SlideShare une entreprise Scribd logo

TechUK's Cloud 2020 Vision

Ray Bugg
Ray Bugg

This document provides an agenda for the Scot-Cloud 2017 conference. It lists various speakers and topics that will be covered, including discussions around cloud computing, cybersecurity, fintech, GDPR, and more. Breakout sessions will cover topics such as cloud adoption challenges, the importance of data privacy and security, and TechUK's vision for keeping the UK at the forefront of cloud adoption. There will also be presentations on securing the cloud generation and network security challenges in the third platform age.

Technologie
1  sur  147
Télécharger pour lire hors ligne
Welcome to Scot-Cloud 2017
Mark Stephen BBC Scotland @bbcscotland #scotcloud
Ray Bugg DIGIT @digitfyi #scotcloud
Fintech 2017 27th & 28th Sept www.fintech2017.co.uk #ftscot
GDPR Scotland 21st November www.gdprscotland.com #gdprscot
Chris Swan CTO @cpswan #scotcloud
“Our problems are easy” Chris Swan @cpswan
https://www.youtube.com/watch?v=AyOAjFNPAbA
https://www.youtube.com/watch?v=JIQETrFC_SQ
https://www.infoq.com/presentations/twitter-provisioning-engineering
$BOM $Reliability$Power
https://www.youtube.com/watch?v=JIQETrFC_SQ
Thank You Chris Swan @cpswan
Mark Evans RLB @MarkXavierEvans #scotcloud
Date Scot-Cloud 2017 Physical paradigms? Where we’re going, we don’t need…
Date Scot-Cloud 2017 Rider Levett Bucknall Professional Services Construction Industry 120 global offices Cost consultancy Building Surveying Project Management
Date Scot-Cloud 2017 I have nothing to sell!!! • Cloud isn’t the be-all and end-all • Cloud can help break down the physical constraints in a business • Transitioning RLB to SaaS • Supporting anywhere working and remote access to systems and tools • Re-skilling the workforce to fit a new business model Transitioning to a new IT paradigm
Date Scot-Cloud 2017 Sometimes, “easy” just… isn’t… • Legacy systems • What does “that box” actually do? • What does it do? • Can we switch it off? • Can it be re-created? • Intellectual Property • Concerns over security • GDPR • Management inertia Cloud isn’t the be-all and end-all…
Date Scot-Cloud 2017 Beyond the hype? Cloud can help break down the physical constraints in a business. Why move back or stay on premise? • Cost control • Data security • True flexibility • Better, overall control
Date Scot-Cloud 2017 Don’t do as I say. Or do. Transitioning RLB to SaaS Everything – subscription. • Hardware • Telephony • Networking • WiFi • Printing • Services • ERP • DMS
Date Scot-Cloud 2017 The World is my office. Supporting working anywhere Mobility. Agility. Fragility? • Cost control • Data security • True flexibility • Have internet, will work…
Date Scot-Cloud 2017 It’s not brain surgery. Re-skilling the workforce? Copy the home computing model • Simplicity • Security • Awareness • Sell the benefits
Date Scot-Cloud 2017 Q&A
Sue Daley TechUK @TechUK #scotcloud
techuk.org |@techUK | #techUK techUK 2020 Vision - Keeping the UK at the forefront of cloud adoption @techUK @channelswimsue
techuk.org |@techUK |#techUK Cloud vital to UK Digital economy and society
techuk.org |@techUK |#techUK
techuk.org |@techUK |#techUK Cloud 2020 Vision – The first step forward 6 Key Areas 10 Recommendations
techuk.org |@techUK |#techUK 6 Key areas to be addressed 1. Enabling data portability and system interoperability within the cloud computing ecosystem 2. Building trust in the security of cloud computing services 3. Supporting the cultural shift required to optimise the use of cloud 4. Ensuring effective public sector adoption and usage of cloud 5. Having a communications infrastructure that keeps pace with mass cloud adoption 6. Building a coherent regulatory framework for cloud
techuk.org |@techUK |#techUK Enabling data portability and system interoperability • techUK to develop with members a set of cloud interoperability principles • The European Commission should work closely with cloud computing providers.
techuk.org |@techUK |#techUK Building trust in the security of cloud computing services • Bring together business leaders, cloud computing, cyber security experts and government official from BIS, DCMS, Home Office to: • Update the cloud security messaging being used today • Identifying possible solutions to building UK cloud confidence.
techuk.org |@techUK | #techUK
techuk.org |@techUK |#techUK Embracing the change required to optimise the use of cloud • techUK’s Cloud Champions campaign will be launched • Showcasing employees, demonstrating how people can develop their skills and potential in cloud driven organisations.
techuk.org |@techUK |#techUK Do you know a Cloud Champion?
techuk.org |@techUK |#techUK Ensuring effective public sector adoption and usage of cloud • Government departments should engage with industry early in the commissioning process • Government departments and industry should work together to promote positive case studies • Public sector leaders should enable a culture which allows the public sector commissioners and buyers to leverage cloud computing as part of its business transformation.
techuk.org |@techUK |#techUK techUK Cloud Business Guide
techuk.org |@techUK |#techUK
techuk.org |@techUK |#techUK Having a communications infrastructure that keeps pace with mass cloud adoption • techUK will seek to engage with OFCOM to enter into a dialogue • Discuss the connectivity requirements needed to support and enable mass cloud adoption.
techuk.org |@techUK |#techUK Building a coherent regulatory framework that supports cloud • The government’s planned Industrial Strategy and Digital Strategy should recognise the importance of cloud
techuk.org |@techUK |#techUK Building a coherent regulatory framework that supports cloud • The European Commission’s Free Flow of Data Initiative should create a clear and simple regulatory framework • Prevent the emergence of specific data localisation requirements and obligations. Building a coherent regulatory framework that supports cloud…
techuk.org |@techUK |#techUK
techuk.org |@techUK |#techUK
techuk.org |@techUK |#techUK #dataflows
techuk.org |@techUK |#techUK 6 Key areas to be addressed 1. Enabling data portability and system interoperability within the cloud computing ecosystem 2. Building trust in the security of cloud computing services 3. Supporting the cultural shift required to optimise the use of cloud 4. Building a coherent regulatory framework for cloud 5. Ensuring effective public sector adoption and usage of cloud 6. Having a communications infrastructure that keeps pace with mass cloud adoption.
techuk.org |@techUK |#techUK Cloud 2020 Vision – The first step forward Cloud 2020 Vision is the start of conversation Sue Daley Head of Programme Sue.daley@techuk.org +44 07701 289 964 @techUK @channelswimsue
Sian John Symantec @TechUK #scotcloud
Presenter Securing the Cloud Generation Siân John EMEA Chief Strategist, Symantec
52Copyright © 2017 Symantec Corporation Always On and Everywhere Digital World Enhances or Replaces Much of the Physical World
53Copyright © 2017 Symantec Corporation Applications and Data Are Moving to The Cloud
54Copyright © 2017 Symantec Corporation The Drive for Data Privacy 54 Lack of Business Ownership Data Growth Emerging Technology Regulations Lack of Visibility Evolving Threat landscape Press Headlines Reputation Business Opportunity Customer Trust Drivers Inhibitors
55Copyright © 2017 Symantec Corporation Cloud Security Considerations Ensure Governance and Compliance Protect Cloud Interactions Protect Information Protect & Manage Infrastructure 55 Private Public / IaaS Public / PaaS Public / SaaS
56Copyright © 2017 Symantec Corporation Privacy most Important when Customers choose products or services Symantec State of Privacy Report 2015 https://www.symantec.com/content/en/us/about/presskits/b-state-of-privacy- report-2015.pdf. Delivering great customer service Keeping your data safe and secure Delivering quality products / services Treating their employees and suppliers fairly Being environmentally friendly 82% 86% 69% 56% 88%
57Copyright © 2017 Symantec Corporation Consumer Trust and Technology https://www.symantec.com/content/en/us/about/presskits/b-state-of-privacy-report-2015.pdf. 69% 66% 45% 22% 20% 10% Hospitals / medical services Banks Government Technology companies (i.e. Google, Microsoft) Retailers (Including online shops) Social media sites (i.e. Facebook, Twitter) Organisations whose business models are based on data (tech companies and social media companies) appear less trusted to keep customer data completely secure Data Trust Chain
58Copyright © 2017 Symantec Corporation Complications of Cloud Adoption • Who Owns the Comprehensive Service Level Agreements? • Single Pane of Glass? • Redundancy & High- Availability? • Vendor Compatibility? Cloud Web Gateway Provider Cloud DLP Provider Cloud Data Encryption Provider Cloud Access Control Provider Cloud Sandbox Provider Cloud Breach Analysis Cloud Forensic / Recording Cloud Email Scanning Cloud DDoS UBA Innovation for the Cloud Generation: Industry Has Created Cloud Security Chaos
59Copyright © 2017 Symantec Corporation Governance & Compliance Symantec UK IT Leaders Insight Summit 201159 Develop & enforce policies Audit & monitoring Ensure standardisation Monitor & control within the virtual machine Build controls into your application Private Public (SaaS)Public (IaaS) Public (PaaS)
60Copyright © 2017 Symantec Corporation Gaining Control of the Cloud Visibility Authentication Data Protection Secure Environment Adaptive Security Automation Ease of Use …know what is running / stored where… …ensure only right users can access the right apps/data… …safeguard my data everywhere and at all times… …ensure the environment is protected from malware and advanced threats… …security stays in-sync and scales with my constantly changing Cloud environment… …be able to automatically apply the right security with minimal human intervention… …manage my complex hybrid world from single control point…
61Copyright © 2017 Symantec Corporation Complex User Definition Regional Office Headquarters Data Center Security Stack
62Copyright © 2017 Symantec Corporation Complex User Definition Regional Office Headquarters Data Center Roaming Users Personal Devices Security Stack
63Copyright © 2017 Symantec Corporation Evolving Data Attack Surface Regional Office Headquarters Data Center Roaming Users Personal Devices Security Stack
64Copyright © 2017 Symantec Corporation The Expanding Network Regional Office Headquarters Data Center Roaming Users SSL Encryption IOT DevicesPersonal Devices SSL Encryption Security Stack SSL Encryption
65Copyright © 2017 Symantec Corporation Multi-Phased and Multi-Staged Attacks Regional Office Headquarters Data Center Roaming Users Security Stack SSL Encryption SSL Encryption SSL Encryption IOT DevicesPersonal Devices
