SlideShare a Scribd company logo

Hogan Kusnadi - Cloud Computing Secutity

Indonesia Honeynet Chapter
Indonesia Honeynet Chapter

Hogan Kusnadi - Cloud Computing Secutity

TechnologyBusiness
1 of 42
Download to read offline
Seminar Honeynet Indonesia 2013 Cloud Computing Security By Hogan Kusnadi CISSP-ISSAP, SSCP, CISA, CISM hoganklim@gmail.com 18 June 2013
Peresmian SNI-ISO 20000 & 27001 Kominfo & BSN, Oktober 2009
Rapid Development of ICT (Information Communication Technology)
From LAN, WAN to Cloud Computing
NIST National Institute of Standards and Technology This cloud model promotes availability and is composed of five essential characteristics: – on-demand self-service – broad network access – resource pooling – rapid elasticity – measured service
Cloud Computing • Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (IaaS) • Storage as a service (SaaS) • Communications as a service (Caas) • Network as a service (NaaS) • Monitoring as a service (MaaS) • Etc
XaaS (anything as a service) • Anything/Everything as a service (XaaS) – The acronym refers to an increasing number of services that are delivered over the Internet rather than provided locally or on-site. • XaaS is the essence of cloud computing
User vs Provider
Understanding Risk is Important
Two Sides of Technology
Benefit vs Risk of ICT Multi Function Flexible Easy to use Lower Cost Benefit Database Application Web Application Client Server Network Integration Cloud Computing Identity Theft Information Theft Industrial Espionage Country Espionage Denial of Service (DDOS) Data / Information Sovereignty Sabotage, Cyber Weapon, Cyber War Risk Confidentiality Integrity Availability
Website Deface Attack Statistic www.zone-h.org 18 April 2012
Data Loss Incidents (2004-2013*) April 2013
Cloud Computing and Information Security Incidents
How to Mitigate Risk
Enisa (European Network and Information Security Agency)
How Security Gets Integrated
Data Security Lifecycle
The Notorious Nine Cloud Computing Top Threats in 2013 1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology Issues
About the Cloud Security Alliance • Global, not-for-profit organization • Building security best practices for next generation IT • Research and Educational Programs • Cloud Provider Certification • User Certification • Awareness and Marketing • The globally authoritative source for Trust in the Cloud “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
CSA Fast Facts • Founded in 2009 • 42,000 individual members, 66 chapters globally • 200 corporate and affiliate members – Major cloud providers, tech companies, infosec leaders, DoD, Coca-Cola, Bank of America and much more • Regional hubs in Seattle USA, Singapore, Heraklion Greece • Over 30 research projects in 25 working groups • Strategic partnerships with governments, research institutions, professional associations and industry
Growing to serve the Industry • 2009 – CSA launch at RSA 2009 with Security Guidance for Critical Areas of Focus in Cloud Computing – 6,000 members • 2010 – Launch Certificate of Cloud Security Knowledge (CCSK) – 15,000 members • 2011 – Launch CSA Security, Trust and Assurance Registry (STAR) – 27,000 members • 2012 – Launch CSA Mobile and Big Data research to address emerging needs – 42,000 members North America EMEA APAC 0 10,000 20,000 30,000 40,000 50,000 Membership Growth
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org Research Portfolio Our research includes fundamental projects needed to define and implement trust within the future of information technology CSA continues to be aggressive in producing critical research, education and tools Sponsorship opportunities Selected research projects in following slides Copyright © 2012 Cloud Security Alliance
Security as a Service • Security as a Service – Research for gaining greater understanding for how to deliver security solutions via cloud models. • Information Security Industry Re- invented • Identify Ten Categories within SecaaS • Implementation Guidance for each SecaaS Category • Align with international standards and other CSA research • Industry Impact – Defined 10 Categories of Service and Developed Domain 14 of CSA Guidance V.3
GRC Stack GRC Stack Family of 4 research projects Cloud Controls Matrix (CCM) Consensus Assessments Initiative (CAI) Cloud Audit Cloud Trust Protocol (CTP) Impact to the Industry Developed tools for governance, risk and compliance management in the cloud Technical pilots Provider certification through STAR program Control Requirements Provider Assertions Private, Com munity & Public Clouds
Smart Mobile • Mobile – Securing application stores and other public entities deploying software to mobile devices – Analysis of mobile security capabilities and features of key mobile operating systems – Cloud-based management, provisioning, policy, and data management of mobile devices to achieve security objectives – Guidelines for the mobile device security framework and mobile cloud architectures – Solutions for resolving multiple usage roles related to BYOD, e.g. personal and business use of a common device – Best practices for secure mobile application development
CCSK – User Certification Certificate of Cloud Security Knowledge (CCSK) Benchmark of cloud security competency Online web-based examination www.cloudsecurityalliance.org/certifyme Training partnerships Developing new curriculum for audit, software development and architecture
CSA Conference • Only multi-track, multi-day conference focused on cloud security • Key venue for new research • Primarily attended by enterprise end users • 2013 CSA Congress Plans – CSA Congress APAC, Singapore, May 15-16 – CSA Congress EMEA, Europe, September – CSA Congress US, Orlando, November
CSA APAC • Incorporated and based in Singapore • Planned establishment of corporate HQ in Singapore • Supported by key Singaporean ministries, led by Infocomm Development Authority • Trend Micro as founding corporate office sponsor • IDA support for research and standards functions • Also private/public partnerships with gov’ts of Thailand and Hong Kong • CSA chapters throughout APAC
www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance International Standardization Council • Engage international standards bodies on behalf of CSA • Propose key CSA research for standardization • Liaison relationship with ITU-T • Category A liaison with ISO/IEC SC27 & SC38 • Tracking key SDOs for 2013 – DMTF – IEEE – IETF – CCSA – RAISE
Hogan Kusnadi - Cloud Computing Secutity

