SlideShare a Scribd company logo

Nils Puhlmann Ncoic Slides

GovCloud Network
GovCloud Network

Nils Puhlmann, Cloud Security Alliance - Cloud Security

Technology
1 of 14
Download to read offline
NCOIC Federal Cloud Storefront Workshop Nils Puhlmann Co-Founder September 21st, 2009
Security is a concern Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
S-P-I Model You “RFP” SaaS security in You build security in PaaS IaaS Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Security and the SPI model Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Risk Examples • Geo-location of sensitive data • Inability to deploy security services (e.g. scanning) • Risk with shared computing platform (multi-tenant) • Data confidentiality • Access via internet – untrusted • Cloud vendors for the most part non-committal on security • Company data on 3rd party machine • Compliance lacking – inability to satisfy auditors • Vendors not up to speed from a guidance and auditing perspective • Inability to perform forensic investigation Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Meet the Cloud Security Alliance • Global, not-for-profit organization, started Nov. 2008, individual members (free), corporate members and affiliated organizations • Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… • We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Current corporate members Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Current affiliates Cloud-Standards.org Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Individual Members • 4,174 as of September 15th • Broad Geographical Distribution • Active Working Groups • Editorial • New Working Groups • Educational Outreach • Healthcare • Architecture • Cloud Threat Analysis • Governance, Risk Mgt, Compliance, Business • US Federal Government Continuity • Financial Services • Legal & E-Discovery • Portability, Interoperability and Application Security • Identity and Access Mgt, Encryption & Key Mgt • Data Center Operations and Incident Response • Information Lifecycle Management & Storage • Virtualization and Technology Compartmentalization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Project Roadmap • April 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 1 • July 2009: Version 1 translated into Japanese • October 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 2 • October 2009: Top Ten Cloud Threats (monthly) • November 2009: Provider & Customer Checklists • December 2009: eHealth Guidance • Global CSA Executive Summits • Q1 2010 – Europe • Q1 or Q2 2010 - US Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Security Guidance for Critical Areas of Focus in Cloud Computing Download at: www.cloudsecurityalliance.org/guidance Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Overview of Guidance 1. Architecture & Framework Governing in the Cloud Operating in the Cloud 2. Governance & Risk Mgt 8. Traditional, BCM, DR 3. Legal 9. Data Center Operations 4. Electronic Discovery 10. Incident Response 5. Compliance & Audit 11. Application Security 6. Information Lifecycle Mgt 12. Encryption & Key Mgt 7. Portability & 13. Identity & Access Mgt Interoperability 14. Storage 15. Virtualization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Contact • www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • Twitter: @cloudsa, #csaguide • LinkedIn: www.linkedin.com/groups?gid=1864210 Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Thank You! www.cloudsecurityalliance.org

Recommended

HealthSPA Turku-Toni Perämäki Microsoft August 27
HealthSPA Turku-Toni Perämäki Microsoft August 27HealthSPA Turku-Toni Perämäki Microsoft August 27
HealthSPA Turku-Toni Perämäki Microsoft August 27Upgraded - Health Startup Association of Finland
 
Cloud Security - Reality or Illusion
Cloud Security - Reality or IllusionCloud Security - Reality or Illusion
Cloud Security - Reality or IllusionSrinivas Thimmaiah
 
Netpluz Managed Cyber Security
Netpluz Managed Cyber Security Netpluz Managed Cyber Security
Netpluz Managed Cyber Security Netpluz Asia Pte Ltd
 
Cloud camp Ghent
Cloud camp GhentCloud camp Ghent
Cloud camp Ghentdgeens
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoEMarc Vael
 
Cloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityCloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityForcepoint LLC
 
Maintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterMaintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterForcepoint LLC
 

Recommended

HealthSPA Turku-Toni Perämäki Microsoft August 27
HealthSPA Turku-Toni Perämäki Microsoft August 27HealthSPA Turku-Toni Perämäki Microsoft August 27
HealthSPA Turku-Toni Perämäki Microsoft August 27Upgraded - Health Startup Association of Finland
 
Cloud Security - Reality or Illusion
Cloud Security - Reality or IllusionCloud Security - Reality or Illusion
Cloud Security - Reality or IllusionSrinivas Thimmaiah
 
Netpluz Managed Cyber Security
Netpluz Managed Cyber Security Netpluz Managed Cyber Security
Netpluz Managed Cyber Security Netpluz Asia Pte Ltd
 
Cloud camp Ghent
Cloud camp GhentCloud camp Ghent
Cloud camp Ghentdgeens
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoEMarc Vael
 
Cloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityCloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityForcepoint LLC
 
Maintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterMaintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterForcepoint LLC
 
Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Lastline, Inc.
 
BCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyBCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyGareth Niblett
 
“They’re Coming for OUR Internet: We can fight back”
“They’re Coming for OUR Internet: We can fight back”“They’re Coming for OUR Internet: We can fight back”
“They’re Coming for OUR Internet: We can fight back”Daniella Vallurupalli
 
Security Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksSecurity Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksForcepoint LLC
 
Corporate Profile 8 - 1 b 3- 25 July
Corporate Profile 8 - 1 b 3- 25 JulyCorporate Profile 8 - 1 b 3- 25 July
Corporate Profile 8 - 1 b 3- 25 JulyKamel Salloum
 
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...n|u - The Open Security Community
 
CipherCloud's Solutions for Salesforce Chatter
CipherCloud's Solutions for Salesforce ChatterCipherCloud's Solutions for Salesforce Chatter
CipherCloud's Solutions for Salesforce ChatterCipherCloud
 
Defining A Cyber Moonshot: Getting Safer in Five Years
Defining A Cyber Moonshot: Getting Safer in Five YearsDefining A Cyber Moonshot: Getting Safer in Five Years
Defining A Cyber Moonshot: Getting Safer in Five Yearsscoopnewsgroup
 
Debunking the mysteries of cloud computing!
Debunking the mysteries of cloud computing!Debunking the mysteries of cloud computing!
Debunking the mysteries of cloud computing!Henge Systems
 
Global Efforts to Secure Cloud Computing
Global Efforts to Secure Cloud Computing Global Efforts to Secure Cloud Computing
Global Efforts to Secure Cloud Computing InnoTech
 
Company yufansun
Company yufansunCompany yufansun
Company yufansunYufan Sun
 
Embracing the Millennial Tsunami
Embracing the Millennial TsunamiEmbracing the Millennial Tsunami
Embracing the Millennial TsunamiForcepoint LLC
 
Security In The Cloud Timed
Security In The Cloud TimedSecurity In The Cloud Timed
Security In The Cloud TimedFrederick James Rathweg
 
GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…
GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…
GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…GWAVA
 
About Me - Vinay Pandey
About Me - Vinay Pandey About Me - Vinay Pandey
About Me - Vinay Pandey Vinay Pandey
 
Instituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesInstituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesWill Kelly
 
Ministry of Foreign Affairs
Ministry of Foreign AffairsMinistry of Foreign Affairs
Ministry of Foreign AffairsCisco Case Studies
 
Sprint Secure Portfolio
Sprint Secure PortfolioSprint Secure Portfolio
Sprint Secure PortfolioRichard Baredziak, MBA
 
Digital demand - the challenges of being a CIO in the UK HE sector, by John C...
Digital demand - the challenges of being a CIO in the UK HE sector, by John C...Digital demand - the challenges of being a CIO in the UK HE sector, by John C...
Digital demand - the challenges of being a CIO in the UK HE sector, by John C...Jisc
 
Public Sphere: Gov 2.0 - Martin Stewart Weeks
Public Sphere: Gov 2.0 - Martin Stewart WeeksPublic Sphere: Gov 2.0 - Martin Stewart Weeks
Public Sphere: Gov 2.0 - Martin Stewart WeeksPia Waugh
 
GSAW Presentation on Cloud Security V2.1
GSAW Presentation on Cloud Security V2.1GSAW Presentation on Cloud Security V2.1
GSAW Presentation on Cloud Security V2.1GovCloud Network
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...GovCloud Network
 

More Related Content

What's hot

Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Lastline, Inc.
 
BCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyBCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyGareth Niblett
 
“They’re Coming for OUR Internet: We can fight back”
“They’re Coming for OUR Internet: We can fight back”“They’re Coming for OUR Internet: We can fight back”
“They’re Coming for OUR Internet: We can fight back”Daniella Vallurupalli
 
Security Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksSecurity Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksForcepoint LLC
 
Corporate Profile 8 - 1 b 3- 25 July
Corporate Profile 8 - 1 b 3- 25 JulyCorporate Profile 8 - 1 b 3- 25 July
Corporate Profile 8 - 1 b 3- 25 JulyKamel Salloum
 
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...n|u - The Open Security Community
 
CipherCloud's Solutions for Salesforce Chatter
CipherCloud's Solutions for Salesforce ChatterCipherCloud's Solutions for Salesforce Chatter
CipherCloud's Solutions for Salesforce ChatterCipherCloud
 
Defining A Cyber Moonshot: Getting Safer in Five Years
Defining A Cyber Moonshot: Getting Safer in Five YearsDefining A Cyber Moonshot: Getting Safer in Five Years
Defining A Cyber Moonshot: Getting Safer in Five Yearsscoopnewsgroup
 
Debunking the mysteries of cloud computing!
Debunking the mysteries of cloud computing!Debunking the mysteries of cloud computing!
Debunking the mysteries of cloud computing!Henge Systems
 
Global Efforts to Secure Cloud Computing
Global Efforts to Secure Cloud Computing Global Efforts to Secure Cloud Computing
Global Efforts to Secure Cloud Computing InnoTech
 
Company yufansun
Company yufansunCompany yufansun
Company yufansunYufan Sun
 
Embracing the Millennial Tsunami
Embracing the Millennial TsunamiEmbracing the Millennial Tsunami
Embracing the Millennial TsunamiForcepoint LLC
 
GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…
GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…
GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…GWAVA
 
About Me - Vinay Pandey
About Me - Vinay Pandey About Me - Vinay Pandey
About Me - Vinay Pandey Vinay Pandey
 
Instituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesInstituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesWill Kelly
 
Digital demand - the challenges of being a CIO in the UK HE sector, by John C...
Digital demand - the challenges of being a CIO in the UK HE sector, by John C...Digital demand - the challenges of being a CIO in the UK HE sector, by John C...
Digital demand - the challenges of being a CIO in the UK HE sector, by John C...Jisc
 
Public Sphere: Gov 2.0 - Martin Stewart Weeks
Public Sphere: Gov 2.0 - Martin Stewart WeeksPublic Sphere: Gov 2.0 - Martin Stewart Weeks
Public Sphere: Gov 2.0 - Martin Stewart WeeksPia Waugh
 

What's hot (20)

Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.
 
BCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share SecurelyBCS ITNow 201306 - Share Securely
BCS ITNow 201306 - Share Securely
 
“They’re Coming for OUR Internet: We can fight back”
“They’re Coming for OUR Internet: We can fight back”“They’re Coming for OUR Internet: We can fight back”
“They’re Coming for OUR Internet: We can fight back”
 
Security Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksSecurity Insights for Mission-Critical Networks
Security Insights for Mission-Critical Networks
 
Corporate Profile 8 - 1 b 3- 25 July
Corporate Profile 8 - 1 b 3- 25 JulyCorporate Profile 8 - 1 b 3- 25 July
Corporate Profile 8 - 1 b 3- 25 July
 
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
 
CipherCloud's Solutions for Salesforce Chatter
CipherCloud's Solutions for Salesforce ChatterCipherCloud's Solutions for Salesforce Chatter
CipherCloud's Solutions for Salesforce Chatter
 
Defining A Cyber Moonshot: Getting Safer in Five Years
Defining A Cyber Moonshot: Getting Safer in Five YearsDefining A Cyber Moonshot: Getting Safer in Five Years
Defining A Cyber Moonshot: Getting Safer in Five Years
 
Debunking the mysteries of cloud computing!
Debunking the mysteries of cloud computing!Debunking the mysteries of cloud computing!
Debunking the mysteries of cloud computing!
 
