Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012"

Transcription

1 Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012

2 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters Building best practices and a trusted cloud ecosystem Agile philosophy, rapid development of applied research Research /research Education /education/training/ Certification CCSK (individual) /certifyme CSA STAR (provider) /star To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing

3 One view of CSA: Cloud Security Standards Incubator CSA is not an SDO CSA research projects last 2-6 months Research artifacts made available to SDOs In some cases, SDOs may assume ownership CSA a neutral community for all SDOs Gives industry a fast track to standards alignment > > Rapid Research Accredited Standard

4 CSA Guidance Research Cloud Architecture Popular best practices for securing cloud computing Flagship research project V2.1 released 12/2009 V3 released 11/2011 Over 250k downloads Operating in the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Governing the Cloud /research/guidance Security as a Service

5 CSA GRC Stack Family of 4 research projects Provider Assertions Cloud Controls Matrix Consensus Assessments Initiative Cloud Audit Cloud Trust Protocol Tools for governance, risk and compliance mgt Private, Community & Public Clouds Control Requirements

6 Cloud Controls Matrix Tool Controls derived from guidance Mapped to familiar frameworks: ISO 27001, COBIT, PCI, HIPAA, FISMA, FedRAMP Rated as applicable to S-P-I Customer vs Provider role Help bridge the cloud gap for IT & IT auditors

7 Consensus Assessment Initiative Research tools and processes to perform shared assessments of cloud providers Integrated with Controls Matrix CAI Questionnaire released Oct 2010, over 140 provider questions to identify presence of security controls or practices Use to assess cloud providers today, procurement negotiation, contract inclusion, quantify SLAs

8 CloudAudit Open standard and API to automate provider audit assertions Change audit from data gathering to data analysis Necessary to provide audit & assurance at the scale demanded by cloud providers Uses Cloud Controls Matrix as controls namespace Use to instrument cloud for continuous controls monitoring

9 Cloud Trust Protocol (CTP) Developed by CSC, transferred to CSA Open standard and API to verify control assertions Question and Answer asynchronous protocol, leverages SCAP (Secure Content Automation Protocol) Integrates with Cloud Audit Now we have all the components for continuous controls monitoring

10 CSA STAR Registry CSA STAR (Security, Trust and Assurance Registry) Public Registry of Cloud Provider self assessments Based on Consensus Assessments Initiative Questionnaire Provider may substitute documented Cloud Controls Matrix compliance Voluntary industry action promoting transparency Free market competition to provide quality assessments Provider may elect to provide assessments from third parties /star

11 Trusted Cloud Initiative Comprehensive Cloud Security Reference Architecture Secure & interoperable Identity in the cloud Getting SaaS, PaaS to be Relying Parties for corporate directories Scalable federation Outline responsibilities for Identity Providers Assemble reference architectures with existing standards https://cloudsecurityalliance.org/research/tci/

12 Security as a Service Information Security Industry Re-invented Define Security as a Service security delivered via the cloud Articulate solution categories within Security as a Service Guidance for adoption of Security as a Service Align with other CSA research Delivered as the14 th domain within CSA Guidance version 3. https://cloudsecurityalliance.org/research/workinggroups/secaas/

13 CSA Mobile Mobile the Portal to the Cloud BYOD, New OSes, application stores, mobile clouds Our Initiative Security Guidance for Critical Areas of Focus in Mobile Computing Secure application stores Solutions for personal and business use of a common mobile device Cloud based security mgt of mobile devices Security frameworks and architecture Scalable authentication and secure mobile app development /mobile

14 Standards-related related work Contributions of Cloud Controls Matrix to ISO/IEC SC27, ITU-T FG 17 Informal collaboration between TCI & NIST Contribution of Security as a Service to ITU-T FG 17 Contribution of CloudAudit to ITU-T FG 17, possibly IETF track Alignment of Cloud Controls Matrix and FedRAMP, FISMA Security Guidance 3.0 submission as a Publicly Referenceable Standard at ISO/IEC

15 Thank you! cloudsecurityalliance.org

Global Efforts to Secure Cloud Computing

Global Efforts to Secure Cloud Computing April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago Global Efforts to Secure Cloud Computing Jason Witty President, Cloud Security Alliance Chicago Cloud: Ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart

More information

! Global Efforts to Secure! Cloud Computing

! Global Efforts to Secure! Cloud Computing ay 2012! Global Efforts to Secure! Cloud Computing Jim Reavis Executive Director loud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

GRC Stack Research Sponsorship

GRC Stack Research Sponsorship GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary

More information

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Jim Reavis, Executive Director September, 2010 Cloud: Dawn of a New Age Art Coviello - the most overhyped, underestimated phenomenon

More information

Building an Effective

Building an Effective Building an Effective Cloud Security Program Becky Swain Co-Founder/Chair, CSA CCM Board Member, CSA Silicon Valley Chapter Partner, EKKO Consulting Marlin Pohlman Co-Chair, CSA CCM Co-Chair/Founder, CSA

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors 1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance

More information

A view from the Cloud Security Alliance peephole

A view from the Cloud Security Alliance peephole A view from the Cloud Security Alliance peephole Cloud One million new mobile devices - each day! Social Networking Digital Natives State Sponsored Cyberattacks? Organized Crime? Legal Jurisdiction & Data

More information

US Government Driven Cloud. A panel discussion including: DMTF, Cloud Security Alliance, NIST and SNIA

US Government Driven Cloud. A panel discussion including: DMTF, Cloud Security Alliance, NIST and SNIA US Government Driven Cloud Computing Standards A panel discussion including: DMTF, Cloud Security Alliance, NIST and SNIA Lee Badger: Computer Scientist, Computer Security Division, National Institute

More information

TOOLS and BEST PRACTICES

TOOLS and BEST PRACTICES TOOLS and BEST PRACTICES Daniele Catteddu Managing Director EMEA, Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing security assurance within

More information

The Cloud Security Alliance

The Cloud Security Alliance The Cloud Security Alliance Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

Building Trust in Global Cloud Computing Systems

Building Trust in Global Cloud Computing Systems Building Trust in Global Cloud Computing Systems Jim Reavis, CEO & Founder Cloud Security Alliance Global, not-for-profit organization Building security best practices for next generation IT Research and

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

GRC and Cloud Services. By David Lingenfelter 2012

GRC and Cloud Services. By David Lingenfelter 2012 GRC and Cloud Services By David Lingenfelter 2012 Background > MaaS360 SaaS Cloud Model > Mobile Device Management > FISMA Moderate Certified > SAS-70/SOC-2 > Member of the Cloud Security Alliance > Participant

More information

Cloud Computing Risk management @HKQAA Symposium Antony Ma Chairman, CSA-HK&M Chapter Global, not-for-profit organization Over 40,000 individual members, around 200 corporate and affiliate members, 64

More information

Corporate Membership. For Solution Providers

Corporate Membership. For Solution Providers Corporate Membership For Solution Providers Introduction Welcome to the Cloud Security Alliance. The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing

More information

Open Certification Framework. Vision Statement

Open Certification Framework. Vision Statement Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption

More information

Security Lessons Learned: Enterprise Adoption of Cloud Computing

Security Lessons Learned: Enterprise Adoption of Cloud Computing SESSION ID: CDS-R03 Security Lessons Learned: Enterprise Adoption of Cloud Computing Jim Reavis Chief Executive Officer Cloud Security Alliance @cloudsa Agenda What we are going to cover The current &

More information

Cloud Audit and Cloud Trust Protocol. By David Lingenfelter 2011

Cloud Audit and Cloud Trust Protocol. By David Lingenfelter 2011 Cloud Audit and Cloud Trust Protocol By David Lingenfelter 2011 Background > MaaS360 SaaS Cloud Model > Mobile Device Management > FISMA Moderate Certified > SAS-70/SOC-2 Cloud Adoption Obstacles Planning

More information

Working Group on. First Working Group Meeting 29.5.2012

Working Group on. First Working Group Meeting 29.5.2012 Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of

More information

Cloud Security Certification

Cloud Security Certification Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible

More information

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix

More information

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey A Comparison of IT Governance & Control Frameworks in Cloud Computing Jack D. Becker ITDS Department, UNT & Elana Bailey ITDS Department, UNT MS in IS AMCIS 2014 August, 2014 Savannah, GA Presentation

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Security in the Green Cloud

Security in the Green Cloud Security in the Green Cloud Smart and Green infrastructure symposium 2011 Prague May 19 th 2011 Steinthor Bjarnason sbjarnas@cisco.com 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

More information

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Vice President, IT Risk Management McKesson Corpora-on What is Your Business Model? Economic Moats In business, I look

More information

Visions of Clouds and Cloud Security. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Visions of Clouds and Cloud Security. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Visions of Clouds and Cloud Security Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Visions of Clouds and Cloud Security What is the Cloud? PAAS SAAS IAAS Chris Hoff s Model

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Cloud Data Governance Research Sponsorship

Cloud Data Governance Research Sponsorship Cloud Data Governance Research Sponsorship Overview Cloud Computing marks the decrease in emphasis on 'systems' and the increase in emphasis on 'data'. With this trend, Cloud Computing stakeholders need

More information

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization

More information

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Cloud Security Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Agenda Introduction Security Assessment for Cloud Secure Cloud Infrastructure

More information

Cloud Computing Standards: Overview and ITU-T positioning

Cloud Computing Standards: Overview and ITU-T positioning ITU Workshop on Cloud Computing (Tunis, Tunisia, 18-19 June 2012) Cloud Computing Standards: Overview and ITU-T positioning Dr France Telecom, Orange Labs Networks & Carriers / R&D Chairman ITU-T Working

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members

More information

2011 Cloud Security Alliance, Inc. All rights reserved.

2011 Cloud Security Alliance, Inc. All rights reserved. Vast Landscape of Cloud Standards Development Organizations (SDOs) 2 4 Mission Statement (Non-Profit) Promote common level of understanding Consumers Providers Security Requirements Attestation of Assurance

More information

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014 IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security

More information

Cloud Security: Critical Threats and Global Initiatives

Cloud Security: Critical Threats and Global Initiatives Cloud Security: Critical Threats and Global Initiatives Richard Zhao, Founder and Board Member of CSA-GCC Chief Strategy Officer, NSFOCUS Sept. 2010 What is Cloud Computing? Compute as a utility: third

More information

Big Data Research Sponsorship

Big Data Research Sponsorship Big Data Research Sponsorship Overview The term Big Data refers to the massive amounts of digital information companies and governments collect about us and our surroundings. Providing security and privacy

More information

Robert Brammer. Senior Advisor to the Internet2 CEO rfbtech@internet2.edu. Internet2 NET+ Security Assessment Forum. 8 April 2014

Robert Brammer. Senior Advisor to the Internet2 CEO rfbtech@internet2.edu. Internet2 NET+ Security Assessment Forum. 8 April 2014 Robert Brammer Senior Advisor to the Internet2 CEO rfbtech@internet2.edu Internet2 NET+ Security Assessment Forum 8 April 2014 INTERNET2 NET+ Security Initiative Primary objective -- develop guidance to

More information

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public. Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM

More information

Logically Securing a Public Cloud Service

Logically Securing a Public Cloud Service SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only

More information

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom Cloud Architecture and Management M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom Cloud Computing Architecture Reference Architecture, Terminology and Definitions Akaza Cloud Architecture

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Building an Effec.ve Cloud Security Program

Building an Effec.ve Cloud Security Program Building an Effec.ve Cloud Security Program Laura Posey Senior Security Strategist, Microso3 Corpora6on Co- Chair, CSA CAIQ Programming Chair, NY Metro CSA Chapter Is Cloud worth it? Yes! Pla?orm for Innova.on

More information

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs Eric Simmon January 28 th, 2014 BACKGROUND Federal Cloud Computing Strategy Efficiency improvements will shift resources towards higher-value

More information

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS

More information

How RSA has helped EMC to secure its Virtual Infrastructure

How RSA has helped EMC to secure its Virtual Infrastructure How RSA has helped EMC to secure its Virtual Infrastructure A new solution, the RSA solution for Cloud Security and Compliance, has been developed and is now available to all of our customers. Luciano

More information

IIA Conference. September 18, 2015. Paige Needling Director, Global Information Security Recall, Inc.

