0
NCOIC
  Federal Cloud Storefront Workshop
                Nils Puhlmann
                 Co-Founder
September 21st, 2009
Security is a concern




       Copyright © 2009 Cloud Security Alliance   www.cloudsecurityalliance.org
S-P-I Model
                                                  You “RFP”           SaaS
                                   ...
Security and the SPI model




       Copyright © 2009 Cloud Security Alliance   www.cloudsecurityalliance.org
Risk Examples
•   Geo-location of sensitive data

•   Inability to deploy security services (e.g. scanning)

•   Risk with...
Meet the Cloud Security Alliance
• Global, not-for-profit organization, started Nov. 2008,
  individual members (free), co...
Current corporate members




      Copyright © 2009 Cloud Security Alliance   www.cloudsecurityalliance.org
Current affiliates




      Cloud-Standards.org

         Copyright © 2009 Cloud Security Alliance   www.cloudsecurityall...
Individual Members
•   4,174 as of September 15th
•   Broad Geographical Distribution
•   Active Working Groups
    •   Ed...
Project Roadmap
•   April 2009: Security Guidance for Critical Areas of Focus for
    Cloud Computing – Version 1
•   July...
Security Guidance for
Critical Areas of Focus in
     Cloud Computing

                       Download at:
  www.cloudsecu...
Overview of Guidance
       1. Architecture & Framework

Governing in the Cloud                            Operating in th...
Contact


•   www.cloudsecurityalliance.org
•   info@cloudsecurityalliance.org
•   Twitter: @cloudsa, #csaguide
•   Linked...
Thank You!



             www.cloudsecurityalliance.org
Upcoming SlideShare
Loading in...5
×

Nils Puhlmann Ncoic Slides

1,806

Published on

Nils Puhlmann, Cloud Security Alliance - Cloud Security

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,806
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
34
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Nils Puhlmann Ncoic Slides"

  1. 1. NCOIC Federal Cloud Storefront Workshop Nils Puhlmann Co-Founder September 21st, 2009
  2. 2. Security is a concern Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  3. 3. S-P-I Model You “RFP” SaaS security in You build security in PaaS IaaS Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  4. 4. Security and the SPI model Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  5. 5. Risk Examples • Geo-location of sensitive data • Inability to deploy security services (e.g. scanning) • Risk with shared computing platform (multi-tenant) • Data confidentiality • Access via internet – untrusted • Cloud vendors for the most part non-committal on security • Company data on 3rd party machine • Compliance lacking – inability to satisfy auditors • Vendors not up to speed from a guidance and auditing perspective • Inability to perform forensic investigation Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  6. 6. Meet the Cloud Security Alliance • Global, not-for-profit organization, started Nov. 2008, individual members (free), corporate members and affiliated organizations • Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… • We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  7. 7. Current corporate members Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  8. 8. Current affiliates Cloud-Standards.org Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  9. 9. Individual Members • 4,174 as of September 15th • Broad Geographical Distribution • Active Working Groups • Editorial • New Working Groups • Educational Outreach • Healthcare • Architecture • Cloud Threat Analysis • Governance, Risk Mgt, Compliance, Business • US Federal Government Continuity • Financial Services • Legal & E-Discovery • Portability, Interoperability and Application Security • Identity and Access Mgt, Encryption & Key Mgt • Data Center Operations and Incident Response • Information Lifecycle Management & Storage • Virtualization and Technology Compartmentalization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  10. 10. Project Roadmap • April 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 1 • July 2009: Version 1 translated into Japanese • October 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 2 • October 2009: Top Ten Cloud Threats (monthly) • November 2009: Provider & Customer Checklists • December 2009: eHealth Guidance • Global CSA Executive Summits • Q1 2010 – Europe • Q1 or Q2 2010 - US Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  11. 11. Security Guidance for Critical Areas of Focus in Cloud Computing Download at: www.cloudsecurityalliance.org/guidance Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  12. 12. Overview of Guidance 1. Architecture & Framework Governing in the Cloud Operating in the Cloud 2. Governance & Risk Mgt 8. Traditional, BCM, DR 3. Legal 9. Data Center Operations 4. Electronic Discovery 10. Incident Response 5. Compliance & Audit 11. Application Security 6. Information Lifecycle Mgt 12. Encryption & Key Mgt 7. Portability & 13. Identity & Access Mgt Interoperability 14. Storage 15. Virtualization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  13. 13. Contact • www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • Twitter: @cloudsa, #csaguide • LinkedIn: www.linkedin.com/groups?gid=1864210 Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  14. 14. Thank You! www.cloudsecurityalliance.org
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×