ajayde's picture
From ajayde rss RSS  subscribe Subscribe

Cloud Computing - Data Security Lifecycle In The Cloud 



Cloud Computing - Data Security Lifecycle In The Cloud

 

 
 
Tags:  backup software  security  data security lifecycle  cloud computing 
Views:  277
Downloads:  10
Published:  May 10, 2010
 
0
download

Share plick with friends Share
save to favorite
Report Abuse Report Abuse
 
Related Plicks
Data Backup System

Data Backup System

From: databackupsystem
Views: 56 Comments: 0
Backup Your Computer, Backup Your Life
Online Backup for your photos, music, emails, videos, documents & more!MyPCBackup is fully automated and makes backing up your files a breeze. After you have chosen the schedule on your (more)

 
Online Backup Services

Online Backup Services

From: aultenyy23
Views: 34 Comments: 0

 
Computer Security and Backup

Computer Security and Backup

From: terrysmith56
Views: 72 Comments: 0
Information about Computer Security and Options and tips for backing up your important information
 
mac backup software

mac backup software

From: macbackupsoftwar
Views: 750 Comments: 0

 
Online Backup Services

Online Backup Services

From: onlinebackup
Views: 13 Comments: 0
Online backup services are an affordable, effective and easy way to protect your data against computer failure and malfunctions. Our lineup encompasses top-notch services that offer rich features, secure data handling and easy-to-navigate interfaces (more)

 
Computer Security and Backup

Computer Security and Backup

From: terrysmith56
Views: 53 Comments: 0
Information about Computer Security and Options and tips for backing up your important information
 
See all 
 
More from this user
LOCAL GOVERNMENTS AND THE CAPITAL MARKET

LOCAL GOVERNMENTS AND THE CAPITAL MARKET

From: ajayde
Views: 202
Comments: 0

E-Recruiting in Good TImes and Bad

E-Recruiting in Good TImes and Bad

From: ajayde
Views: 113
Comments: 0

Skills, Competencies And Methods

Skills, Competencies And Methods

From: ajayde
Views: 154
Comments: 0

Research Directions on RFID

Research Directions on RFID

From: ajayde
Views: 232
Comments: 0

OMG, My Mom’s on Facebook

OMG, My Mom’s on Facebook

From: ajayde
Views: 185
Comments: 0

 
See all 
 
 
 URL:          AddThis Social Bookmark Button
Embed Thin Player: (fits in most blogs)
Embed Full Player :
 
 

Name

Email (will NOT be shown to other users)

 

 
 
Comments: (watch)
 
 
Notes:
 
