Your SlideShare is downloading. ×
Securing the Cloud: Developing a new approach to managing third party risks
Securing the Cloud: Developing a new approach to managing third party risks
Securing the Cloud: Developing a new approach to managing third party risks
Securing the Cloud: Developing a new approach to managing third party risks
Securing the Cloud: Developing a new approach to managing third party risks
Securing the Cloud: Developing a new approach to managing third party risks
Securing the Cloud: Developing a new approach to managing third party risks
Securing the Cloud: Developing a new approach to managing third party risks
Securing the Cloud: Developing a new approach to managing third party risks
Securing the Cloud: Developing a new approach to managing third party risks
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Securing the Cloud: Developing a new approach to managing third party risks

495

Published on

Raj Samani presents at the CIO Event. For more information Click here http://bit.ly/oR262i

Raj Samani presents at the CIO Event. For more information Click here http://bit.ly/oR262i

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
495
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Securing the cloud: Developing a newapproach to managing third party risksRaj SamaniEMEA Strategy Advisor Cloud Security Alliance
  • 2. We Need a Fundamental Change in OurApproach to Fully Maximise the Benefitsof Cloud Computing• Cloud Service Providers (CSPs) need an efficient and scalable approach to assure customers• End user organisations need an efficient approach to address the risks such services represent• Data subjects must feel confident that their data controllers are securing their dataITS NOT ABOUT SECURITY
  • 3. Estimate the Assurance Costs Against TOTAL 10001000 Third PartiesWho?• Cloud Service Providers ESTIMATE• Physical Access• VPN access 5 DAYS• Extranet partners• Traditional OutsourcersHow? $1000+• Review of ISMS (Information Security Management System)• Technical AssessmentAnnual Cost for Assurance $1MWhat About the Other 11 Months? 25 YEARS*Based on Subjective Responses from Industry
  • 4. The Challenge in Addressing Risks WhenWorking With Third Parties• Third party access on the up• Acronym soup• Contractual challenges• Leverage existing investments• Resource constraints• Best endeavours
  • 5. The Common Assurance Maturity Model (CAMM) is a global, collaborative effort made up of security professionals working across industry in an effort to meet the security challenges of the 21st century.
  • 6. CAMM is built on existing standards, so no need for massive re-investment Provides a genuine Unique SellingProposition to organisations that have higher levels of information risk maturity BUSINESS Risk management maturity is open for stakeholders to view, using ASSURANCE appropriate language and detail Measures maturity against definedcontrols areas, with particular focus on key controls A business benefit that creates consumer trust that is both meaningful and understandable CAMM—NEW BUSINESS ASSURANCE BAROMETER
  • 7. • Simple to understand—customers do not need professional certifications to understand the difference between a level 2 and level 3.• Analogous to other rating systems—Already used in tourism, banking, and other sectors.• Develops (a level of) trust with one small icon—Cloud providers can develop trust with simple scorecardCompany A Company A Company A Company A Company A Company AService A Service B Service C Service D Service E Service F
  • 8. 1. Simpler comparison—Allows the CIO to perform a simpler comparison between internal vs external provision, not only relying on cost comparisons.2. Cost comparison—Once risk appetite is defined, allows the CIO to compare the cost of different residual risk scenarios.3. Apples for Apples—Judges services on a set of applicable criteria through use of applicable modules. Internally Company A Company B Internally Provisioned Service A Service C Provisioned DECISION DECISION Cost Cost Cost Cost Cost Cost £x £y £z £x £y £z
  • 9. 3 Evidence of compliance may be uploaded to central repository that can be used by numerous customers Third Party Assurance Centre Third Party Maturity Requesting Access Risk Appetite Maturity Cloud Provider Internal Maturity Hosting Provider1 2 4 Business sets level of risk they are Level of risk management maturity Leverage existing expenditure willing to tolerate (number of is communicated to business and remove need for duplicate levels depending on the data). partners (and possible partners) verification (note: May remove Maturity will include CAMM plus audit requirement altogether) possible bespoke modules.
  • 10. Over 40 Organisations AlreadyEnd User Organisations Involved, Including… • PCISecurity Associations • ISACA • CSACloud Providers • ENISAConsultancies • BITS • ISFIndependent consultants www.common-assurance.com Twitter @Raj_Samani Twitter @Commonassurance

×