Cloud Risks and Opportunities

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cloud Risks and Opportunities"

Transcription

1 Cloud Risks and Opportunities John Howie COO Cloud Security Alliance #SCCLondon

2 About the Cloud Security Alliance Global, not- for- profit organiza;on Building security best prac;ces for next genera;on IT Research and Educa;onal Programs Cloud Provider Cer;fica;on User Cer;fica;on Awareness and Marke;ng The globally authorita;ve source for Trust in the Cloud To promote the use of best prac1ces for providing security assurance within Cloud Compu1ng, and provide educa1on on the uses of Cloud Compu1ng to help secure all other forms of compu1ng.

3 CSA Fast Facts Founded in 2009 Membership stats 48,000 individual members, 66 chapters globally 170+ corporate members Major cloud providers, tech companies, infosec leaders, governments, financial ins;tu;ons, retail, healthcare and more Offices in SeaWle USA, Singapore, Greece Over 30 research projects in 25 working groups Strategic partnerships with governments, research ins;tu;ons, professional associa;ons and industry

4 Growing to serve the Industry 2009 CSA launch at RSA 2009 with Security Guidance for Cri;cal Areas of Focus in Cloud Compu;ng 6,000 members 2010 Launch Cer;ficate of Cloud Security Knowledge (CCSK) 15,000 members 2011 Launch CSA Security, Trust and Assurance Registry (STAR) 27,000 members 2012 Launch CSA Mobile and Big Data research to address emerging needs 42,000 members 50,000 40,000 30,000 20,000 10,000 0 Membership Growth Nort h Amer ica

5

6 Cloud Actors

7 CLOUD CONSUMER

8 About the Notorious Nine The Notorious Nine can be downloaded here Top Threats WG formed in 2009 to engage experts and the broader community to iden;fy top security threats for Cloud Compu;ng Purpose of the series of reports was to educate cloud providers/consumers on how to mi;gate risk when deploying/adop;ng cloud compu;ng Expanded the report from the Seven Deadly Sins to the Evil 8 to the Notorious 9 in 2013 New version mapped to Cloud Controls Matrix and Risk Matrix added (Actual vs. Perceived Risk)

9 Notorious Nine Methodology Surveyed over 300 Security Professionals from 50 countries globally Validated that the threat lis;ng reflects the most current concerns of the industry Reflected current consensus among experts about the most significant threats to cloud security Experts iden;fied nine cri;cal threats to cloud compu;ng in 2013

10 9 Threats Identified (1 4) #1 Threat: Data Breaches Ranking Comparison #2 Threat: Data Loss Ranking Comparison #3 Threat: Account or Service Traffic Hijacking Ranking Comparison #4 Threat: Insecure Interfaces and APIs Ranking Comparison

11 9 Threats Identified (5 9) #5 Threat: Denial of Service Ranking Comparison #6 Threat: Malicious Insiders Ranking Comparison #7 Threat: Abuse of Cloud Services Ranking Comparison #8 Threat: Insufficient Due Diligence Ranking Comparison #9 Threat: Shared Technology Vulnerabili;es Ranking Comparison

12 CLOUD CARRIER

13 Internet Threats AWacks against internet infrastructure con;nue to plague us Rou;ng hijacks (BGP) DNS compromise PKI Some solu;ons exist, but The current protocols are fundamentally broken We need to start over (IPv6 is not a solu;on)

14 CLOUD PROVIDER

15 Tradi;onal Approach Tradi;onally development, test and produc;on environments were strictly separated Developers worked in a dedicated environment and handed completed code over to testers Testers work in a separate environment and perform unit, func;onal and end- to- end tes;ng Tested and built code is handed over to Opera;ons staff who deploy in pre- produc;on environment to perform deployment and integra;on tes;ng before signing release off Released code is deployed into produc;on environment by Opera;ons staff Developers and testers do not have access to produc;on environment

16 Classic Solware Development Dev Test Pre- Prod Prod Development Staff Opera;ons Staff

17 Modern Approach: DevOps Olen leveraged in conjunc;on with Agile Development, Developer Opera;ons (DevOps) is just what it sounds like Developers are responsible for development and opera;ons management of their solware Separa;on between environments can be eroded: code is developed, tested and deployed in produc;on environment Ra;onale behind DevOps is that developers can quickly roll out new features and fix problems as they are discovered Cited as cri;cal market advantage in highly compe;;ve industries such as Search, Social Media, Collabora;on, etc. Gaining adop;on in tradi;onal business environments, too

18 DevOps Solware Development Deployment is accomplished by turning on new features to all users rather than deploying new solware Feedback can be structured, ad hoc, or even a percep;on Deployment User Feedback Test Development Tes;ng is usually done by deploying to a limited popula;on of users and watching their experiences Development might be done in situ, in the produc;on environment

19 DevOps Security Challenge PCI DSS v Separate development/test environments from produc;on environments, and enforce the separa;on with access controls Separa;on of du;es between development/test and produc;on environments ISO/IEC 27002: Separa;on of development, test, and opera;onal facili;es Control: Development, test, and opera;onal facili;es should be separated to reduce the risks of unauthorised access or changes to the opera;onal system.