Recommended

AdvantageNFP CHASE 2013 Does Every Cloud Have a Silver Lining Presentation
AdvantageNFP CHASE 2013 Does Every Cloud Have a Silver Lining PresentationAdvantageNFP CHASE 2013 Does Every Cloud Have a Silver Lining Presentation
AdvantageNFP CHASE 2013 Does Every Cloud Have a Silver Lining PresentationRedbourn Business Systems
 
Cloud Computing - Challenges and Opportunities - Jens Nimis
Cloud Computing - Challenges and Opportunities - Jens NimisCloud Computing - Challenges and Opportunities - Jens Nimis
Cloud Computing - Challenges and Opportunities - Jens NimisJensNimis
 
An Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm SolutionAn Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm SolutionPT Datacomm Diangraha
 
Planning A Cloud Implementation
Planning A Cloud ImplementationPlanning A Cloud Implementation
Planning A Cloud ImplementationRex Wang
 
Roadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRoadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRex Wang
 
Hybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationHybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationPT Datacomm Diangraha
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Presentation cloud management platform
Presentation cloud management platformPresentation cloud management platform
Presentation cloud management platformxKinAnx
 

Recommended

AdvantageNFP CHASE 2013 Does Every Cloud Have a Silver Lining Presentation
AdvantageNFP CHASE 2013 Does Every Cloud Have a Silver Lining PresentationAdvantageNFP CHASE 2013 Does Every Cloud Have a Silver Lining Presentation
AdvantageNFP CHASE 2013 Does Every Cloud Have a Silver Lining PresentationRedbourn Business Systems
 
Cloud Computing - Challenges and Opportunities - Jens Nimis
Cloud Computing - Challenges and Opportunities - Jens NimisCloud Computing - Challenges and Opportunities - Jens Nimis
Cloud Computing - Challenges and Opportunities - Jens NimisJensNimis
 
An Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm SolutionAn Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm SolutionPT Datacomm Diangraha
 
Planning A Cloud Implementation
Planning A Cloud ImplementationPlanning A Cloud Implementation
Planning A Cloud ImplementationRex Wang
 
Roadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRoadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRex Wang
 
Hybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationHybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationPT Datacomm Diangraha
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Presentation cloud management platform
Presentation cloud management platformPresentation cloud management platform
Presentation cloud management platformxKinAnx
 
Top challenges in cloud computing
Top challenges in cloud computingTop challenges in cloud computing
Top challenges in cloud computingTISEE
 
