Cloud Security Benchmark Webinar. January 7, :00 AM ET

Size: px

Start display at page:

Download "Cloud Security Benchmark Webinar. January 7, 2015 11:00 AM ET"

Emory Perry
8 years ago
Views:

1 Cloud Security Benchmark Webinar Top 10 Cloud Service Providers: Q January 7, :00 AM ET

2 Disclaimer NO WARRANTY. CloudeAssurance makes this presentahon available AS- IS, and makes no warranty as to its accuracy or use. The informahon contained in this presentahon may include inaccuracies or typographical errors, and may not reflect the most current developments. CloudeAssurance does not represent, warrant or guarantee that it is complete, accurate, or up- to- date, nor does CloudeAssurance offer any cerhficahon or guarantee with respect to any opinions expressed herein or any references provided. Changing circumstances may change the accuracy of the content herein. Opinions presented in this presentahon reflect judgment at the Hme of publicahon and are subject to change. Any use of the informahon contained in this presentahon is at the risk of the user. CloudeAssurance assumes no responsibility for errors, omissions, or damages resulhng from the use of or reliance on the informahon herein. CloudeAssurance reserves the right to make changes at any Hme without prior nohce. 2

3 Session Agenda The Need Study Goals and A Brief History Study Methodology CloudeAssurance Scoring Algorithm Study Scoring Guidelines Q Results and Changes Q Top 10 Control Gaps Benefits of a CloudeAssurance Score CloudeAssurance What We Do Cloud Assurance Assessor Program (CAAP) ValidaHon Process Cloud and Cybersecurity AlertApp! Mobile ApplicaHon InteracHve Poll and Results 3

4 Speakers Taiye Lambo Founder & CTO - CloudeAssurance Jordan Flynn Lead Cloud Security Analyst and Researcher - CloudeAssurance 4

5 The Need Security is the Number 1 barrier to cloud adop:on. Massive Apple icloud Nude Photo Leak, Celebrities Exposed 5

6 Study Goals TRANSPARENCY METHODOLOGY OBJECTIVITY OBSERVE RESOURCE CATALYST CONTINUOUS IMPROVEMENT 6

7 A Brief History IniHal research began in September 2012 and compiled publicly available informahon for approximately 20 Cloud Service Providers (CSPs). First Report published on January 3 rd, 2013 covered Top 10 CSPs for Q CSPs assessed for Q1 2013, 32 for Q2 2013, 37 for Q3 2013, 44 for Q4 2013, 52 for Q1 2014, 66 for Q2 2014, 76 for Q and 87 for Q (same CSPs + new entries each quarter). Study split into two separate documents, an ExecuHve Summary with results and Appendix A- E discussing methodology, scoring guidelines and various terms and definihons. Updated quarterly and changes achvely tracked. 7

8 Study Methodology Assessments created within CloudeAssurance plaiorm using publicly available informahon for each CSP. Leveraged CSA GRC stack as the standard which assessments were performed against (CAIQ + CCM). UHlized CMMI Maturity Model with objechvity established using ISO cerhficahon as benchmark and evidence of process maturity. Assessments scored in CloudeAssurance plaiorm using proprietary scoring algorithm (score is similar in theory to a credit score). 8

9 CloudeAssurance Scoring Algorithm 9

10 Study Scoring Guidelines Study limits score to a max of

11 Q Study Results 11

12 12

13 Q Study Changes 14% increase in sample size from Q to Q (from 76 to 87 CSPs). Despite increase in sample size and CSPs with ISO cerhficahon, no change in Top 10 list from Q3 to Q New World TelecommunicaHons Limited from 569 (Q3) to 566 (Q4). No change as result of change. Top 10 control gaps changed with NWT upgrade to CAIQ v3.0.1 from v1.1. RI- 01 Risk Management Program moved from #7 to #10. 13

14 Q Top 10 Control Gaps #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 14

15 Benefits of a CloudeAssurance Score Valuable asset that can be effechvely uhlized by a CSP, cloud customer, cloud auditor, cloud broker and cyber liability insurance underwriters. Regardless of the score, it remains an essenhal benchmark due to revelahon of overall cloud security posture and possible exposure/control weakness. Highlights areas in cloud environment that may lead to a breach and ensures gap idenhficahon and remediahon. PotenHal to save millions of dollars in losses, remediahon costs, and generate addihonal revenue by displaying validahon seal as market differenhator. 15

16 CloudeAssurance What We Do 16

17 Cloud Assurance Assessor Program (CAAP) Valida:on Process INDEPENDANT Cloud Process = validahon of cloud security / assurance. ValidaHon process (Step 2) leverages cerhficahons and evidence of process maturity like ISO 27001, PCI- DSS, FISMA, FedRAMP and SOC 2/SOC 3. 17

18 Cloud and Cybersecurity Cloud and Cybersecurity are closely intertwined. ConversaHons about Cybersecurity inevitably lead to conversahons about Cloud security. Cybersecurity liability insurance is becoming more crihcal as businesses adopt 3 rd party cloud. CloudeAssurance fills a blind spot in Cyber liability insurance through this cloud security benchmark study. Validated scores provides ongoing risk mihgahon and protechon. 18

19 AlertApp! Mobile Applica:on Consumer Assurance Powered By CloudeAssurance Launched in August 2014 Free download mobile app from app stores with 30 day free trial $0.99 per user for annual subscrip:on (Android) $1.99 (ios) 19

20 AlertApp! Mobile Applica:on According to a recent industry study, cloud and social media users had the highest incidence of fraud. Target; Facebook (1.2 billion), Google+ (540 million), LinkedIn (300 million), Twi\er (274 million). 20

21 Interac:ve Poll How many cloud services are you currently using? A. None B. 1 5 C D. Unknown How are you currently assessing your cloud security risks? A. Require independent cerhficahon (ISO 27001, SSAE16, PCI- DSS, etc.) B. Perform onsite assessments and validahon C. Send out vendor risk assessment queshonnaires D. Unknown Do you currently uhlize an automated assessment, rahng, trending and benchmarking sosware plaiorm to assess your cloud security risks? A. Yes. B. No. C. Unknown. Do you currently receive real Hme alerts containing perhnent informahon, related to the safety and security of your cloud service? A. Yes. B. No. C. Unknown. 21

22 Interac:ve Poll Results 22

23 For a Personal Demo of the CloudeAssurance Pla_orm or AlertApp! Mobile Applica:on Please Contact Us: Jordan Flynn Lead Cloud Security Analyst CloudeAssurance JFlynn@eFortresses.com Phone: (678) Sign up TODAY for a FREE 30-Day trial at and receive a complimentary copy of our study when you register. 23

Cloud Security Benchmark: Top 10 Cloud Service Providers Executive Summary January 5, 2015

Cloud Security Benchmark: Top 10 Cloud Service Providers Executive Summary January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Results: Top 10 Cloud Service Providers