Agenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems



Similar documents
Open Certification Framework. Vision Statement

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

GRC Stack Research Sponsorship

Logically Securing a Public Cloud Service

Adopting Cloud Computing with a RISK Mitigation Strategy

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

Working Group on. First Working Group Meeting

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Building an Effective

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Assessing Risks in the Cloud

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli

Cloud Security Certification

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Robert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Security Issues in Cloud Computing

TOOLS and BEST PRACTICES

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Key Considerations of Regulatory Compliance in the Public Cloud

Ensuring Cloud Security Using Cloud Control Matrix

About the Presenter About the Cloud Security Alliance Guidance 1.0 Getting Involved Call to Action

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

Global Efforts to Secure Cloud Computing

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

IIA Conference. September 18, Paige Needling Director, Global Information Security Recall, Inc.

Certified Information Security Manager (CISM)

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

How To Protect Your Cloud From Attack

Cisco Cloud Assessments. Justin Tang

Cloud Data Governance Research Sponsorship

John Essner, CISO Office of Information Technology State of New Jersey

Governance and the cloud

Incident Management & Forensics Working Group. Charter

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Compliance and the Cloud: What You Can and What You Can t Outsource

How To Secure Cloud Computing

Security in the Cloud

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR

Corporate Membership. For Solution Providers

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Question: 1 Which of the following should be the FIRST step in developing an information security plan?

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing

Securing the Cloud Infrastructure

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

Security Considerations for the Cloud

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

The Cloud Security Alliance

A Flexible and Comprehensive Approach to a Cloud Compliance Program

Cloud Computing Security Audit

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing

The problem of cloud data governance

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014

How To Write A Cloud Computing Plan

Is it Time to Trust the Cloud? Unpacking the Notorious Nine

Cloud Computing Governance & Security. Security Risks in the Cloud

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

Cloud Card Compliance Checklist

Service Definition Document

Trusted Multi-Tenant Infrastructure

Cloud Security Introduction and Overview

Cloud Security. DLT Solutions LLC June #DLTCloud

Cloud Computing What Auditors need to know

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

Security and Privacy in Cloud Computing

CLOUD SECURITY. Rafal Los. Renee Guttmann. Jason Clark SOLUTION PRIMER. Director, Information Security, Accuvant

Cloud Services Overview

Information Auditing and Governance of Cloud Computing IT Capstone Spring 2013 Sona Aryal Laura Webb Cameron University.

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Cloud Courses Description

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Regulatory Compliance Management for Energy and Utilities

How RSA has helped EMC to secure its Virtual Infrastructure

Responsible Big Data Governance: Preventing Regulatory Overreaction

How To Build Trust In The Cloud

Contact Center Security in the Cloud: Questions to Ask & Answers to Expect

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0

Agenda 3/7/ ERM Symposium March 14 16, Continuous Controls Monitoring. I. Changes In Corporate Environment

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Selecting a Cloud Service Provider (CSP)

Secure your cloud applications by building solid foundations with enterprise (security ) architecture

Service Measurement Index Framework Version 2.1

OCCUPATIONAL GROUP: Information Technology. CLASS FAMILY: Security CLASS FAMILY DESCRIPTION:

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Why are Companies in the EU Adopting More and More Cloud-Based Security Solutions? François GRATIOLET, Qualys Inc., CSO EMEA

2011 Cloud Security Alliance, Inc. All rights reserved.

CLOUD MIGRATION. Celina Alexandre M6807

! Global Efforts to Secure! Cloud Computing

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Transcription:

Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems Cloud Security Alliance, 2015 Agenda Charter /Members What is Data Governance Data Governance Models (Under Development) Cloud Data Protection Model Activities Get Involved Cloud Security Alliance, 2015 1

Charter Propose a data governance framework to ensure the, availability, integrity and overall security and privacy of data in different cloud models. This framework would feed into the GRC stack with tie ins across the CAIQ, CCM and STAR Develop thought leadership materials to promote CSA s leadership in the the area of data governance in the cloud Please review our Data Governance Workgroup Charter Documenthttps://docs.google.com/a/cloudsecu rityalliance.org/document/d/1fhllar4knwpgc XwZEi4xtezzLQF9LHISlfElzJMTk30/edit Cloud Security Alliance, 2014. Fostering collaboration across: Key industry leaders from different verticals Membership Academia Industry analyst associations Vendor subject matter experts Do join our discussion on LinkedIn: CSA Cloud Data Governance Working Group Cloud Security Alliance, 2014. 2

