Cloud Computing Security: Security Strategies for Cloud Service Providers and Their Customers
Monday September 20, 2010 , 7 min Read
This morning event is part of IBF Media's Technology Series and brings timely information on the latest trends to senior technology and IT professionals as well as venture investors looking for investment opportunities. YourStory is the media partner for this event. The current event will focus on cloud security and the challenges that small and large enterprises face in implementing the cloud in their organizations. This event will provide timely information on security issues when enterprises are implementing the cloud in their organizations.In the last few years, cloud computing has grown from being a promising business concept to one of the fastest growing segments of the IT industry. Now, recession-hit companies are increasingly realising that simply by tapping into the cloud they can gain fast access to best-of-breed business applications or drastically boost their infrastructure resources, all at negligible cost. But as more and more information on individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is. In this discussion the speakers evaluate the following with regard to cloud security:
- Every breached security system was once thought infallible
- Understanding the risks of cloud computing
- How cloud hosting companies have approached security
- Local law and jurisdiction where data is held
- Best practice for companies in the cloud
- What are some of the best ways of securing information in the cloud and how can customers and technology companies implement these in their cloud offering to protect the client's data.
Virtualization and cloud computing haven't eroded the online security of most companies, analysts say. But they may be contributing to situations in which IT-service customers leave themselves vulnerable to attack because they assume their cloud provider is taking care of security. "Security and cloud hosting are two separate things, but the cost of entry is so low, and often so simple, that customers may not do as much due diligence as they should to find out who's responsible for security," says Ezra Gottheil, an analyst who covers server issues for Technology Business Research. Placement of responsibility for security in cloud computing arrangements is so ill-defined that Gartner felt it was necessary to list access to information about how a cloud service works and a service level agreement spelling out customer expectations and requirements in a report released recently. In March, research from the Cloud Security Alliance listed customer ignorance of security practices and service providers' refusal to give information to relieve it among the seven top security risks in cloud computing. According to the Cloud Security Alliance's research, cloud projects and the risks they entail may be "complicated by the fact that cloud deployments are driven by anticipated benefits, [and] by groups who may lose track of the security ramifications." The nature of the cloud computing business means many customers or potential customers have no idea how exposed they really are when they put a website or other corporate application on someone else's hardware, says Josh Corman, analyst for The 451 Group. Most cloud and website hosting customers assume their provider is responsible for keeping their site safe even though that's not always the case.
This event presents and discusses one of the key challenges of cloud computing, which is securing a company's valuable information. One of the fundamental issues facing CIO and technology professionals today is if they deploy the cloud how do they a secure their applications and information. The panel will be composed of luminaries from the technology industry, successful venture investors from the Indian venture capital world as well as IT professionals from companies in India that are facing the security challenges head on and competing in this space to win customers.
List of Speakers
Raghavan Subramanian Associate Vice President Infosys
Raghavan has over 15 years of work experience in areas such as cloud-computing, Social-media, Internet application security, eCommerce, EAI, business-IT strategy and telecom.
Raghavan holds a Bachelor’s degree in Electronics & Communication Engineering from the Bharathidasan University, Tamilnadu, India
aghavan heads the cloud computing and J2EE centers of excellence. He is responsible for Infosys service offerings, building competencies, creating adoption accelerators and establishing Infosys thought leadership in this space.
Raghavan was earlier the product manager for the Infosys Social Media platform, a SaaS offering. In this role he was responsible for the creation of several web 2.0 modules like video-uploads, blogs, online communities, forums, social analytics and integrating them in a holistic manner.
Prior to this he was program-manager of a consortium of technology companies that came together to build an online-collaboration portal for a famous think-tank organization to connect the leaders of the world. He headed the technology consulting group of EMEA. He has reviewed/defined the IT strategy of telecom-service-providers, banks and retail organizations in the US, Europe and Australia.
He was earlier with SETLabs leading the information-security, EAI, BPM and OOAD research teams. He has published several papers, co-authored 2 patents and has been an invited speaker in multiple forums.
Srikanth Karnakota
Srikanth is Director for Cloud Platform Strategy and Partnerships at Microsoft India. He is responsible for developing and defining core platform strategies for Microsoft India, and driving platform adoption with customers and partners. He played a key role in building Cloud Services models based on vertical industry solutions for manufacturing clusters and evolved innovative business models with key Telcos, ISVs and SIs to service the small business segment.
In his earlier role Srikanth built and incubated Start-ups and Venture capital engagement arm of Microsoft India. He led strategic business development activities thru start-up engagements and ISVs. Prior to joining Microsoft, Srikanth was the early employee of a young Indian product company Pramati Technologies and established their business development activities in the US.
He holds a bachelor’s degree in engineering from JNTU University and an MBA from Indian Institute of Foreign Trade where he was EXIM bank scholarship for outstanding performance.
Geoff Charron, VP Software Engineering CA Technologies (India Technology Center)
Geoff Charron, Vice President Software Engineering responsible for leading the Security and Mainframe products group in ‘CA Technologies,India Technology Center (ITC) at Hyderabad.
Geoff has over 18 years of engineering and management experience directing global teams in the design, development, marketing, and delivery of enterprise software products. Over the last ten years he has built and managed software engineering teams in the US, China, and India.
Prior to joining CA Geoff led the development of several market leading enterprise security products at Gradient Technologies, Netegrity (acquired by CA) and BEA Systems (acquired by Oracle).
Geoff graduated with Bachelors and Masters degrees in Mechanical Engineering from Worcester Polytechnic Institute in Worcester, Massachusetts.
Bikram Barman, Senior Engineering Manager at RSA, The Security Division of EMC
Bikram Barman is a seasoned technology professional with over 14 years of experience across multiple technologies and domains.
He is currently a Senior Engineering Manager at RSA, The Security Division of EMC leading products and solutions engineering teams focussed on Virtualization & Cloud Security.
He has been a key contributor to Cloud Security Alliance Guidelines (Virtualization Security in the Cloud) and several articles on Cloud and Virtualization security.
He is also on the board of directors for CSA - Bangalore Chapter.
Target Audience
IT professionals, CIOs, CTOs, senior and mid-level managers of technology and technology services organizations, venture and technology investors, professionals from IT outsourcing firms and system integrators, and practice leaders in IT services firms.
