The Benefits of the Cloudsor

Avoiding The Cloud Trap!

Adrius42

Recording some of the Jericho Forum thinking as it is Thunk!

Then decide to which type of Cloud you want to move?

F I R S T C L A S S I F Y Y O U R D A T A !!! Determine what rules MUST apply to it.

Must it only exist in specific trust levels? For example can it leave Europe?

Does it have to stay in Safe Harbours?Must it stay in Europe?

We need a universal data classification model that is simple (cf G8 TLP)We need a recognised trust level standard for all aspects of computing We need standardised meta data that signals to “cloud security” the data’s security needs

Then decide do you want to move to the Clouds

To Cloud or Not to Cloud?

Clouds

Traditional

Then decide what data you want to allow in the Clouds

With what degree of translucency

For all Clouds are not equal...

Fully automatedData Redundancy

Fully automatedDisaster Recovery

Fully automatedData Backup and

Recovery

Massively Scalable

Fully automatedSystem Redundancy

Full on Clouds this way >>>>>

<<<< Same old Traditional Approach

Self owned Disk StorageData Redundancy ...sometimes

Warmish Back up Data CentreFor Disaster RecoverySignificant switching impactAnd testing costs

Tapes sent by TruckData Backup andRecovery variable risk

ManualSystem Recovery

Then decide what level you want to operate in the Clouds

Cloud Layers

Process

Software

Platform

Infrastructure

Outcome / ValueA

b s

t r

a c

t I

o n

o

c c

u r

s

h e

r e

!

1st

2nd

3rd

Last!

Orc

hest

ratio

n

Security and IdA

M

Then decide to which form of Cloud you want to move

Cloud Forms

Internal

External

Cloud Forms

Proprietary Open

Cloud Forms

Proprietary Open

Internal

External

Cloud Forms

Perimeterised

Deperimeterised

To get through here you need a

Collaboration Oriented

Architecture and the Jericho Forum Commandments

Cloud Forms

Perimeterised

Deperimeterised

Proprietary Open

Internal

External

Cloud Forms

Perimeterised

Deperimeterised

Proprietary Open

Internal

External

We need inter cloud “IPI” standards... especially those that enable Collaboration.IPI=“Information Programming Interface” There has to be a better name!!!

Cloud Patterns

Perimeterised

Deperimeterised

Proprietary Open

Internal

External

Recognise some pathways between Clouds will be easier to enable than others!

Cloud Patterns

Perimeterised

Deperimeterised

Proprietary Open

Internal

External

...and ”then” ensure the controls you require are

available in the Clouds... ...Oops!!!

You mean “Cloud Security Central”

doesn’t exist?

Cloud Layers

Process

Software

Platform

Infrastructure

Outcome / ValueA

b s

t r

a c

t I

o n

o

c c

u r

s

h e

r e

!

1st

2nd

3rd

Last!

Orc

hest

ratio

n

Security and IdA

M

Cloud Maturity Scale

We haven’t even identified all the needs yet.

Bread Crumb DetectorBread Crumb Hoover

Cloud Identity Services

and their ProvidersWhat about Trust Levels?

Proposed Individual Trust LevelsTrust Intent Impact Trust Level Authentication PhysicalLevel Label Activity World equiv

T0 Stay None Anonymous None - Unidentified

T1 Self Insignificant Self Asserted None PseudonymAssertion*

T2 Proof Minor Document Verified Authenticated: Proof of Abodeof Identity Name, Address, Age Electricity

Bill

T3 T2+ Ability Major Legally/ Financially Authenticate Credit Credit Card to Commit Verified Worthiness and / Pay

Payment Method

1Pay* Ability to Pay Varied Single use Authenticate Credit a single Financially Worthiness and Single Cashtransaction Verified Use Payment Method

T4 T2+ Material Government Government Passport Gov Id Verified

T5 Protect Catastrophic Military Grade Positive Vetting Security Lives Clearance*1Pay: Can be appended to any Trust Level