The Perfect Storm


Published on

The Perfect Storm: Threats and Risks in the Cloud

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The Perfect Storm

  1. 1. The Perfect Storm:Threats and Risks in the Cloud Ramsés Gallego CISM, CGEIT, CISSP SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt , Chief Strategy Officer - Entel Security & Risk Management
  2. 2. Confidence Resilience Data Segregation Compliance Right to Audit User Access Identity Dispute Recovery resolutionVirtualization Isolation Forensics Data Location Trust Maturity Models Privacy Web 2.0 Surety Architectures Emerging Traceability Evidence Web Services Metrics gathering Competitive Advantage Workflow Incident handling
  3. 3. What is Cloud? The biggest evolution in technology that can have an impact similar to the birth of the Internet Number 1 on the list of ‘10 strategic technologies’ of all the analysts‘Unless you’ve been under a rock recently, you’ve probably heard Cloud Computing as the next revolution in IT’ - CFO Magazine
  4. 4. What is Cloud?A pay-as-you-go model for using applications,development platforms and/or IT infrastructure 7
  5. 5. 8
  6. 6. Corporate mandates Manage risk Manage cost Improve service Align IT investments• Compliance • IT Portfolio Management • Optimize resources • Service Availability• Asset protection • Value Management • Automate processes • Service Management• Continuity Management • Process Management Optimal value providingManage operational and Better CAPEX and effective and efficient Align investments with business risk OPEX management services corporate objectives 9
  7. 7. The same principles... different context
  8. 8. 11
  9. 9. Some numbers Security Management Monitoring Availability Cloud Adoption 60 59% 9% 12% 45 30 27% 79% 15 17%Security concerns Manageability Cost Priorities 7% Sources: IBM survey 2010, Ponemon Institute, CA Technologies, ISACA, ENISA, CSA
  10. 10. Business-driven
  11. 11. Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster RecoveryOperating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization
  12. 12. Key Cloud Security problemsFrom CSA Top Threats Research Trust: Lack of Provider transparency. Impacts Governance, Risk & Compliance Data: Leakage, Loss or Storage in unfriendly geography Insecure Cloud software Malicious use of Cloud services Account/Service Hijacking Malicious Insiders Cloud-specific attacks
  13. 13. Security is paramount
  14. 14. Useful resources
  15. 15. 10 questions to ask to the Cloud1. How is identity and access managed in the Cloud?2. Where will my data be geographically located?3. How securely is my data handled?4. How is access by privileged users controlled?5. How is data protected against privileged user abuse?6. What levels of isolation are supported?7. How is my data protected in virtual environments?8. How are the systems protected against Internet threats?9. How are activities monitored and logged?10. What kind of information security certification do you have?
  16. 16. THANK YOU Ramsés GallegoCISM, CGEIT, CISSP SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt , Chief Strategy Officer - Entel Security & Risk Management