Slide 1: Data Security Lifecycle versus Cloud Computing What questions are relevant concerning data security lifecycle in the cloud? drs. Mike Chung RE © 2008 KPMG Advisory, a Dutch limited liability company and member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. 1
Slide 2: Cloud computing as phenomenon • Cloud computing is considered as the most important IT service model for 2010 and beyond – – – Over 50% of all Fortune 500 enterprises are already using cloud computing services More than 10 million companies will be using cloud computing services by 2012 Spendings on cloud computing services will grow almost threefold, reaching $42 billion by 2012 (Source: IDC) • All major software vendors and IT integrators are investing heavily on cloud computing offerings Increasing bandwidth of the internet is paving the way for ‘reliable’ online services Demand for cloud computing services is growing rapidly due to the economic downturn • • 2 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 3: Definition of cloud computing 2/2 ‘On-premise’ versus cloud computing • Hosted service from the (inter)net, metaphorically depicted as a cloud ‘ASP 2.0’ ‘On-premise’ Customer Cloud computing Customer • • Users Users Examples: – Software-as-a-Service (Salesforce.com, Gmail, Microsoft Online) – Platform-as-a-Service (GoogleApps, Force.com, 3tera AppLogic) – Infrastructure-as-a-Service (Amazon EC2, Citrix Cloud Centre) IT services IT services Internal IT Internet Subscription or ‘pay as you go’ Hardware, software + data Cloud vendor Software licences + support costs Software vendor Hardware, software + data 3 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 4: Security issues are real • • • Google Web Service vulnerability leaked database usernames and passwords (2007) Hackers stole credentials of Salesforce.com’s customers via phishing attacks (2007) Thousands of customers lost their data in the cloud due to the ‘Sidekick disaster’ of Microsoft/T-Mobile (2009) Botnet incident at Amazon EC2 infected customer’s computers and compromised their privacy (2009) Thousands of hotmail accounts were hacked due to technical flaws in Microsoft’s software (2010) • • 4 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 5: Specific risk factors concerning the cloud 1/2 • External data storage - Weak control over data (failing backup & recovery) - Legal complications (violation on privacy, conflicting legislations) - Viability uncertain (insufficient guarantee on continuity and availability of services) • Multi-tenancy architecture - Inadequate segregation of data - Poor Identity and Access Management (IAM) - Insufficient logging and monitoring - Weakest link is decisive (virtualisation, shared databases) 5 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 6: Specific risk factors concerning the cloud 2/2 • Use of the public internet - Vague and/or non-existing accountability and ownership - Loss, misuse and theft of data - No access to data and/or services • Integration with the internal IT environment - Unclear perimeters - No connection and/or alignment with internal security - Complexity of integration 6 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 7: Data Security Lifecycle: phases Create Store Use Share Archive Destroy 7 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 8: Data Security Lifecycle versus the cloud: phase ‘create’ • Data classification - What data is valuable/confidential? - How should the data be classified? - What data can be disclosed freely? • Assignment of rights to create - What rights/permissions must be assigned to individuals/accounts? - What rights/permissions must be assigned or limitations enforced to different devices/media and/or locations? • Integer creation - How to assure that a specific individual/group has created the data? - How to assure that specific data instances have been merged? 8 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 9: Data Security Lifecycle versus the cloud: phase ‘store’ 1/2 • Access Management - What access controls and processes have been effectuated on the externally hosted systems? - What access controls have been effectuated on organizations (the customer(s) and the cloud provider(s))? • Data integrity & confidentiality - On what (geographic) location(s) is/are my data stored? - How is my data segregated/separated/compartmented from other customer data? - How to assure that my data cannot be commingled with other customer data? - How to assure that my data does not get inferred, contaminated and/or aggregated inadvertently? 9 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 10: Data Security Lifecycle versus the cloud: phase ‘store’ 2/2 • Encryption in rest - What mechanisms are in place for data encryption? - What data should be encrypted? - Who is responsible for key management? - Single key or multiple keys? • Compliance - Does external storage influence regulations and legislations? - Are third parties or government bodies able to seize your data? • Data recovery - What is the recovery mechanism? - What is the backup schedule? 10 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 11: Data Security Lifecycle versus the cloud: phase ‘use/share’ 1/2 • Availability - How to assure that my data is available for use in the cloud? - What are the SLAs and penalties? • Logging & Monitoring - What activities are logged and monitored (real-time, periodic)? - What logging & monitoring reports are required and available? • Discovery - How can specific data be discovered? - How can specific data be retrieved? 11 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 12: Data Security Lifecycle versus the cloud: phase ‘use/share’ 2/2 • Assignment of rights to use/share - Who is responsible for Identity & Access Management? - What rights/permissions must be assigned to individuals/accounts? - What rights/permissions must be assigned or limitations enforced to different devices/media and/or locations? - What are the permissible methods to share? • Non-repudiation - How to assure that someone or some instance has sent/provided the data? • Encryption in transit - What mechanisms are in place for secure transfer? - What data should be encrypted? - Who is responsible for the connection? 12 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 13: Data Security Lifecycle versus the cloud: phase ‘archive’ • Media - On what type of media (tape, disk) must the data be archived? - What are the physical requirements regarding archiving? • Encryption in rest - What mechanisms are in place for data encryption? - What data should be encrypted? - Who is responsible for key management? • Asset management and tracking 13 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 14: Data Security Lifecycle versus the cloud: phase ‘destroy’ • Data destruction - How to assure that not only the content but also all key material will be destroyed? - How to assure that the data is unrecoverable? - How to assure that the data and all backups have been erased completely? • Confirmation - How does the cloud provider confirm the destruction process? 14 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 15: Conclusion • Questions concerning the Data Security Lifecycle for cloud computing are similar from the ones for on-premise IT, yet emphasizing different elements such as location of your data, data recovery and data destruction Data Security Lifecycle Management must an essential part of cloud computing governance Do not assume that cloud providers have superior security measures and processes You can phase out your IT, but not your data You can transfer complexity to the cloud, but you’ll still bear the risks • • • • 15 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Slide 16: Contact information Drs. Mike Chung RE Manager/Lead Auditor Risk & Compliance +31 (0)6 1455 9916 chung.mike@kpmg.nl 16 © (2010) KPMG Advisory N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.

   
Time on Slide Time on Plick
Slides per Visit Slide Views Views by Location