Adopting the open group cloud eco system reference model
Adopting the open group cloud eco system reference modelAdopting the open group cloud eco system reference model
Adopting the open group cloud eco system reference modelKrishna-Kumar
 
Multi-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted PossibilitiesMulti-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted PossibilitiesHarsh V Sehgal
 
Gartner report on cloud360 cloud management platform
Gartner report on cloud360 cloud management platformGartner report on cloud360 cloud management platform
Gartner report on cloud360 cloud management platformCognizant
 
Understanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software SolutionsUnderstanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software SolutionsZannettos Zannettou
 
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...Club Cloud des Partenaires
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
Multi cloud PaaS
Multi cloud PaaSMulti cloud PaaS
Multi cloud PaaSFawaz Fernand PARAISO
 
Cloud Essentials
Cloud EssentialsCloud Essentials
Cloud EssentialsChris Avis
 
Big data and intelligent platforms
Big data and intelligent platformsBig data and intelligent platforms
Big data and intelligent platformsKrishnan Subramanian
 
Fujitsu Hybrid IT & Multi Cloud Services
Fujitsu Hybrid IT & Multi Cloud ServicesFujitsu Hybrid IT & Multi Cloud Services
Fujitsu Hybrid IT & Multi Cloud ServicesAlessandro Guli
 
IoT Cloud Overview
IoT Cloud OverviewIoT Cloud Overview
IoT Cloud OverviewEmertxe Information Technologies Pvt Ltd
 
Transform IT Operations with CSC
Transform IT Operations with CSCTransform IT Operations with CSC
Transform IT Operations with CSCAmazon Web Services
 
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS CorpAWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS CorpAmazon Web Services
 
Presentation v mware virtualization & cloud vision 2010
Presentation v mware virtualization & cloud vision 2010Presentation v mware virtualization & cloud vision 2010
Presentation v mware virtualization & cloud vision 2010solarisyourep
 
Data Center, Private Cloud/IT transformation
Data Center, Private Cloud/IT transformationData Center, Private Cloud/IT transformation
Data Center, Private Cloud/IT transformationCisco Canada
 
Software Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing PresentationSoftware Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing Presentationddcarr
 
Data Center Transformation Cisco's Virtualization & Cloud Journey
Data Center Transformation Cisco's Virtualization & Cloud JourneyData Center Transformation Cisco's Virtualization & Cloud Journey
Data Center Transformation Cisco's Virtualization & Cloud JourneyCisco Canada
 
Get your people ready For Cloud Computing
Get your people ready For Cloud ComputingGet your people ready For Cloud Computing
Get your people ready For Cloud ComputingITpreneurs
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the CloudRochester Security Summit
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 

More Related Content

What's hot

Top challenges in cloud computing
Top challenges in cloud computingTop challenges in cloud computing
Top challenges in cloud computingTISEE
 
Adopting the open group cloud eco system reference model
Adopting the open group cloud eco system reference modelAdopting the open group cloud eco system reference model
Adopting the open group cloud eco system reference modelKrishna-Kumar
 
Multi-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted PossibilitiesMulti-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted PossibilitiesHarsh V Sehgal
 
Gartner report on cloud360 cloud management platform
Gartner report on cloud360 cloud management platformGartner report on cloud360 cloud management platform
Gartner report on cloud360 cloud management platformCognizant
 
Understanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software SolutionsUnderstanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software SolutionsZannettos Zannettou
 
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...Club Cloud des Partenaires
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
Cloud Essentials
Cloud EssentialsCloud Essentials
Cloud EssentialsChris Avis
 
Big data and intelligent platforms
Big data and intelligent platformsBig data and intelligent platforms
Big data and intelligent platformsKrishnan Subramanian
 
Fujitsu Hybrid IT & Multi Cloud Services
Fujitsu Hybrid IT & Multi Cloud ServicesFujitsu Hybrid IT & Multi Cloud Services
Fujitsu Hybrid IT & Multi Cloud ServicesAlessandro Guli
 
Transform IT Operations with CSC
Transform IT Operations with CSCTransform IT Operations with CSC
Transform IT Operations with CSCAmazon Web Services
 
