A view from the Cloud Security Alliance peephole
|
|
- Olivia Floyd
- 8 years ago
- Views:
Transcription
1 A view from the Cloud Security Alliance peephole
2 Cloud One million new mobile devices - each day! Social Networking Digital Natives
3 State Sponsored Cyberattacks? Organized Crime? Legal Jurisdiction & Data Sovereignty? Global Security Standards? Privacy Protection for Citizens? Transparency & Visibility from Cloud Providers?
4 Shift the balance of power to consumers of IT Enable innovation to solve difficult problems of humanity Give the individual the tools to control their digital destiny Do this by creating confidence, trust and transparency in IT systems Security is not overhead, it is the enabler
5 Global, not-for-profit organization, founded 2009 Geographically divided into Americas, EMEA and APAC regions to meet strategic objectives 200 member driven organization with over 48,000 individual members in 64 chapters worldwide Established with the aim of bringing trust to the cloud Develop a global trusted cloud ecosystem Building best practices and standards for next-gen IT Grounded in an agile philosophy, rapid development of applied research that supports all activities
6
7 Corporate HQ is established in Singapore Global CSA Research Centre Global Standards Secretariat CCSK Global Centre of Excellence Secondary hub is established in Hong Kong anchored by CloudCERT APAC Operational Base Both locations also serve as APAC business centre Serving as a regional hub and operations magnet our members Subsequently satellite hubs are established in Thailand, Taiwan and New Zealand
8
9
10 CSA research is organized under a framework based on CSA Security Guidance for Critical Area of Focus in Cloud Computing Total of 14 domains organised under 3 key areas of focus Architecture, Governance and Operational Security
11 Our research includes fundamental projects needed to define and implement trust within the future of information technology CSA continues to be aggressive in producing critical research, education and tools Sponsorship opportunities Selected research projects in following slides
12 GRC Stack Family of 4 research projects Cloud Controls Matrix (CCM) Consensus Assessments Initiative (CAI) Cloud Audit Cloud Trust Protocol (CTP) Impact to the Industry Developed tools for governance, risk and compliance management in the cloud Technical pilots Provider certification through STAR program Control Requirements Private, Community & Public Clouds Provider Assertions
13 Previously known as Trusted Cloud Initiative Security reference architecture for cloud Architecture in use by early adopters of cloud in Global 2000 Cloud brokering To do: Management tools Technical implementation guides Documented case studies & use cases
14 1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology Issues
15 1. Data loss from lost, stolen or decommissioned devices. 2. Information-stealing mobile malware. 3. Data loss and data leakage through poorly written third-party apps. 4. Vulnerabilities within devices, OS, design and third-party applications. 5. Unsecured WiFi, network access and rogue access points. 6. Unsecured or rogue marketplaces. 7. Insufficient management tools, capabilities and access to APIs (includes personas). 8. NFC and proximity-based hacking.
16 Security as a Service Research for gaining greater understanding for how to deliver security solutions via cloud models. Information Security Industry Re-invented Identify Ten Categories within SecaaS Implementation Guidance for each SecaaS Category Align with international standards and other CSA research Industry Impact Defined 10 Categories of Service and Developed Domain 14 of CSA Guidance V.3
17 Mobile Securing application stores and other public entities deploying software to mobile devices Analysis of mobile security capabilities and features of key mobile operating systems Cloud-based management, provisioning, policy, and data management of mobile devices to achieve security objectives Guidelines for the mobile device security framework and mobile cloud architectures Solutions for resolving multiple usage roles related to BYOD, e.g. personal and business use of a common device Best practices for secure mobile application development
18 Big Data Identifying scalable techniques for data-centric security and privacy problems Lead to crystallization of best practices for security and privacy in big data Help industry and government on adoption of best practices Establish liaisons with other organizations in order to coordinate the development of big data security and privacy standards Accelerate the adoption of novel research aimed to address security and privacy issues
19 Expert-led community resource for global legal issues impacting cloud computing. Ask the Expert advice column Regular in-person seminars and webcasts Expert opinion whitepapers, initial postings Government Access to Data Held by US Cloud Service Providers Proposed EU Data Protection Regulation Implications for Cloud Users Article 29 for Cloud Computing
20 CSA Working Group based in Europe Define baselines for compliance with data protection legislation via a Privacy Level Agreement mechanism A clear and effective way to communicate to (potential) cloud customers the level of personal data protection provided by a CSP. A tool to assess the level of a CSP s compliance with data protection legislative requirements and best practices. A way to offer contractual protection against possible financial damages due to lack of compliance.
