Learn, hack!

URL

http://www.sourceconference.com/bos10pubs/iSEC_Securely_Moving_Into_The_Cloud.pdf

File name

iSEC_Securely_Moving_Into_The_Cloud.pdf

File size

633.6 KB

MD5

acc5ad3c94610405b6ca8960f2e4a822

SHA1

bb264c24a585036dae1c8f80d924c2c9d95d25b8

Cloud computing has become an irresistible force in the IT industry, due to the unbeatable efficiencies of warehouse-scale computing infrastructures and the desire of businesses to reduce their CapEx on IT hardware. The most pressing concerns still holding back companies from moving into a public or semi-private cloud environment are security and compliance, and corporate security groups are under pressure to provide solutions that allow their enterprises to benefit from cloud computing technologies while appropriately managing risk. In this talk, we will review several different cloud computing models and discuss the breakdown of security responsibility in each. We will then deconstruct the currently accepted models of enterprise IT and identify which security controls truly matter for most organizations and which are leftovers from an earlier era of computing. The speaker will then propose several architectures that are implementable in current public cloud providers that provide equivalent or better assurance than traditional IT stacks, and discuss which risks can and should be accepted as part of the new computing paradigm. The talk will be aimed at the system architecture, risk management and CIO levels of organizations, and will be best absorbed by attendees with enterprise architecture experience.