirror +44 7787 692197 mark.skilton@capgemini.com Twitter @mskilton http://uk.linkedin.com/pub/mark-skilton/1/189/968 “Identity, Privacy, and Data Protection in the Cloud – What is Being Done? Is it Enough?”
| Capgemini & Cloud Trust and Risk Trade-off  In the Cloud everything is perceived as untrusted and insecure  Many enterprises have company policies requiring data and access to be stored behind the Corporate firewall; transport between geographies are not allowed  Industrial certifications require physical isolation, audit and authentication processes Trust ? Internal Private Hybrid Public Physical Resources/ locations Edge Span of Insource & Outsource Span of Technology
| Capgemini & Cloud What’s being done to Secure Cloud…….. Move data between SQL and nonSQL databases DBMS Server Legal Issues IP Patent Law – Independence of software on device and OS Bundling Legal Definition of an API e.g. Google API, MSFT API US / EU Patriot, SafeHarbor, DA rules Cultural Impact Provisioning Policy Management Amazon gets FISMA certification EU Open Data portal Open Data standards W3C EU inter- country data Use of Public APIs e.g. Google+ Twitter APIs Use of APIs/ personal Data Protection TLS, SSL Transport Layer end to end Pass through Threats Hypervisor IOP e.g. Citrix and AWS Device IOP e.g. User Experience and UI e.g. Ipad , Samsung e.g. Microsoft OS 8 – tablet IOP EU announce common Data Portal Vertical Sector B2B Schemas Vendor Technology Standards seeking Openness e.g. DMTF, ODCA, OMG CCSC Illustrative ISA Chip standards Database Scalability & Portability Hypervisor Portability & Hypervisor Interoperating Hybrid Device from service abstraction Government led Legal certifications Vertical industry Government led Standard schemas Network transport issues Choices , NSPs, ISPs API openness and ownership Multi-form factor supportability Apps, content stores access Personal/vendor Portability Market / Region Provider / Entity Network API / Gateway / Portal Device / Browser OS Server Storage Software Application Data / Payload Hypervisor Business Process DC Hosting Public Cloud Hosted Private Cloud Hosted Open Source Cloud Hosted Legal & Security Industry Nomenclatures Deployment strategies Common Industry standards Vertical Industry standards e.g. Oracle, IBM e.g. Amazon & Others e.g. open nebula TechnologyandBusinesstiers Provisioning Policies Inter-country data exchange Multi-form factor data portability Service IP component bundling Application environment Portability Storage as a Service Compute as a Service Applications as a Service Desktop as a Service Big Data as a Service Move application OpenStack, CloudStack Shifts B2B / B2C Platforms Device Store Services Social Networks, C2C Policy Areas The Open Group – Cloud Computing Interoperability Portability Project 2012 Examples of some Legal activity in last 12-24 months EU announce Data Privacy Controls
| Capgemini & Cloud How can we get control of Identity, Privacy, and Data Protection in the Cloud ? Extensible Boundaries From Introduction to CIEL – CILE Project – an Open Group project Work in Progress Copyright SyntheticSpheres 2012 Identity – Is this controlled by User Device or By You in your Cloud Server or a Proxy Service e.g. OpenID ? Privacy – What Boundary Conditions are acceptable to you? Do you want Closed , Secure Cloud? Do you want Distributed Secure Cloud? Do you want Regional/Local Controls do you want guarantees What Legal Jurisdiction do you follow? Data Protection – Data at Rest – Encryption, IP Control Data in Transit – Encryption, Monitoring Data Age – Archive and Audit Control What Legal Jurisdiction do you follow? Provider Consumer Policy Management Boundary Policy Management Legal Contract Back to Back control
| Capgemini & Cloud “It is impossible for a distributed computer system to simultaneously provide all three of the following guarantees: Consistency, Availability and Partitioning Tolerance”. Consistency Availability Partition Tolerance GuaranteedC A P Effectiveness Fidelity G P F Consistency Availability Partitioning Tolerance Guaranteed FidelityPerformance (Reference: Brewer Conjecture 2000, Gilbert, Lynch Formal Proof 2002) “Brewer’s Conjecture and the feasibility of consistent, available, partition-tolerant web services” http://lpd.epfl.ch/sgilbert/pubs/BrewersConjecture-SigAct.pdf ACM SIGACT News, Vol 33 Issue 2 (2002) pg 51-59 Brewers Theorem
| Capgemini & Cloud The Case for Service Orchestration - managing your Security and Risk  Consistency and Guarantees • Strong Multi-Systems Management – Single Accountabilities • Control Failure Points in system – Strong Identity, Encryption Policies and Tools to manage Usage and Audit Compliance.  Availability and Effectiveness • Multi-Source – open technology capabilities • Business Process Orchestration – Drive Business Performance Outcomes Metrics  Partition Tolerance and Fidelity • Introduce and manage disciplined portfolio of IT and Business assets inside and outside the organization in a way that best serves the needs of consumers and providers. Govern Configuration • Preserve your elasticity - within “acceptable conditions of use” – know the tolerance levels that are within the distributed system. Consistency Availability Partition Tolerance GuaranteedC A P Effectiveness Fidelity G P F Management Orchestration Resource Management Template Contiguity Source Access Systems Management Process Orchestration

More Related Content

Identity privacy and data protection in the cloud – what is being done is it enough goal capgemini m skilton v1