21
22 Public visibility into Providers Corporate Governance Supply Chain Information Security Program Policies Impacting Customers Consumer right to know Public will demand better Sunlight is the best disinfectant, U.S. Supreme Court Justice Louis Brandeis
23 Control Requirements Private, Community & Public Clouds Provider Assertions
24 The CSA Open Certification Framework (OCF) is an industry initiative to allow global, accredited, trusted certification of cloud providers. The CSA Open Certification Framework is a program for flexible, incremental and multilayered certification Based on CSA best practices Integrating with popular third-party assessment and attestation statements, initially ISO & AICPA SSAE16 (SOC2) Project initiative is called OCF, the certification mark is STAR
25 ASSURANCE OPEN CERTIFICATION FRAMEWORK LEVEL 3 - CONTINUOUS LEVEL 2 - ATTESTATION CERTIFICATION LEVEL 1:- SELF ASSESSMENT TRANSPERANCY
26 + Real time, continuous monitoring + Clear GRC objectives + Self Assessment 3 rd Party Assessment
27 CSA STAR (Security, Trust and Assurance Registry) Public Registry of Cloud Provider self assessments Based on Consensus Assessments Initiative Questionnaire Provider may substitute documented Cloud Controls Matrix compliance Voluntary industry action promoting transparency Security as a market differentiator /star STAR Demand it from your providers!
28 22 Registered (February 2013) 2 Registered (December 2012)
29 Completion of APAC Alibaba and New Taipei City (G-Cloud) Target launch for Level 2 CSA EMEA Congress on Sep 25 Also announced harmonization of Singapore Standard (Multi-tier Cloud Security) certification scheme against CSA s OCF
30
31 The industry s first user certification program for secure cloud computing Based on CSA research framework, specifically the Security Guidance for Critical Area of Focus in Cloud Computing Designed to ensure that a broad range of professionals with responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud
32 CCSK Basic One day course to enable student to pass CCSK CCSK Plus Two day course includes practical cloud lab work CCSK Train-the-Trainer Three day course including CCSK Plus GRC Stack Training Additional one day course to use GRC Stack components PCI/DSS In the Cloud Additional one day course focusing on achieving PCI compliance in cloud computing
33 CCSK for IT & Security Architects Whitepaper: Security best practices for security architecture in the cloud derived from CSA Domain 1, Trusted Cloud Initiative Reference Architecture model and new materials. Courseware: Development of 3 day courseware derived from above whitepaper and other CSA materials. CCSK for Software Developers Whitepaper: Security best practices for software development in the cloud and recommended industry curriculum. Courseware: Development of 3 day courseware derived from above whitepaper and other CSA materials. CCSK for Cloud Auditing/Assurance (GRC Stack) Whitepaper: Security best practices for assurance in the cloud derived from CSA Guidance 3 and components of the GRC Stack research projects. Courseware: Development of 3 day courseware derived from existing GRC Stack courseware, above whitepaper and other CSA materials.