Cloud Data Governance Challenges 1.Data Protection (65%) Is data safely protected while in motion, in use or stored in the cloud How is the availability of data in the cloud assured? 2. Security Management (42%) How are assurance levels effectively managed by the cloud provider Can I get a snapshot of the cloud provider s security management capabilities at any point 3. Compliance (53%) 4. Data Governance (73%) Can the cloud provider demonstrate that regulatory controls are implemented effectively and sustainably? Who owns/accesses/edits/mo difies my data in the cloud? Data does not equal a one-size fits all model How do you measure policy enforcement? How do you enforce policy? Over-emphasis on technology controls often leads to underlying weaknesses in processes Based upon informal survey with CISOs and InfoSec leaders from Dimension Data, Kloud, CSA Enterprise Council (43 InfoSec leaders worldwide from SP and Enterprise) and FSISAC Banking Leaders NEED to set up User Focus Groups to hone in by segment and industry Cloud Deployment Model Risks Private Community Least risk due to single ownership. Enterprise control over legal regulatory needs Moderate risk due to multitenancy however, common regulatory/legal needs Public SaaS Public IaaS Greatest risk due to least amount of control for consuming organization. Risk dependent on provider. Shared legal/regulatory needs High risk amount of risk. Shared model and shared regulatory/legal needs 3

Canonical Question Set Guidance V3 Data Life Cycle Phase 1 Categories Q1.1 Who V Create Store Use Data Discovery Location of Data Q1.2. V V QWhat V V V V Where When Aligning Governance Models to Security Frameworks Operational and support-oriented processes Compliance and security IT goals Four Inter-related Domains of COBIT Plan/Obs erve Source: ISACA Compliance and risk business goals Act Do/Orien t Check/D ecide Plan-Do-Check-Act Observe-Orient-Decide-Act 4

Example of Governance Framework Tied to CSA Cloud Controls Matrix 3 phases to govern are Plan (Plan and Organize) Do (Acquire and Implement, Deliver and Support) Check, Act (Monitor and Evaluate) Planning Processes Functional Processes Evaluation Processes 3. Business Continuity Management 1. Application & Interface Security 2. Audit Assurance & Compliance 5. Data Security and Information Lifecycle Management 6. Datacenter security 4. Change Control Management 8. Governance and Risk Management 7. Encryption and Key Management 14. Security Incident Management 12. Interoperability and Portability 9. Human Resources 15. Supply Chain Management 10. Identity and Access Management 11. Infrastructure and Virtualization Security 13. Mobile Security 16. Threat and Vulnerability Management Example of Governance Framework tied for CCM Data and Lifecycle Management Domain 5

Data Governance Milestones Stages Value of Security Risk Management AD HOC MANAGED DEFINED PROACTIVE OPTIMIZING Value driven Undefined data management policies Sporadic data issues communication Standardized process per organization/ Standardized data definitions and rules in place Quantitative management of data KPIs and tools for measurements in place Processes are centralized, controlled and measured Continuous process improvements way of life Real-time analysis and resolution Ad hoc processes / per data management Processes defined by individual technology functions PAGE 11 Exploring Toolsets for Cloud Data Governance Steps 1 2 3 4 http://clouddataprotection.org/cert/ 6

Contribute LinkedIn Group Consider joining us on LinkedIn: CSA Cloud Data Governance Working Group Mailing List Our mailing list is hosted on the Cloud Security Alliance listserv: https://lists.cloudsecurityalliance.org/mailman/listinfo/datagoverna nce References & Links Geospatial datalifecycle http://www.fgdc.gov/policyandplanning/a-16/stages-ofgeospatial-data-lifecycle-a16.pdf CCAQIS https://cloudsecurityalliance.org/research/cdg/ 7

??? Cloud Security Alliance, 2015 Cloud Security Alliance, 2015 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information