[conference] 인터넷 개방성 포럼 특강 : 클라우드 혁신과 보안

주제	인터넷 개방성 포럼 특강 : 클라우드 혁신과 보안 -       Is Cloud Computing the End of Security and Privacy as We Know It?
장소	Gangnam Finance Center 21st floor
일시	2013년 04월 04일 (목) 7PM~9PM
강사	Eran Feigenbaum, 구글 엔터프라이즈 보안 총괄 (Director of Security Google Enterprise)
주관	Google Korea
초점	Cloud computing, security in the cloud

I.       Why Google Enterprise?

1.       Many Clients

1)      미국고객사- 100대 미국 대학 중 72개교에서 사용 (2012년 9월 조사)

2)      한국고객사- POSCO, Chosun biz, Dong-A Pharm, Groupon Korea, Hyundai U&I, Samsung, Hyundai Motors, TMON, pantos logistics, Korea University, McDonalds, YG Entertainment

2.       Trends

1)      Privacy와 Security가 더욱 중요해짐

①  Blogs- 200 blogs (10 years ago)--> 200 million blogs (today)

②  YouTube Videos- 70 hours’ worth/1 min (today)

③  Security Innovation: two step verification

2)      Competitors- Your competitors are moving to Cloud computing for efficiency and other benefits which reside in the cloud

3.       Benefit to Software Vendors

1)      Various OS- can focus on innovation and software is always up-to-date

4.       Economic Benefit

1)      Reduced IT Cost- lower IT costs with a 10 to 20% reduction being typical (IDC, 2012)

2)      Improved co-work efficiency- e.g. Delta Air Lines- decreased budget time by 30%

II.      What does cloud computing mean from a security perspective?

1.       Data safe on premise? - 60% of corporate data resides unprotected on PC desktops and laptops

2.       1 out of 10 laptop computers will be stolen within 12 months

3.       66% USB thumb drive lose (over 60% corporate data in them)-> PC stolen, I’m not worried

III.     IT manager's perspective: Why is security so tough?

1.       Patching problem server patch deploy 25 to 56 days on average to deploy an OS patch-> no server is needed.

IV.    Cloud server provider perspective

1.       Build, buy and pay for everything I own, security team, server, etc

V.      Can the cloud vendor do security better than you?

1.       Google- the biggest server manufacturer

1)      Server hardening- disabling unused items

2)      IT system fails. Google has over 300 security professionals in malware, drive-by download, etc.

3)      Works like a bank- instead of a person hiding his money in his attic, depositing money in banks can be more convenient and safer.

4)      Data storage- 3 copies of my email in 6 servers

VI.    How do you know if they are as good as the claim?

1.       3,000 new businesses added/day

2.       Different frameworks- CSA, ENISA, NIST, and many others (check out audit reports)

VII.   Incident response? ->Need to walk through security drill within your company

1.       Monitoring

2.       Proprietary change control software continually monitors

3.       24x7 security team

4.       Incident coordinator

5.       Incident remediation

6.       Incident notification- early detection through homogeneous servers matching Google's gold standard-> send alerts -> let the clients know if clients data is attacked

VIII.  Privacy?

1.       Who owns your data?-> You

2.       What can the data is used for?-> Your use

3.       Who has access to your data?-> You

4.       What laws govern the data?-> jurisdiction

IX.    Google protects your privacy externally (jurisdiction matters here)

1.       government transparency report- www.google.com/transparencyreport

2.       users information such as IP address or last log-in info can be opened

X.      참고

1.       Ask what my exit strategy is: how can I get my data out if I change my mind in the future?

2.       Cloud computing

1)      IaaS (amazon, ec2)- data patch

2)      PaaS (salesforce.com, google xxx)

3)      SaaS (RFP security)

XI.    Reference

1.       Good to know campaign- http://www.google.com/goodtoknow/

2.       Read- 구글을 가장 잘쓰는 직장인 되기 (http://goo.gl/p1BKk)

3.       구글 인터넷 개방성 포럼- https://sites.google.com/site/pressforumforit/home