34
35 Engage international standards bodies on behalf of CSA Propose key CSA research for standardization Working with NBs and tracking SDOs A.4 and A.5 liaison relationship with ITU-T Category A liaison with ISO/IEC SC27 & SC38
36
37 Industry thought leadership Traditional Monday start to RSA Conference 2011: White House launches Federal Cloud Strategy 2012: Keynote from Former NSA Director Mike McConnell, announce CSA Mobile 2013: DHS Undersecretary for Cybersecurity and Presiding Director of Coca Cola Company, James Robinson III
38 One day conferences in conjunction with chapters Engage with local thought leaders Project CSA best practices globally 2013 Regional Summits (so far) 16 in Asia Pacific 4 in Americas 4 in EMEA
39 Only multi-track, multi-day conference focused on cloud security Key venue for new research Primarily attended by enterprise end users 2013 CSA Congress Plans CSA Congress APAC, Singapore, May CSA Congress EMEA, Edinburgh, September CSA Congress US, Orlando, December 3-6
40
41 Challenges remain, there will always be insecurity Global collaboration, public & private Innovation can make policy restrictions obsolete Major focus on identity needed The Internet of Things is a ticking bomb Must solve tomorrow s problems today Transparency must be our guide
42 Be Pragmatic, Be Agile Follow the law, but do not concede to poor interpretations of the law. Defend the spirit of the law forcefully. More tools available than you think Advocate through procurement Waiting not an option, but don t forget Strategy Risk Management Cloud-ready Enterprise Architecture Be Educated
43 For more information on the Cloud Security Alliance, please contact: Global/Americas Jim Reavis EMEA Daniele Catteddu APAC Aloysius Cheang
44 Copyright Cloud Security Alliance
GRC Stack Research Sponsorship
GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary
More informationGlobal Efforts to Secure Cloud Computing
April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute
More informationCloud Channel Summit 2015 @rhipecloud #RCCS15
Cloud Channel Summit 2015 @rhipecloud #RCCS15 About the Cloud Security Alliance Global, not-for-profit organisation 300 member driven organization with over 56,000 individual members in 65 chapters worldwide
More informationGlobal Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago
Global Efforts to Secure Cloud Computing Jason Witty President, Cloud Security Alliance Chicago Cloud: Ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationThe Cloud Security Alliance
The Cloud Security Alliance Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing
More informationTOOLS and BEST PRACTICES
TOOLS and BEST PRACTICES Daniele Catteddu Managing Director EMEA, Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing security assurance within
More informationOpen Certification Framework. Vision Statement
Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption
More informationHow To Build Trust In The Cloud
Building Trust in Global Cloud Computing Systems Jim Reavis, CEO & Founder Cloud Security Alliance Global, not-for-profit organization Building security best practices for next generation IT Research and
More informationBuilding an Effective
Building an Effective Cloud Security Program Becky Swain Co-Founder/Chair, CSA CCM Board Member, CSA Silicon Valley Chapter Partner, EKKO Consulting Marlin Pohlman Co-Chair, CSA CCM Co-Chair/Founder, CSA
More informationJim Reavis, Executive Director. www.cloudsecurityalliance.org
Jim Reavis, Executive Director Cloud One million new mobile devices - each day! Social Networking Digital Natives Copyright 2013 2011 Cloud Security Alliance State Sponsored Cyberattacks? Organized Crime?
More informationBig Data Research Sponsorship
Big Data Research Sponsorship Overview The term Big Data refers to the massive amounts of digital information companies and governments collect about us and our surroundings. Providing security and privacy
More information! Global Efforts to Secure! Cloud Computing
ay 2012! Global Efforts to Secure! Cloud Computing Jim Reavis Executive Director loud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationCloud Data Governance Research Sponsorship
Cloud Data Governance Research Sponsorship Overview Cloud Computing marks the decrease in emphasis on 'systems' and the increase in emphasis on 'data'. With this trend, Cloud Computing stakeholders need
More informationCorporate Membership. For Solution Providers
Corporate Membership For Solution Providers Introduction Welcome to the Cloud Security Alliance. The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing
More informationInformation Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
More informationProtec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli
Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Vice President, IT Risk Management McKesson Corpora-on What is Your Business Model? Economic Moats In business, I look
More informationCloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014
Cloud Security Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Agenda Introduction Security Assessment for Cloud Secure Cloud Infrastructure
More informationAsia Pacific the Future of Cloud Computing
Asia Pacific the Future of Cloud Computing Presented by the CSA and CEPREI 1-3 December 2015 Guangzhou, China The 1-3 December 2015 Guangzhou, China Contents Backgroud Why Join the CSA APAC Congress Why
More informationCloud Security Certification
Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible
More informationCloud & Trust. Dr. Jesus Luna, CSA Research Director EMEA. Copyright 2014 Cloud Security Alliance. www.cloudsecurityalliance.org
Cloud & Trust Dr. Jesus Luna, CSA Research Director EMEA Copyright 2014 Cloud Security Alliance Enter the cloud The cloud can deliver a net gain of 2.5 million new European jobs, and an annual boost of
More informationCloud Security Alliance: Industry Efforts to Secure Cloud Computing
Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Jim Reavis, Executive Director September, 2010 Cloud: Dawn of a New Age Art Coviello - the most overhyped, underestimated phenomenon
More informationPrivacy Compliance and Security SLA: CSA addressing the challenges
Privacy Compliance and Security SLA: CSA addressing the challenges Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director - Cloud Security Alliance Arthur van der Wees, Managing Director
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationRisks and Challenges
Cloud and Mobile Security: Risks and Challenges Chong Sau Wei (CISM) chong@scan associates.net General Manager Managed Security Services SCAN Associates Berhad Seminar e Kerajaan Negeri Pulau Pinang 14
More informationWrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors
1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance
More informationUsing AWS in the context of Australian Privacy Considerations October 2015
Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview
More informationINFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE
INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE Multi-Tiered Cloud Security Standard for Singapore (MTCS SS) Audit Checklist Report For cross-certification from MTCS SS to Cloud Security Alliance (CSA) Security,
More informationCloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak
Cloud Standardization, Compliance and Certification Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Todays Agenda IT Resourcing with Cloud Computing and related challenges Landscape
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationCSA Position Paper on AICPA Service Organization Control Reports
CSA Position Paper on AICPA Service Organization Control Reports February 2013 2013, Cloud Security Alliance. All rights reserved. You may download, store, display on your computer, view, print, and link
More informationCloud Audit and Cloud Trust Protocol. By David Lingenfelter 2011
Cloud Audit and Cloud Trust Protocol By David Lingenfelter 2011 Background > MaaS360 SaaS Cloud Model > Mobile Device Management > FISMA Moderate Certified > SAS-70/SOC-2 Cloud Adoption Obstacles Planning
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationSUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR
SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our
More informationHow To Protect Your Cloud From Attack
SESSION ID: CDS-R03 Security Lessons Learned: Enterprise Adoption of Cloud Computing Jim Reavis Chief Executive Officer Cloud Security Alliance @cloudsa Agenda What we are going to cover The current &
More informationHelix Nebula: Secure Brokering of Cloud Resources for escience. Dr. Jesus Luna Garcia
Helix Nebula: Secure Brokering of Cloud Resources for escience Dr. Jesus Luna Garcia Outline Background The Blue-Box architecture Security Goals and Requirements Let s imagine Why a Public-Private Partnership
More informationData Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1
Data Risk Management: ISM Ground to Cloud Summit accelerate your ambition 1 John Jones Branch Practice Manager Networking, Communications & Security Solutions John.Jones@dimensiondata.com Justin Evans
More informationOpen Certificatio. Framewor. Daniele Catteddu, CSA Managing Director EMEA and OCF Project Director. CSO Interchange 2
Framewor Open Certificatio CSO Interchange 2 Paris, M Daniele Catteddu, CSA Managing Director EMEA and OCF Project Director Global, not-for-profit organisation Over 40,000 individual members, more than
More informationSecurity in the Green Cloud
Security in the Green Cloud Smart and Green infrastructure symposium 2011 Prague May 19 th 2011 Steinthor Bjarnason sbjarnas@cisco.com 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
More informationCompliance and Cloud Computing
Compliance and Cloud Computing Balaji Palanisamy Director, Southwest- US Coalfire Systems, Inc. July 24, 2014 Agenda Introduction Cloud Computing Basics Cloud Computing Threats Security vs. Compliance
More informationSecure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net
Secure Enterprise Mobility Management White Paper: Cloud-Based Enterprise Mobility Management soti.net Background Facing a business environment of constant change and increasing complexity, enterprises
More informationThe role of standards in driving cloud computing adoption
The role of standards in driving cloud computing adoption The emerging era of cloud computing The world of computing is undergoing a radical shift, from a product focus to a service orientation, as companies
More informationRobert Brammer. Senior Advisor to the Internet2 CEO rfbtech@internet2.edu. Internet2 NET+ Security Assessment Forum. 8 April 2014
Robert Brammer Senior Advisor to the Internet2 CEO rfbtech@internet2.edu Internet2 NET+ Security Assessment Forum 8 April 2014 INTERNET2 NET+ Security Initiative Primary objective -- develop guidance to
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationSecuring the Microsoft Cloud Infrastructure. Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06.