66Copyright © 2017 Symantec Corporation Ensuring Safe Cloud Usage Regional Office Headquarters Data Center Roaming Users IOT DevicesPersonal Devices
67Copyright © 2017 Symantec Corporation Integrated Cyber Defence Platform Local Intelligence File URL Whitelist Blacklist Certificate Machine Learning OnPremises SIEM Integration Data Center Security EncryptionContent Analysis Web Protection Performance Endpoint Cloud Cloud Web Protection VIP Identity Cloud DLP CASB Managed PKI Messaging Data Center Security Cloud Sandbox Cyber Security Services Encryption Compliance Advanced Threat Protection Endpoint Encrypted Traffic Management DLP Security Analytics Management Malware Analysis SOC Workbench Third Party Ecosystem Cloud
68Copyright © 2017 Symantec Corporation Shadow IT Discovery & Controls Cloud Compliance Tokenization Cloud Incident Response Cloud Investigations Cloud Policy & Remediation Cloud DLP Cloud Intrusion Detection Cloud Malware Detection Multiple Source of Data & Control Points Proxy CASB Gateway Events Outside Perimeter Enterprise Perimeter Cloud API
69Copyright © 2017 Symantec Corporation Cloud Adoption and Protection Maximise Benefit from Cloud Usage • Build and Maintain Trust • Choose the Right Cloud(s) • Secure Digital Transformation Minimise Cloud Risk • Understand and Control your Cloud Usage • Know your Data • Harmonise Security Policies • Control Migration to the Cloud Ensure Compliance • Protect Data in and for the Cloud • Audit Cloud Activity Value of Adopting Security Best Practice
70Copyright © 2017 Symantec Corporation Thank You Siân John @sbj24 sian_john@symantec.com
Questions & Discussion #scotcloud
Refreshments & Networking #scotcloud
73 Scot Cloud 2017: Network Security in the Third Platform Age Stephen Hampton CTO, Hutchinson Networks 10 July 2017
74 • Mobile • Social Media • Big Data • Cloud • IoT • Cognitive SystemsAI • Next Generation Security • 3D Printing • Natural Interfaces • Robotics Innovation Accelerators • 75% of IT Spend will be driven by Third Platform technologies. • 50% of Global 2000 businesses will depend on ability to create digitally enhanced products, services & experiences By 2019 Four Pillar Technologies The Third Platform
75 Expanding Attack Surface Proliferation of mobile and IoT devices significantly expand the attack surface. Cloud Providers and Service Providers in general become high impact, high profile targets IoT is an enabler for DDoS attacks. High Impact Breaches • Heart Monitors, • Driverless Cars • Baby Monitors “Public Cloud workloads will rise from 49% in 2015 to 68% in 2020” 68% 3x “There are will 3X as many IP connected devices in 2020 as there are people on the planet” Global cloud traffic will rise from 3.9ZB per year in 2015 to 14.1 ZB per year in 2020 14.1 “Smartphone traffic will overtake PC internet traffic by 2020”.
76 50% Micro-services, SDN, NFV, micro-segmentation and the end to end principal will eventual render the Security Perimeter irrelevant. Outside users access private cloud services on the inside Inside users access public cloud services on the outside Mobility, VPN, Smartphones, Tablets and IoT devices have all eroded the perimeter. Mobile Devices Inside Users Outside Users Micro Services The Increasingly Irrelevant Security Perimeter Over 50% of internet traffic is now encrypted and invisible to perimeter firewalls.
77 DDoS & Application Layer Attacks DYN Attack – October 2016 • Mirai Trojan Botnet (Linux IP Cameras and Home Routers) • Impacted Twitter, Github, NetFlix, Spotify, Amazon, AirBnB • 1.2 Tbps (unverified) of TCPUDP 53 traffic • DDoS take a volumetric approach by exploiting large Botnets. • Enormous amounts of data are transmitted which impact the target and often impact the service provider. • IoT is commonly used to create the Botnets. • Application Layer attacks target vulnerability in application code. • DDoS can be used as a cover for a more sophisticated Application Layer attack.
78 DDoS & Application Layer Attacks 53% 95% 67% 150% 53% of service providers identified more than 50 attacks per month 95% of service providers have experience application layer attacks 67% of service providers have experience multi-vector attacks The number DDoS attacks over 100 Gbps increased from 223 to 558 between 2015 and 2016
79 Third Platform Security Opportunities “By the end of 2017, 60% of major SIEM vendors will incorporate advanced analytics and UEBA (User and Entity Behavioural Analysis) into their products” Gartner Magic Quadrant for SIEM 2016
80 Third Platform Security Opportunities • Big data provides an opportunity to do more with security events • IoT provides more data collection points • Private and public cloud provides environments capable of processing the data • Global Security Intelligence – Talos (Cisco), Arbor Atlas & Digital Attack Map • Necessity is the mother of invention • Malware and Ransomware Detection • Co-ordination with Global Security Intelligence • Insider Threat • Public & Private IaaS is driving automation, orchestration and DevOps • Emergence of intent based automation models • Cisco Tetration – combines analytics and security automation • Cloud and social have heavily adopted HTTPS • 77% of Google Traffic is Encrypted • 50% of Internet Traffic in General is Encrypted • Intel Xeon E5 V3 – SSL Handshake Instructions Security Analytics End Point Security Security Automation Encryption
81 Third Platform Security Approaches Private Cloud • Information Security Policy (Mobile & Social) • Endpoint Security • IoT Management • 3rd Party Review • Vendor & Provider Management • Web & E-mail Filtering • Identity ManagementSingle Sign-on • Information Security Policy (Mobile & Social) • Endpoint Security • IoT Management • Web & E-mail Filtering • Identity ManagementSingle Sign-on • Software Defined (Micro-Segmentation – Zero Trust) • NFV (Network Functions Virtualisation) • SSL Termination • Application Layer Security • Provider Based DDoS • Automation and Orchestration Multi-Cloud Multi-CloudPrivate Cloud
82 Security Practice and Benefits • UK Data Sovereignty • Network Firewalling • Web Application Firewalls • Zero Trust Security Policy • SSL Offload Fabrix IaaS Security BenefitsHN - Network Security Practice • Firewalls • Security Analytics • SSL Offload • DDoS • Web Application Firewalls • Security Automation • VPN • Web and E mail Filtering
83 Stephen Hampton CTO, Hutchinson Networks stephenhampton@hutchinsonnetworks.com Twitter @sphampton
ABERDEEN • EDINBURGH • GLASGOW • BRUSSELS @BrodiesTechBlog www.brodies.com/GDPR Scot-Cloud 2017 GDPR and cloud contracts workshop Martin Sloan, Partner Twitter: @lawyer_martin Email: martin.sloan@brodies.com
Outline • What’s changing with GDPR? • Key issues for cloud contracts • Reviewing your contracts • Dealing with Amazon and Google etc
GDPR – In brief • The General Data Protection Regulation (GDPR) – New EU-wide data protection law which will have direct effect in EU member states – Enters into force on 25 May 2018 – Greater consistency of regulatory treatment – Stronger and more coherent data protection framework – Backed by strong enforcement • Will apply in UK notwithstanding Brexit – Brexit white paper aspires to “friction free” data transfers with EU27 – GDPR will be incorporated into UK national law but prospect of divergence thereafter – Status of EU27/UK data transfers post-Brexit – adequacy finding/UK privacy shield? – Right to repatriate data to UK?
Evolutionary Some concepts remain broadly similar • Key concepts – personal data, sensitive personal data, processing, data controllers, data processors etc • Data protection principles – recognizable, but explicit reference to both transparency and accountability • Conditions for processing – similar, but some changes • Data subject rights – broadly recognizable (subject access, rectification, processing restrictions), but there are some new ones • International transfers – same regime/same old issues • Basic data security obligations – BUT see new data security breach notification requirements • The ICO – still a UK national supervisory authority
What’s changing? • Application – direct effect in member states • Transparency – enhanced fair processing transparency requirements • Consent – concept of consent tightened; easier for individuals to withdraw • Accountability – obligation to demonstrate compliance; use of privacy impact assessments • Administration – increased administration/record keeping requirements • Data subject rights – enhanced rights including subject access, increased ‘rights to be forgotten’ and data portability • Organisational principles – data protection by design and by default • Data processors – Statutory responsibility for data processors • Data protection officers – mandatory for certain organisations • Breach notification – mandatory breach notification for certain breaches • Supervisory authorities – lead authority; formal consistency mechanism • Sanctions – fines of up to 4% of worldwide turnover or €20M
Preparing for GDPR
xkcd.com “The Cloud” http://xkcd.com/908/ Licensed under Creative Commons Attribution Non-Commercial 2.5 Licence
The Cloud model SaaS Platform as a Service Infrastructure as a Service Software as a Service - services delivered over the Internet Storage, hosting and computing power delivered over the Internet Platform as a Service – computing platform offered over the Internet (processor) (sub-processor) (sub-sub-processor)
Key issues for cloud contracts • Supplier diligence – Data security – are you satisfied that data will be kept secure? – Sub-processing – what subcontractors are used? Do you know? – Data location – where is the data held? Do you have control? • Privacy Impact Assessments – Have you carried out a PIA? – Have you identified the privacy risks and potential mitigation? – Is the processing still “high risk”? • Accountability – Can you demonstrate your compliance with GDPR? • Compliance – Does your contract include the express requirements set out in GDPR?
What does GDPR require in your contract? Contractual requirement New under GDPR? More detail about what data is being processed, the types of individuals, and the purpose of the processing Yes – but may already be in some contracts Obligation to process only on instructions of the controller No Processor’s employees must commit to confidentiality Yes Data security Increase in detail Controls on appointment of sub-processors Yes Obligation to assist with data subject rights Yes Obligation to assist with data security, breach notification, DPIAs and consultations with regulators Yes Obligation to delete and destroy data Yes (though should be doing anyway) Obligation to provide information necessary to demonstrate compliance Yes Obligation to allow for and assist with audits/inspections Yes
