Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1

Transcription

1 Data Risk Management: ISM Ground to Cloud Summit accelerate your ambition 1

2 John Jones Branch Practice Manager Networking, Communications & Security Solutions Justin Evans Solution Architect accelerate your ambition 2

3 Topics Cloud model security considerations Dimension Data Government Cloud Cloud Computing Risks and management Security & our Global Cloud Platform Government Community Cloud

4 Cloud Computing Risks & Management

5 The Notorious Nine Risk Matrix The Notorious Nine Risk Profile Source: accelerate your ambition 5

6 ASD Cloud Computing Security Considerations Source: accelerate your ambition 6

7 Just a thought. Can you categorically state that you have full visibility of cloud consumption in your organisation - TODAY?

8 Cloud Security Alliance Cloud Controls Matrix Guiding security principles to assess risk Delineates control guidance between providers and consumers Controls framework across 16 domains Differentiated controls based on cloud models Controls cross-referenced to other best practice standards and frameworks Source:

9 Cross-reference Controls to best practice Governance Frameworks Some examples: ISO27001:2013 ENISA Information Assurance HIPAA / HITECH NIST COBIT PCI DSS Source: accelerate your ambition 9

10 CSA Control Framework Domains Source: accelerate your ambition 10

11 Controls Cloud Model - Governance accelerate your ambition 11

12 ASD Security Controls Framework Source: accelerate your ambition 12

13 Governance Protection Dimension Data s Framework for Cloud Security Cloud Infrastructure Cloud Services Enhanced Security Controls Data Protection and Reporting Service Level, Certification and Policies Discovery, Assessment and Governance

14 Governance Protection Dimension Data s Framework for Cloud Security Cloud Infrastructure Cloud Services Enhanced Security Controls Data Protection and Reporting ASD ISM, Cloud Security Considerations CSA Cloud Control Matrix Service Level, Certification and Policies Discovery, Assessment and Governance

15 Governance Protection Dimension Data s Framework for Cloud Security Cloud Infrastructure Cloud Services Enhanced Security Controls ASD ISM, Cloud Security Considerations CSA Cloud Control Matrix Data Protection and Reporting ASD ISM & irap CSA Cloud Control Matrix & STAR Other Governance Frameworks Service Level, Certification and Policies Discovery, Assessment and Governance

16 Risk Control & Management Summary CSA CCM DD CSF ASD ISM accelerate your ambition 16

17 Cloud Security Considerations Deployment and Delivery Models

18 Definition of Cloud Source: accelerate your ambition 18

19 Shared Responsibility Source: accelerate your ambition 19

20 Risk Matrix for Canberra Clients Delivery & Deployment Models SaaS Highest Risk Highest Risk Medium Risk Lowest Risk Delivery PaaS Highest Risk Highest Risk Medium Risk Lowest Risk IaaS Highest Risk Medium Risk Lowest Risk Lowest Risk Public Hybrid Community Private Deployment accelerate your ambition 20

21 Security & Dimension Data s Global Managed Cloud Platforms

22 Dimension Data s Managed Cloud Platform TM (MCP) Global Footprint Toronto London Amsterdam Santa Clara Ashburn (x3) Germany Hong Kong Tokyo Sao Paulo Singapore Canberra Sydney Johannesburg Primary Cloud Control Locations Child Sites Managed Cloud Platform Melbourne Auckland

23 Government Community Cloud Geo Design Santa Clara MCP London MCP Tokyo MCP Sydney MCP Canberra MCP Cloud Control Public Geo s Government Geo accelerate your ambition 23

24 Dimension Data Government Community Cloud & Security

25 Government Community Cloud Outcomes Evaluate, migrate, integrate and operate mission-critical workloads Improve Agility Reduce Cost Manage Risk Time to market Flexibility Auto-scaling Faster innovation Self-service Lower upfront costs Usage pricing Automation Less downtime Virtualization Security Compliance Standardization Business Continuity Readiness Integration and migration accelerate your ambition 25

26 Government Community Cloud Security by Design Santa Clara MCP London MCP Tokyo MCP Sydney MCP Canberra MCP SOC 1 - SSAE 16 Type 2 PCI DSS ROC ISO27001:2013 (November) CSA STAR for IaaS, PaaS (Pending) irap ISM (Pending) accelerate your ambition 26

27 Dimension Data Secure Network Options Cloud Private Network Connection (CPNC) External Internet Client SIG or Dimension Data SIG Client Secure Network CPNC accelerate your ambition 27

28 Government Community Cloud Summary Secure by design Dedicated platform for Government ONLY Industry & Government security best practice Leverages global security frameworks Direct connections to platform via secure dedicated links Local presence in Canberra in a secure facility ISM irap progressing Available for use NOW use ISM control 1396 in interim accelerate your ambition 28

29 Feedback Please fill out your evaluation forms Question accelerate your ambition 29

30 Thank You Ground to Cloud Summit accelerate your ambition 30