SECURITY ASSURANCEMatt Lowth (NAB)Ian Lamont (BMW)
RISK IN THE CLOUD2ODCA Provider Assurance 2013 |
BACKGROUND – USAGE MODELS3ODCA Provider Assurance 2013 |Provider Assurance; Data Security Framework; Security Monitoring;I...
AGENDA4ODCA Provider Assurance 2013 |Lessons that willsupport security in my businessTopicDiscussLearningCloud Provider As...
UM CORE – MODEL & USAGE SCENARIOS5ODCA Provider Assurance 2013 |
PROVIDER ASSURANCE FRAMEWORK6ODCA Provider Assurance 2013 |Assurance LevelBronze Silver Gold PlatinumDescriptionRepresents...
BRONZE• Virus scanning• Physical Access control• Secure protocols used• ITIL Process Usage• Default Passwords removed• Sou...
SILVER• Network Intrusion Prevention• Event Logging foradministrators• Technical Continuity Plan• Fully documented network...
GOLD• Option to perform pen testing• Physical segmentation of hw• Multi factor authentication• Ability to define geographi...
GENERAL QUESTIONS (TO THE AUDIENCE) As providers, are your products secured to oneor more of the levels described? As su...
INFORMATION AND ASSETS11ODCA Provider Assurance 2013 |Available to Members at: www.opendatacenteralliance.orgURL for Publi...
QUESTIONS12ODCA Provider Assurance 2013 |www.opendatacenteralliance.orgSecurity Provider AssuranceEnsuring that the Cloud ...
© 2013 Open Data Center Alliance, Inc. ALL RIGHTS RESERVED.
Upcoming SlideShare
Loading in...5
×

Forecast odcau6 100_eb

345

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
345
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Forecast odcau6 100_eb

  1. 1. SECURITY ASSURANCEMatt Lowth (NAB)Ian Lamont (BMW)
  2. 2. RISK IN THE CLOUD2ODCA Provider Assurance 2013 |
  3. 3. BACKGROUND – USAGE MODELS3ODCA Provider Assurance 2013 |Provider Assurance; Data Security Framework; Security Monitoring;Identity Mgmt Interoperability; Identity Mgmt and Governance;IaaS Privileged User Access; Single Sign On AuthenticationIO Control;VM Interoperability in a Hybrid Cloud;Long Distance Workload MigrationSoftware Entitlement Mgmt;Regulatory FrameworkPaaS Interoperability; SaaS Interoperability;Interoperability across Clouds; Carbon Footprint;Service CatalogueSecureFederationAutomationCommonManagementand PolicyTransparency
  4. 4. AGENDA4ODCA Provider Assurance 2013 |Lessons that willsupport security in my businessTopicDiscussLearningCloud Provider AssuranceWhy / What / How
  5. 5. UM CORE – MODEL & USAGE SCENARIOS5ODCA Provider Assurance 2013 |
  6. 6. PROVIDER ASSURANCE FRAMEWORK6ODCA Provider Assurance 2013 |Assurance LevelBronze Silver Gold PlatinumDescriptionRepresents the lower-end corporate securityrequirement and mayequate to a higherlevel for a small tomedium businesscustomerRepresents a standardlevel of corporatesecurity likely to beevident in manyenterprisesRepresents animproved level ofsecurity that wouldnormally beassociated with theprocessing ofsensitive corporatedata.Represents thehighest level ofcontemplatedcorporaterequirementsExampleDevelopmentenvironmentTest environment; “outof the-box” productionenvironmentFinance sectorproductionenvironmentSpecial purpose,high-end securityrequirement
  7. 7. BRONZE• Virus scanning• Physical Access control• Secure protocols used• ITIL Process Usage• Default Passwords removed• Source Code analysis• IT Security Policy• Provider staff management• Data Security training7ODCA Provider Assurance 2013 |• Vulnerability Mgmt• Firewall isolation• Identity Management• Data retention and deletion• Security Incident and EventMonitoring
  8. 8. SILVER• Network Intrusion Prevention• Event Logging foradministrators• Technical Continuity Plan• Fully documented network• Safe Harbor for EUsubscribers• Provider risk assessments• Provider config and assetmgmt• DoS protection• Guaranteed data deletion8ODCA Provider Assurance 2013 |• Vulnerability Mgmt• Firewall isolation• Identity Management• Data retention and deletion• Security Incident and EventMonitoring• Encryption key mgmt
  9. 9. GOLD• Option to perform pen testing• Physical segmentation of hw• Multi factor authentication• Ability to define geographichosting limits• No default admin access• Strong data encryption• Accredited provider processes9ODCA Provider Assurance 2013 |• Vulnerability Mgmt• Firewall isolation• Identity Management• Data retention and deletion• Security Incident and EventMonitoring
  10. 10. GENERAL QUESTIONS (TO THE AUDIENCE) As providers, are your products secured to oneor more of the levels described? As subscribers, would you buy from a providerif he advertised one of these levels10ODCA Provider Assurance 2013 |
  11. 11. INFORMATION AND ASSETS11ODCA Provider Assurance 2013 |Available to Members at: www.opendatacenteralliance.orgURL for Public content: www.opendatacenteralliance.orgStandardizedResponseChecklistsAccelerate TTMShared PracticesDrive ScaleStreamlinedRequirementsAccelerateAdoption
  12. 12. QUESTIONS12ODCA Provider Assurance 2013 |www.opendatacenteralliance.orgSecurity Provider AssuranceEnsuring that the Cloud is secure
  13. 13. © 2013 Open Data Center Alliance, Inc. ALL RIGHTS RESERVED.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×