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS CorpAWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS CorpAmazon Web Services
 
Presentation v mware virtualization & cloud vision 2010
Presentation v mware virtualization & cloud vision 2010Presentation v mware virtualization & cloud vision 2010
Presentation v mware virtualization & cloud vision 2010solarisyourep
 
Data Center, Private Cloud/IT transformation
Data Center, Private Cloud/IT transformationData Center, Private Cloud/IT transformation
Data Center, Private Cloud/IT transformationCisco Canada
 
Software Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing PresentationSoftware Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing Presentationddcarr
 
Data Center Transformation Cisco's Virtualization & Cloud Journey
Data Center Transformation Cisco's Virtualization & Cloud JourneyData Center Transformation Cisco's Virtualization & Cloud Journey
Data Center Transformation Cisco's Virtualization & Cloud JourneyCisco Canada
 
Get your people ready For Cloud Computing
Get your people ready For Cloud ComputingGet your people ready For Cloud Computing
Get your people ready For Cloud ComputingITpreneurs
 

What's hot (19)

Top challenges in cloud computing
Top challenges in cloud computingTop challenges in cloud computing
Top challenges in cloud computing
 
Adopting the open group cloud eco system reference model
Adopting the open group cloud eco system reference modelAdopting the open group cloud eco system reference model
Adopting the open group cloud eco system reference model
 
Multi-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted PossibilitiesMulti-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted Possibilities
 
Gartner report on cloud360 cloud management platform
Gartner report on cloud360 cloud management platformGartner report on cloud360 cloud management platform
Gartner report on cloud360 cloud management platform
 
Understanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software SolutionsUnderstanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software Solutions
 
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
Multi cloud PaaS
Multi cloud PaaSMulti cloud PaaS
Multi cloud PaaS
 
Cloud Essentials
Cloud EssentialsCloud Essentials
Cloud Essentials
 
Big data and intelligent platforms
Big data and intelligent platformsBig data and intelligent platforms
Big data and intelligent platforms
 
Fujitsu Hybrid IT & Multi Cloud Services
Fujitsu Hybrid IT & Multi Cloud ServicesFujitsu Hybrid IT & Multi Cloud Services
Fujitsu Hybrid IT & Multi Cloud Services
 
IoT Cloud Overview
IoT Cloud OverviewIoT Cloud Overview
IoT Cloud Overview
 
Transform IT Operations with CSC
Transform IT Operations with CSCTransform IT Operations with CSC
Transform IT Operations with CSC
 
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS CorpAWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
 
Presentation v mware virtualization & cloud vision 2010
Presentation v mware virtualization & cloud vision 2010Presentation v mware virtualization & cloud vision 2010
Presentation v mware virtualization & cloud vision 2010
 
Data Center, Private Cloud/IT transformation
Data Center, Private Cloud/IT transformationData Center, Private Cloud/IT transformation
Data Center, Private Cloud/IT transformation
 
Software Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing PresentationSoftware Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing Presentation
 
Data Center Transformation Cisco's Virtualization & Cloud Journey
Data Center Transformation Cisco's Virtualization & Cloud JourneyData Center Transformation Cisco's Virtualization & Cloud Journey
Data Center Transformation Cisco's Virtualization & Cloud Journey
 
Get your people ready For Cloud Computing
Get your people ready For Cloud ComputingGet your people ready For Cloud Computing
Get your people ready For Cloud Computing
 

Similar to Hogan Kusnadi - Cloud Computing Secutity

Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Cloud and challenges isacakenya
Cloud and challenges isacakenyaCloud and challenges isacakenya
Cloud and challenges isacakenyaTonny Omwansa
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and auditMarc Vael
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?Jody Keyser
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
ShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxBabatundeAbioye2
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspectivejmcdaniel650
 
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus InteractiveGet Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus Interactivejerianasmith
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - AgcaoiliPhil Agcaoili
 
[Sencha 엔터프라이즈 웹애플리케이션 세미나] BYOD - Sencha space
[Sencha 엔터프라이즈 웹애플리케이션 세미나] BYOD - Sencha space[Sencha 엔터프라이즈 웹애플리케이션 세미나] BYOD - Sencha space
[Sencha 엔터프라이즈 웹애플리케이션 세미나] BYOD - Sencha space미래웹기술연구소 (MIRAE WEB)
 

