Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
|
|
- Bartholomew Anderson
- 8 years ago
- Views:
Transcription
1 Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark
2 Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2
3 What is Cloud Computing? Compute as a utility: third major era of computing Mainframe PC Client/Server Cloud computing: On demand model for allocation and consumption of computing Cloud enabled by: Moore s Law: Costs of compute & storage approaching zero Hyperconnectivity: Robust bandwidth from dotcom investments Service Oriented Architecture (SOA) Scale: Major providers create massive IT capabilities
4 How to think about Cloud Perfect storm convergence of existing technologies in a new business model The next platform for software applications Disruption! Not one cloud many types and deployments of cloud Aspects of our legacy we can learn from but key differences Mainframes Virtualization Outsourcing Challenges many of our IT definitions, e.g. what is data?
5 What is Different in the Cloud? Many concepts in the cloud are similar to concepts in standard outsourcing There are at least four themes which require a different mindset when working on security for cloud services: Role clarity for security controls Legal / jurisdictional / cross-border data movement Virtualization concentration risk Virtualization network security control parity. 5
6 What is Different in the Cloud? Role Clarity Security ~ THEM Security ~ YOU SaaS Software as a Service IaaS Infrastructure as a Service PaaS Platform as a Service
7 What is Different in the Cloud? Legal / Jurisdictional Issues Amplified Cloud Provider Datacenter in London, U.K. Cloud Provider Datacenter in Sao Paolo, Brazil Cloud Provider Datacenter in Geneva, Switzerland Cloud Provider Datacenter in Tokyo, Japan Your Corporate Data? Cloud Provider Datacenter in San Francisco, USA
8 What is Different in the Cloud? Virtualization Concentration Risks Old Way Hack a System New Way Hack a Datacenter Hypervisor
9 What is Different in the Cloud? Virtualized N-Tier Control Equivalence Current Way New Way Users Internet How do we ensure control parity? Hypervisor FW WAF NIDS / IPS Presentation Layer Data Layer FW WAF NIDS / IPS Internet Users
10 Key Cloud Security Problems From CSA Top Threats Research: Trust: Lack of Provider transparency, impacts Governance, Risk Management, Compliance Data: Leakage, Loss or Storage in unfriendly geography Insecure Cloud software Malicious use of Cloud services Account/Service Hijacking Malicious Insiders Cloud-specific attacks
11 Cloud Security Alliance Guidance 11
12 Cloud Security Alliance Guidance Operating in the Cloud Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Governing the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Available at
13 Defining Cloud On demand provisioning Elasticity Multi-tenancy Key types Infrastructure as a Service (IaaS): basic O/S & storage Platform as a Service (PaaS): IaaS + rapid dev Software as a Service (SaaS): complete application Public, Private, Community & Hybrid Cloud deployments
14 Governance and Enterprise Risk Management Operating in the Cloud Due Diligence of providers governance structure and process in addition to security controls. SLA s Risk Assessment approaches between provider and user should be consistent. Consistency in Impact Analysis and definition of likelihood Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
15 Legal and Electronic Discovery Operating in the Cloud Mutual understanding of roles related to litigation, discovery searches and expert testimony Data in custody of provider must receive equivalent guardianship as original owner Unified process for responding to subpoenas and service of process, etc Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
16 Compliance and Audit Operating in the Cloud Right to Audit Clause Cloud Architecture Analyze Impact or Regulations on data security Prepare evidence of how each requirement is being met Auditor qualification and selection Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
17 Information Lifecycle Management Operating in the Cloud How is Integrity maintained? If compromised how its detected and reported? Identify all controls used during date lifecycle Know where you data is! Understand provider s data search capabilities and limitations Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
18 Portability and Interoperability Operating in the Cloud IaaS - Understand VM capture and porting to new provider especially if different technologies used. PaaS Understand how logging, monitoring and audit transfers to another provider SaaS perform regular backups into useable form without SaaS. Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
19 Security, Business Continuity and Disaster Recovery Operating in the Cloud Conduct an onsite inspection whenever possible Inspect cloud providers disaster recovery and business continuity plans Ask for documentation of external and internal security controls adherence to industry standards? Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
20 Data Center Operations Operating in the Cloud Demonstration of Compartmentalization of systems, networks, management, provisioning and personnel Understanding of providers patch management policies and procedures should be reflected in the contract! Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
21 Incident Response, Notification and Remediation Operating in the Cloud May have limited involvement in Incident Response, understand prearranged communicated path to providers incident response team What incident detection and analysis tools used? Will proprietary tools make joint investigations difficult? Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
22 Application Security Operating in the Cloud S-P-I creates different trust boundaries in SDLC account for in dev, test and production Obtain contractual permission before performing remote vulnerability and application assessments provider inability to distinguish testing from an actual attack Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
23 Encryption and Key Management Operating in the Cloud Separate key management from provider hosting the data creating a chain of separation Understand provider s key management lifecycle: how keys are generated, used, stored, backed up, rotated and deleted Ensure encryption adheres to industry and government standards when stipulated in the contract Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