Action points • Existing cloud contracts – No grandfathering for existing contracts – Review your existing contracts • Understand the processing and review risks/non-compliance • Contract amendments • Migration to another vendor – Develop a contracts register • New cloud contracts – Build a PIA into your supplier diligence process – Adopt a contract checklist for cloud services – don’t assume the supplier’s terms and conditions comply – Develop template contracts? • Privacy Notices
Introducing BOrganised • Online contract management service which helps clients to manage their contracts more effectively • Service is hosted and provided by Brodies • Key features – central contract repository accessible from anywhere with internet connection – secure, simple, intuitive and flexible – manage renewals and deadlines using e-mail alerts – contract ‘linking’ – generates contract summaries to allow at a glance review of key terms – searchable – virtual forum for contract discussions and to store key post contract documents to facilitate knowledge sharing Find out more: http://www.brodies.com/borganised
Dealing with major cloud vendors
Dealing with Google, Microsoft, Amazon etc • The problem: – GDPR requires controllers to have greater oversight and accountability: • PIAs and supplier diligence • Privacy by Design and Default • Access to information • Ability to demonstrate compliance – Consequences of a breach are more severe under GDPR – But, many cloud vendors operate a black box approach to data security and there is limited scope to negotiate on commoditised services • May impact on: – Understanding of where the data is held – What security measures are actually in place – Audit and inspection rights • GDPR also creates compliance problems for cloud service providers…
The Google approach? https://blog.google/topics/google-cloud/eu-data-protection-authorities-confirm-compliance-google-cloud-commitments-international-data-flows/
The Microsoft approach? https://blogs.microsoft.com/on-the-issues/2017/04/17/earning-trust-contractual-commitments-general-data-protection-regulation/
Cloud contracts checklist Data Privacy Impact Assessment Issue Approach Compliance with GDPR contract requirements • Review the contract! • Identify material risks Location of data • Supplier diligence • Do you have control over data centre locations? • If outside the EEA, how are you ensuring there is a lawful transfer and that data is adequately protected? Adequacy of data security measures • Supplier diligence • Use of independent assurance reports (eg ISAE3402/SSAE16) • ISO 27001 accreditation
Questions… GDPR Hub: http://www.brodies.com/GDPR Blog: http://techblog.brodies.com Twitter: @BrodiesTechBlog @lawyer_martin
ABERDEEN • EDINBURGH • GLASGOW • BRUSSELS @BrodiesTechBlog www.brodies.com/GDPR Scot-Cloud 2017 GDPR and cloud contracts workshop Martin Sloan, Partner Twitter: @lawyer_martin Email: martin.sloan@brodies.com
Welcome Back Scot-Cloud 2017
Alastair Dutton SCVO @Alidutton #scotcloud
Who are SCVO?
Our team • 120 Staff across the organisation: • 7 people work directly in IT: • 2 of those on our CRM platform. • 2 of those on service desk. • 2 of those projects/infrastructure. • 2 Developers
Why?
Our Steps Productivity Tools Customer Data Infrastructure 2011 2013 2014
Our Steps Automation Customer Interaction Insights and Intelligence 2015 2016 2017
How?
Case Study: Community Jobs Scotland Online Registration Modelling 3rd Party Data Contract Service Payments Processes On Boarding Public App Evaluation Monitoring Survey and Comms Apps
Case Study: Community Jobs Scotland Online Registration Modelling 3rd Party Data Contract Service Payments Processes On Boarding Public App Evaluation Monitoring Survey and Comms Apps
Case Study: Community Jobs Scotland • Savings of around £250K on first 12 months • Onboarding drops from 7 to 2 weeks • Claim back reduced by 80% • Programmes run in parallel • New services added in days rather than weeks • Teams can collaborate around problems from anywhere
Case Study: Community Jobs Scotland
Adoption Making it work
Adoption • All Staff ‘Launches’ • Online Community – on the platforms • Success Group • Webinar Weekly Call In • Training (HOT and Online)
Adoption through Gamification
Shout Outs
SWAG
Other Fun Strategies • Human style error messages: • Fun Indicators of quality
Keeping things fresh
Challenges and Rewards • C-Level Support. • Teams love the tools, but need constant engagement and encouragement. • Shadow IT - easier than before – but easier to block. • Compliance is easier as we can search and block activities. • Real $$$ Savings
What's Next for us • Last legacy database – accounts– gone by October. • Extending our knowledgebases & examining options for machine learning. • Extend our automation.
Our Experience • Focus on adoption and training: • Our team 10% min time spent on learning. • 40% of our effort is on training and supporting others. • Less time on fixing ‘stuff’. • Fun, engaging adoption - #1
Alastair Dutton Head of Technology SCVO alastairdutton alidutton
James Kwaan ISACA @IsacaScotland #scotcloud
Understanding the real risks and challenges in the Cloud computing journey June2017 James Kwaan
BIO Winner Malcolm Turner memorial prize June 2017 Wayne k. snipes prize may 2017
Disclaimer The views expressed in this presentation may contain statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results are nothing to do with the author, the author’s current employer, or ISACA as they are personal views expressed by the author alone. The information upon which this presentation is based has either been comes from our the author’s own experience, knowledge and research from other companies. The opinions expressed in this report are those of the author and noone else – however due to the time constraints of producing the presentation we do not guarantee their fairness, completeness or accuracy. The opinions, as of this date, are subject to change. The author, the author’s current employer or ISACA does not accept any liability for your reliance upon them.
Agenda • The challenges of the digital landscape and Cloud security risks • Where are businesses falling short in cloud security and what assurances should be taken • Amazon case study • The future of the Cloud market for organisations as a business enabler
EVOLVING LANDSCAPE FOR ENTERPRISES Consumerization/Outso urcing • Mobile devices (Wearables / BYOD) • Digital FootPrint • Malware as a service • Enterprise as a Service • ANYTHING as a Service Continual Regulatory and Compliance Pressures • EU Privacy, Anti-Bribery, SOX, PCI, etc. • New country “specific “ data protection laws throughout 2014 • Canadian Anti-SPAM • Australian Privacy • Proposed Russian Privacy • ISO 27000, ISAE 3402 • Other regulations Emerging Trends • Decrease in time to exploit • Sharing of exploit kits • Big Data • Advanced persistent threats (APTs) as a Service • Multi-Billion Dollar CyberSecurity Industry • Solution Rich 132 | 7/10/2017
CLOUD MARKET SHARE Feb 2017 133 | 7/10/2017 (Feb 2017 synergy group)
What are the types of cloud based systems ? 134 | 7/10/2017 http://www.virtualclouds.in EXPERTISELoss of CONTROL
Cloud risks dirty dozen – CSA (ref below)  Insufficient Due Diligence  Data Breaches  Data Loss  System Vulnerabilities  Insufficient Identity, Credentials and Access Management  Insecure Interfaces and API  Account Hijacking  Malicious Insiders  Abuse and Nefarious use of Cloud Services  Advanced Persistent Threats  Denial of Service  Shared Technology issues. https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf
Risk Assessment Matrix What assets are you putting at risk ?  Validate the risks to assets  Does the analysis make sense ? Have you missed anything ?  Reduce the list to a top 10  Going with bigger lists never gets anything done !  I am always asked for my top 10 risks…… due to resoure constraints….  Validate the top 10 with the key business stakeholders  Are there any new objectives which change the risks ?  Get the key stakeholders to sign off the priorities  Get ownership for the risks
Based on the risk – what assurances have you taken ? • SaaS example of web-based application key data held • Legal and technical aspects of data handling • Who has access to the data ? • IAM controls for users/admins • Logging access • Data Protection, E-Privacy • Encryption • Key management • Multi-tenancy • DDOS • Data back-ups
Based on the risk – what assurances have you taken ? • Supplier assurance • When should you engage in checking the supplier and what should you check ? • Vulnerability and Penetration Testing • BCP/DR/Incident Response • Right to Audit • Right to obtain logs from key systems for access and forensics • Certifications • ISO27000 (ISO27001, ISO27018), ISAE 3402 , SSAE-16 and CSA-STAR • Transfers and use of third parties.
Based on the risk – what assurances have you taken ? • Contractual agreements • SLA (service level agreement) • READ SLA and all supporting documentation • SLA should have an EXIT STRATEGY • MSA (master service agreement) • Change Management, Incident Response, Auditing and Reporting • Cyber insurance ?
Case Amazon Study – your responsibilities
Cost Considerations • Security capabilities for AMAZON • FREE • IAM and MFA • Certificate Manager • Storage and Database Encryption • Security groups, subnets, network ACLs • Architecture review (need to know your stuff) • CHARGED • Directory Service ( $0.05 - $0.496/hour) • Key Management Service ( $1/month) • Cloud HSM ($5000 to provision, $1.88/hour) • CloudWatch (see pricing for VPC logs) • Web Application Firewall ($5/month) • Amazon Inspector ($0.05 - $0.30 per agent/month) • Amazon CloudTrail ($2/ 100,000 events)
CIS Amazon Best Practice guidance standard • Key areas • Identity and Access Management • Root account is NOT USED ! • Logging • Cloud Trail • VPC logging • Monitoring • I.e. if someone logs into root account create alarm • Networking • Backups • Use multiple Application Zones (Azs) or Data Centres • https://aws.amazon.com/architecture https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf
Case Amazon Study – putting it all together ** = see refs
The future of the cloud • By 2020 a Corporate “No-Cloud” Policy will be as rare as a “No-Internet” Policy • By 2019, more 30% of 100 largest vendors new software will have shifted to • “Cloud-ONLY” policy • By 2020 more compute power will have been sold by IaaS and PaaS than sold by • Enterprise data centres. • By 2019 the majority of VMs will be delivered by IaaS (*) (*= www.gartner.com/newsroom/id/3354117 )
QUESTIONS ?
Questions & Discussion #scotcloud
Drinks & Networking #scotcloud