Similar to Hogan Kusnadi - Cloud Computing Secutity (20)

Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Cloud Computing Enables Consumer-Centered Healthcare
Cloud Computing Enables Consumer-Centered HealthcareCloud Computing Enables Consumer-Centered Healthcare
Cloud Computing Enables Consumer-Centered Healthcare
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Cloud and challenges isacakenya
Cloud and challenges isacakenyaCloud and challenges isacakenya
Cloud and challenges isacakenya
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
ShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxShareResponsibilityModel.pptx
ShareResponsibilityModel.pptx
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
 
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus InteractiveGet Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
[Sencha 엔터프라이즈 웹애플리케이션 세미나] BYOD - Sencha space
[Sencha 엔터프라이즈 웹애플리케이션 세미나] BYOD - Sencha space[Sencha 엔터프라이즈 웹애플리케이션 세미나] BYOD - Sencha space
[Sencha 엔터프라이즈 웹애플리케이션 세미나] BYOD - Sencha space
 

More from Indonesia Honeynet Chapter

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureIndonesia Honeynet Chapter
 
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyGildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyIndonesia Honeynet Chapter
 
Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesIndonesia Honeynet Chapter
 

More from Indonesia Honeynet Chapter (8)

Charles Lim - Honeynet Indonesia Chapter
Charles Lim - Honeynet Indonesia Chapter Charles Lim - Honeynet Indonesia Chapter
Charles Lim - Honeynet Indonesia Chapter
 
Lukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityLukas - Ancaman E-Health Security
Lukas - Ancaman E-Health Security
 
Karunia Wijaya - Proactive Incident Handling
Karunia Wijaya - Proactive Incident HandlingKarunia Wijaya - Proactive Incident Handling
Karunia Wijaya - Proactive Incident Handling
 
Iwan Sumantri - Cyber Threat Indonesia 2013
Iwan Sumantri - Cyber Threat Indonesia 2013Iwan Sumantri - Cyber Threat Indonesia 2013
Iwan Sumantri - Cyber Threat Indonesia 2013
 
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
 
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyGildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
 
Amien Harisen - APT1 Attack
Amien Harisen - APT1 AttackAmien Harisen - APT1 Attack
Amien Harisen - APT1 Attack
 
Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident Updates
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Recently uploaded (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Hogan Kusnadi - Cloud Computing Secutity