Securing the Microsoft Cloud Infrastructure Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06.2015 1 Certification & Security Reliance Microsoft s cloud environment Application
More informationSecurity in the Cloud
Security in the Cloud Visibility & Control of your Cloud Service Provider Murray Goldschmidt, Pierre Tagle, Ph.D. April 2012 Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney
More informationCSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments
CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments Kelvin Ng Tao Yao Sing Heng Yiak Por Acknowledgeme nts Co-Chairs Kapil Raina, Zscaler Kelvin Ng, Nanyang
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationTaking a Data-Centric Approach to Security in the Cloud
Taking a Data-Centric Approach to Security in the Cloud Bob West Chief Trust Officer CipherCloud 2014 CipherCloud All rights reserved 1 Taking a Data-Centric Approach to Cloud Data Protection Bob West
More informationEXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources
EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust
More informationDocument control for sensitive company information and large complex projects.
Data sheet Problem FTP-Stream solves four demanding business challenges: Global distribution of files any size. File transfer to / from China which is notoriously challenging. Document control for sensitive
More informationIntelligent Protection for Applications in the Cloud Industrial Case Studies Rob Rowlingson (robert.rowlingson@bt.com)
Intelligent Protection for Applications in the Cloud Industrial Case Studies Rob Rowlingson (robert.rowlingson@bt.com) Theo Dimitrakos Chief Security Researcher, BT Research & Technology theo.dimitrakos@bt.com
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationCloud Computing Risk and Rewards
Cloud Computing Risk and Rewards John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society Convergence 2013 May 8, 2013 John
More informationSoftware Defined Perimeter: Securing the Cloud to the Internet of Things
Software Defined Perimeter: Securing the Cloud to the Internet of Things SESSION ID: CDS-T08 Jim Reavis Chief Executive Officer Cloud Security Alliance @cloudsa About Cloud Security Alliance Global, not-for-profit
More information2011 Cloud Security Alliance, Inc. All rights reserved.
Vast Landscape of Cloud Standards Development Organizations (SDOs) 2 4 Mission Statement (Non-Profit) Promote common level of understanding Consumers Providers Security Requirements Attestation of Assurance
More informationCloud Security: Critical Threats and Global Initiatives
Cloud Security: Critical Threats and Global Initiatives Richard Zhao, Founder and Board Member of CSA-GCC Chief Strategy Officer, NSFOCUS Sept. 2010 What is Cloud Computing? Compute as a utility: third
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationWhy are Companies in the EU Adopting More and More Cloud-Based Security Solutions? François GRATIOLET, Qualys Inc., CSO EMEA
Why are Companies in the EU Adopting More and More Cloud-Based Security Solutions? François GRATIOLET, Qualys Inc., CSO EMEA 2 Agenda What is the cloud business value? What about the SecaaS? Why companies
More informationCloud Risks and Opportunities
Cloud Risks and Opportunities John Howie COO Cloud Security Alliance #SCCLondon About the Cloud Security Alliance Global, not- for- profit organiza;on Building security best prac;ces for next genera;on
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationAccelerating Cloud adoption with Security Level Agreements automation, monitoring and industry standards compliance
Accelerating Cloud adoption with Security Level Agreements automation, monitoring and industry standards compliance Cirrus Workshop, Vienna, Austria, November 19, 2013 Dr. Said Tabet Senior Technologist
More informationCloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority
Cloud Security Standards Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority Introduction Sign Off December 2012 Information Technology Authority
More informationHow To Be A Successful Compliance Officer
: A Pragmatic Approach to SOC2 and PCI compliance The Cadence Group is a professional services firm specializing in financial and IT compliance and risk management services. Our value proposition includes:
More informationData Privacy & Security in the Cloud: Legal Basics and New Developments
Data Privacy & Security in the Cloud: Legal Basics and New Developments Lawrence R. Freedman Partner, Edwards Wildman Palmer LLP lfreedman@edwardswildman.com (202) 939-7923 1 The Basics Two basic data
More informationLogically Securing a Public Cloud Service
SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only
More informationIBM Cognos TM1 on Cloud Solution scalability with rapid time to value
IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.
