• Save
Global Efforts to Secure Cloud Computing
Upcoming SlideShare
Loading in...5
×
 

Global Efforts to Secure Cloud Computing

on

  • 440 views

Presented at InnoTech Oregon 2013. All rights reserved.

Presented at InnoTech Oregon 2013. All rights reserved.

Statistics

Views

Total Views
440
Views on SlideShare
440
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Will my provider be transparent about how they manage their systems, organization governance, etc?Will I be considered compliant?Do I know where my data is?Will a lack of standards drive unexpected obsolescence? Is my provider really better at security than me?Are the hackers waiting for me in the cloud?Will I get fired?How can we gracefully “lose control” of IT
  • The CSA Security, Trust & Assurance Registry (STAR) is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with.CSA STAR is open to all cloud providers, and allows them to submit self assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.
  • Sample entry from Verizon Terremark
  • We can start having fun scrutinizing entries!

Global Efforts to Secure Cloud Computing Global Efforts to Secure Cloud Computing Presentation Transcript

  • www.cloudsecurityalliance.org
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceCloudOne million newmobile devices -each day!Social NetworkingDigital Nativeswww.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgState Sponsored Cyberattacks?Organized Crime?Legal Jurisdiction & Data Sovereignty?Global Security Standards?Privacy Protection for Citizens?Transparency & Visibility from Cloud Providers?Copyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgShift the balance of power to consumers of ITEnable innovation to solve difficult problems ofhumanityGive the individual the tools to control their digitaldestinyDo this by creating confidence, trust andtransparency in IT systemsSecurity is not overhead, it is the enablerCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.org7enterpriseboundarypublic cloudsprivate cloudscloud of usersNotionalorganizationalboundary• Cloud + Mobile• Dispersal of applications• Dispersal of data• Dispersal of users• Dispersal of endpointdevices
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancehttps://cloudsecurityalliance.org/research/top-threats/
  • www.cloudsecurityalliance.org
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceSunlight is the bestdisinfectant,”U.S. Supreme Court Justice LouisBrandeis
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceControlRequirementsProviderAssertions
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceGRC StackFamily of 4 research projectsCloud Controls Matrix (CCM)Consensus Assessments Initiative(CAI)Cloud AuditCloud Trust Protocol (CTP)Impact to the IndustryDeveloped tools for governance,risk and compliance managementin the cloudTechnical pilotsProvider certification throughSTAR programControlRequirementsProviderAssertions
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance2 Registered(December 2012)30 Registered(April 2013)
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceDG 4.2: Do you have a documented procedure for responding to requestsfor tenant data from governments or third parties?Amazon AWSAWS errs on the side of protecting customer privacy and is vigilant indetermining which law enforcement requests we must comply with. AWSdoes not hesitate to challenge orders from law enforcement if we think theorders lack a solid basis.Box.netBox does have documented procedures for responding to requests for tenantdata from governments and third parties.SHICustomer responsibility. SHI has no direct access, so requests for datathrough third parties will be responded to by the customer themselves,however, SHI can sanitize and delete customer data upon migration from thecloud.Verizon/Terremark Yes
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceOPEN CERTIFICATION FRAMEWORKCONTINUOUSATTESTATION | CERTIFICATIONSELF ASSESSMENTTRANSPERANCYASSURANCE
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceClear GRC objectives3rd PartyAssessmentReal time,continuousmonitoring++Self Assessment+
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancewww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancewww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgOur research includesfundamental projects neededto define and implement trustwithin the future ofinformation technologyCSA continues to beaggressive in producingcritical research, educationand toolsCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AlliancePreviously known as Trusted CloudInitiativeSecurity reference architecture for cloudArchitecture in use by early adopters of cloud inGlobal 2000Cloud brokeringTo do:Management toolsTechnical implementation guidesDocumented case studies & use cases
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceCertificate of Cloud SecurityKnowledge (CCSK)Benchmark of cloud securitycompetencyOnline web-based examinationwww.cloudsecurityalliance.org/certifymeTraining partnershipsDeveloping new curriculum foraudit, software development andarchitecturePartnership with (ISC)2 for cloudsecurity architecture certification
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  • www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgPlease contact Jim Reavis atjreavis@cloudsecurityalliance.org for more information on theCloud Security AllianceI will see you at the CSAEMEA Congress, September24-26 in EdinburghCopyright © 2013 Cloud Security Alliancehttps://cloudsecurityalliance.org/events/csa-emea-congress-2013/
  • www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance