! Global Efforts to Secure! Cloud Computing



Similar documents
Global Efforts to Secure Cloud Computing

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Assessing Risks in the Cloud

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing

Building an Effective

How To Build Trust In The Cloud

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

A view from the Cloud Security Alliance peephole

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Working Group on. First Working Group Meeting

Cloud Channel Summit #RCCS15

Cloud & Trust. Dr. Jesus Luna, CSA Research Director EMEA. Copyright 2014 Cloud Security Alliance.

The Cloud Security Alliance

TOOLS and BEST PRACTICES

GRC Stack Research Sponsorship

Building an Effec.ve Cloud Security Program

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

Cloud Security: Critical Threats and Global Initiatives

Corporate Membership. For Solution Providers

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Cloud Computing Security Issues

How To Protect Your Cloud From Attack

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

Cloud Security Certification

Open Certification Framework. Vision Statement

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

White Paper on CLOUD COMPUTING


Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Security Issues in Cloud Computing

About the Presenter About the Cloud Security Alliance Guidance 1.0 Getting Involved Call to Action

Cloud Data Governance Research Sponsorship

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Cloud Services Overview

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

Cloud Audit and Cloud Trust Protocol. By David Lingenfelter 2011

Cloud Security Introduction and Overview

IIA Conference. September 18, Paige Needling Director, Global Information Security Recall, Inc.

Selecting a Cloud Service Provider (CSP)

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

How RSA has helped EMC to secure its Virtual Infrastructure

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

The role of standards in driving cloud computing adoption

Securing The Cloud With Confidence. Opinion Piece

John Essner, CISO Office of Information Technology State of New Jersey

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014

Big Data Research Sponsorship

Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare

Cloud Courses Description

Are You Prepared for the Cloud? Nick Kael Principal Security Strategist Symantec

Adopting Cloud Computing with a RISK Mitigation Strategy

Why & How Cloud computing is enabling the digital transformation of financial services institutions

Every Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World

Open Certificatio. Framewor. Daniele Catteddu, CSA Managing Director EMEA and OCF Project Director. CSO Interchange 2

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

How To Write A Cloud Computing Plan

Information Technology: This Year s Hot Issue - Cloud Computing

Cloud Security. DLT Solutions LLC June #DLTCloud

Ironside Group Rational Solutions

Private cloud computing

2011 Cloud Security Alliance, Inc. All rights reserved.

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM


Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

CONTROLLING CLOUDS: BEYOND SAFETY

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

Pilvipalveluiden tietoturvan standardisointi

Logically Securing a Public Cloud Service

Compliance and the Cloud: What You Can and What You Can t Outsource

STRATEGIES FOR SUCCESS IN THE CLOUD THE FIVE KEYS TO EXCEPTIONAL BUISINESS IMPACT

Security Controls What Works. Southside Virginia Community College: Security Awareness

Aalborg Universitet. Cloud Governance Berthing, Hans Henrik Aabenhus. Publication date: Document Version Preprint (usually an early version)

Cloud Computing. Nahil Mahmood. CEO, Delta Tech Founder & President, CSA

Cloud Computing; What is it, How long has it been here, and Where is it going?

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Managing Cloud Computing Risk

Agenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems

Cloud Service Providers Overcoming security and compliance barriers

Kent State University s Cloud Strategy

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

Cloud Computing in a Regulated Environment

Robert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A

Orchestrating the New Paradigm Cloud Assurance

The problem of cloud data governance

Cloud Computing: Compliance and Client Expectations

Security Considerations for the Cloud

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Top 5 Cloud Security Tips For Canadian Organizations. The Smarter Everyday project is owned and operated by CTE Solutions Inc.