20 Summary Cloud compu;ng is s;ll a developing field Significant pressure on costs and agility mean some security issues might be passed over New technology will bring new issues Cloud providers are probably bewer than you at protec;ng your data The problem is that they might be doing it in a way that violates your compliance obliga;ons

21 THANK YOU #SCCLondon

Building an Effec.ve Cloud Security Program

Building an Effec.ve Cloud Security Program Building an Effec.ve Cloud Security Program Laura Posey Senior Security Strategist, Microso3 Corpora6on Co- Chair, CSA CAIQ Programming Chair, NY Metro CSA Chapter Is Cloud worth it? Yes! Pla?orm for Innova.on

More information

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define

More information

MAXIMIZING THE SUCCESS OF YOUR E-PROCUREMENT TECHNOLOGY INVESTMENT. How to Drive Adop.on, Efficiency, and ROI for the Long Term

MAXIMIZING THE SUCCESS OF YOUR E-PROCUREMENT TECHNOLOGY INVESTMENT. How to Drive Adop.on, Efficiency, and ROI for the Long Term MAXIMIZING THE SUCCESS OF YOUR E-PROCUREMENT TECHNOLOGY INVESTMENT How to Drive Adop.on, Efficiency, and ROI for the Long Term What We Will Cover Today Presenta(on Agenda! Who We Are! Our History! Par7al

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Is it Time to Trust the Cloud? Unpacking the Notorious Nine

Is it Time to Trust the Cloud? Unpacking the Notorious Nine Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious

More information

Case Studies in Solving Testing Constraints using Service Virtualization

Case Studies in Solving Testing Constraints using Service Virtualization Case Studies in Solving Testing Constraints using Service Virtualization Rix.Groenboom@Parasoft.NL 2/21/14 1 Introduction Paraso& is supplier automated tes1ng solu1ons Since 1984, Los Angeles (US) and

More information

DDOS Mi'ga'on in RedIRIS. SIG- ISM. Vienna

DDOS Mi'ga'on in RedIRIS. SIG- ISM. Vienna DDOS Mi'ga'on in RedIRIS SIG- ISM. Vienna Index Evolu'on of DDOS a:acks in RedIRIS Mi'ga'on Tools Current DDOS strategy About RedIRIS Spanish Academic & research network. Universi'es, research centers,.

More information

Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management

Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management Presented by: Toby Emden Prac0ce Director Iden0ty Management and Access Governance Agenda Typical Business Drivers for

More information

Cloud Compu)ng in Educa)on and Research

Cloud Compu)ng in Educa)on and Research Cloud Compu)ng in Educa)on and Research Dr. Wajdi Loua) Sfax University, Tunisia ESPRIT - December 2014 04/12/14 1 Outline Challenges in Educa)on and Research SaaS, PaaS and IaaS for Educa)on and Research

More information

Distance.fsu.edu. Dr. Susann Rudasill, Director Office of Distance Learning

Distance.fsu.edu. Dr. Susann Rudasill, Director Office of Distance Learning Distance.fsu.edu Dr. Susann Rudasill, Director Office of Distance Learning Live Link Organiza;onal Structure Interim Provost & Vice President Faculty Development and Advancement Budget Office Academic

More information

A view from the Cloud Security Alliance peephole

A view from the Cloud Security Alliance peephole A view from the Cloud Security Alliance peephole Cloud One million new mobile devices - each day! Social Networking Digital Natives State Sponsored Cyberattacks? Organized Crime? Legal Jurisdiction & Data

More information

PCI VERSION 2.0 AND RISK MANAGEMENT. Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management

PCI VERSION 2.0 AND RISK MANAGEMENT. Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management PCI VERSION 2.0 AND RISK MANAGEMENT Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management Objec&ve: Protect cardholder data (CHD) wherever it resides Applica&on: All card

More information

Ge#ng Started with the Unidesk Solu5on Partner Program. Copyright Unidesk Corpora3on

Ge#ng Started with the Unidesk Solu5on Partner Program. Copyright Unidesk Corpora3on Ge#ng Started with the Unidesk Solu5on Partner Program Copyright Unidesk Corpora3on The Unidesk Solu3on Partner (USP) program is designed to enable resellers, system integrators, distributors and service

