Porticor - Can Data be safe in Public Clouds, in Compliance with Standards

•Télécharger en tant que PPSX, PDF•

1 j'aime•524 vues

giladpn

Can Data be safe in Public Clouds, in Compliance with Standards

3/29/2011 www.porticor.com © PORTICOR 2009, 2010 2 The Cloud Security Scales Lets talk about solutions Scare Stories? Or real issues?

3/29/2011 www.porticor.com © PORTICOR 2009, 2010 4 Typical Provider Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. Makes sense? Yes! But means you have to do some things…

Strong investment in security of the infrastructure Compliance with standards SAS70 ISO 27K PCI Enabling (key word!) customers to be compliant 3/29/2011 www.porticor.com © PORTICOR 2009, 2010 5 Provider responsibilitiesWhat can you expect?

Detailed advice from White Papers, Industry bodies and the community Emphasis on your responsibility for Security of whatever you install on the Cloud infrastructure Identities and their management Encryption and management of data Significant implementation Ability to achieve certification with standards (PCI, HIPAA, …) 3/29/2011 www.porticor.com © PORTICOR 2009, 2010 6 Customer responsibilitiesWhat can you expect?

Combining the security of the Cloud Infrastructure with your own responsibilities How? And… … What has really changed? What’s new, what carries over from the “old world”? 3/29/2011 www.porticor.com © PORTICOR 2009, 2010 7 Cloud SecurityMaking it all happen

Some known concepts translate to cloud with a twist APIs SaaS security Usage of IaaS And of course, there is some pretty new stuff More about this later… 3/29/2011 Copyright 2009, 2010 ©Porticor What’s new? What carries over?

3/29/2011 Copyright 2009, 2010 ©Porticor Translating known concepts to cloud Examples …and more

Secure distributed data storage Keys management Hypervisors and virtual machines Role of encryption changes New data protection measures emerge (i.e. fragmentation) Physical security of cloud environments 3/29/2011 www.porticor.com © PORTICOR 2009, 2010 10 Some new considerations

Package complex privacy and security technology Get the operations and economics right Pay as you go Privacy and security solutions can be brought up in a reasonable time – not months Privacy and security have proper service level guarantees Backed by proper SLA and/or Warranty 3/29/2011 www.porticor.com © PORTICOR 2009, 2010 11 Elasticity, Flexibility, Management

3/29/2011 ©Porticor Thank You! Questions ?

Contenu connexe

Tendances

The Cloud Assessment Tool (CAT) was developed by the Asia Cloud Computing Association (ACCA). It was refined through extensive and in-depth discussions over a period of 2 years between members of the WG and by looking at relevant cloud and IT specifications. The CAT defines the requirements placed on IaaS/PaaS solution providers to support stringent cloud applications. However, that perspective was subsequently extended to cover all application requirements. As such, its final realization has broad applicability. For more information, visit http://www.asiacloudcomputing.org

2011-2012 Cloud Assessment Tool (CAT) White Paper

accacloud

The healthcare industry is one which is often at the forefront of technology change. From hospital management to rural healthcare communities, from doctors and surgeons to pharmacists and lab technicians— there is often a tension between the urgent needs of the healthcare industry that compels rapid technology adoption, and a strict and heavily-regulated environment that defaults to caution when embracing new technology. Today, we see a healthcare industry that is moving towards the new paradigm of cloud computing with increasing optimism and trust. How can the healthcare industry best deploy cloud computing to achieve better patient outcomes? What are the current opportunities to start a digital transformation in a healthcare institution? Where are the opportunities for the healthcare industry to leverage cloud technology, and move towards an ideal of preventing disease whenever we can, for prevention is preferable to cure? What other prospects does cloud computing hold for the healthcare sector? This report will answer these questions by demonstrating the different innovative uses and deployment of cloud computing in six healthcare sub-verticals. These case studies show how technology and the healthcare industry can strengthen patient outcomes, and together, work towards the goal of staying healthy and well. For more information, visit us at http://www.asiacloudcomputing.org

Towards Better Patient Outcomes and Staying Well: The Promise of Cloud Comput...