Recommandé

Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015Ray Bugg
 
Parallel session: security
Parallel session: securityParallel session: security
Parallel session: securityJisc
 
EUCI O&G Cloud Security - Eric Jeffery Final
EUCI O&G Cloud Security - Eric Jeffery FinalEUCI O&G Cloud Security - Eric Jeffery Final
EUCI O&G Cloud Security - Eric Jeffery FinalEric Jeffery
 
Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Jisc
 
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open InternetION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open InternetDeploy360 Programme (Internet Society)
 
Security Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomySecurity Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomyCisco Russia
 
SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016Dale Butler
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Rick Huijbregts
 

Recommandé

Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015Ray Bugg
 
Parallel session: security
Parallel session: securityParallel session: security
Parallel session: securityJisc
 
EUCI O&G Cloud Security - Eric Jeffery Final
EUCI O&G Cloud Security - Eric Jeffery FinalEUCI O&G Cloud Security - Eric Jeffery Final
EUCI O&G Cloud Security - Eric Jeffery FinalEric Jeffery
 
Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Jisc
 
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open InternetION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open InternetDeploy360 Programme (Internet Society)
 
Security Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomySecurity Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomyCisco Russia
 
SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016Dale Butler
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Rick Huijbregts
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsRick Huijbregts
 
Phil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of viewPhil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of viewVeritas Technologies LLC
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAVeritas Technologies LLC
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?MITRE - ATT&CKcon
 
Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Amazon Web Services
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?FactoVia
 
Oxford cluster overview 160414
Oxford cluster overview 160414Oxford cluster overview 160414
Oxford cluster overview 160414Stewart Benger
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolutionDan Brookman
 
Cubeitz 1 Million Bit Encryption
Cubeitz 1 Million Bit EncryptionCubeitz 1 Million Bit Encryption
Cubeitz 1 Million Bit EncryptionIan Ray
 
eDiscovery platform EMEA user conference 2017
eDiscovery platform EMEA user conference 2017eDiscovery platform EMEA user conference 2017
eDiscovery platform EMEA user conference 2017Veritas Technologies LLC
 
Future wireless - open roaming
Future wireless - open roamingFuture wireless - open roaming
Future wireless - open roamingJisc
 
It's More than Cloud - Digital Disruption - your business model is under thre...
It's More than Cloud - Digital Disruption - your business model is under thre...It's More than Cloud - Digital Disruption - your business model is under thre...
It's More than Cloud - Digital Disruption - your business model is under thre...David Terrar
 
Superfast Business - The future of business presentation
Superfast Business - The future of business presentationSuperfast Business - The future of business presentation
Superfast Business - The future of business presentationSuperfast Business
 
Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...Invest Northern Ireland
 
3 keys to Digital transformation
3 keys to Digital transformation 3 keys to Digital transformation
3 keys to Digital transformation Equinix
 
Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...
Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...
Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...MicheleNati
 
T-Bytes Hybrid cloud infrastructure
T-Bytes Hybrid cloud infrastructure T-Bytes Hybrid cloud infrastructure
T-Bytes Hybrid cloud infrastructure EGBG Services
 
2015 i cdn_cloud_vypa_services
2015 i cdn_cloud_vypa_services2015 i cdn_cloud_vypa_services
2015 i cdn_cloud_vypa_servicesnetstairs
 
Discover - Emerging Cloud Technologies
Discover - Emerging Cloud TechnologiesDiscover - Emerging Cloud Technologies
Discover - Emerging Cloud TechnologiesLaurenWendler
 
EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017
EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017
EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017Gilbert Verdian
 
Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...
Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...
Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...Equinix
 
CETIC presentation
CETIC presentationCETIC presentation
CETIC presentationAgence du Numérique (AdN)
 

Contenu connexe

Tendances

Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsRick Huijbregts
 
Phil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of viewPhil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of viewVeritas Technologies LLC
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAVeritas Technologies LLC
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?MITRE - ATT&CKcon
 
Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Amazon Web Services
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?FactoVia
 
Oxford cluster overview 160414
Oxford cluster overview 160414Oxford cluster overview 160414
Oxford cluster overview 160414Stewart Benger
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolutionDan Brookman
 
Cubeitz 1 Million Bit Encryption
Cubeitz 1 Million Bit EncryptionCubeitz 1 Million Bit Encryption
Cubeitz 1 Million Bit EncryptionIan Ray
 
eDiscovery platform EMEA user conference 2017
eDiscovery platform EMEA user conference 2017eDiscovery platform EMEA user conference 2017
eDiscovery platform EMEA user conference 2017Veritas Technologies LLC
 
Future wireless - open roaming
Future wireless - open roamingFuture wireless - open roaming
Future wireless - open roamingJisc
 

Tendances (11)

Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter Organizations
 
Phil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of viewPhil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of view
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEA
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?
 
Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?
 
Oxford cluster overview 160414
Oxford cluster overview 160414Oxford cluster overview 160414
Oxford cluster overview 160414
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
 
Cubeitz 1 Million Bit Encryption
Cubeitz 1 Million Bit EncryptionCubeitz 1 Million Bit Encryption
Cubeitz 1 Million Bit Encryption
 
eDiscovery platform EMEA user conference 2017
eDiscovery platform EMEA user conference 2017eDiscovery platform EMEA user conference 2017
eDiscovery platform EMEA user conference 2017
 
Future wireless - open roaming
Future wireless - open roamingFuture wireless - open roaming
Future wireless - open roaming
 

Similaire à TechUK's Cloud 2020 Vision

It's More than Cloud - Digital Disruption - your business model is under thre...
It's More than Cloud - Digital Disruption - your business model is under thre...It's More than Cloud - Digital Disruption - your business model is under thre...
It's More than Cloud - Digital Disruption - your business model is under thre...David Terrar
 
Superfast Business - The future of business presentation
Superfast Business - The future of business presentationSuperfast Business - The future of business presentation
Superfast Business - The future of business presentationSuperfast Business
 
Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...Invest Northern Ireland
 
3 keys to Digital transformation
3 keys to Digital transformation 3 keys to Digital transformation
3 keys to Digital transformation Equinix
 
Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...
Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...
Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...MicheleNati
 
T-Bytes Hybrid cloud infrastructure
T-Bytes Hybrid cloud infrastructure T-Bytes Hybrid cloud infrastructure
T-Bytes Hybrid cloud infrastructure EGBG Services
 
2015 i cdn_cloud_vypa_services
2015 i cdn_cloud_vypa_services2015 i cdn_cloud_vypa_services
2015 i cdn_cloud_vypa_servicesnetstairs
 
Discover - Emerging Cloud Technologies
Discover - Emerging Cloud TechnologiesDiscover - Emerging Cloud Technologies
Discover - Emerging Cloud TechnologiesLaurenWendler
 
EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017
EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017
EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017Gilbert Verdian
 
Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...
Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...
Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...Equinix
 
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...Cohesive Networks
 
5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility 5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility Cygnet Infotech
 
Cisco connect winnipeg 2018 accelerating the secure digital business throug...
Cisco connect winnipeg 2018 accelerating the secure digital business throug...Cisco connect winnipeg 2018 accelerating the secure digital business throug...
Cisco connect winnipeg 2018 accelerating the secure digital business throug...Cisco Canada
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Canada
 
Ocean Protocol Presentation by CEO Bruce Pon 20171129
Ocean Protocol Presentation by CEO Bruce Pon 20171129Ocean Protocol Presentation by CEO Bruce Pon 20171129
Ocean Protocol Presentation by CEO Bruce Pon 20171129Team AI
 
Navigating the Horizon: The Evolution of the IT Industry and the Odyssey to S...
Navigating the Horizon: The Evolution of the IT Industry and the Odyssey to S...Navigating the Horizon: The Evolution of the IT Industry and the Odyssey to S...
Navigating the Horizon: The Evolution of the IT Industry and the Odyssey to S...IRJET Journal
 
Big Communications Event, Keynote Communications Track
Big Communications Event, Keynote Communications TrackBig Communications Event, Keynote Communications Track
Big Communications Event, Keynote Communications TrackRon Batra
 

Similaire à TechUK's Cloud 2020 Vision (20)

It's More than Cloud - Digital Disruption - your business model is under thre...
It's More than Cloud - Digital Disruption - your business model is under thre...It's More than Cloud - Digital Disruption - your business model is under thre...
It's More than Cloud - Digital Disruption - your business model is under thre...
 