More information

TRENDS IN SECURITY FRAMEWORK ADOPTION

TRENDS IN SECURITY FRAMEWORK ADOPTION March 2016 Sponsored by Introduction IT security has become a top challenge for all modern organizations. A wide range of security frameworks are available to guide companies in their efforts to protect

More information

Stream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More

Stream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More Copyright 2015 Splunk Inc. Stream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More Stela Udovicic Sr. Product Marke?ng Manager Clayton

More information

Privileged Administra0on Best Prac0ces :: September 1, 2015

Privileged Administra0on Best Prac0ces :: September 1, 2015 Privileged Administra0on Best Prac0ces :: September 1, 2015 Discussion Contents Privileged Access and Administra1on Best Prac1ces 1) Overview of Capabili0es Defini0on of Need 2) Preparing your PxM Program

More information

Oracle Solu?ons for Higher Educa?on

Oracle Solu?ons for Higher Educa?on Presented with Oracle Solu?ons for Higher Educa?on Cole Clark Global Vice President Oracle, Educa?on & Research June 12, 2014 Oracle Confiden?al Internal/Restricted/Highly Restricted Safe Harbor Statement

More information

APP-SOLUTELY SECURITY: The State of Mobile Security. CARTES Secure Connexions The Digital Security World MAY 14, 2014

APP-SOLUTELY SECURITY: The State of Mobile Security. CARTES Secure Connexions The Digital Security World MAY 14, 2014 APP-SOLUTELY SECURITY: The State of Mobile Security CARTES Secure Connexions The Digital Security World MAY 14, 2014 APP-SOLUTELY SECURITY: The State of Mobile Security Session Topics Current Sta*s*cs

More information

Mission. To provide higher technological educa5on with quality, preparing. competent professionals, with sound founda5ons in science, technology

Mission. To provide higher technological educa5on with quality, preparing. competent professionals, with sound founda5ons in science, technology Mission To provide higher technological educa5on with quality, preparing competent professionals, with sound founda5ons in science, technology and innova5on, commi

More information

IT Governance in Organizations Experiencing Decentralization. Jelena Zdravkovic

IT Governance in Organizations Experiencing Decentralization. Jelena Zdravkovic IT Governance in Organizations Experiencing Decentralization Jelena Zdravkovic Department of Computer & Systems Sciences (DSV), Stockholm University, Sweden Giannoulis About the Speaker Title: Associate

More information

Public Cloud Security: Surviving in a Hostile Multitenant Environment

Public Cloud Security: Surviving in a Hostile Multitenant Environment Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could

More information

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35

More information

S24 Virtualiza.on Security from the Auditor Perspec.ve

S24 Virtualiza.on Security from the Auditor Perspec.ve S24 Virtualiza.on Security from the Auditor Perspec.ve Rob Clyde, CEO, Adap.ve Compu.ng; former CTO, Symantec David Lu, Senior Product Manager, Trend Micro Hemma Prafullchandra, CTO/SVP Products, HyTrust

More information

Update on the Cloud Demonstration Project

Update on the Cloud Demonstration Project Update on the Cloud Demonstration Project Khalil Yazdi and Steven Wallace Spring Member Meeting April 19, 2011 Project Par4cipants BACKGROUND Eleven Universi1es: Caltech, Carnegie Mellon, George Mason,

More information

Program Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional.

Program Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional. Program Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional. 163 Stormont Street New Concord, OH 43762 614-286-7895

More information

Disaster Recovery Planning and Implementa6on. Chris Russel Director, IT Infrastructure and ISO Compu6ng and Network Services York University

Disaster Recovery Planning and Implementa6on. Chris Russel Director, IT Infrastructure and ISO Compu6ng and Network Services York University Disaster Recovery Planning and Implementa6on Chris Russel Director, IT Infrastructure and ISO Compu6ng and Network Services York University Agenda Background for York s I.T. Disaster Recovery Planning

More information

A R o a d t o y o u r C l o u d. Professional Service. C R M a n d C l o u d C o n s u l t i n g

A R o a d t o y o u r C l o u d. Professional Service. C R M a n d C l o u d C o n s u l t i n g RM-C A R o a d t o y o u r C l o u d Professional Service C R M a n d C l o u d C o n s u l t i n g CRM-C Highlights! A Unique Cloud CRM Consulting service firm! Specializing in cloud CRM and Office Collaboration

More information

Convergence: Telecom Moving into Mainstream IT Channel

Convergence: Telecom Moving into Mainstream IT Channel Convergence: Telecom Moving into Mainstream IT Channel 20- Minute Channel Byte Housekeeping Webinar is being recorded. Slides and recording link will be available tomorrow.? Contact informa?on is provided

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO

More information

VoIP Security How to prevent eavesdropping on VoIP conversa8ons. Dmitry Dessiatnikov

VoIP Security How to prevent eavesdropping on VoIP conversa8ons. Dmitry Dessiatnikov VoIP Security How to prevent eavesdropping on VoIP conversa8ons Dmitry Dessiatnikov DISCLAIMER All informa8on in this presenta8on is provided for informa8on purposes only and in no event shall Security

More information

PARADIGM SHIFT FROM LARGE RELEASES TO CONTINUOUS DEPLOYMENT OF SOFTWARE. DESIGNING A REFERENCE MODEL FOR CONTINUOUS DEPLOYMENT.

