Nils Puhlmann Ncoic Slides
 

Nils Puhlmann Ncoic Slides

on

  • 3,192 views

Nils Puhlmann, Cloud Security Alliance - Cloud Security

Nils Puhlmann, Cloud Security Alliance - Cloud Security

Statistics

Views

Total Views
3,192
Views on SlideShare
2,961
Embed Views
231

Actions

Likes
1
Downloads
33
Comments
0

4 Embeds 231

http://www.cloudbook.net 210
http://www.slideshare.net 15
http://cloudbook.net 5
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Nils Puhlmann Ncoic Slides Nils Puhlmann Ncoic Slides Presentation Transcript

  • NCOIC Federal Cloud Storefront Workshop Nils Puhlmann Co-Founder September 21st, 2009
  • Security is a concern Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • S-P-I Model You “RFP” SaaS security in You build security in PaaS IaaS Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org View slide
  • Security and the SPI model Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org View slide
  • Risk Examples • Geo-location of sensitive data • Inability to deploy security services (e.g. scanning) • Risk with shared computing platform (multi-tenant) • Data confidentiality • Access via internet – untrusted • Cloud vendors for the most part non-committal on security • Company data on 3rd party machine • Compliance lacking – inability to satisfy auditors • Vendors not up to speed from a guidance and auditing perspective • Inability to perform forensic investigation Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • Meet the Cloud Security Alliance • Global, not-for-profit organization, started Nov. 2008, individual members (free), corporate members and affiliated organizations • Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… • We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • Current corporate members Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • Current affiliates Cloud-Standards.org Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • Individual Members • 4,174 as of September 15th • Broad Geographical Distribution • Active Working Groups • Editorial • New Working Groups • Educational Outreach • Healthcare • Architecture • Cloud Threat Analysis • Governance, Risk Mgt, Compliance, Business • US Federal Government Continuity • Financial Services • Legal & E-Discovery • Portability, Interoperability and Application Security • Identity and Access Mgt, Encryption & Key Mgt • Data Center Operations and Incident Response • Information Lifecycle Management & Storage • Virtualization and Technology Compartmentalization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • Project Roadmap • April 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 1 • July 2009: Version 1 translated into Japanese • October 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 2 • October 2009: Top Ten Cloud Threats (monthly) • November 2009: Provider & Customer Checklists • December 2009: eHealth Guidance • Global CSA Executive Summits • Q1 2010 – Europe • Q1 or Q2 2010 - US Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • Security Guidance for Critical Areas of Focus in Cloud Computing Download at: www.cloudsecurityalliance.org/guidance Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • Overview of Guidance 1. Architecture & Framework Governing in the Cloud Operating in the Cloud 2. Governance & Risk Mgt 8. Traditional, BCM, DR 3. Legal 9. Data Center Operations 4. Electronic Discovery 10. Incident Response 5. Compliance & Audit 11. Application Security 6. Information Lifecycle Mgt 12. Encryption & Key Mgt 7. Portability & 13. Identity & Access Mgt Interoperability 14. Storage 15. Virtualization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • Contact • www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • Twitter: @cloudsa, #csaguide • LinkedIn: www.linkedin.com/groups?gid=1864210 Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • Thank You! www.cloudsecurityalliance.org