IIA Conference. September 18, 2015. Paige Needling Director, Global Information Security Recall, Inc. IIA Conference September 18, 2015 Paige Needling Director, Global Information Security Recall, Inc. IT SECURITY UMBRELLA Compliance for IT Data Privacy Protection Privacy Risk Assessment Vulnerability

More information

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Cloud Standardization, Compliance and Certification Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Todays Agenda IT Resourcing with Cloud Computing and related challenges Landscape

More information

Adopting Cloud Computing with a RISK Mitigation Strategy

Adopting Cloud Computing with a RISK Mitigation Strategy Adopting Cloud Computing with a RISK Mitigation Strategy TS Yu, OGCIO 21 March 2013 1. Introduction 2. Security Challenges Agenda 3. Risk Mitigation Strategy Before start using When using 4. Policy & Guidelines

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

Close-Up on Cloud Security Audit

Close-Up on Cloud Security Audit Close-Up on Cloud Security Audit Douglas W. Barbin 2014 BrightLine CPAs & Associates, Inc. All Rights Reserved 1 About Me Partner at BrightLine 17 years experience in security, assessments, forensics,

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management

More information

TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014

TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014 TRUSTED CLOUD Our commitment to provide a cloud you can trust Fernando Machado Píriz September 2014 Technology Trends Driving cloud adoption 71% of strategic buyers cite scalability, cost and business

More information

Selecting a Cloud Service Provider (CSP)

Selecting a Cloud Service Provider (CSP) Selecting a Cloud Service Provider (CSP) Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK, CompTIA Cloud Essentials Principal, ncontrol, LLC Adjunct Professor President, Cloud Security

More information

Cloud Channel Summit 2015 @rhipecloud #RCCS15

Cloud Channel Summit 2015 @rhipecloud #RCCS15 Cloud Channel Summit 2015 @rhipecloud #RCCS15 About the Cloud Security Alliance Global, not-for-profit organisation 300 member driven organization with over 56,000 individual members in 65 chapters worldwide

More information

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Brochure More information from http://www.researchandmarkets.com/reports/2213812/ Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Description: The auditor's guide to ensuring

More information

Public Cloud Workshop Offerings

Public Cloud Workshop Offerings Cloud Perspectives a division of Woodward Systems Inc. Public Cloud Workshop Offerings Cloud Computing Measurement and Governance in the Cloud Duration: 1 Day Purpose: This workshop will benefit those

More information

Data, Data, Who Has The Data?

Data, Data, Who Has The Data? Data, Data, Who Has The Data? 13 February 2015 Mari Heiser IBM STSM (Senior Technical Staff Member) Master Certified Architect IBM Cloud Security and Compliance Twitter: @MariHeiser What is Cloud? The

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

Dispelling the Myths about Cloud Computing Security

Dispelling the Myths about Cloud Computing Security Dispelling the Myths about Cloud Computing Security security is no longer an hinderance to the cloud! Leo F. Howell, CISSP CISA CCSK Knowledge MYTH we are all talking about the same cloud Discussion cloud

More information

Are You Prepared for the Cloud? Nick Kael Principal Security Strategist Symantec

Are You Prepared for the Cloud? Nick Kael Principal Security Strategist Symantec Are You Prepared for the Cloud? Nick Kael Principal Security Strategist Symantec What is Cloud Computing? Cloud Computing refers to the delivery of software (SaaS), infrastructure (IaaS), and/or platform

More information

Toward global Interoperable Identity Management

Toward global Interoperable Identity Management ITU-T Joint Meeting on the IdM Focus Group Reports Toward global Interoperable Identity Management Anthony-Michael Rutkowski Vice-President, VeriSign Chair, ITU-T IdM FG Requirements WG Geneva, 10-11 September

More information

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define

More information

Cloud Computing Security. Belmont Chia Data Center Solutions Architect

Cloud Computing Security. Belmont Chia Data Center Solutions Architect Cloud Computing Security Belmont Chia Data Center Solutions Architect 1 Cloud Computing Security What is this Cloud stuff? Security in Public Clouds Security in Private Clouds 2 Defining Cloud Computing