PARADIGM SHIFT FROM LARGE RELEASES TO CONTINUOUS DEPLOYMENT OF SOFTWARE. DESIGNING A REFERENCE MODEL FOR CONTINUOUS DEPLOYMENT. PARADIGM SHIFT FROM LARGE RELEASES TO CONTINUOUS DEPLOYMENT OF SOFTWARE. DESIGNING A REFERENCE MODEL FOR CONTINUOUS DEPLOYMENT. PhD Student Teemu Karvonen Supervisors: Markku Oivo and Pasi Kuvaja XP2015

More information

Compliance and Cloud Computing

Compliance and Cloud Computing Compliance and Cloud Computing Balaji Palanisamy Director, Southwest- US Coalfire Systems, Inc. July 24, 2014 Agenda Introduction Cloud Computing Basics Cloud Computing Threats Security vs. Compliance

More information

B2B Offerings. Helping businesses op2mize. Infolob s amazing b2b offerings helps your company achieve maximum produc2vity

B2B Offerings. Helping businesses op2mize. Infolob s amazing b2b offerings helps your company achieve maximum produc2vity B2B Offerings Helping businesses op2mize Infolob s amazing b2b offerings helps your company achieve maximum produc2vity What is B2B? B2B is shorthand for the sales prac4ce called business- to- business

More information

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning MIS5206 Week 8 In the News Readings In Class Case Study BCP/DRP Test Taking Tip Quiz In the News Discuss items

More information

Fixed Scope Offering (FSO) for Oracle SRM

Fixed Scope Offering (FSO) for Oracle SRM Fixed Scope Offering (FSO) for Oracle SRM Agenda iapps Introduc.on Execu.ve Summary Business Objec.ves Solu.on Proposal Scope - Business Process Scope Applica.on Implementa.on Methodology Time Frames Team,

More information

Everything You Need to Know about Cloud BI. Freek Kamst

Everything You Need to Know about Cloud BI. Freek Kamst Everything You Need to Know about Cloud BI Freek Kamst Business Analy2cs Insight, Bussum June 10th, 2014 What s it all about? Has anything changed in the world of BI? Is Cloud Compu2ng a Hype or here to

More information

CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments

CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments Kelvin Ng Tao Yao Sing Heng Yiak Por Acknowledgeme nts Co-Chairs Kapil Raina, Zscaler Kelvin Ng, Nanyang

More information

From Consultancy. Projects to Case Studies. Ins2tute Case Studies: 10 September 2012, SSI Fellows Programme Launch Steve Crouch s.crouch@so#ware.ac.

From Consultancy. Projects to Case Studies. Ins2tute Case Studies: 10 September 2012, SSI Fellows Programme Launch Steve Crouch s.crouch@so#ware.ac. Ins2tute Case Studies: From Consultancy Projects to Case Studies 10 September 2012, SSI Fellows Programme Launch Steve Crouch s.crouch@so#ware.ac.uk In Context Developing the scien/fic compu/ng / so4ware

More information

1. Introduc+on and Background. 2. Service Overview. 3. Your Requirements. Cloud Services so far Feasibility Study Next Steps Procurement, POC

1. Introduc+on and Background. 2. Service Overview. 3. Your Requirements. Cloud Services so far Feasibility Study Next Steps Procurement, POC 1. Introduc+on and Background Cloud Services so far Feasibility Study Next Steps Procurement, POC 2. Service Overview Service Profile The Architecture & principles The Service Features/Characteris+cs 3.

