주제
|
인터넷 개방성 포럼 특강 : 클라우드 혁신과 보안
-
Is Cloud Computing the End
of Security and Privacy as We Know It?
|
장소
|
Gangnam Finance Center 21st floor
|
일시
|
2013년 04월 04일 (목) 7PM~9PM
|
강사
|
Eran Feigenbaum, 구글 엔터프라이즈 보안 총괄 (Director of Security Google Enterprise)
|
주관
|
Google Korea
|
초점
|
Cloud computing, security in the cloud
|
I.
Why Google Enterprise?
1. Many Clients
1) 미국고객사- 100대 미국 대학 중 72개교에서 사용 (2012년 9월 조사)
2) 한국고객사- POSCO, Chosun biz, Dong-A Pharm, Groupon Korea, Hyundai U&I, Samsung,
Hyundai Motors, TMON, pantos logistics, Korea University, McDonalds, YG
Entertainment
2. Trends
1) Privacy와 Security가 더욱 중요해짐
① Blogs- 200 blogs (10 years ago)--> 200 million blogs (today)
② YouTube Videos- 70 hours’ worth/1 min (today)
③ Security Innovation: two step verification
2)
Competitors- Your competitors
are moving to Cloud computing for efficiency and other benefits which reside in
the cloud
3. Benefit to Software Vendors
1) Various OS- can focus on innovation and software is always up-to-date
4. Economic Benefit
1) Reduced IT Cost- lower IT costs with a 10 to 20% reduction being typical
(IDC, 2012)
2) Improved co-work efficiency- e.g. Delta Air Lines- decreased budget time
by 30%
II.
What does cloud computing mean from a security perspective?
1.
Data safe on premise? - 60% of corporate data
resides unprotected on PC desktops and laptops
2.
1 out of 10 laptop computers will be stolen
within 12 months
3. 66% USB thumb drive lose (over 60% corporate data in them)-> PC stolen,
I’m not worried
III.
IT manager's perspective: Why is security so tough?
1.
Patching problem server patch deploy 25 to 56
days on average to deploy an OS patch-> no server is needed.
IV.
Cloud server provider perspective
1.
Build, buy and pay for everything I own, security
team, server, etc
V.
Can the cloud vendor do security better than you?
1.
Google- the biggest server
manufacturer
1)
Server hardening- disabling
unused items
2)
IT system fails. Google has over
300 security professionals in malware, drive-by download, etc.
3)
Works like a bank- instead of a
person hiding his money in his attic, depositing money in banks can be more
convenient and safer.
4)
Data storage- 3 copies of my
email in 6 servers
VI.
How do you know if they are as good as the claim?
1.
3,000 new businesses added/day
2.
Different frameworks- CSA,
ENISA, NIST, and many others (check out audit reports)
VII.
Incident response? ->Need to walk
through security drill within your company
1.
Monitoring
2.
Proprietary change control
software continually monitors
3.
24x7 security team
4.
Incident coordinator
5.
Incident remediation
6.
Incident notification- early
detection through homogeneous servers matching Google's gold standard-> send
alerts -> let the clients know if clients data is attacked
VIII. Privacy?
1.
Who owns your data?-> You
2.
What can the data is used for?->
Your use
3.
Who has access to your data?->
You
4.
What laws govern the data?->
jurisdiction
IX.
Google protects your privacy externally (jurisdiction matters here)
2.
users information such as IP
address or last log-in info can be opened
X.
참고
1.
Ask what my exit strategy is:
how can I get my data out if I change my mind in the future?
2.
Cloud computing
1)
IaaS (amazon, ec2)- data patch
2)
PaaS (salesforce.com, google
xxx)
3)
SaaS (RFP security)
XI.
Reference