More informationConsolidated Audit Program (CAP) A multi-compliance approach
Consolidated Audit Program (CAP) A multi-compliance approach ISSA CONFERENCE Carlos Pelaez, Director, Coalfire May 14, 2015 About Coalfire We help our clients recognize and control cybersecurity risk,
More informationTRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014
TRUSTED CLOUD Our commitment to provide a cloud you can trust Fernando Machado Píriz September 2014 Technology Trends Driving cloud adoption 71% of strategic buyers cite scalability, cost and business
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationCyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things
Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations
More informationCloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015
Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix
More informationSecurity Risk Management Strategy in a Mobile and Consumerised World
Security Risk Management Strategy in a Mobile and Consumerised World RYAN RUBIN (Msc, CISSP, CISM, QSA, CHFI) PROTIVITI Session ID: GRC-308 Session Classification: Intermediate AGENDA Current State Key
More informationCloud Computing: Safe, Efficient and Easy
Microsoft Azure Cloud Computing: Safe, Efficient and Easy Linas Pečiūra Your title goes here Ref: The NIST Definition of Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf
More informationInterna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES
Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationHow To Write A Cloud Computing Plan
US Government Driven Cloud Computing Standards A panel discussion including: DMTF, Cloud Security Alliance, NIST and SNIA Lee Badger: Computer Scientist, Computer Security Division, National Institute
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationSubmission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review
Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review About auda.au Domain Administration Ltd (auda) is the industry self regulatory, not for profit
More informationPrivacy in the Cloud A Microsoft Perspective
A Microsoft Perspective November 2010 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft
More informationCisco Mobile Collaboration Management Service
Cisco Mobile Collaboration Management Service Cisco Collaboration Services Business is increasingly taking place on both personal and company-provided smartphones and tablets. As a result, IT leaders are
More informationD4.1 Cloud certification guidelines and recommendations
Ref. Ares(2015)444655-04/02/2015 www.cloudwatchhub.eu D4.1 Cloud certification guidelines and recommendations Revised Version www.cloudwatchhub.eu info@cloudwatchhub.eu @CloudWatchHub Security and privacy
More informationCloud Computing Risk management @HKQAA Symposium Antony Ma Chairman, CSA-HK&M Chapter Global, not-for-profit organization Over 40,000 individual members, around 200 corporate and affiliate members, 64
More informationManaging SSL Certificates with Ease
WHITE PAPER: MANAGING SSL CERTIFICATES WITH EASE White Paper Managing SSL Certificates with Ease Best Practices for Maintaining the Security of Sensitive Enterprise Transactions Managing SSL Certificates
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationIncident Management & Forensics Working Group. Charter
Incident Management & Forensics Working Group Charter February 2013 2013 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print,
More informationDOBUS And SBL Cloud Services Brochure
01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted
More informationMicrosoft Dynamics CRM Online
RESPONSE TO GCIO 105 QUESTIONS Dynamics CRM Online October 2015 MICROSOFT NEW ZEALAND LIMITED 22 Viaduct Harbour Avenue, Auckland Table of Contents Executive Summary 2 Disclaimer 2 How to read this document
More informationCloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012
Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner 23 February 2012 Foreword Cloud Security Alliance New Zealand Chapter is grateful to Privacy Commissioner for giving an opportunity
More information