More information

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012 Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters

More information

Paco Hope Florence Mo ay 2012 Cigital. All Rights Reserved. SecAppDev. Define third party so ware

Paco Hope <paco@cigital.com> Florence Mo ay <fmo ay@cigital.com> 2012 Cigital. All Rights Reserved. SecAppDev. Define third party so ware Paco Hope Florence Moay 2012 Cigital. All Rights Reserved. SecAppDev 1 Objectives Define third party soware What it is, why we use it Define the risks from third

More information

CA Applica)on Lifecycle Conductor and CA App Services Orchestrator

CA Applica)on Lifecycle Conductor and CA App Services Orchestrator CA Applica)on Lifecycle Conductor and CA App Services Orchestrator Simon Cockayne Product Owner CA App Services Orchestrator Vaughn Marshall Product Owner CA Applica>on Lifecycle Conductor 2014 CA. All

More information

Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology

Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology Alexey Kirichenko, F- Secure Corpora7on ICT SHOK, Future Internet program 30.5.2012 Outline 1. Security WP (WP6) overview

More information

The Real Score of Cloud

The Real Score of Cloud The Real Score of Cloud Mayur Sahni Sr. Research Manger IDC Asia/Pacific msahni@idc.com @mayursahni Digital Transformation Changing Role of IT Innova&on Informa&on Business agility Changing role of the

More information

BPO. Accerela*ng Revenue Enhancements Through Sales Support Services

BPO. Accerela*ng Revenue Enhancements Through Sales Support Services BPO Accerela*ng Revenue Enhancements Through Sales Support Services What is BPO? Business Process Outsorcing (BPO) is the process of outsourcing specific business func6ons to a third- party service provider

More information

TOOLS and BEST PRACTICES

TOOLS and BEST PRACTICES TOOLS and BEST PRACTICES Daniele Catteddu Managing Director EMEA, Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing security assurance within

More information

Software Development and Deployment

Software Development and Deployment Software Development and Deployment PDS Management Council Face-to-Face Berkeley, California November 18-19, 2014 Sean Hardman Topics Overview Build 5a Deployment Status Repor:ng Build 5b Next Steps November

More information

Ana Juan Ferrer Cloud Forward 2015, 07/10/2015

Ana Juan Ferrer Cloud Forward 2015, 07/10/2015 Ana Juan Ferrer Cloud Forward 2015, 07/10/2015 SLALOM in a nutshell Service Level Agreement Legal and Open Model SLALOM s principal objeccve is to create a Service Level Agreement (SLA) reference model

More information

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt Cyber European Union Security Agency for Network Energia, and Informa8on Rome, Security 24/09/15

More information

Mapping Out Agile Product Management Expanding Agile beyond development, to maximize Agile within development

Mapping Out Agile Product Management Expanding Agile beyond development, to maximize Agile within development Mapping Out Agile Product Management Expanding Agile beyond development, to maximize Agile within development Mack Adams Calgary Agile Methods User Group September 4, 2014 About Mack Adams Agile Consultant

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

How Do You Secure An Environment Without a Perimeter?

How Do You Secure An Environment Without a Perimeter? How Do You Secure An Environment Without a Perimeter? Using Emerging Technology Processes to Support InfoSec Efforts in an Agile Data Center PTC Briefing January 18, 2015 About the Presenters CHARLA GRIFFY-BROWN

More information

Splunk for Mobile Intelligence

Splunk for Mobile Intelligence Copyright 2014 Splunk Inc. Splunk for Mobile Intelligence Bill Emme< Director, Solu?ons Marke?ng Panos Papadopoulos Director, Product Management Disclaimer During the course of this presenta?on, we may

More information

Project Management Introduc1on

Project Management Introduc1on Project Management Introduc1on Session 1 Part I Introduc1on By Amal Le Collen, PMP Dr. Lauren1u Neamtu, PMP Session outline 1. PART I: Introduc1on 1. The Purpose of the PMBOK Guide 2. What is a project?

More information

Quality Label and Cer0fica0on Processes France- Suisse Summit on ehealth Interoperability 20 May 2014

Quality Label and Cer0fica0on Processes France- Suisse Summit on ehealth Interoperability 20 May 2014 Quality Label and Cer0fica0on Processes France- Suisse Summit on ehealth Interoperability 20 May 2014 Karima Bourquard Director of Interoperability IHE- Europe Tes0ng and Cer0fica0on Objec0ves To design

More information

Chapter 3. Database Architectures and the Web Transparencies

Chapter 3. Database Architectures and the Web Transparencies Week 2: Chapter 3 Chapter 3 Database Architectures and the Web Transparencies Database Environment - Objec

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

ECEC 22013. Accelera@ng Europe s Cloud Future. Chambre du Commerce September. October. 14. Mai 2013, Konzerthaus. 1st 2014

ECEC 22013. Accelera@ng Europe s Cloud Future. Chambre du Commerce September. October. 14. Mai 2013, Konzerthaus. 1st 2014 ECEC 22013 014 ECDC Partnerschaft in in der der Cloud Cloud Partnerschaft Accelera@ng Europe s Cloud Future Europe Congress & A ward Ceremony 14. Mai 2013, Konzerthaus Chambre du Commerce 14. Mai 2013,

