Forecast odcau7 100_ak2
Download as PPTX, PDF0 likes380 views
This document summarizes a usage model on cloud data security created by the Open Data Center Alliance (ODCA) contributor organizations. It discusses data security challenges, data classification, encryption, and monitoring across the data security lifecycle. Key takeaways include considering data protection throughout the lifecycle, understanding data sensitivity, and complying with legal requirements. The usage model addresses security concepts, enabling elements, usage scenarios, and service quality categorization to provide clear guidance to cloud providers and the public.
Forecast odcau7 100_ak2
- 1. OCDA U: SECURITY DATA PROTECTION Matt Lowth (NAB) Ian Lamont (BMW) ®
- 2. AGENDA 2ODCA Data Security 2013 | Topic Discuss Learning Cloud Data Security - Usage Scenarios - Data Security Challenges - Data Security Lifecycle Learnings and Take-aways from this UM
- 3. TOPIC & UM BACKGROUND The ODCA Contributor organizations have created this Usage Model to collaboratively identify ways in how they agree cloud data security should be managed, and so as to provide this as a clear message to the Cloud and Solution Providers, and to share with the general public The Data Security UM addresses: 1. Concept 2. Important enabling elements 3. Usage Scenario’s 4. Categorization of service qualities in context of the UM 3ODCA Data Security 2013 |
- 4. UM CORE – KEY ELEMENTS 4 Different Security Methodology. Protecting the data versus protecting your perimeter? Important to understand what you’re protecting? Options to lower the sensitivity of the data by masking or encrypting it? Ensure access and management of your data is logged and monitored. Data Security Challenges Data Classification Data encryption & masking SIEM ODCA Data Security 2013 |
- 5. COMMON ACCESS TYPES 5ODCA Data Security 2013 |
- 6. DATA SECURITY – USAGE SCENARIOS 6 What to think about before you move your data to the cloud? How to get your data to the cloud. How to access your data in the cloud. How to Backup/Restore information from the cloud OR delete your data when you’re finished using it. Transfer Preparations Data Transfer Data Access Other Scenarios ODCA Data Security 2013 |
- 7. KEY TAKEAWAYS FOR THIS UM 7 Your data is only as secure as your weakest link. You need to consider what protection is necessary throughout your data’s lifecycle, not just protecting the information in transit. Where does your data live? It is difficult to apply appropriate protection to your data if you don’t understand the data’s sensitivity. Develop Securely Data Lifecycle Data Sovereignty Understand Your Data ODCA Data Security 2013 |
- 8. KEY INDUSTRY ACTIONS (STANDARDS AND MORE) 8 Data security must comply with country-specific legal requirements. These requirements and their implications need to be clearly comprehended by providers and subscribers. Are requested to submit input on the proposed data security criteria for the various assurance levels (Bronze, Silver, Gold, and Platinum). Should examine their enterprises and understand the data security life cycle; then they should validate their findings by comparing them to the RFP questions. Industry Wide Cloud Provider Cloud Subscriber ODCA Data Security 2013 |
- 9. INFORMATION AND ASSETS 9 Available to Members at: www.opendatacenteralliance.org URL for Public content: www.opendatacenteralliance.org Standardized Response Checklists Accelerate TTM Shared Practices Drive Scale Streamlined Requirements Accelerate Adoption ODCA Data Security 2013 |
- 10. QUESTIONS 10 www.opendatacenteralliance.org UM: Cloud Data Security From engagement to real adoption and implementation ODCA Data Security 2013 |
- 11. © 2013 Open Data Center Alliance, Inc. ALL RIGHTS RESERVED.
Editor's Notes
- #5: N-Tier architecture vs protect the data.Low/Medium/High confidentiality, important to understand these concepts What else can you do with the data to protect it? SIEM - (Compliance monitoring / Provider assurance) – you just missed it. – you should come to the previous session.Ian: Ask what’s happening in BMW for Data Classification & SIEM?
- #6: Different access types- Customer Data AccessThe customer typically accesses data in the cloud through an application which provides him a service around the data. The customer will typically come from an uncontrollable external network – generalized as Internet. The access goes through a traditional DMZ architecture with an outer firewall – a reverse proxy enforcing the user authentication and applying access control for the requested application.Staff Data AccessStaff members will access their resources in the cloud through their enterprise firewall or virtual private network (VPN) connection to an access gateway which ensures the user is coming from an identified organization (the cloud subscriber). Staff members will perform admin tasks as well as use applications running in the cloud. Basically, their roles and accessible resources will be controlled by an access control or policy server similar to that controlling the access of the customers (i.e., from a cloud provider’s point of view, these are all customers).- Sysadmin Data AccessThe SysAdmin has OS-level access the the cloud provider’s servers and is under control of an admin gateway to limit the access to systems the admin is entitled to. The admin gateway can be implemented as a function on each server, which enforces role-based access control on the OS level (e.g., PowerBroker).Figure 6 illustrates the SysAdmin access path to data. Basically, the SysAdmin has access to all servers on the OS level. He always accesses data directly, as he has no application entitlements.Application Data AccessThings to think about here include whether you need to think about MASSL for auth, account credentials etc..See the Identity mgmt usage models.
- #8: Data Sovereignty – In .AU, lots of talk of it, but no real impacts as of yet as people aren’t using public cloud for highly sensitive services. I hear Data Sovereignty is a problem in Europe – how do you see this affecting Cloud adoption in this area?