  • 1. Mark Skilton, Director, Strategy Office, Global Infrastructure Services Co-Chair, Cloud Computing Work Group, The Open Group Member, ISO JC38 UK Mirror +44 7787 692197 mark.skilton@capgemini.com Twitter @mskilton http://uk.linkedin.com/pub/mark-skilton/1/189/968 “Identity, Privacy, and Data Protection in the Cloud – What is Being Done? Is it Enough?”
  • 2. | Capgemini & Cloud Trust and Risk Trade-off  In the Cloud everything is perceived as untrusted and insecure  Many enterprises have company policies requiring data and access to be stored behind the Corporate firewall; transport between geographies are not allowed  Industrial certifications require physical isolation, audit and authentication processes Trust ? Internal Private Hybrid Public Physical Resources/ locations Edge Span of Insource & Outsource Span of Technology
  • 3. | Capgemini & Cloud What’s being done to Secure Cloud…….. Move data between SQL and nonSQL databases DBMS Server Legal Issues IP Patent Law – Independence of software on device and OS Bundling Legal Definition of an API e.g. Google API, MSFT API US / EU Patriot, SafeHarbor, DA rules Cultural Impact Provisioning Policy Management Amazon gets FISMA certification EU Open Data portal Open Data standards W3C EU inter- country data Use of Public APIs e.g. Google+ Twitter APIs Use of APIs/ personal Data Protection TLS, SSL Transport Layer end to end Pass through Threats Hypervisor IOP e.g. Citrix and AWS Device IOP e.g. User Experience and UI e.g. Ipad , Samsung e.g. Microsoft OS 8 – tablet IOP EU announce common Data Portal Vertical Sector B2B Schemas Vendor Technology Standards seeking Openness e.g. DMTF, ODCA, OMG CCSC Illustrative ISA Chip standards Database Scalability & Portability Hypervisor Portability & Hypervisor Interoperating Hybrid Device from service abstraction Government led Legal certifications Vertical industry Government led Standard schemas Network transport issues Choices , NSPs, ISPs API openness and ownership Multi-form factor supportability Apps, content stores access Personal/vendor Portability Market / Region Provider / Entity Network API / Gateway / Portal Device / Browser OS Server Storage Software Application Data / Payload Hypervisor Business Process DC Hosting Public Cloud Hosted Private Cloud Hosted Open Source Cloud Hosted Legal & Security Industry Nomenclatures Deployment strategies Common Industry standards Vertical Industry standards e.g. Oracle, IBM e.g. Amazon & Others e.g. open nebula TechnologyandBusinesstiers Provisioning Policies Inter-country data exchange Multi-form factor data portability Service IP component bundling Application environment Portability Storage as a Service Compute as a Service Applications as a Service Desktop as a Service Big Data as a Service Move application OpenStack, CloudStack Shifts B2B / B2C Platforms Device Store Services Social Networks, C2C Policy Areas The Open Group – Cloud Computing Interoperability Portability Project 2012 Examples of some Legal activity in last 12-24 months EU announce Data Privacy Controls
  • 4. | Capgemini & Cloud How can we get control of Identity, Privacy, and Data Protection in the Cloud ? Extensible Boundaries From Introduction to CIEL – CILE Project – an Open Group project Work in Progress Copyright SyntheticSpheres 2012 Identity – Is this controlled by User Device or By You in your Cloud Server or a Proxy Service e.g. OpenID ? Privacy – What Boundary Conditions are acceptable to you? Do you want Closed , Secure Cloud? Do you want Distributed Secure Cloud? Do you want Regional/Local Controls do you want guarantees What Legal Jurisdiction do you follow? Data Protection – Data at Rest – Encryption, IP Control Data in Transit – Encryption, Monitoring Data Age – Archive and Audit Control What Legal Jurisdiction do you follow? Provider Consumer Policy Management Boundary Policy Management Legal Contract Back to Back control
  • 5. | Capgemini & Cloud “It is impossible for a distributed computer system to simultaneously provide all three of the following guarantees: Consistency, Availability and Partitioning Tolerance”. Consistency Availability Partition Tolerance GuaranteedC A P Effectiveness Fidelity G P F Consistency Availability Partitioning Tolerance Guaranteed FidelityPerformance (Reference: Brewer Conjecture 2000, Gilbert, Lynch Formal Proof 2002) “Brewer’s Conjecture and the feasibility of consistent, available, partition-tolerant web services” http://lpd.epfl.ch/sgilbert/pubs/BrewersConjecture-SigAct.pdf ACM SIGACT News, Vol 33 Issue 2 (2002) pg 51-59 Brewers Theorem
  • 6. | Capgemini & Cloud The Case for Service Orchestration - managing your Security and Risk  Consistency and Guarantees • Strong Multi-Systems Management – Single Accountabilities • Control Failure Points in system – Strong Identity, Encryption Policies and Tools to manage Usage and Audit Compliance.  Availability and Effectiveness • Multi-Source – open technology capabilities • Business Process Orchestration – Drive Business Performance Outcomes Metrics  Partition Tolerance and Fidelity • Introduce and manage disciplined portfolio of IT and Business assets inside and outside the organization in a way that best serves the needs of consumers and providers. Govern Configuration • Preserve your elasticity - within “acceptable conditions of use” – know the tolerance levels that are within the distributed system. Consistency Availability Partition Tolerance GuaranteedC A P Effectiveness Fidelity G P F Management Orchestration Resource Management Template Contiguity Source Access Systems Management Process Orchestration