More information

Bank of America Security by Design. Derrick Barksdale Jason Gillam

Bank of America Security by Design. Derrick Barksdale Jason Gillam Bank of America Security by Design Derrick Barksdale Jason Gillam Costs of Correcting Defects 2 Bank of America The Three P s Product Design and build security into our product People Cultivate a security

More information

FTC Data Security Standard

FTC Data Security Standard FTC Data Security Standard The FTC takes the posi6on (Being tested now in li6ga6on) that Sec6on 5 of the FTC Act requires Reasonable Security under the circumstances: that companies have reasonable controls

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

Developing a Full- Spectrum Security Training Program

Developing a Full- Spectrum Security Training Program Developing a Full- Spectrum Security Training Program Wayne State University Compu3ng & Informa3on Kevin Hayes, CISSP, CISM Informa)on Security Officer Geoff Nathan Faculty Liason Agenda Background Our

More information

NANOG DNS BoF. DNS DNSSEC IPv6 Tuesday, February 1, 2011 NATIONAL ENGINEERING & TECHNICAL OPERATIONS

NANOG DNS BoF. DNS DNSSEC IPv6 Tuesday, February 1, 2011 NATIONAL ENGINEERING & TECHNICAL OPERATIONS NANOG DNS BoF DNS DNSSEC IPv6 Tuesday, February 1, 2011 NATIONAL ENGINEERING & TECHNICAL OPERATIONS The Role Of An ISP In DNSSEC Valida;on ISPs act in two different DNSSEC roles, both signing and valida;ng

More information

M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC

M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security Mihai Voicu CIO/CSO ILS Technology LLC Topics 1 What is the role of standardization in security for M2M solutions? 2 How are TIA and other

More information

Cloud, and Digital Iden1ty Management (DIM) Exis1ng DIMs and their Limita1ons Our Goals World of Group Signatures SPICE!

Cloud, and Digital Iden1ty Management (DIM) Exis1ng DIMs and their Limita1ons Our Goals World of Group Signatures SPICE! Cloud, and Digital Iden1ty Management (DIM) Exis1ng DIMs and their Limita1ons Our Goals World of Group Signatures SPICE! Simple Showcase 2 Cloud compu1ng has been envisioned as the next- genera1on architecture

More information

BIOS Steven Penn, Senior Director CSF Development And Educa9on Programs Bryan Cline, PhD Senior Advisor

BIOS Steven Penn, Senior Director CSF Development And Educa9on Programs Bryan Cline, PhD Senior Advisor 1 CSF Roadmap 2015 BIOS Steven Penn, Senior Director CSF Development And Educa9on Programs Steve Penn is an experienced security professional with 15+ years of informa;on security experience. He currently

More information

Top Practices in Health IT Compliance. Data Breach & Leading Program Prac3ces

Top Practices in Health IT Compliance. Data Breach & Leading Program Prac3ces Top Practices in Health IT Compliance Data Breach & Leading Program Prac3ces Overview Introduc3on to ID Experts & Secure Digital Solu3ons Healthcare Data Breach Trends & Drivers Data Incident Management

More information

Marke&ng Managed Services Provider. Managed Web Search Lead Program

Marke&ng Managed Services Provider. Managed Web Search Lead Program Marke&ng Managed Services Provider We define, build, implement and manage web search and remarkejng lead generajon programs as a Managed Service. Managed Web Search Lead Program Plan 27 s dedicated Google

More information

Security April 2015. Solving the data security challenge with our enhanced private and hybrid cloud services

Security April 2015. Solving the data security challenge with our enhanced private and hybrid cloud services Security April 2015 Secure cloud solutions with guaranteed UK data sovereignty. Solving the data security challenge with our enhanced private and hybrid cloud services This paper enables discussion around

More information

10 Steps to Preparedness

10 Steps to Preparedness 10 Steps to Preparedness Key Take- Aways Review basics of disaster recovery and con2nuity of opera2ons. Understand what you can do to prepare your pool and its members for an unplanned interrup2on. Ini2ate

More information

CMG Consul*ng LLC Smarter Enterprise Solu0ons

CMG Consul*ng LLC Smarter Enterprise Solu0ons CMG Consul*ng LLC Smarter Enterprise Solu0ons June 2015 2014 CMG Consul0ng LLC All Rights Reserved 1 Who is CMG? CMG is a strategy consul*ng and advisory company focus on enabling smarter Ci*es, Enterprises,

More information

Cloud Infrastructure Services Survey: Key UK Takeaways. Survey conducted by

Cloud Infrastructure Services Survey: Key UK Takeaways. Survey conducted by Cloud Infrastructure Services Survey: Key UK Takeaways Survey conducted by Despite Understanding the Benefits of Cloud Compu7ng, UK IT Teams are Taking a Staged Approach with Migra7on NaviSite Europe Limited,

