Your SlideShare is downloading. ×

Leveraging Industry Initiatives for Data Center and Cloud

733
views

Published on

Understand how to leverage industry initiatives for Data Center and Cloud with Cisco Security.

Understand how to leverage industry initiatives for Data Center and Cloud with Cisco Security.

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
733
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Evelyn de SouzaCisco Security Product MarketingNovember 1 2012© 2012 Cisco and/or its affiliates. All rights reserved. 1
  • 2. Overview of Industry Initiatives? NIST Cloud Models CSA compliance and service provider assessment tools ODCA usage models Questions 2© 2012 Cisco and/or its affiliates. All rights reserved. 2
  • 3. • Transparency & visibility from providers • Compatible laws across jurisdictions • Data sovereignty • Incomplete standards • True Consumer awareness & engagement© 2012 Cisco and/or its affiliates. All rights reserved. 3
  • 4. via consensus on security best practices Reduce manual audit cycles via common framework for regulatory standards Streamline security implementations via standards for controls and APIs across cloud environments Enable IT to easily compare cloud provider security levels Example: Aligning hardware and software controls to ODCA requirements ODCA Security Provider Assurance Usage Model 1.0 – Solution should be able to support the following functional requirements by assurance levels, where applicable: Bronze (basic): Identity management, security incident & event monitoring Silver (enterprise): Network intrusion prevention, event logging, administrative changes tracking Gold (financial): Penetration testing, asset segmentation, encrypted communication, Geo limits, storage encryption Platinum (military): Strong encryption for data *Several of the requirements are supported by Intel / McAfee 4© 2012 Cisco and/or its affiliates. All rights reserved. 4
  • 5. Hybrid CloudsDeploymentModels Private Community Public Cloud Cloud CloudService Software as a Platform as a Infrastructure as aModels Service (SaaS) Service (PaaS) Service (IaaS) On Demand Self-ServiceEssential Broad Network Access Rapid ElasticityCharacteristics Resource Pooling Measured Service Massive Scale Resilient ComputingCommon Homogeneity Geographic DistributionCharacteristics Virtualization Service Orientation Low Cost Software Advanced Security© 2012 Cisco and/or its affiliates. All rights reserved. Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com 5 5
  • 6. • Global, not-for-profit organization• Over 33,000 individual members, 150 corporate members, 60 chapters• Building best practices and a trusted cloud ecosystem Research Education Certification Advocacy of prudent public policy• Innovation, Transparency, GRC, Identity “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”© 2012 Cisco and/or its affiliates. All rights reserved. 6
  • 7. Provider Assertions • Family of 4 research projects • Cloud Controls Matrix • Consensus Assessments Initiative • Cloud Audit • Cloud Trust Protocol • Tools for governance, risk and compliance mgt • Enabling automation and Private, Com continuous monitoring of GRC munity & Public Clouds Control Requirements© 2012 Cisco and/or its affiliates. All rights reserved. 7
  • 8. • CSA STAR (Security, Trust and Assurance Registry) • Public Registry of Cloud Provider self assessments • Based on Consensus Assessments Initiative Questionnaire Provider may substitute documented Cloud Controls Matrix compliance • Voluntary industry action promoting transparency • Security as a market differentiator • www.cloudsecurityalliance.org/star© 2012 Cisco and/or its affiliates. All rights reserved. 8
  • 9. YOUR CALL TO ACTION Your Call to Action Integrate security into your cloud planning – don’t bolt it on Engage CSA and ODCA - ask the right questions of your cloud service providers Become a participating member of one of an industry based organization 9© 2012 Cisco and/or its affiliates. All rights reserved. 9
  • 10. Thank you.© 2012 Cisco and/or its affiliates. All rights reserved. 10