Nils Puhlmann Ncoic Slides

NCOIC Federal Cloud Storefront Workshop Nils Puhlmann Co-Founder September 21st, 2009

Risk Examples • Geo-location of sensitive data • Inability to deploy security services (e.g. scanning) • Risk with shared computing platform (multi-tenant) • Data confidentiality • Access via internet – untrusted • Cloud vendors for the most part non-committal on security • Company data on 3rd party machine • Compliance lacking – inability to satisfy auditors • Vendors not up to speed from a guidance and auditing perspective • Inability to perform forensic investigation Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org

Meet the Cloud Security Alliance • Global, not-for-profit organization, started Nov. 2008, individual members (free), corporate members and affiliated organizations • Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… • We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org

Individual Members • 4,174 as of September 15th • Broad Geographical Distribution • Active Working Groups • Editorial • New Working Groups • Educational Outreach • Healthcare • Architecture • Cloud Threat Analysis • Governance, Risk Mgt, Compliance, Business • US Federal Government Continuity • Financial Services • Legal & E-Discovery • Portability, Interoperability and Application Security • Identity and Access Mgt, Encryption & Key Mgt • Data Center Operations and Incident Response • Information Lifecycle Management & Storage • Virtualization and Technology Compartmentalization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org

Project Roadmap • April 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 1 • July 2009: Version 1 translated into Japanese • October 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 2 • October 2009: Top Ten Cloud Threats (monthly) • November 2009: Provider & Customer Checklists • December 2009: eHealth Guidance • Global CSA Executive Summits • Q1 2010 – Europe • Q1 or Q2 2010 - US Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org

Overview of Guidance 1. Architecture & Framework Governing in the Cloud Operating in the Cloud 2. Governance & Risk Mgt 8. Traditional, BCM, DR 3. Legal 9. Data Center Operations 4. Electronic Discovery 10. Incident Response 5. Compliance & Audit 11. Application Security 6. Information Lifecycle Mgt 12. Encryption & Key Mgt 7. Portability & 13. Identity & Access Mgt Interoperability 14. Storage 15. Virtualization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org

Contact • www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • Twitter: @cloudsa, #csaguide • LinkedIn: www.linkedin.com/groups?gid=1864210 Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org

Thank You! www.cloudsecurityalliance.org

http://www.cloudbook.net	113
http://www.slideshare.net	15
http://cloudbook.net	2
http://translate.googleusercontent.com	1

Nils Puhlmann Ncoic Slides

by Kevin Jackson on Sep 22, 2009

Accessibility

Categories

Upload Details

Usage Rights

4 Embeds 131

Statistics

Nils Puhlmann Ncoic Slides — Presentation Transcript