Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago



Similar documents
Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Assessing Risks in the Cloud

Building an Effective

A view from the Cloud Security Alliance peephole

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

GRC Stack Research Sponsorship

Cloud Channel Summit #RCCS15

The Cloud Security Alliance

TOOLS and BEST PRACTICES

How To Protect Your Cloud From Attack

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Cloud Security. DLT Solutions LLC June #DLTCloud

Cloud Security Certification

IIA Conference. September 18, Paige Needling Director, Global Information Security Recall, Inc.

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Cloud Audit and Cloud Trust Protocol. By David Lingenfelter 2011

Building an Effec.ve Cloud Security Program

Robert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

Ironside Group Rational Solutions

Open Certification Framework. Vision Statement

Compliance and the Cloud: What You Can and What You Can t Outsource

2011 Cloud Security Alliance, Inc. All rights reserved.

Selecting a Cloud Service Provider (CSP)

Cloud Security Introduction and Overview

Cloud Computing. Nahil Mahmood. CEO, Delta Tech Founder & President, CSA

Whitepaper. The ABC of Private Clouds. A viable option or another cloud gimmick?

The Evolution to Cloud Communications

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A

Cloud Computing Security Issues

Every Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

Cloud Computing and Standards

TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER CLOUD 2.0 MOVING FROM COST SAVINGS TO AGILE IT

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

White Paper on CLOUD COMPUTING

John Essner, CISO Office of Information Technology State of New Jersey

Introduction to Cloud Computing

ITU- T Focus Group Cloud Compu2ng

A Survey on Cloud Security Issues and Techniques

Adding value as a Cloud Broker. Nick Hyner Director Cloud Services EMEA Twitter Dell.com/Cloud

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud Security. Are you on the train or the tracks? ISSA CISO Executive Forum April 18, Brian Grayek CISSP, CCSK, ITILv3

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud, Beyond the Hype

Pilvipalveluiden tietoturvan standardisointi


Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

HYBRID CLOUDS DEFINING A SUSTAINABLE STRATEGY DR. RAGHU P. PUSHPAKATH KRISHNAKUMAR GOPINATHAN SACHIN KANOTH MADAKKARA

How RSA has helped EMC to secure its Virtual Infrastructure

O p t i m i z i n g t h e N e t w o r k t o M e e t T o m o r r o w ' s I C T D e m a n d s

Software Defined Perimeter: Securing the Cloud to the Internet of Things

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Computing: Background, Risks and Audit Recommendations

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

SECURE CLOUD COMPUTING

Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1

Cloud Computing Business, Technology & Security. Subra Kumaraswamy Director, Security Architecture, ebay

Consolidated Audit Program (CAP) A multi-compliance approach

Cloud computing: the IBM point of view

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

Cloud Computing Standards: Overview and ITU-T positioning

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Professional Cloud Solutions and Service Practices

CLOUD SECURITY. Rafal Los. Renee Guttmann. Jason Clark SOLUTION PRIMER. Director, Information Security, Accuvant

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Aalborg Universitet. Cloud Governance Berthing, Hans Henrik Aabenhus. Publication date: Document Version Preprint (usually an early version)

Transcription:

Global Efforts to Secure Cloud Computing Jason Witty President, Cloud Security Alliance Chicago

Cloud: Ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute anywhere Challenges our assumptions about.. everything Shifting balance of power towards technology users Barriers to market entry in any industry Organizational structure and business planning Disrupting IT and IT security through agility Revolutions are not about trifles, but spring from trifles. Aristotle

The Hybrid Enterprise & Shadow IT public clouds private clouds Cloud + Mobile Dispersal of applications Dispersal of data Dispersal of users Dispersal of endpoint devices cloud of users Notional organizational boundary 3

What is Cloud Computing? Compute as a utility: third major era of computing Cloud enabled by Moore s Law Hyperconnectivity Provider scale SOA Key characteristics Elastic & on-demand Multi-tenancy Metered service Broadly available But, can we Trust the Cloud?

Migrating to the Cloud Shared Responsibility Strategy Education Architecture / Framework Due Diligence

Key Trust Issues Transparency & visibility from providers Compatible laws across jurisdictions Data sovereignty Incomplete standards True multi-tenant technologies & architecture Incomplete Identity Mgt implementations Consumer awareness & engagement How do we gracefully lose control of IT and have greater confidence in its security?

About the Cloud Security Alliance To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Global, not-for-profit organization Over 33,000 individual members, 150 corporate members, 60 chapters Building best practices and a trusted cloud ecosystem Research Education Certification Advocacy of prudent public policy Innovation, Transparency, GRC, Identity

Europe Global Efforts Proposed EU Data Privacy Regulation EC European Cloud Partnership US Federal government NIST FedRAMP APAC Standards bodies ISO SC 27 ITU-T FG 17 DMTF, PCI Standards Council

Key CSA Contributions

CSA GRC Stack Family of 4 research projects Cloud Controls Matrix Consensus Assessments Initiative Cloud Audit Cloud Trust Protocol Tools for governance, risk and compliance mgt Enabling automation and continuous monitoring of GRC Private, Community & Public Clouds Provider Assertions Control Requirements

CSA STAR Registry CSA STAR (Security, Trust and Assurance Registry) Public Registry of Cloud Provider self assessments Based on Consensus Assessments Initiative Questionnaire Provider may substitute documented Cloud Controls Matrix compliance Voluntary industry action promoting transparency Security as a market differentiator www.cloudsecurityalliance.org/star

CCSK Certificate of Cloud Security Knowledge Benchmark of cloud security competency Measures mastery of CSA guidance and ENISA cloud risks whitepaper Understand cloud issues Look for the CCSKs at cloud providers, consulting partners Online web-based examination www.cloudsecurityalliance.org/certifyme www.cloudsecurityalliance.org/training

Security as a Service Information Security Industry Re-invented Define Security as a Service security delivered via the cloud Articulate solution categories within Security as a Service Guidance for adoption of Security as a Service Align with other CSA research Delivered as the14 th domain within CSA Guidance version 3. https://cloudsecurityalliance.org/research/workin g-groups/secaas/

CSA Mobile Mobile the Portal to the Cloud BYOD, New OSes, application stores, mobile clouds Our Initiative Security Guidance for Critical Areas of Focus in Mobile Computing Secure application stores Solutions for personal and business use of a common mobile device Cloud-based security mgt of mobile devices Security frameworks and architecture Scalable authentication and secure mobile app development www.cloudsecurityalliance.org/mobile

Summary Challenges remain Governments, SDOs, Industry actively addressing issues More tools available than you think Waiting not an option Identify IT options appropriate for specific cloud Leverage business drivers & risk mgt Be Agile!

For more information Research: www.cloudsecurityalliance.org/research/ CCSK Certification: www.cloudsecurityalliance.org/certifyme Chapters: www.cloudsecurityalliance.org/chapters info@cloudsecurityalliance.org LinkedIn: www.linkedin.com/groups?gid=1864210 Twitter: @cloudsa

Thank you!

trendmicro.com/jointhejourney

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information