Your SlideShare is downloading. ×
Why the Cloud can be Compliant and Secure
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Why the Cloud can be Compliant and Secure

447
views

Published on

Presented at InnoTech San Antonio 2012 by Jeff Reich of Layered Technologies

Presented at InnoTech San Antonio 2012 by Jeff Reich of Layered Technologies

Published in: Technology, Business

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
447
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Why the Cloud can beCompliant and Secure Presented by: Jeff Reich Chief Risk Officer Layered Technologies
  • 2. Agenda ● Abstract Review ● Layered Technologies Overview ● Speaker Overview ● What is a secure cloud? ● Table Stakes ● Compliance vs Security ● Components of Security 2Layered Technologies Complying To The Higher Standard
  • 3. Abstract This session addresses misconceptions about security in the cloud and examines critical differences between compliance and security, including how compliance does not always ensure secure environments. To establish a secure cloud, one must make risk-based decisions that embrace compliance but also address practicalities and technical capabilities. While achieving compliance is considered “table stakes,” cloud security is an investment and must be continuous. The audience will learn about key security components, such as social engineering, patching, system interfaces and more. The presentation will also address the importance of grouping similar organizations in the cloud because they share common security control needs.Complying To The Higher Standard .3
  • 4. About  Layered  Tech   •  First  to  offer  full  PCI  support  in  market     (since  2005)   Leadership   •  Compliance  cloud  solu7on  with  built-­‐in  security   posi7on  in   and  controls   compliant  hos7ng   •  Comprehensive  consul7ng  and  audit  services   (and  partners)   Market-­‐leading   •  One  of  first  virtual  private  data  center  offers   cloud/virtualiza7on   •  Robust  community  cloud  plaOorm  with  built-­‐in   security  and  controls   Tiered  managed   •  Monitoring  up  to  full  management   services  for  client   •  “LT  Anywhere”  extension   choice   High-­‐touch  and   •  Managed  service  team  specializa7on   process-­‐driven  client   •  Unified  system  support  for  problem  diagnos7cs   support   •  Disciplined  change  and  log  management   Global  reach   •  3  primary  and  9  secondary  data  centers     Only  service  provider  to  offer    Compliance  Guaranteed:    our  compliance  clients  are  guaranteed     to  pass    100  percent  of  every  IT  audit  or  assessment  sanc7oned  by  the  relevant  industry  or  regulatory  en7ty.     4
  • 5. Jeff Reich ●  Over 30 years in Cyber Security, Risk Management, Physical Security and other areas ●  Leadership roles in technology and financial services organizations ●  Founding member of Cloud Security Alliance ●  CRISC, CISSP, CHS-III certifications,… ●  ISSA Distinguished FellowComplying To The Higher Standard .5
  • 6. What is a Secure Cloud? ● First, let’s agree on what a cloud is… ● 5-4-3 ●  5 Essential Characteristics ●  4 Deployment Models ●  3 Service ModelsComplying To The Higher Standard .6
  • 7. Let’s Agree on the Cloud According to NIST: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Source: The NIST Definition of Cloud Computing Authors: Peter Mell and Tim Grance Special Publication 800-145 7Layered Technologies Complying To The Higher Standard
  • 8. 5 Essential Characteristics ● On-demand self-service ● Broad network access ● Resource pooling ● Rapid elasticity ● Measured Service 8Layered Technologies Complying To The Higher Standard
  • 9. 4 Deployment Models ● Private cloud ● Community cloud ● Public cloud ● Hybrid cloud 9Layered Technologies Complying To The Higher Standard
  • 10. 3 Service Models ● Cloud Software as a Service (SaaS) ● Cloud Platform as a Service (PaaS) ● Cloud Infrastructure as a Service (IaaS) 10Layered Technologies Complying To The Higher Standard
  • 11. Table Stakes ●  Your compliance needs may include, but are not limited to: ●  PCI-DSS ●  HIPAA ●  FISMA ●  SOX ●  GLB ●  FedRAMP ●  Industry Standards ●  Corporate Policies ●  and many, many moreComplying To The Higher Standard . 11
  • 12. Compliance vs Security Your Compliant Secure Best Practices Practices PracticesComplying To The Higher Standard . 12
  • 13. Managing Costs Around Controls Potential Cost of Losses Controls $ Good Business Sense Tree of FUD Level of ControlsComplying To The Higher Standard . 13
  • 14. Risk Management in the Cloud ●  First mistake of many cloud prospects ●  How am I managing risks now? ●  Risk picture may not improve ●  What are the most valuable information or process assets for your organization? ●  Disclosure Confidentiality ●  Modification Integrity ●  Denial of Access Availability 14Layered Technologies Complying To The Higher Standard
  • 15. Components of Security ●  Trust ●  Verification ●  Policies, Standards, Guidelines and Procedures ●  Situational Awareness ●  Training ●  Testing ●  Lather, rinse, repeat,…Complying To The Higher Standard . 15
  • 16. Components of Cloud Security ●  Trust ●  Verification ●  Policies, Standards, Guidelines and Procedures ●  Situational Awareness ●  Training ●  Testing ●  Lather, rinse, repeat,…Complying To The Higher Standard . 16
  • 17. Components of Cloud Security Your provider should offer: ●  Policies ●  Validation ●  Transparency ●  Demonstration of compliance ●  Compliance support For more information, see www.cloudsecurityalliance.orgComplying To The Higher Standard . 17
  • 18. Finding a Cloud Environment Private Hybrid Community Public Greater Control Iaas PaaS SaaS Greater Exposure 18Layered Technologies Complying To The Higher Standard
  • 19. Contact Me ● Jeff Reich ● 972-379-8567 ● jeff.reich@layeredtech.com ● Twitter: @jnreich ● Skype: jnreich ● www.layeredtech.com 19Layered Technologies Complying To The Higher Standard

×