More information

Reali9es of Being PCI Compliant

Reali9es of Being PCI Compliant Reali9es of Being PCI Compliant Miguel (Mike) O. Villegas CISA, CISSP, GSEC, CEH, QSA, PA- QSA, ASV Vice President- K3DES LLC Professional Strategies S23 CRISC CGEIT CISM CISA Abstract PCI DSS compliance

More information

Solving today's integra@on challenges with Oracle SOA Suite, and Oracle Coherence

Solving today's integra@on challenges with Oracle SOA Suite, and Oracle Coherence Solving today's integra@on challenges with Oracle SOA Suite, and Oracle Coherence Asaf Lev Sales Consul@ng asaf.lev@oracle.com Agenda Industry Trends Oracle SOA Suite Oracle Coherence Oracle Service Bus

More information

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard Partner Addendum Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard The findings and recommendations contained in this document are provided by VMware-certified

More information

Security in the Green Cloud

Security in the Green Cloud Security in the Green Cloud Smart and Green infrastructure symposium 2011 Prague May 19 th 2011 Steinthor Bjarnason sbjarnas@cisco.com 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

More information

NET+ SECURITY AND IDENTITY PORTFOLIO DEVELOPMENT WORKSHOP

NET+ SECURITY AND IDENTITY PORTFOLIO DEVELOPMENT WORKSHOP NET+ SECURITY AND IDENTITY PORTFOLIO DEVELOPMENT WORKSHOP Nick Lewis Internet2 NET+ Program Manager, Security and Identity 2015 Internet2 Welcome Goals, logistics, etc Want your feedback, so please comment

More information

Main Research Gaps in Cyber Security

Main Research Gaps in Cyber Security Comprehensive Approach to cyber roadmap coordina5on and development Main Research Gaps in Cyber Security María Pilar Torres Bruna everis Aerospace and Defence Index CAMINO WP2: Iden8fica8on and Analysis

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

San Jacinto College Banner & Enterprise Applica5on Review Task Force Report. November 01, 2011 FINAL

San Jacinto College Banner & Enterprise Applica5on Review Task Force Report. November 01, 2011 FINAL San Jacinto College Banner & Enterprise Applica5on Review Task Force Report November 01, 2011 FINAL 1 Content Review goal and approach 3 Barriers to effec5ve use of Banner: Consultant observa5ons 10 Consultant

More information

DEFINING COMPONENTS OF NATIONAL REDD+ FINANCIAL PLANNING

DEFINING COMPONENTS OF NATIONAL REDD+ FINANCIAL PLANNING DEFINING COMPONENTS OF NATIONAL REDD+ FINANCIAL PLANNING WORKSHOP ON BUILDING MULTI- SOURCE REDD+ FINANCING STRATEGIES Antigua, Guatemala July 17 and 18, 2014 Objec'ves of REDD+ Financial Planning Financial

More information

Effec%ve AX 2012 Upgrade Project Planning and Microso< Sure Step. Arbela Technologies

Effec%ve AX 2012 Upgrade Project Planning and Microso< Sure Step. Arbela Technologies Effec%ve AX 2012 Upgrade Project Planning and Microso< Sure Step Arbela Technologies Why Upgrade? What to do? How to do it? Tools and templates Agenda Sure Step 2012 Ax2012 Upgrade specific steps Checklist

More information

IPv6 campus deployment experiences

IPv6 campus deployment experiences IPv6 campus deployment experiences Tim Chown University of Southampton HEAnet 2010, Kilkenny 11 th November 2010 tjc@soton.ac.uk Topics A very quick what is IPv6 Why IPv6? Phased deployment Managing a

More information

Cyber Threat Intelligence Sharing: Lessons Learned, ObservaMons, RecommendaMons

Cyber Threat Intelligence Sharing: Lessons Learned, ObservaMons, RecommendaMons Cyber Threat Intelligence Sharing: Lessons Learned, ObservaMons, RecommendaMons Bob Gourley, Partner, Cognitio September 9, 2015 How we think. Disclaimer There is a great deal of text on these slides.

More information

Enterprise Systems Tech. solutions, strategic persp. and org. considerations. TDEI13, 2014-09- 17 Özgün Imre

Enterprise Systems Tech. solutions, strategic persp. and org. considerations. TDEI13, 2014-09- 17 Özgün Imre Enterprise Systems Tech. solutions, strategic persp. and org. considerations TDEI13, 2014-09- 17 Özgün Imre Agenda Report presenta=ons With candy as reward Literature Discussion Lee, Jinyoul; Keng Siau

More information

April 20 th 2011, Internet2 Spring Member Mee5ng Aaron Brown Internet2. Circuit Monitoring for DYNES