24 Identity and Access Management Operating in the Cloud IAM is a big challenge today in secure cloud computing Identity avoid providers proprietary solutions unique to cloud provider Local authentication service offered by provider should be OATH compliant Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Governing the Cloud Encryption and Key Management Identity and Access Management Virtualization
25 Virtualization Operating in the Cloud Understand internal security controls to VM other than built in Hypervisor isolation IDS, AV, vulnerability scanning etc. Understand external security controls to protect administrative interfaces exposed (Web-based, API s) Reporting mechanisms that provides evidence of isolation and raises alerts if a breach of isolation occurs. Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud
26 Additional Cloud Security Alliance Resources 26
27 Cloud Security Alliance Initiatives 1. GRC Stack 2. Security Guidance for Critical Areas of Focus in Cloud Computing 3. Cloud Controls Matrix (CCM) 4. Consensus Assessments Initiative 5. Cloud Metrics 6. Trusted Cloud Initiative 7. Top Threats to Cloud Computing 8. CloudAudit 9. Common Assurance Maturity Model 10. CloudSIRT 11. Security as a Service 27
28 Cloud Controls Matrix Tool Controls derived from guidance Rated as applicable to S-P-I Customer vs Provider role Mapped to COBIT, HIPAA, ISO/IEC , NIST SP and PCI DSS Help bridge the gap for IT & IT auditors
29 Contact Help us secure cloud computing Cloud Security Alliance, Chicago Chapter LinkedIn:
30 Questions? 30
Cloud Security Alliance: Industry Efforts to Secure Cloud Computing
Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Jim Reavis, Executive Director September, 2010 Cloud: Dawn of a New Age Art Coviello - the most overhyped, underestimated phenomenon
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationCloud Security: Critical Threats and Global Initiatives
Cloud Security: Critical Threats and Global Initiatives Richard Zhao, Founder and Board Member of CSA-GCC Chief Strategy Officer, NSFOCUS Sept. 2010 What is Cloud Computing? Compute as a utility: third
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationCloud Computing Security Issues
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationGlobal Efforts to Secure Cloud Computing
April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute
More informationSTORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationTOOLS and BEST PRACTICES
TOOLS and BEST PRACTICES Daniele Catteddu Managing Director EMEA, Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing security assurance within
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationCloud Computing. Cloud Computing An insight in the Governance & Security aspects
Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationSECURE CLOUD COMPUTING
Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationCloud Computing Business, Technology & Security. Subra Kumaraswamy Director, Security Architecture, ebay
Cloud Computing Business, Technology & Security Subra Kumaraswamy Director, Security Architecture, ebay COT2010 29 June 2010 Cloud Computing: Evolution not a Revolution 2 What s Driving Interest in Clouds
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationSECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP
SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson
More informationIT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.
IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT
More information10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns
BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationD. L. Corbet & Assoc., LLC
Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationHow To Secure Cloud Computing
A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationCloud Security Certification
Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible
More informationIntel IT Cloud 2013 and Beyond. Name Title Month, Day 2013
Intel IT Cloud 2013 and Beyond Name Title Month, Day 2013 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel and the
More informationCloud Computing in a Regulated Environment
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
More informationCloud Infrastructure Security
Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and
More informationWorking Group on. First Working Group Meeting 29.5.2012
Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of
More informationCloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014
Cloud Security Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Agenda Introduction Security Assessment for Cloud Secure Cloud Infrastructure
More informationRE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC
RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure
More informationSecuring The Cloud With Confidence. Opinion Piece
Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery
More informationGovernance and Control in the Cloud. Infrastructure as a Service
1 Governance and Control in the Cloud Infrastructure as a Service Cows 2 The Triumph of the Utility 3 Our Discussion 4 How we ll talk about Governance and Controls today Not an IT-assurance methodology
More informationCloud Computing Risk and Rewards
Cloud Computing Risk and Rewards John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society Convergence 2013 May 8, 2013 John
More informationHow To Protect Your Cloud From Attack
SESSION ID: CDS-R03 Security Lessons Learned: Enterprise Adoption of Cloud Computing Jim Reavis Chief Executive Officer Cloud Security Alliance @cloudsa Agenda What we are going to cover The current &
More informationAssessing, Evaluating and Managing Cloud Computing Security
Assessing, Evaluating and Managing Cloud Computing Security S.SENTHIL KUMAR 1, R.KANAKARAJ 2 1,2 ASSISTANT PROESSOR, DEPARTMENT OF COMMERCE WITH COMPUTER APPLICATIONS Dr.SNS RAJALAKSHMI COLLEGE OF ARTS
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationVisions of Clouds and Cloud Security. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Visions of Clouds and Cloud Security Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Visions of Clouds and Cloud Security What is the Cloud? PAAS SAAS IAAS Chris Hoff s Model
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationProtec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli
Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Vice President, IT Risk Management McKesson Corpora-on What is Your Business Model? Economic Moats In business, I look
More informationA HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY
Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Subhash Sankuratripati NetApp SNIA Legal Notice The material contained in
More informationCreating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services
Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services Managing Governance, Risk, and Compliance for Cloud Information Security Introduction Businesses today are
More informationHow to procure a secure cloud service
How to procure a secure cloud service Dr Giles Hogben European Network and Information Security Agency Security in the cloud contracting lifecycle Can cloud meet your security requirements Choose the provider
More informationCloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
More informationAre You Prepared for the Cloud? Nick Kael Principal Security Strategist Symantec
Are You Prepared for the Cloud? Nick Kael Principal Security Strategist Symantec What is Cloud Computing? Cloud Computing refers to the delivery of software (SaaS), infrastructure (IaaS), and/or platform
More informationResidual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)
Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening
More informationCAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST
CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationThreat Modeling Cloud Applications
Threat Modeling Cloud Applications What You Don t Know Will Hurt You Scott Matsumoto Principal Consultant smatsumoto@cigital.com Software Confidence. Achieved. www.cigital.com info@cigital.com +1.703.404.9293
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationBuilding an Effective
Building an Effective Cloud Security Program Becky Swain Co-Founder/Chair, CSA CCM Board Member, CSA Silicon Valley Chapter Partner, EKKO Consulting Marlin Pohlman Co-Chair, CSA CCM Co-Chair/Founder, CSA
More informationBuilding an Effec.ve Cloud Security Program
Building an Effec.ve Cloud Security Program Laura Posey Senior Security Strategist, Microso3 Corpora6on Co- Chair, CSA CAIQ Programming Chair, NY Metro CSA Chapter Is Cloud worth it? Yes! Pla?orm for Innova.on
More informationAuditing Cloud Computing and Outsourced Operations
Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, 2012 3:30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls
More informationINTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS
INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing
More information! Global Efforts to Secure! Cloud Computing
ay 2012! Global Efforts to Secure! Cloud Computing Jim Reavis Executive Director loud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationWrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors
1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationCapturing the New Frontier:
Capturing the New Frontier: How Software Security Unlocks the Power of Cloud Computing Executive Summary Cloud computing is garnering a vast share of IT interest. Its promise of revolutionary cost savings
More informationNew Requirements for Security and Compliance Auditing in the Cloud
GOVERNANCE STRATEGIES New Requirements for Security and Compliance Auditing in the Cloud Cloud computing poses new challenges for IT security, compliance, and audit professionals who must protect corporate
More informationAdopting Cloud Computing with a RISK Mitigation Strategy
Adopting Cloud Computing with a RISK Mitigation Strategy TS Yu, OGCIO 21 March 2013 1. Introduction 2. Security Challenges Agenda 3. Risk Mitigation Strategy Before start using When using 4. Policy & Guidelines
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationCloud IaaS: Security Considerations
G00210095 Cloud IaaS: Security Considerations Published: 7 March 2011 Analyst(s): Lydia Leong, Neil MacDonald Ensuring adherence to your organization's security and compliance requirements is one of the
More informationThe Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.
The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 18th December 2014 Duration 2 Days Location Dublin Course Code SS906 Programme Overview Cloud Computing is gaining increasing
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationCompliance and the Cloud: What You Can and What You Can t Outsource
Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick
More informationDispelling the Myths about Cloud Computing Security
Dispelling the Myths about Cloud Computing Security security is no longer an hinderance to the cloud! Leo F. Howell, CISSP CISA CCSK Knowledge MYTH we are all talking about the same cloud Discussion cloud
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationSECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING
SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com
More informationIs it Time to Trust the Cloud? Unpacking the Notorious Nine
Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More information6 Cloud computing overview
6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationThe Future Of Cloud Computing. Thursday, September 1, 11
1 The Future Of Cloud Computing 2 ::Setting Some Context Cloud Computing is a natural, disruptively innovative and timely opportunistic response to a converging set of socioeconomic, political, cultural
More informationAgenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems
Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems Cloud Security Alliance, 2015 Agenda Charter /Members What is Data Governance Data
More informationCyberSource Payment Security. with PCI DSS Tokenization Guidelines
CyberSource Payment Security Compliance The PCI Security Standards Council has published guidelines on tokenization, providing all merchants who store, process, or transmit cardholder data with guidance
More informationEmerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices
Emerging Approaches in a -Connected Enterprise: Containers and Microservices Anil Karmel Co-Founder and CEO, C2 Labs Co-Chair, NIST Security Working Group akarmel@c2labs.com @anilkarmel Emerging Technologies
More informationFACING SECURITY CHALLENGES
24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays
More information