Global Efforts to Secure Cloud Computing
Global Efforts to Secure Cloud Computing Global Efforts to Secure Cloud Computing
Global Efforts to Secure Cloud Computing
 
Company yufansun
Company yufansunCompany yufansun
Company yufansun
 
Embracing the Millennial Tsunami
Embracing the Millennial TsunamiEmbracing the Millennial Tsunami
Embracing the Millennial Tsunami
 
Security In The Cloud Timed
Security In The Cloud TimedSecurity In The Cloud Timed
Security In The Cloud Timed
 
GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…
GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…
GWAVACon 2015: GWAVA - Why Unified Archiving Pays Off…
 
About Me - Vinay Pandey
About Me - Vinay Pandey About Me - Vinay Pandey
About Me - Vinay Pandey
 
Instituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesInstituting_Wi-Fi_Policies
Instituting_Wi-Fi_Policies
 
Ministry of Foreign Affairs
Ministry of Foreign AffairsMinistry of Foreign Affairs
Ministry of Foreign Affairs
 
Sprint Secure Portfolio
Sprint Secure PortfolioSprint Secure Portfolio
Sprint Secure Portfolio
 
Digital demand - the challenges of being a CIO in the UK HE sector, by John C...
Digital demand - the challenges of being a CIO in the UK HE sector, by John C...Digital demand - the challenges of being a CIO in the UK HE sector, by John C...
Digital demand - the challenges of being a CIO in the UK HE sector, by John C...
 
Public Sphere: Gov 2.0 - Martin Stewart Weeks
Public Sphere: Gov 2.0 - Martin Stewart WeeksPublic Sphere: Gov 2.0 - Martin Stewart Weeks
Public Sphere: Gov 2.0 - Martin Stewart Weeks
 

Viewers also liked

GSAW Presentation on Cloud Security V2.1
GSAW Presentation on Cloud Security V2.1GSAW Presentation on Cloud Security V2.1
GSAW Presentation on Cloud Security V2.1GovCloud Network
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...GovCloud Network
 
Georgia HIT Summit Keynote
Georgia HIT Summit KeynoteGeorgia HIT Summit Keynote
Georgia HIT Summit KeynoteLee Aase
 
NJVC-Virtual Global PaaS white paper
NJVC-Virtual Global PaaS white paperNJVC-Virtual Global PaaS white paper
NJVC-Virtual Global PaaS white paperGovCloud Network
 
Value Of Cloud Computing For Fed Governmen Oct 8 Tim May
Value Of Cloud Computing For Fed Governmen Oct 8 Tim MayValue Of Cloud Computing For Fed Governmen Oct 8 Tim May
Value Of Cloud Computing For Fed Governmen Oct 8 Tim MayGovCloud Network
 
Value Of Cloud Computing For Fed Governmen Oct 8
Value Of Cloud Computing For Fed Governmen Oct 8Value Of Cloud Computing For Fed Governmen Oct 8
Value Of Cloud Computing For Fed Governmen Oct 8GovCloud Network
 

Viewers also liked (7)

GSAW Presentation on Cloud Security V2.1
GSAW Presentation on Cloud Security V2.1GSAW Presentation on Cloud Security V2.1
GSAW Presentation on Cloud Security V2.1
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
 
Yongsan presentation 1
Yongsan presentation 1Yongsan presentation 1
Yongsan presentation 1
 
Georgia HIT Summit Keynote
Georgia HIT Summit KeynoteGeorgia HIT Summit Keynote
Georgia HIT Summit Keynote
 
NJVC-Virtual Global PaaS white paper
NJVC-Virtual Global PaaS white paperNJVC-Virtual Global PaaS white paper
NJVC-Virtual Global PaaS white paper
 
Value Of Cloud Computing For Fed Governmen Oct 8 Tim May
Value Of Cloud Computing For Fed Governmen Oct 8 Tim MayValue Of Cloud Computing For Fed Governmen Oct 8 Tim May
Value Of Cloud Computing For Fed Governmen Oct 8 Tim May
 
Value Of Cloud Computing For Fed Governmen Oct 8
Value Of Cloud Computing For Fed Governmen Oct 8Value Of Cloud Computing For Fed Governmen Oct 8
Value Of Cloud Computing For Fed Governmen Oct 8
 

Similar to Nils Puhlmann Ncoic Slides

Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksSAP Ariba
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksSAP Ariba
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityJisc
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ramy Houssaini
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
 
Cloud security ely kahn
Cloud security ely kahnCloud security ely kahn
Cloud security ely kahnEly Kahn
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityAndy Powell
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 

