Maintaining Control and Compliance in Cloud Computing: Data-centric information security

No ratings

Presented at AUScert 2010 by

Andrew Younger

There’s no doubt about it: virtualization is the future. With its promises of flexibility, ease of use, and lower costs, Service Oriented Architectures (SOA) and Virtualization have lead IT toward the new outsourced computing model known as Cloud. The success of Software-as-a-service (SaaS) Cloud-based processes have fast become the next-generation SOA solutions for a number of today’s applications. Corporate acceptances of Cloud-based processes have moved beyond CRMs and Web Portals toward more traditional core business applications. The introduction of these approaches into the traditional enterprise has definite business advantages, but also some serious governance, compliance and security implications. The "virtual" nature of Cloud removes many of the physical work-flow and control points to contain sensitive information. It is essential that Cloud-enabled security platform take on a data-centric approach. This session will provide details on the impact of Cloud on information security and the data-centric solutions for specific use-cases. What are the information risks moving to the Cloud? How can sensitive information be used within the Cloud? What are the data-centric solutions for isolation information in a Cloud?