accacloud

2011 ACCA Cloud Readiness Index

accacloud

2015 How important is Cloud Computing for building Crowd Networks? Crowdsourc...

accacloud

This report updates our 2015 research on the regulatory landscape impacting Cloud Services in APAC. It updates the current approaches governments and Regulators in nine selected APAC markets have taken towards cloud computing, and the environment these relevant policies and regulations have created for cloud adoption in the financial services sector. Financial Regulators’ outsourcing guidelines have a key role to play in shaping this environment, and can determine the extent FSIs can benefit from cloud computing technology. As with the previous report, we provide an overview of the regulatory landscape in Part 1. of this report. We also review and elaborate on best practice examples of the ten key cloud outsourcing risk management requirements that must be addressed in order for an FSI to adopt Cloud Services: 1. Due Diligence Process for Cloud Adoption, 2. Review, Monitoring and Control, 3. Audit, 4. Confidentiality and Security, 5. Resilience, Business Continuity and Disaster Recovery, 6. Data Transfer and Location, 7. Data Use Limitations, 8. Data Segregation, 9. Cloud Contracts and Subcontracting, and 10. Exit and Termination. This is followed by Part 2. which summarises the relevant regulations in each market according to these requirements. For more information, visit us at http://www.asiacloudcomputing.org

Asia's Financial Services on the Cloud 2018: Regulatory Landscape Impacting t...

accacloud

26 Nov 2013 - Law and Policy Meet the Cloud, by Bernie Trudel [IIC-TRPC Singa...

accacloud

28 Feb 2012 - Asia Opportunity, by Mark Ross [Questex Asia, Hong Kong]

accacloud

Access to data represents a huge potential in terms of potential economic growth and social enablement opportunities. It is not surprising then, that many governments are setting forth ‘digital economy’ agendas, including policy and regulatory frameworks, to ensure they maximize participation and opportunity. However, such a cross-cutting agenda is not without its challenges. Regulations put in place to enable or protect one part of the economy can damage growth in neighboring sectors or industries, often unintentionally. This research report takes an investigative look at the way five Asian economies—India, Indonesia, Japan, the Philippines, and Vietnam—are aggressively transitioning to more digitally enabled economies. For more information, visit http://www.asiacloudcomputing.org

2018 Cross-Border Data Flows: A Review of the Regulatory Enablers, Blockers, ...

accacloud

The Impact of Data Sovereignty on Cloud Computing offers detailed information describing the implications of data sovereignty law and policy on the adoption of cloud computing-based infrastructures and services in Asia. By describing and analyzing data sovereignty regulations in 14 countries in this study, the Association identifies potential bottlenecks that could slow adoption and threaten Asia’s digital future. The study serves to identify the gaps between an “ideal state” and the actual realities in Asian countries around policy, legal and commercial cloud drivers to provide a tool for businesses organizations, cloud service providers and policy makers to look at cloud in a more holistic manner. This report provides substantive detailed analysis for each of the 14 countries, including 4-5 page detailed insights into the regulatory environment for data sovereignty in each country and recommendations for each country to bring attention to the highest priority issues that if addressed will bring the country closer to the “ideal state.” For more information, visit http://www.asiacloudcomputing.org

The Impact of Data Sovereignty on Cloud Computing in Asia 2013 by the Asia Cl...

accacloud

Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...

accacloud

Cross-border data access, usage, and exchange are essential to economic growth in the digital age. Every sector—including manufacturing, services, agriculture, and retail—relies on data and on the global flow of that data. Whether directly, or by indirectly taking advantage of global-scale data infrastructure such as cloud computing, global connectivity has enabled cross-border economic activity, allowing individuals, startups, and small businesses to participate in global markets. However, while the economic and trade opportunity from connectivity and data flows are significant, governments are increasingly introducing measures which restrict data flows—data localization measures. This report reviews the various mechanisms by which governments are attempting to manage their digital economy. It covers the issues of data localization and data residency, clarifies cross-border data flow restrictions by developing a typology of data localization mechanisms like privacy, cybersecurity, law enforcement, digital protectionism, and levelling the playing field for businesses. Sponsored by the Asia Cloud Computing Association, this report was independently researched and published by the Brookings Institution and TRPC Pte Ltd. For more information, visit us at http://www.asiacloudcomputing.org

Regulating for a Digital Economy: Understanding the Importance of Cross-Borde...

accacloud

The ACCA developed this report with the primary purpose of equipping CSPs with an understanding of the current regulatory landscape in APAC, and their FSI customers’ key regulatory challenges to adopting Cloud Services. This report aims to help CSPs to develop and provide solutions to these challenges. In particular, this report: 1. provides CSPs with a database of issues and possible solutions to discuss with their FSI customers; 2. provides CSPs with recommendations as to how to comply with the current regulatory landscape; and 3. supports CSPs in their engagement with relevant governments and Regulators. This report may also be used by Regulators and FSIs to understand the current regulatory landscape in APAC and the key opportunities and challenges to adopting Cloud Services. For more information, visit us at http://www.asiacloudcomputing.org