Superfast Business - The future of business presentation
Superfast Business - The future of business presentationSuperfast Business - The future of business presentation
Superfast Business - The future of business presentation
 
Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Gar...
 
3 keys to Digital transformation
3 keys to Digital transformation 3 keys to Digital transformation
3 keys to Digital transformation
 
Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...
Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...
Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technolog...
 
T-Bytes Hybrid cloud infrastructure
T-Bytes Hybrid cloud infrastructure T-Bytes Hybrid cloud infrastructure
T-Bytes Hybrid cloud infrastructure
 
2015 i cdn_cloud_vypa_services
2015 i cdn_cloud_vypa_services2015 i cdn_cloud_vypa_services
2015 i cdn_cloud_vypa_services
 
Discover - Emerging Cloud Technologies
Discover - Emerging Cloud TechnologiesDiscover - Emerging Cloud Technologies
Discover - Emerging Cloud Technologies
 
EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017
EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017
EU Blockchain/DLT standardisation workshop - Strategic Plan 21st October 2017
 
Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...
Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...
Enabling the Future of Networks, Enterprises & Clouds - PTC 2014 - Steve Smit...
 
CETIC presentation
CETIC presentationCETIC presentation
CETIC presentation
 
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...
 
Blockchain for industry 4.0 HMI 2018
Blockchain for industry 4.0 HMI 2018Blockchain for industry 4.0 HMI 2018
Blockchain for industry 4.0 HMI 2018
 
5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility 5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility
 
Cisco connect winnipeg 2018 accelerating the secure digital business throug...
Cisco connect winnipeg 2018 accelerating the secure digital business throug...Cisco connect winnipeg 2018 accelerating the secure digital business throug...
Cisco connect winnipeg 2018 accelerating the secure digital business throug...
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
 
Ocean Protocol Presentation by CEO Bruce Pon 20171129
Ocean Protocol Presentation by CEO Bruce Pon 20171129Ocean Protocol Presentation by CEO Bruce Pon 20171129
Ocean Protocol Presentation by CEO Bruce Pon 20171129
 
CD Winter 2017 - Main Slides
CD Winter 2017 - Main SlidesCD Winter 2017 - Main Slides
CD Winter 2017 - Main Slides
 
Navigating the Horizon: The Evolution of the IT Industry and the Odyssey to S...
Navigating the Horizon: The Evolution of the IT Industry and the Odyssey to S...Navigating the Horizon: The Evolution of the IT Industry and the Odyssey to S...
Navigating the Horizon: The Evolution of the IT Industry and the Odyssey to S...
 
Big Communications Event, Keynote Communications Track
Big Communications Event, Keynote Communications TrackBig Communications Event, Keynote Communications Track
Big Communications Event, Keynote Communications Track
 

Plus de Ray Bugg

Digit Leaders 2023
Digit Leaders 2023 Digit Leaders 2023
Digit Leaders 2023 Ray Bugg
 
DIGIT North 2022
DIGIT North 2022DIGIT North 2022
DIGIT North 2022Ray Bugg
 
Digital Transformation Summit 2021
Digital Transformation Summit 2021Digital Transformation Summit 2021
Digital Transformation Summit 2021Ray Bugg
 
ScotSecure 2020
ScotSecure 2020ScotSecure 2020
ScotSecure 2020Ray Bugg
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Ray Bugg
 
DIGIT Expo 2019
DIGIT Expo 2019DIGIT Expo 2019
DIGIT Expo 2019Ray Bugg
 
DIGIT Expo 2019
DIGIT Expo 2019DIGIT Expo 2019
DIGIT Expo 2019Ray Bugg
 
Scotland's FinTech Summit 2019
Scotland's FinTech Summit 2019Scotland's FinTech Summit 2019
Scotland's FinTech Summit 2019Ray Bugg
 
Intelligent Automation 2019
Intelligent Automation 2019Intelligent Automation 2019
Intelligent Automation 2019Ray Bugg
 
DIGIT Leader 2019
DIGIT Leader 2019DIGIT Leader 2019
DIGIT Leader 2019Ray Bugg
 
DIgital Energy 2019
DIgital Energy 2019DIgital Energy 2019
DIgital Energy 2019Ray Bugg
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Ray Bugg
 
Digital Transformation Scotland 2019
Digital Transformation Scotland 2019Digital Transformation Scotland 2019
Digital Transformation Scotland 2019Ray Bugg
 
GDPR Scotland 2018
GDPR Scotland 2018GDPR Scotland 2018
GDPR Scotland 2018Ray Bugg
 
Fintech 2018 Edinburgh
Fintech 2018 EdinburghFintech 2018 Edinburgh
Fintech 2018 EdinburghRay Bugg
 
DIGIT Leader Summit 2018 - Edinburgh
DIGIT Leader Summit 2018 - EdinburghDIGIT Leader Summit 2018 - Edinburgh
DIGIT Leader Summit 2018 - EdinburghRay Bugg
 
IoT Scotland 2018
IoT Scotland 2018IoT Scotland 2018
IoT Scotland 2018Ray Bugg
 
Digital Energy 2018 Day 1
Digital Energy 2018 Day 1Digital Energy 2018 Day 1
Digital Energy 2018 Day 1Ray Bugg
 
Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Ray Bugg
 

Plus de Ray Bugg (20)

Digit Leaders 2023
Digit Leaders 2023 Digit Leaders 2023
Digit Leaders 2023
 
DIGIT North 2022
DIGIT North 2022DIGIT North 2022
DIGIT North 2022
 
Digital Transformation Summit 2021
Digital Transformation Summit 2021Digital Transformation Summit 2021
Digital Transformation Summit 2021
 
ScotSecure 2020
ScotSecure 2020ScotSecure 2020
ScotSecure 2020
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019
 
DIGIT Expo 2019
DIGIT Expo 2019DIGIT Expo 2019
DIGIT Expo 2019
 
DIGIT Expo 2019
DIGIT Expo 2019DIGIT Expo 2019
DIGIT Expo 2019
 
Scotland's FinTech Summit 2019
Scotland's FinTech Summit 2019Scotland's FinTech Summit 2019
Scotland's FinTech Summit 2019
 
Intelligent Automation 2019
Intelligent Automation 2019Intelligent Automation 2019
Intelligent Automation 2019
 
DIGIT Leader 2019
DIGIT Leader 2019DIGIT Leader 2019
DIGIT Leader 2019
 
DIgital Energy 2019
DIgital Energy 2019DIgital Energy 2019
DIgital Energy 2019
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
 
Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)
 
Digital Transformation Scotland 2019
Digital Transformation Scotland 2019Digital Transformation Scotland 2019
Digital Transformation Scotland 2019
 
GDPR Scotland 2018
GDPR Scotland 2018GDPR Scotland 2018
GDPR Scotland 2018
 
Fintech 2018 Edinburgh
Fintech 2018 EdinburghFintech 2018 Edinburgh
Fintech 2018 Edinburgh
 
DIGIT Leader Summit 2018 - Edinburgh
DIGIT Leader Summit 2018 - EdinburghDIGIT Leader Summit 2018 - Edinburgh
DIGIT Leader Summit 2018 - Edinburgh
 
IoT Scotland 2018
IoT Scotland 2018IoT Scotland 2018
IoT Scotland 2018
 
Digital Energy 2018 Day 1
Digital Energy 2018 Day 1Digital Energy 2018 Day 1
Digital Energy 2018 Day 1
 
Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Digital Energy 2018 Day 2
Digital Energy 2018 Day 2
 

Dernier

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Dernier (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