Similar to Nils Puhlmann Ncoic Slides (20)

Cloud Security Alliance - Guidance
Cloud Security Alliance - GuidanceCloud Security Alliance - Guidance
Cloud Security Alliance - Guidance
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Cloud computing for SMBs
Cloud computing for SMBsCloud computing for SMBs
Cloud computing for SMBs
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
 
Cloud Computing Enables Consumer-Centered Healthcare
Cloud Computing Enables Consumer-Centered HealthcareCloud Computing Enables Consumer-Centered Healthcare
Cloud Computing Enables Consumer-Centered Healthcare
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
 
Cloud security and privacy
Cloud security and privacyCloud security and privacy
Cloud security and privacy
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
 
Cloud security ely kahn
Cloud security ely kahnCloud security ely kahn
Cloud security ely kahn
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 

More from GovCloud Network

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmarkGovCloud Network
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for meGovCloud Network
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeGovCloud Network
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in CyberspaceGovCloud Network
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessGovCloud Network
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture GovCloud Network
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonGovCloud Network
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher PageGovCloud Network
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanGovCloud Network
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)GovCloud Network
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefGovCloud Network
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonGovCloud Network
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentGovCloud Network
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013GovCloud Network
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013GovCloud Network
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)GovCloud Network
 

More from GovCloud Network (20)

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmark
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for me
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT Change
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate Success
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John Brennan
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview Presentation
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing brief
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. Jackson
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African Government
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)
 
Cloud computing-made-easy
Cloud computing-made-easyCloud computing-made-easy
Cloud computing-made-easy
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Nils Puhlmann Ncoic Slides

  • 1. NCOIC Federal Cloud Storefront Workshop Nils Puhlmann Co-Founder September 21st, 2009
  • 2. Security is a concern Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 3. S-P-I Model You “RFP” SaaS security in You build security in PaaS IaaS Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 4. Security and the SPI model Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 5. Risk Examples • Geo-location of sensitive data • Inability to deploy security services (e.g. scanning) • Risk with shared computing platform (multi-tenant) • Data confidentiality • Access via internet – untrusted • Cloud vendors for the most part non-committal on security • Company data on 3rd party machine • Compliance lacking – inability to satisfy auditors • Vendors not up to speed from a guidance and auditing perspective • Inability to perform forensic investigation Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 6. Meet the Cloud Security Alliance • Global, not-for-profit organization, started Nov. 2008, individual members (free), corporate members and affiliated organizations • Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… • We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 7. Current corporate members Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 8. Current affiliates Cloud-Standards.org Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 9. Individual Members • 4,174 as of September 15th • Broad Geographical Distribution • Active Working Groups • Editorial • New Working Groups • Educational Outreach • Healthcare • Architecture • Cloud Threat Analysis • Governance, Risk Mgt, Compliance, Business • US Federal Government Continuity • Financial Services • Legal & E-Discovery • Portability, Interoperability and Application Security • Identity and Access Mgt, Encryption & Key Mgt • Data Center Operations and Incident Response • Information Lifecycle Management & Storage • Virtualization and Technology Compartmentalization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 10. Project Roadmap • April 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 1 • July 2009: Version 1 translated into Japanese • October 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 2 • October 2009: Top Ten Cloud Threats (monthly) • November 2009: Provider & Customer Checklists • December 2009: eHealth Guidance • Global CSA Executive Summits • Q1 2010 – Europe • Q1 or Q2 2010 - US Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 11. Security Guidance for Critical Areas of Focus in Cloud Computing Download at: www.cloudsecurityalliance.org/guidance Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 12. Overview of Guidance 1. Architecture & Framework Governing in the Cloud Operating in the Cloud 2. Governance & Risk Mgt 8. Traditional, BCM, DR 3. Legal 9. Data Center Operations 4. Electronic Discovery 10. Incident Response 5. Compliance & Audit 11. Application Security 6. Information Lifecycle Mgt 12. Encryption & Key Mgt 7. Portability & 13. Identity & Access Mgt Interoperability 14. Storage 15. Virtualization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 13. Contact • www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • Twitter: @cloudsa, #csaguide • LinkedIn: www.linkedin.com/groups?gid=1864210 Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 14. Thank You! www.cloudsecurityalliance.org