Your SlideShare is downloading. ×
0
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
The Perfect Storm
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

The Perfect Storm

406

Published on

The Perfect Storm: Threats and Risks in the Cloud

The Perfect Storm: Threats and Risks in the Cloud

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
406
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. The Perfect Storm:Threats and Risks in the Cloud Ramsés Gallego CISM, CGEIT, CISSP SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt , Chief Strategy Officer - Entel Security & Risk Management rgallego@entel.es
  • 2. Confidence Resilience Data Segregation Compliance Right to Audit User Access Identity Dispute Recovery resolutionVirtualization Isolation Forensics Data Location Trust Maturity Models Privacy Web 2.0 Surety Architectures Emerging Traceability Evidence Web Services Metrics gathering Competitive Advantage Workflow Incident handling
  • 3. What is Cloud? The biggest evolution in technology that can have an impact similar to the birth of the Internet Number 1 on the list of ‘10 strategic technologies’ of all the analysts‘Unless you’ve been under a rock recently, you’ve probably heard Cloud Computing as the next revolution in IT’ - CFO Magazine
  • 4. What is Cloud?A pay-as-you-go model for using applications,development platforms and/or IT infrastructure 7
  • 5. 8
  • 6. Corporate mandates Manage risk Manage cost Improve service Align IT investments• Compliance • IT Portfolio Management • Optimize resources • Service Availability• Asset protection • Value Management • Automate processes • Service Management• Continuity Management • Process Management Optimal value providingManage operational and Better CAPEX and effective and efficient Align investments with business risk OPEX management services corporate objectives 9
  • 7. The same principles... different context
  • 8. 11
  • 9. Some numbers Security Management Monitoring Availability Cloud Adoption 60 59% 9% 12% 45 30 27% 79% 15 17%Security concerns Manageability Cost Priorities 7% Sources: IBM survey 2010, Ponemon Institute, CA Technologies, ISACA, ENISA, CSA
  • 10. Business-driven
  • 11. Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster RecoveryOperating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization
  • 12. Key Cloud Security problemsFrom CSA Top Threats Research Trust: Lack of Provider transparency. Impacts Governance, Risk & Compliance Data: Leakage, Loss or Storage in unfriendly geography Insecure Cloud software Malicious use of Cloud services Account/Service Hijacking Malicious Insiders Cloud-specific attacks
  • 13. Security is paramount
  • 14. Useful resources
  • 15. 10 questions to ask to the Cloud1. How is identity and access managed in the Cloud?2. Where will my data be geographically located?3. How securely is my data handled?4. How is access by privileged users controlled?5. How is data protected against privileged user abuse?6. What levels of isolation are supported?7. How is my data protected in virtual environments?8. How are the systems protected against Internet threats?9. How are activities monitored and logged?10. What kind of information security certification do you have?
  • 16. THANK YOU Ramsés GallegoCISM, CGEIT, CISSP SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt , Chief Strategy Officer - Entel Security & Risk Management rgallego@entel.es

×