TechUK's Cloud 2020 Vision

  • 4. Fintech 2017 27th & 28th Sept www.fintech2017.co.uk #ftscot
  • 7. “Our problems are easy” Chris Swan @cpswan
  • 9.
  • 10.
  • 11.
  • 15.
  • 19. Date Scot-Cloud 2017 Physical paradigms? Where we’re going, we don’t need…
  • 20. Date Scot-Cloud 2017 Rider Levett Bucknall Professional Services Construction Industry 120 global offices Cost consultancy Building Surveying Project Management
  • 21. Date Scot-Cloud 2017 I have nothing to sell!!! • Cloud isn’t the be-all and end-all • Cloud can help break down the physical constraints in a business • Transitioning RLB to SaaS • Supporting anywhere working and remote access to systems and tools • Re-skilling the workforce to fit a new business model Transitioning to a new IT paradigm
  • 22. Date Scot-Cloud 2017 Sometimes, “easy” just… isn’t… • Legacy systems • What does “that box” actually do? • What does it do? • Can we switch it off? • Can it be re-created? • Intellectual Property • Concerns over security • GDPR • Management inertia Cloud isn’t the be-all and end-all…
  • 23. Date Scot-Cloud 2017 Beyond the hype? Cloud can help break down the physical constraints in a business. Why move back or stay on premise? • Cost control • Data security • True flexibility • Better, overall control
  • 24. Date Scot-Cloud 2017 Don’t do as I say. Or do. Transitioning RLB to SaaS Everything – subscription. • Hardware • Telephony • Networking • WiFi • Printing • Services • ERP • DMS
  • 25. Date Scot-Cloud 2017 The World is my office. Supporting working anywhere Mobility. Agility. Fragility? • Cost control • Data security • True flexibility • Have internet, will work…
  • 26. Date Scot-Cloud 2017 It’s not brain surgery. Re-skilling the workforce? Copy the home computing model • Simplicity • Security • Awareness • Sell the benefits
  • 29. techuk.org |@techUK | #techUK techUK 2020 Vision - Keeping the UK at the forefront of cloud adoption @techUK @channelswimsue
  • 30. techuk.org |@techUK |#techUK Cloud vital to UK Digital economy and society
  • 32. techuk.org |@techUK |#techUK Cloud 2020 Vision – The first step forward 6 Key Areas 10 Recommendations
  • 33. techuk.org |@techUK |#techUK 6 Key areas to be addressed 1. Enabling data portability and system interoperability within the cloud computing ecosystem 2. Building trust in the security of cloud computing services 3. Supporting the cultural shift required to optimise the use of cloud 4. Ensuring effective public sector adoption and usage of cloud 5. Having a communications infrastructure that keeps pace with mass cloud adoption 6. Building a coherent regulatory framework for cloud
  • 34. techuk.org |@techUK |#techUK Enabling data portability and system interoperability • techUK to develop with members a set of cloud interoperability principles • The European Commission should work closely with cloud computing providers.
  • 35. techuk.org |@techUK |#techUK Building trust in the security of cloud computing services • Bring together business leaders, cloud computing, cyber security experts and government official from BIS, DCMS, Home Office to: • Update the cloud security messaging being used today • Identifying possible solutions to building UK cloud confidence.
  • 37. techuk.org |@techUK |#techUK Embracing the change required to optimise the use of cloud • techUK’s Cloud Champions campaign will be launched • Showcasing employees, demonstrating how people can develop their skills and potential in cloud driven organisations.
  • 38. techuk.org |@techUK |#techUK Do you know a Cloud Champion?
  • 39. techuk.org |@techUK |#techUK Ensuring effective public sector adoption and usage of cloud • Government departments should engage with industry early in the commissioning process • Government departments and industry should work together to promote positive case studies • Public sector leaders should enable a culture which allows the public sector commissioners and buyers to leverage cloud computing as part of its business transformation.
  • 40. techuk.org |@techUK |#techUK techUK Cloud Business Guide
  • 42. techuk.org |@techUK |#techUK Having a communications infrastructure that keeps pace with mass cloud adoption • techUK will seek to engage with OFCOM to enter into a dialogue • Discuss the connectivity requirements needed to support and enable mass cloud adoption.
  • 43. techuk.org |@techUK |#techUK Building a coherent regulatory framework that supports cloud • The government’s planned Industrial Strategy and Digital Strategy should recognise the importance of cloud
  • 44. techuk.org |@techUK |#techUK Building a coherent regulatory framework that supports cloud • The European Commission’s Free Flow of Data Initiative should create a clear and simple regulatory framework • Prevent the emergence of specific data localisation requirements and obligations. Building a coherent regulatory framework that supports cloud…
  • 48. techuk.org |@techUK |#techUK 6 Key areas to be addressed 1. Enabling data portability and system interoperability within the cloud computing ecosystem 2. Building trust in the security of cloud computing services 3. Supporting the cultural shift required to optimise the use of cloud 4. Building a coherent regulatory framework for cloud 5. Ensuring effective public sector adoption and usage of cloud 6. Having a communications infrastructure that keeps pace with mass cloud adoption.
  • 49. techuk.org |@techUK |#techUK Cloud 2020 Vision – The first step forward Cloud 2020 Vision is the start of conversation Sue Daley Head of Programme Sue.daley@techuk.org +44 07701 289 964 @techUK @channelswimsue
  • 51. Presenter Securing the Cloud Generation Siân John EMEA Chief Strategist, Symantec
  • 52. 52Copyright © 2017 Symantec Corporation Always On and Everywhere Digital World Enhances or Replaces Much of the Physical World
  • 53. 53Copyright © 2017 Symantec Corporation Applications and Data Are Moving to The Cloud
  • 54. 54Copyright © 2017 Symantec Corporation The Drive for Data Privacy 54 Lack of Business Ownership Data Growth Emerging Technology Regulations Lack of Visibility Evolving Threat landscape Press Headlines Reputation Business Opportunity Customer Trust Drivers Inhibitors
  • 55. 55Copyright © 2017 Symantec Corporation Cloud Security Considerations Ensure Governance and Compliance Protect Cloud Interactions Protect Information Protect & Manage Infrastructure 55 Private Public / IaaS Public / PaaS Public / SaaS
  • 56. 56Copyright © 2017 Symantec Corporation Privacy most Important when Customers choose products or services Symantec State of Privacy Report 2015 https://www.symantec.com/content/en/us/about/presskits/b-state-of-privacy- report-2015.pdf. Delivering great customer service Keeping your data safe and secure Delivering quality products / services Treating their employees and suppliers fairly Being environmentally friendly 82% 86% 69% 56% 88%
  • 57. 57Copyright © 2017 Symantec Corporation Consumer Trust and Technology https://www.symantec.com/content/en/us/about/presskits/b-state-of-privacy-report-2015.pdf. 69% 66% 45% 22% 20% 10% Hospitals / medical services Banks Government Technology companies (i.e. Google, Microsoft) Retailers (Including online shops) Social media sites (i.e. Facebook, Twitter) Organisations whose business models are based on data (tech companies and social media companies) appear less trusted to keep customer data completely secure Data Trust Chain
  • 58. 58Copyright © 2017 Symantec Corporation Complications of Cloud Adoption • Who Owns the Comprehensive Service Level Agreements? • Single Pane of Glass? • Redundancy & High- Availability? • Vendor Compatibility? Cloud Web Gateway Provider Cloud DLP Provider Cloud Data Encryption Provider Cloud Access Control Provider Cloud Sandbox Provider Cloud Breach Analysis Cloud Forensic / Recording Cloud Email Scanning Cloud DDoS UBA Innovation for the Cloud Generation: Industry Has Created Cloud Security Chaos
  • 59. 59Copyright © 2017 Symantec Corporation Governance & Compliance Symantec UK IT Leaders Insight Summit 201159 Develop & enforce policies Audit & monitoring Ensure standardisation Monitor & control within the virtual machine Build controls into your application Private Public (SaaS)Public (IaaS) Public (PaaS)
  • 60. 60Copyright © 2017 Symantec Corporation Gaining Control of the Cloud Visibility Authentication Data Protection Secure Environment Adaptive Security Automation Ease of Use …know what is running / stored where… …ensure only right users can access the right apps/data… …safeguard my data everywhere and at all times… …ensure the environment is protected from malware and advanced threats… …security stays in-sync and scales with my constantly changing Cloud environment… …be able to automatically apply the right security with minimal human intervention… …manage my complex hybrid world from single control point…
  • 61. 61Copyright © 2017 Symantec Corporation Complex User Definition Regional Office Headquarters Data Center Security Stack
  • 62. 62Copyright © 2017 Symantec Corporation Complex User Definition Regional Office Headquarters Data Center Roaming Users Personal Devices Security Stack
  • 63. 63Copyright © 2017 Symantec Corporation Evolving Data Attack Surface Regional Office Headquarters Data Center Roaming Users Personal Devices Security Stack
  • 64. 64Copyright © 2017 Symantec Corporation The Expanding Network Regional Office Headquarters Data Center Roaming Users SSL Encryption IOT DevicesPersonal Devices SSL Encryption Security Stack SSL Encryption
  • 65. 65Copyright © 2017 Symantec Corporation Multi-Phased and Multi-Staged Attacks Regional Office Headquarters Data Center Roaming Users Security Stack SSL Encryption SSL Encryption SSL Encryption IOT DevicesPersonal Devices
  • 66. 66Copyright © 2017 Symantec Corporation Ensuring Safe Cloud Usage Regional Office Headquarters Data Center Roaming Users IOT DevicesPersonal Devices
  • 67. 67Copyright © 2017 Symantec Corporation Integrated Cyber Defence Platform Local Intelligence File URL Whitelist Blacklist Certificate Machine Learning OnPremises SIEM Integration Data Center Security EncryptionContent Analysis Web Protection Performance Endpoint Cloud Cloud Web Protection VIP Identity Cloud DLP CASB Managed PKI Messaging Data Center Security Cloud Sandbox Cyber Security Services Encryption Compliance Advanced Threat Protection Endpoint Encrypted Traffic Management DLP Security Analytics Management Malware Analysis SOC Workbench Third Party Ecosystem Cloud