Security in the Green Cloud

Cloud, Beyond the Hype

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

Applying Business Architecture to the Cloud

Transcription:

ay 2012! Global Efforts to Secure! Cloud Computing Jim Reavis Executive Director

loud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute anywhere Challenges our assumptions about.. everything Shifting balance of power towards technology users Barriers to market entry in any industry Organizational structure and business planning Disrupting IT and IT security through agility Revolutions are not about trifles, but spring from trifles Aristotle

he Hybrid Enterprise & Shadow IT public clouds private clouds Cloud + Mobile Dispersal of applications Dispersal of data Dispersal of users cloud of users enter boun Notio organiza bound

hat is Cloud Computing? Compute as a utility: third major era of computing Cloud enabled by Moore s Law Hyperconnectivity Provider scale SOA Key characteristics Elastic & on-demand Multi-tenancy Metered service Broadly available

ey Trust Issues ransparency & visibility from providers ompatible laws across jurisdictions ata sovereignty complete standards rue multi-tenant technologies & architecture complete Identity Mgt implementations onsumer awareness & engagement ow do we gracefully lose control of IT and have reater confidence in its security?

bout the Cloud Security Alliance Global, not-for-profit organization Over 33,000 individual members, 150 corporate members, 60 chapters Building best practices and a trusted cloud ecosystem Research Education Certification Advocacy of prudent public policy Innovation, Transparency, GRC, Identity To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secu all other forms of computing.

lobal efforts Europe Proposed EU Data Privacy Regulation EC European Cloud Partnership US Federal government NIST FedRAMP APAC Standards bodies ISO SC 27 ITU-T FG 17

ey CSA Contributions Cloud Architecture Operating in the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Security as a Service Governing the Cloud

SA GRC Stack Control Requirements Family of 4 research projects Cloud Controls Matrix Consensus Assessments Initiative Cloud Audit Cloud Trust Protocol Tools for governance, risk and compliance mgt Enabling automation and continuous monitoring of GRC Private, Community & Public Clouds Provider Asse

SA STAR Registry CSA STAR (Security, Trust and Assurance Registry) Public Registry of Cloud Provider self assessments Based on Consensus Assessments Initiative Questionnaire Provider may substitute documented Cloud Controls Matrix compliance Voluntary industry action promoting transparency Security as a market differentiator www.cloudsecurityalliance.org/star

SA Open Certification Framework Leverage CSA STAR Infrastructure to create national, local or industry-specific provider certifications Allows governments, certification bodies and industry consortia to create certifications addressing specific requirements without developing complete & proprietary bodies of knowledge For those with unique certification requirements Leverage existing certification/attestation regimes Allows providers to certify once, comply many

nowledge Benchmark of cloud security competency Measures mastery of CSA guidance and ENISA cloud risks whitepaper Understand cloud issues Look for the CCSKs at cloud providers, consulting partners Online web-based examination www.cloudsecurityalliance.org/certifyme www.cloudsecurityalliance.org/training

ecurity as a Service Information Security Industry Re-invented Define Security as a Service security delivered via the cloud Articulate solution categories within Security as a Service Guidance for adoption of Security as a Service Align with other CSA research Delivered as the14 th domain within CSA Guidance version 3. https://cloudsecurityalliance.org/research/workinggroups/secaas/

CSA Mobile obile the Portal to the Cloud YOD, New OSes, applica1on stores, mobile clouds r Ini4a4ve ecurity Guidance for Cri1cal Areas of Focus in Mobile Compu1ng ecure applica1on stores olu1ons for personal and business use of a common mobile devi loud- based security mgt of mobile devices ecurity frameworks and architecture calable authen1ca1on and secure mobile app development ww.cloudsecurityalliance.org/mobile

igrating to the Cloud Shared Responsibility Strategy Education Architecture / Framework Due Diligence

ummary hallenges remain overnments, SDOs, Industry actively ddressing issues ore tools available than you think aiting not an option dentify IT options appropriate for specific loud everage business drivers & risk mgt e Agile!

or more information Research: www.cloudsecurityalliance.org/research/ CCSK Certification: www.cloudsecurityalliance.org/certifyme Chapters: www.cloudsecurityalliance.org/chapters info@cloudsecurityalliance.org LinkedIn: www.linkedin.com/groups?gid=1864210 Twitter: @cloudsa

Thank you!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information