2015 Asia's Financial Services: Ready for the Cloud - A Report on FSI Regulat...

accacloud

Asian countries top the new Cloud Readiness Index (CRI) 2016 released by the Asia Cloud Computing Association (ACCA). The CRI places Hong Kong, Singapore, New Zealand and Australia above markets such as Germany, the United Kingdom (UK) and the United States (US), showing that Asia economies are indeed leading the world in cloud readiness. This is also the first time that the 14-market Asia Pacific-focused study also includes a sample of six non-Asian markets for comparative analysis.

Cloud Readiness Index 2016 by the Asia Cloud Computing Association

accacloud

Small and medium-sized enterprises represent well over 90% of all businesses in Asia, and across the 14 markets under review they employ some 1.02 billion people and contribute around $10.9 trillion directly into the economies in which are based (49.1% of total GDP for the region.) They also spend significantly as a group on ICT. Cloud computing – and cloud computing technology – has the potential to be the ‘great leveller’ for both SMEs and developing economies. This is because cloud offers the prospect of both the access to enterprise grade tools on a pay-per-use basis making them immediately accessible and affordable, and the ability to scale up and down such access as required (elasticity of use). In other words, upfront capex requirements go down substantially. What are their challenges to using cloud? How can this technology be made more available to SMEs, so that they can harness its power for digital transformation? This report reviews 14 markets' SME industry, and establishes market size, characteristics, and identifies industries most likely to undergo digital transformation. For more information, visit http://www.asiacloudcomputing.org

SMEs in Asia Pacific: The Market for Cloud Computing - Case Studies of 14 mar...

accacloud

The purpose of this paper is to contribute to, and help drive the formation of, policies concerning cloud computing in Asia. The paper addresses the increasing complexities surrounding the transfer of data between jurisdictions, and the problems this poses for operators, such as carriers, remittance service providers, social networks, Internet and e-commerce companies, offering legitimate cross-border data transfer services. This paper builds on original research developed by the ACCA in 2013 as part of a broader and ongoing study on Data Sovereignty throughout the Asia Pacific. It argues that law makers and regulators should balance their efforts to protect personal data privacy and data in key sectors, such as banking and health services, with solutions that facilitate and therefore lower the cost of data transfers under all reasonable circumstances. For more information, visit us at asiacloudcomputing.org

Report on Cloud Data Regulations 2014: A contribution on how to reduce the co...

accacloud

Asia Cloud Computing Association’s (ACCA) Response to the Merchant Acquiring ...

accacloud

Cybersecurity at a premium: The state of cyber resilience in insurance

accenture

The ASEAN Data Protection Index 2020 uses seven Principles of Personal Data Protection in the ASEAN Framework on Data Protection 2016 to assess the level of data protection across various economies. This is the first index to use the ASEAN Framework on Data Protection as a best practice guideline, where the assessment of a positive data protection policy posture by a country would be one which promotes the free flow of data across borders.

The ASEAN Data Protection Index 2020

FairTechInstitute

Digital is transforming all industries and becoming the growth engine of the global economy. To scale, the building blocks of the digital economy require Interconnection. Interconnection is at the center of today’s key macro trends, including digital trade, urbanization and cybersecurity. Until now, Interconnection, the private exchange of data between companies, has never been quantified or analyzed. By 2020, the Global Interconnection Index predicts Interconnection Bandwidth will outpace the growth of internet traffic by 2X and 6X the volume…and is expected to experience compounding growth year-over-year in all regions, industries and use cases. Download the Global Interconnection Index today - http://eqix.it/SSIndex17

The Global Interconnection Index - Measuring Growth of the Digital Economy

Equinix

The Cloud Readiness Index 2012 is the second iteration of this index. The CRI was designed to track the development of the necessary infrastructure and enabling environment for cloud computing across leading Asian economies. By mapping the conditions required for successful implementation, the Asia Cloud Computing Association (ACCA) aims to identify potential bottlenecks that could slow adoption and limit the ability of Asian economies to take advantage of the cloud computing future. The Index also serves to help identify critical gaps to be addressed in the form of policy, legal and commercial cloud drivers. For more information, visit us at http://www.asiacloudcomputing.org

Cloud Readiness Index 2012 by the Asia Cloud Computing Association

accacloud

Tendances (20)