  • 1. Seminar Honeynet Indonesia 2013 Cloud Computing Security By Hogan Kusnadi CISSP-ISSAP, SSCP, CISA, CISM hoganklim@gmail.com 18 June 2013
  • 2. Peresmian SNI-ISO 20000 & 27001 Kominfo & BSN, Oktober 2009
  • 3.
  • 4. Rapid Development of ICT (Information Communication Technology)
  • 5. From LAN, WAN to Cloud Computing
  • 6. NIST National Institute of Standards and Technology This cloud model promotes availability and is composed of five essential characteristics: – on-demand self-service – broad network access – resource pooling – rapid elasticity – measured service
  • 7. Cloud Computing • Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (IaaS) • Storage as a service (SaaS) • Communications as a service (Caas) • Network as a service (NaaS) • Monitoring as a service (MaaS) • Etc
  • 8. XaaS (anything as a service) • Anything/Everything as a service (XaaS) – The acronym refers to an increasing number of services that are delivered over the Internet rather than provided locally or on-site. • XaaS is the essence of cloud computing
  • 11. Two Sides of Technology
  • 12. Benefit vs Risk of ICT Multi Function Flexible Easy to use Lower Cost Benefit Database Application Web Application Client Server Network Integration Cloud Computing Identity Theft Information Theft Industrial Espionage Country Espionage Denial of Service (DDOS) Data / Information Sovereignty Sabotage, Cyber Weapon, Cyber War Risk Confidentiality Integrity Availability
  • 13. Website Deface Attack Statistic www.zone-h.org 18 April 2012
  • 14. Data Loss Incidents (2004-2013*) April 2013
  • 15.
  • 16.
  • 18.
  • 19.
  • 21.
  • 22.
  • 23. Enisa (European Network and Information Security Agency)
  • 24.
  • 25.
  • 26. How Security Gets Integrated
  • 28. The Notorious Nine Cloud Computing Top Threats in 2013 1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology Issues
  • 29.
  • 30. About the Cloud Security Alliance • Global, not-for-profit organization • Building security best practices for next generation IT • Research and Educational Programs • Cloud Provider Certification • User Certification • Awareness and Marketing • The globally authoritative source for Trust in the Cloud “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
  • 31. CSA Fast Facts • Founded in 2009 • 42,000 individual members, 66 chapters globally • 200 corporate and affiliate members – Major cloud providers, tech companies, infosec leaders, DoD, Coca-Cola, Bank of America and much more • Regional hubs in Seattle USA, Singapore, Heraklion Greece • Over 30 research projects in 25 working groups • Strategic partnerships with governments, research institutions, professional associations and industry
  • 32.
  • 33. Growing to serve the Industry • 2009 – CSA launch at RSA 2009 with Security Guidance for Critical Areas of Focus in Cloud Computing – 6,000 members • 2010 – Launch Certificate of Cloud Security Knowledge (CCSK) – 15,000 members • 2011 – Launch CSA Security, Trust and Assurance Registry (STAR) – 27,000 members • 2012 – Launch CSA Mobile and Big Data research to address emerging needs – 42,000 members North America EMEA APAC 0 10,000 20,000 30,000 40,000 50,000 Membership Growth
  • 34. www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org Research Portfolio Our research includes fundamental projects needed to define and implement trust within the future of information technology CSA continues to be aggressive in producing critical research, education and tools Sponsorship opportunities Selected research projects in following slides Copyright © 2012 Cloud Security Alliance
  • 35. Security as a Service • Security as a Service – Research for gaining greater understanding for how to deliver security solutions via cloud models. • Information Security Industry Re- invented • Identify Ten Categories within SecaaS • Implementation Guidance for each SecaaS Category • Align with international standards and other CSA research • Industry Impact – Defined 10 Categories of Service and Developed Domain 14 of CSA Guidance V.3
  • 36. GRC Stack GRC Stack Family of 4 research projects Cloud Controls Matrix (CCM) Consensus Assessments Initiative (CAI) Cloud Audit Cloud Trust Protocol (CTP) Impact to the Industry Developed tools for governance, risk and compliance management in the cloud Technical pilots Provider certification through STAR program Control Requirements Provider Assertions Private, Com munity & Public Clouds
  • 37. Smart Mobile • Mobile – Securing application stores and other public entities deploying software to mobile devices – Analysis of mobile security capabilities and features of key mobile operating systems – Cloud-based management, provisioning, policy, and data management of mobile devices to achieve security objectives – Guidelines for the mobile device security framework and mobile cloud architectures – Solutions for resolving multiple usage roles related to BYOD, e.g. personal and business use of a common device – Best practices for secure mobile application development
  • 38. CCSK – User Certification Certificate of Cloud Security Knowledge (CCSK) Benchmark of cloud security competency Online web-based examination www.cloudsecurityalliance.org/certifyme Training partnerships Developing new curriculum for audit, software development and architecture
  • 39. CSA Conference • Only multi-track, multi-day conference focused on cloud security • Key venue for new research • Primarily attended by enterprise end users • 2013 CSA Congress Plans – CSA Congress APAC, Singapore, May 15-16 – CSA Congress EMEA, Europe, September – CSA Congress US, Orlando, November
  • 40. CSA APAC • Incorporated and based in Singapore • Planned establishment of corporate HQ in Singapore • Supported by key Singaporean ministries, led by Infocomm Development Authority • Trend Micro as founding corporate office sponsor • IDA support for research and standards functions • Also private/public partnerships with gov’ts of Thailand and Hong Kong • CSA chapters throughout APAC
  • 41. www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance International Standardization Council • Engage international standards bodies on behalf of CSA • Propose key CSA research for standardization • Liaison relationship with ITU-T • Category A liaison with ISO/IEC SC27 & SC38 • Tracking key SDOs for 2013 – DMTF – IEEE – IETF – CCSA – RAISE