  • 68. 68Copyright © 2017 Symantec Corporation Shadow IT Discovery & Controls Cloud Compliance Tokenization Cloud Incident Response Cloud Investigations Cloud Policy & Remediation Cloud DLP Cloud Intrusion Detection Cloud Malware Detection Multiple Source of Data & Control Points Proxy CASB Gateway Events Outside Perimeter Enterprise Perimeter Cloud API
  • 69. 69Copyright © 2017 Symantec Corporation Cloud Adoption and Protection Maximise Benefit from Cloud Usage • Build and Maintain Trust • Choose the Right Cloud(s) • Secure Digital Transformation Minimise Cloud Risk • Understand and Control your Cloud Usage • Know your Data • Harmonise Security Policies • Control Migration to the Cloud Ensure Compliance • Protect Data in and for the Cloud • Audit Cloud Activity Value of Adopting Security Best Practice
  • 70. 70Copyright © 2017 Symantec Corporation Thank You Siân John @sbj24 sian_john@symantec.com
  • 73. 73 Scot Cloud 2017: Network Security in the Third Platform Age Stephen Hampton CTO, Hutchinson Networks 10 July 2017
  • 74. 74 • Mobile • Social Media • Big Data • Cloud • IoT • Cognitive SystemsAI • Next Generation Security • 3D Printing • Natural Interfaces • Robotics Innovation Accelerators • 75% of IT Spend will be driven by Third Platform technologies. • 50% of Global 2000 businesses will depend on ability to create digitally enhanced products, services & experiences By 2019 Four Pillar Technologies The Third Platform
  • 75. 75 Expanding Attack Surface Proliferation of mobile and IoT devices significantly expand the attack surface. Cloud Providers and Service Providers in general become high impact, high profile targets IoT is an enabler for DDoS attacks. High Impact Breaches • Heart Monitors, • Driverless Cars • Baby Monitors “Public Cloud workloads will rise from 49% in 2015 to 68% in 2020” 68% 3x “There are will 3X as many IP connected devices in 2020 as there are people on the planet” Global cloud traffic will rise from 3.9ZB per year in 2015 to 14.1 ZB per year in 2020 14.1 “Smartphone traffic will overtake PC internet traffic by 2020”.
  • 76. 76 50% Micro-services, SDN, NFV, micro-segmentation and the end to end principal will eventual render the Security Perimeter irrelevant. Outside users access private cloud services on the inside Inside users access public cloud services on the outside Mobility, VPN, Smartphones, Tablets and IoT devices have all eroded the perimeter. Mobile Devices Inside Users Outside Users Micro Services The Increasingly Irrelevant Security Perimeter Over 50% of internet traffic is now encrypted and invisible to perimeter firewalls.
  • 77. 77 DDoS & Application Layer Attacks DYN Attack – October 2016 • Mirai Trojan Botnet (Linux IP Cameras and Home Routers) • Impacted Twitter, Github, NetFlix, Spotify, Amazon, AirBnB • 1.2 Tbps (unverified) of TCPUDP 53 traffic • DDoS take a volumetric approach by exploiting large Botnets. • Enormous amounts of data are transmitted which impact the target and often impact the service provider. • IoT is commonly used to create the Botnets. • Application Layer attacks target vulnerability in application code. • DDoS can be used as a cover for a more sophisticated Application Layer attack.
  • 78. 78 DDoS & Application Layer Attacks 53% 95% 67% 150% 53% of service providers identified more than 50 attacks per month 95% of service providers have experience application layer attacks 67% of service providers have experience multi-vector attacks The number DDoS attacks over 100 Gbps increased from 223 to 558 between 2015 and 2016
  • 79. 79 Third Platform Security Opportunities “By the end of 2017, 60% of major SIEM vendors will incorporate advanced analytics and UEBA (User and Entity Behavioural Analysis) into their products” Gartner Magic Quadrant for SIEM 2016
  • 80. 80 Third Platform Security Opportunities • Big data provides an opportunity to do more with security events • IoT provides more data collection points • Private and public cloud provides environments capable of processing the data • Global Security Intelligence – Talos (Cisco), Arbor Atlas & Digital Attack Map • Necessity is the mother of invention • Malware and Ransomware Detection • Co-ordination with Global Security Intelligence • Insider Threat • Public & Private IaaS is driving automation, orchestration and DevOps • Emergence of intent based automation models • Cisco Tetration – combines analytics and security automation • Cloud and social have heavily adopted HTTPS • 77% of Google Traffic is Encrypted • 50% of Internet Traffic in General is Encrypted • Intel Xeon E5 V3 – SSL Handshake Instructions Security Analytics End Point Security Security Automation Encryption
  • 81. 81 Third Platform Security Approaches Private Cloud • Information Security Policy (Mobile & Social) • Endpoint Security • IoT Management • 3rd Party Review • Vendor & Provider Management • Web & E-mail Filtering • Identity ManagementSingle Sign-on • Information Security Policy (Mobile & Social) • Endpoint Security • IoT Management • Web & E-mail Filtering • Identity ManagementSingle Sign-on • Software Defined (Micro-Segmentation – Zero Trust) • NFV (Network Functions Virtualisation) • SSL Termination • Application Layer Security • Provider Based DDoS • Automation and Orchestration Multi-Cloud Multi-CloudPrivate Cloud
  • 82. 82 Security Practice and Benefits • UK Data Sovereignty • Network Firewalling • Web Application Firewalls • Zero Trust Security Policy • SSL Offload Fabrix IaaS Security BenefitsHN - Network Security Practice • Firewalls • Security Analytics • SSL Offload • DDoS • Web Application Firewalls • Security Automation • VPN • Web and E mail Filtering
  • 83. 83 Stephen Hampton CTO, Hutchinson Networks stephenhampton@hutchinsonnetworks.com Twitter @sphampton
  • 84. ABERDEEN • EDINBURGH • GLASGOW • BRUSSELS @BrodiesTechBlog www.brodies.com/GDPR Scot-Cloud 2017 GDPR and cloud contracts workshop Martin Sloan, Partner Twitter: @lawyer_martin Email: martin.sloan@brodies.com
  • 85. Outline • What’s changing with GDPR? • Key issues for cloud contracts • Reviewing your contracts • Dealing with Amazon and Google etc
  • 86. GDPR – In brief • The General Data Protection Regulation (GDPR) – New EU-wide data protection law which will have direct effect in EU member states – Enters into force on 25 May 2018 – Greater consistency of regulatory treatment – Stronger and more coherent data protection framework – Backed by strong enforcement • Will apply in UK notwithstanding Brexit – Brexit white paper aspires to “friction free” data transfers with EU27 – GDPR will be incorporated into UK national law but prospect of divergence thereafter – Status of EU27/UK data transfers post-Brexit – adequacy finding/UK privacy shield? – Right to repatriate data to UK?
  • 87. Evolutionary Some concepts remain broadly similar • Key concepts – personal data, sensitive personal data, processing, data controllers, data processors etc • Data protection principles – recognizable, but explicit reference to both transparency and accountability • Conditions for processing – similar, but some changes • Data subject rights – broadly recognizable (subject access, rectification, processing restrictions), but there are some new ones • International transfers – same regime/same old issues • Basic data security obligations – BUT see new data security breach notification requirements • The ICO – still a UK national supervisory authority
  • 88. What’s changing? • Application – direct effect in member states • Transparency – enhanced fair processing transparency requirements • Consent – concept of consent tightened; easier for individuals to withdraw • Accountability – obligation to demonstrate compliance; use of privacy impact assessments • Administration – increased administration/record keeping requirements • Data subject rights – enhanced rights including subject access, increased ‘rights to be forgotten’ and data portability • Organisational principles – data protection by design and by default • Data processors – Statutory responsibility for data processors • Data protection officers – mandatory for certain organisations • Breach notification – mandatory breach notification for certain breaches • Supervisory authorities – lead authority; formal consistency mechanism • Sanctions – fines of up to 4% of worldwide turnover or €20M
  • 90. xkcd.com “The Cloud” http://xkcd.com/908/ Licensed under Creative Commons Attribution Non-Commercial 2.5 Licence
  • 91. The Cloud model SaaS Platform as a Service Infrastructure as a Service Software as a Service - services delivered over the Internet Storage, hosting and computing power delivered over the Internet Platform as a Service – computing platform offered over the Internet (processor) (sub-processor) (sub-sub-processor)
  • 92. Key issues for cloud contracts • Supplier diligence – Data security – are you satisfied that data will be kept secure? – Sub-processing – what subcontractors are used? Do you know? – Data location – where is the data held? Do you have control? • Privacy Impact Assessments – Have you carried out a PIA? – Have you identified the privacy risks and potential mitigation? – Is the processing still “high risk”? • Accountability – Can you demonstrate your compliance with GDPR? • Compliance – Does your contract include the express requirements set out in GDPR?
  • 93. What does GDPR require in your contract? Contractual requirement New under GDPR? More detail about what data is being processed, the types of individuals, and the purpose of the processing Yes – but may already be in some contracts Obligation to process only on instructions of the controller No Processor’s employees must commit to confidentiality Yes Data security Increase in detail Controls on appointment of sub-processors Yes Obligation to assist with data subject rights Yes Obligation to assist with data security, breach notification, DPIAs and consultations with regulators Yes Obligation to delete and destroy data Yes (though should be doing anyway) Obligation to provide information necessary to demonstrate compliance Yes Obligation to allow for and assist with audits/inspections Yes