April 20 th 2011, Internet2 Spring Member Mee5ng Aaron Brown Internet2. Circuit Monitoring for DYNES April 20 th 2011, Internet2 Spring Member Mee5ng Aaron Brown Internet2 Circuit Monitoring for DYNES Dynamic Circuits Scien5fic disciplines require greater network capacity and predictably to cope with

More information

Payments Cards and Mobile Consul3ng Overview 2013

Payments Cards and Mobile Consul3ng Overview 2013 Payments Cards and Mobile Consul3ng Overview 2013 Our Services A digital publishing and marke3ng pla4orm for the future of payments Publishing Research Consul0ng Public Rela0ons Marke0ng/Branding Corporate

More information

Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts. October 3, 2013

Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts. October 3, 2013 Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts October 3, 2013 Agenda 1. Introductions 2. Higher Ed Industry Trends 3. Technology Trends in Higher Ed

More information

The Data Reservoir. 10 th September 2014. Mandy Chessell FREng CEng FBCS Dis4nguished Engineer, Master Inventor Chief Architect, Informa4on Solu4ons

The Data Reservoir. 10 th September 2014. Mandy Chessell FREng CEng FBCS Dis4nguished Engineer, Master Inventor Chief Architect, Informa4on Solu4ons Mandy Chessell FREng CEng FBCS Dis4nguished Engineer, Master Inventor Chief Architect, Solu4ons The Reservoir 10 th September 2014 A growing demand Business Teams want Open access to more informa4on More

More information

Cloud Compu?ng & Big Data in Higher Educa?on and Research: African Academic Experience

Cloud Compu?ng & Big Data in Higher Educa?on and Research: African Academic Experience 3 rd SG13 Regional Workshop for Africa on ITU- T Standardiza?on Challenges for Developing Countries Working for a Connected Africa (Livingstone, Zambia, 23-24 February 2015) Cloud Compu?ng & Big Data in

More information

Trus%ng your Cloud Provider s System

Trus%ng your Cloud Provider s System Trus%ng your Cloud Provider s System Retaining Control over Private Virtual Machines Hosted by a Cloud Provider Using Mandatory Access Control, Trusted Boot and A>esta?on Vorarlberg University of Applied

More information

Zero to Hero: How AmeriGas Put the Power of SAP in the Hands of the Field in a Ma:er of Months

Zero to Hero: How AmeriGas Put the Power of SAP in the Hands of the Field in a Ma:er of Months Orange County Convention Center Orlando, Florida June 3-5, 2014 Zero to Hero: How AmeriGas Put the Power of SAP in the Hands of the Field in a Ma:er of Months Mar;n Gibbins, AmeriGas Wayne Semisch, Excellis

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

Accelerate Mobile App Delivery: API Security for DevOps

Accelerate Mobile App Delivery: API Security for DevOps Accelerate Mobile App Delivery: API Security for DevOps Brad Kramer Sr. Business Technology Architect NY State Government 12/18/2013 2013 CA. All rights reserved. Can YOU Meet the Business Demand for Innovation?

More information

Evolution of Cyber Security in Healthcare

Evolution of Cyber Security in Healthcare Evolution of Cyber Security in Healthcare Spencer L SooHoo, PhD Director, Scientific Computing & Chief Security Officer Enterprise Information Services Healthcare and Security How we got here Healthcare

More information

Change Management Strategies to Increase Adop5on of Systems, Programs and Processes

Change Management Strategies to Increase Adop5on of Systems, Programs and Processes Change Management Strategies to Increase Adop5on of Systems, Programs and Processes Theresa Rabe, Deputy Director of HR, County of San Mateo Jay Krishnan, Director, Product Marke5ng, GuideSpark October

More information

SOURCE, SELECT, MANAGE: THE CWM ATHLETE S TRIATHLON GUIDE SIG San Francisco Bay Symposium November 12, 2014. Matt Katz, VP Strategic Solutions

SOURCE, SELECT, MANAGE: THE CWM ATHLETE S TRIATHLON GUIDE SIG San Francisco Bay Symposium November 12, 2014. Matt Katz, VP Strategic Solutions SOURCE, SELECT, MANAGE: THE CWM ATHLETE S TRIATHLON GUIDE SIG San Francisco Bay Symposium November 12, 2014 Matt Katz, VP Strategic Solutions WELCOME! It s another beaueful day in the Bay Area! 2 OPTIONAL:

More information

Shannon Rykaceski Director of Opera4ons CCFHCC

Shannon Rykaceski Director of Opera4ons CCFHCC Shannon Rykaceski Director of Opera4ons CCFHCC PRESENTER BIO Shannon Salicce Rykaceski Director of Opera4ons for the Catholic Chari4es Free Health Care Center (CCFHCC), located in PiCsburgh, PA. Prior

More information