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

Trusted Multi-Tenant Infrastructure

Trusted Multi-Tenant Infrastructure Trusted Multi-Tenant Infrastructure February 14 th 2011 Copyright 2011 - Trusted Computing Group Trusted Multi-Tenant Infrastructure Workgroup Market Observations: Multi-Tenant security is an end-to-end

More information

The standards landscape in cloud

The standards landscape in cloud The standards landscape in cloud PRESENTATION computing TITLE GOES HERE Vincent Franceschini CTO Distributed Architectures, Hitachi Data System Chairman Emeritus, SNIA Governing Board Member, SNIA Cloud

More information

Agenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems

Agenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems Cloud Security Alliance, 2015 Agenda Charter /Members What is Data Governance Data

More information

Cloud Computing: Safe, Efficient and Easy

Cloud Computing: Safe, Efficient and Easy Microsoft Azure Cloud Computing: Safe, Efficient and Easy Linas Pečiūra Your title goes here Ref: The NIST Definition of Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

Professional Cloud Solutions and Service Practices

Professional Cloud Solutions and Service Practices Emerging Technologies Professional Cloud Solutions and Service Practices The Shift to a Service-on-Demand Business Operating Model and Working Practices By Mark Skilton, CEO, Digital Ecosystem practices,

More information

Consolidated Audit Program (CAP) A multi-compliance approach

Consolidated Audit Program (CAP) A multi-compliance approach Consolidated Audit Program (CAP) A multi-compliance approach ISSA CONFERENCE Carlos Pelaez, Director, Coalfire May 14, 2015 About Coalfire We help our clients recognize and control cybersecurity risk,

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise

More information

ITU- T Focus Group Cloud Compu2ng

ITU- T Focus Group Cloud Compu2ng ITU- T Focus Group Cloud Compu2ng International Telecommunication Union 1 ITU-T FG Cloud Management & Structure Management team: Chairman: Victor Kutukov (Russia) Vice-Chairman: Jamil Chawki (France Telecom

More information

The silver lining: Getting value and mitigating risk in cloud computing

The silver lining: Getting value and mitigating risk in cloud computing The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations

More information

Attacking the roadblocks preventing aggressive adoption of Cloud Standards:

Attacking the roadblocks preventing aggressive adoption of Cloud Standards: Attacking the roadblocks preventing aggressive adoption of Cloud Standards: How SNIA and other standards orgs are developing standards that benefit high priority use cases. John Eastman, CTO, Presented

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation RSA Via Lifecycle and Governance 101 Getting Started with a Solid Foundation Early Identity and Access Management Early IAM was all about Provisioning IT tools to solve an IT productivity problem Meet

More information

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

Cloud and Regulations: A match made in heaven, or the worst blind date ever? Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing

More information

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing Contents Introduction Why GRC Assessment Benefits of Cloud computing and Problem Statement Key Speculations & Problems faced by Cloud service user s in Today s time Threats, Vulnerabilities and related

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

Customer Cloud Architecture for Mobile. http://cloud-council.org/resource-hub.htm#customer-cloud-architecture-for-mobile

Customer Cloud Architecture for Mobile. http://cloud-council.org/resource-hub.htm#customer-cloud-architecture-for-mobile Customer Cloud Architecture for Mobile http://cloud-council.org/resource-hub.htm#customer-cloud-architecture-for-mobile June, 2015 1 Presenters Heather Kreger CTO International Standards, IBM US SC38 mirror

More information

Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1

Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1 Data Risk Management: ISM Ground to Cloud Summit accelerate your ambition 1 John Jones Branch Practice Manager Networking, Communications & Security Solutions John.Jones@dimensiondata.com Justin Evans

More information

Cloud Computing ISO Security and Privacy Standards: 27017, 27018, 27001 Mike Edwards (Chair UK Cloud Standards Committee)

Cloud Computing ISO Security and Privacy Standards: 27017, 27018, 27001 Mike Edwards (Chair UK Cloud Standards Committee) Cloud Computing ISO Security and Privacy Standards: 27017, 27018, 27001 Mike Edwards (Chair UK Cloud Standards Committee) Mike Edwards Senior Technical Staff Member, IBM Cloud Computing & SOA Standards,

More information

QRadar SIEM 6.3 Datasheet

QRadar SIEM 6.3 Datasheet QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information