  • 94. Action points • Existing cloud contracts – No grandfathering for existing contracts – Review your existing contracts • Understand the processing and review risks/non-compliance • Contract amendments • Migration to another vendor – Develop a contracts register • New cloud contracts – Build a PIA into your supplier diligence process – Adopt a contract checklist for cloud services – don’t assume the supplier’s terms and conditions comply – Develop template contracts? • Privacy Notices
  • 95. Introducing BOrganised • Online contract management service which helps clients to manage their contracts more effectively • Service is hosted and provided by Brodies • Key features – central contract repository accessible from anywhere with internet connection – secure, simple, intuitive and flexible – manage renewals and deadlines using e-mail alerts – contract ‘linking’ – generates contract summaries to allow at a glance review of key terms – searchable – virtual forum for contract discussions and to store key post contract documents to facilitate knowledge sharing Find out more: http://www.brodies.com/borganised
  • 96. Dealing with major cloud vendors
  • 97. Dealing with Google, Microsoft, Amazon etc • The problem: – GDPR requires controllers to have greater oversight and accountability: • PIAs and supplier diligence • Privacy by Design and Default • Access to information • Ability to demonstrate compliance – Consequences of a breach are more severe under GDPR – But, many cloud vendors operate a black box approach to data security and there is limited scope to negotiate on commoditised services • May impact on: – Understanding of where the data is held – What security measures are actually in place – Audit and inspection rights • GDPR also creates compliance problems for cloud service providers…
  • 100. Cloud contracts checklist Data Privacy Impact Assessment Issue Approach Compliance with GDPR contract requirements • Review the contract! • Identify material risks Location of data • Supplier diligence • Do you have control over data centre locations? • If outside the EEA, how are you ensuring there is a lawful transfer and that data is adequately protected? Adequacy of data security measures • Supplier diligence • Use of independent assurance reports (eg ISAE3402/SSAE16) • ISO 27001 accreditation
  • 101. Questions… GDPR Hub: http://www.brodies.com/GDPR Blog: http://techblog.brodies.com Twitter: @BrodiesTechBlog @lawyer_martin
  • 102. ABERDEEN • EDINBURGH • GLASGOW • BRUSSELS @BrodiesTechBlog www.brodies.com/GDPR Scot-Cloud 2017 GDPR and cloud contracts workshop Martin Sloan, Partner Twitter: @lawyer_martin Email: martin.sloan@brodies.com
  • 105.
  • 107. Our team • 120 Staff across the organisation: • 7 people work directly in IT: • 2 of those on our CRM platform. • 2 of those on service desk. • 2 of those projects/infrastructure. • 2 Developers
  • 108. Why?
  • 111. How?
  • 112. Case Study: Community Jobs Scotland Online Registration Modelling 3rd Party Data Contract Service Payments Processes On Boarding Public App Evaluation Monitoring Survey and Comms Apps
  • 113. Case Study: Community Jobs Scotland Online Registration Modelling 3rd Party Data Contract Service Payments Processes On Boarding Public App Evaluation Monitoring Survey and Comms Apps
  • 114. Case Study: Community Jobs Scotland • Savings of around £250K on first 12 months • Onboarding drops from 7 to 2 weeks • Claim back reduced by 80% • Programmes run in parallel • New services added in days rather than weeks • Teams can collaborate around problems from anywhere
  • 115. Case Study: Community Jobs Scotland
  • 117. Adoption • All Staff ‘Launches’ • Online Community – on the platforms • Success Group • Webinar Weekly Call In • Training (HOT and Online)
  • 120. SWAG
  • 121. Other Fun Strategies • Human style error messages: • Fun Indicators of quality
  • 123. Challenges and Rewards • C-Level Support. • Teams love the tools, but need constant engagement and encouragement. • Shadow IT - easier than before – but easier to block. • Compliance is easier as we can search and block activities. • Real $$$ Savings
  • 124. What's Next for us • Last legacy database – accounts– gone by October. • Extending our knowledgebases & examining options for machine learning. • Extend our automation.
  • 125. Our Experience • Focus on adoption and training: • Our team 10% min time spent on learning. • 40% of our effort is on training and supporting others. • Less time on fixing ‘stuff’. • Fun, engaging adoption - #1
  • 126. Alastair Dutton Head of Technology SCVO alastairdutton alidutton
  • 128. Understanding the real risks and challenges in the Cloud computing journey June2017 James Kwaan
  • 129. BIO Winner Malcolm Turner memorial prize June 2017 Wayne k. snipes prize may 2017
  • 130. Disclaimer The views expressed in this presentation may contain statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results are nothing to do with the author, the author’s current employer, or ISACA as they are personal views expressed by the author alone. The information upon which this presentation is based has either been comes from our the author’s own experience, knowledge and research from other companies. The opinions expressed in this report are those of the author and noone else – however due to the time constraints of producing the presentation we do not guarantee their fairness, completeness or accuracy. The opinions, as of this date, are subject to change. The author, the author’s current employer or ISACA does not accept any liability for your reliance upon them.
  • 131. Agenda • The challenges of the digital landscape and Cloud security risks • Where are businesses falling short in cloud security and what assurances should be taken • Amazon case study • The future of the Cloud market for organisations as a business enabler
  • 132. EVOLVING LANDSCAPE FOR ENTERPRISES Consumerization/Outso urcing • Mobile devices (Wearables / BYOD) • Digital FootPrint • Malware as a service • Enterprise as a Service • ANYTHING as a Service Continual Regulatory and Compliance Pressures • EU Privacy, Anti-Bribery, SOX, PCI, etc. • New country “specific “ data protection laws throughout 2014 • Canadian Anti-SPAM • Australian Privacy • Proposed Russian Privacy • ISO 27000, ISAE 3402 • Other regulations Emerging Trends • Decrease in time to exploit • Sharing of exploit kits • Big Data • Advanced persistent threats (APTs) as a Service • Multi-Billion Dollar CyberSecurity Industry • Solution Rich 132 | 7/10/2017
  • 133. CLOUD MARKET SHARE Feb 2017 133 | 7/10/2017 (Feb 2017 synergy group)
  • 134. What are the types of cloud based systems ? 134 | 7/10/2017 http://www.virtualclouds.in EXPERTISELoss of CONTROL
  • 135. Cloud risks dirty dozen – CSA (ref below)  Insufficient Due Diligence  Data Breaches  Data Loss  System Vulnerabilities  Insufficient Identity, Credentials and Access Management  Insecure Interfaces and API  Account Hijacking  Malicious Insiders  Abuse and Nefarious use of Cloud Services  Advanced Persistent Threats  Denial of Service  Shared Technology issues. https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf
  • 136. Risk Assessment Matrix What assets are you putting at risk ?  Validate the risks to assets  Does the analysis make sense ? Have you missed anything ?  Reduce the list to a top 10  Going with bigger lists never gets anything done !  I am always asked for my top 10 risks…… due to resoure constraints….  Validate the top 10 with the key business stakeholders  Are there any new objectives which change the risks ?  Get the key stakeholders to sign off the priorities  Get ownership for the risks
  • 137. Based on the risk – what assurances have you taken ? • SaaS example of web-based application key data held • Legal and technical aspects of data handling • Who has access to the data ? • IAM controls for users/admins • Logging access • Data Protection, E-Privacy • Encryption • Key management • Multi-tenancy • DDOS • Data back-ups
  • 138. Based on the risk – what assurances have you taken ? • Supplier assurance • When should you engage in checking the supplier and what should you check ? • Vulnerability and Penetration Testing • BCP/DR/Incident Response • Right to Audit • Right to obtain logs from key systems for access and forensics • Certifications • ISO27000 (ISO27001, ISO27018), ISAE 3402 , SSAE-16 and CSA-STAR • Transfers and use of third parties.
  • 139. Based on the risk – what assurances have you taken ? • Contractual agreements • SLA (service level agreement) • READ SLA and all supporting documentation • SLA should have an EXIT STRATEGY • MSA (master service agreement) • Change Management, Incident Response, Auditing and Reporting • Cyber insurance ?
  • 140. Case Amazon Study – your responsibilities
  • 141. Cost Considerations • Security capabilities for AMAZON • FREE • IAM and MFA • Certificate Manager • Storage and Database Encryption • Security groups, subnets, network ACLs • Architecture review (need to know your stuff) • CHARGED • Directory Service ( $0.05 - $0.496/hour) • Key Management Service ( $1/month) • Cloud HSM ($5000 to provision, $1.88/hour) • CloudWatch (see pricing for VPC logs) • Web Application Firewall ($5/month) • Amazon Inspector ($0.05 - $0.30 per agent/month) • Amazon CloudTrail ($2/ 100,000 events)
  • 142. CIS Amazon Best Practice guidance standard • Key areas • Identity and Access Management • Root account is NOT USED ! • Logging • Cloud Trail • VPC logging • Monitoring • I.e. if someone logs into root account create alarm • Networking • Backups • Use multiple Application Zones (Azs) or Data Centres • https://aws.amazon.com/architecture https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf
  • 143. Case Amazon Study – putting it all together ** = see refs
  • 144. The future of the cloud • By 2020 a Corporate “No-Cloud” Policy will be as rare as a “No-Internet” Policy • By 2019, more 30% of 100 largest vendors new software will have shifted to • “Cloud-ONLY” policy • By 2020 more compute power will have been sold by IaaS and PaaS than sold by • Enterprise data centres. • By 2019 the majority of VMs will be delivered by IaaS (*) (*= www.gartner.com/newsroom/id/3354117 )