Your SlideShare is downloading. ×
www.cloudsecurityalliance.org
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceCloudOne million newmobi...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityallian...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityallian...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org7enterpriseboundarypublic cloudsprivate cloudscloud of usersNotionalorganizationalboundary• C...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancehttps://cloudsecurityall...
www.cloudsecurityalliance.org
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceSunlight is the bestdisi...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceControlRequirementsProvi...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceGRC StackFamily of 4 res...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance2 Registered(December 20...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceDG 4.2: Do you have a do...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceOPEN CERTIFICATION FRAME...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceClear GRC objectives3rd ...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancewww.cloudsecurityallianc...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancewww.cloudsecurityallianc...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityallian...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AlliancePreviously known as Trus...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceCertificate of Cloud Sec...
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityallian...
www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud ...
Upcoming SlideShare
Loading in...5
×

Global Efforts to Secure Cloud Computing

236

Published on

Presented at InnoTech Oregon 2013. All rights reserved.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
236
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Will my provider be transparent about how they manage their systems, organization governance, etc?Will I be considered compliant?Do I know where my data is?Will a lack of standards drive unexpected obsolescence? Is my provider really better at security than me?Are the hackers waiting for me in the cloud?Will I get fired?How can we gracefully “lose control” of IT
  • The CSA Security, Trust & Assurance Registry (STAR) is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with.CSA STAR is open to all cloud providers, and allows them to submit self assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.
  • Sample entry from Verizon Terremark
  • We can start having fun scrutinizing entries!
  • Transcript of "Global Efforts to Secure Cloud Computing "

    1. 1. www.cloudsecurityalliance.org
    2. 2. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceCloudOne million newmobile devices -each day!Social NetworkingDigital Nativeswww.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    3. 3. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgState Sponsored Cyberattacks?Organized Crime?Legal Jurisdiction & Data Sovereignty?Global Security Standards?Privacy Protection for Citizens?Transparency & Visibility from Cloud Providers?Copyright © 2013 Cloud Security Alliance
    4. 4. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgShift the balance of power to consumers of ITEnable innovation to solve difficult problems ofhumanityGive the individual the tools to control their digitaldestinyDo this by creating confidence, trust andtransparency in IT systemsSecurity is not overhead, it is the enablerCopyright © 2013 Cloud Security Alliance
    5. 5. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    6. 6. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    7. 7. www.cloudsecurityalliance.org7enterpriseboundarypublic cloudsprivate cloudscloud of usersNotionalorganizationalboundary• Cloud + Mobile• Dispersal of applications• Dispersal of data• Dispersal of users• Dispersal of endpointdevices
    8. 8. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancehttps://cloudsecurityalliance.org/research/top-threats/
    9. 9. www.cloudsecurityalliance.org
    10. 10. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    11. 11. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceSunlight is the bestdisinfectant,”U.S. Supreme Court Justice LouisBrandeis
    12. 12. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceControlRequirementsProviderAssertions
    13. 13. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceGRC StackFamily of 4 research projectsCloud Controls Matrix (CCM)Consensus Assessments Initiative(CAI)Cloud AuditCloud Trust Protocol (CTP)Impact to the IndustryDeveloped tools for governance,risk and compliance managementin the cloudTechnical pilotsProvider certification throughSTAR programControlRequirementsProviderAssertions
    14. 14. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    15. 15. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    16. 16. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    17. 17. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance2 Registered(December 2012)30 Registered(April 2013)
    18. 18. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    19. 19. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceDG 4.2: Do you have a documented procedure for responding to requestsfor tenant data from governments or third parties?Amazon AWSAWS errs on the side of protecting customer privacy and is vigilant indetermining which law enforcement requests we must comply with. AWSdoes not hesitate to challenge orders from law enforcement if we think theorders lack a solid basis.Box.netBox does have documented procedures for responding to requests for tenantdata from governments and third parties.SHICustomer responsibility. SHI has no direct access, so requests for datathrough third parties will be responded to by the customer themselves,however, SHI can sanitize and delete customer data upon migration from thecloud.Verizon/Terremark Yes
    20. 20. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    21. 21. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceOPEN CERTIFICATION FRAMEWORKCONTINUOUSATTESTATION | CERTIFICATIONSELF ASSESSMENTTRANSPERANCYASSURANCE
    22. 22. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceClear GRC objectives3rd PartyAssessmentReal time,continuousmonitoring++Self Assessment+
    23. 23. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    24. 24. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancewww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
    25. 25. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancewww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
    26. 26. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    27. 27. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    28. 28. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgOur research includesfundamental projects neededto define and implement trustwithin the future ofinformation technologyCSA continues to beaggressive in producingcritical research, educationand toolsCopyright © 2013 Cloud Security Alliance
    29. 29. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AlliancePreviously known as Trusted CloudInitiativeSecurity reference architecture for cloudArchitecture in use by early adopters of cloud inGlobal 2000Cloud brokeringTo do:Management toolsTechnical implementation guidesDocumented case studies & use cases
    30. 30. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    31. 31. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceCertificate of Cloud SecurityKnowledge (CCSK)Benchmark of cloud securitycompetencyOnline web-based examinationwww.cloudsecurityalliance.org/certifymeTraining partnershipsDeveloping new curriculum foraudit, software development andarchitecturePartnership with (ISC)2 for cloudsecurity architecture certification
    32. 32. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    33. 33. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    34. 34. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
    35. 35. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgPlease contact Jim Reavis atjreavis@cloudsecurityalliance.org for more information on theCloud Security AllianceI will see you at the CSAEMEA Congress, September24-26 in EdinburghCopyright © 2013 Cloud Security Alliancehttps://cloudsecurityalliance.org/events/csa-emea-congress-2013/
    36. 36. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

    ×