• Save
The Perfect Storm
Upcoming SlideShare
Loading in...5

The Perfect Storm



The Perfect Storm: Threats and Risks in the Cloud

The Perfect Storm: Threats and Risks in the Cloud



Total Views
Views on SlideShare
Embed Views



2 Embeds 2

http://www.linkedin.com 1
https://www.linkedin.com 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

The Perfect Storm The Perfect Storm Presentation Transcript

  • The Perfect Storm:Threats and Risks in the Cloud Ramsés Gallego CISM, CGEIT, CISSP SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt , Chief Strategy Officer - Entel Security & Risk Management rgallego@entel.es
  • Confidence Resilience Data Segregation Compliance Right to Audit User Access Identity Dispute Recovery resolutionVirtualization Isolation Forensics Data Location Trust Maturity Models Privacy Web 2.0 Surety Architectures Emerging Traceability Evidence Web Services Metrics gathering Competitive Advantage Workflow Incident handling
  • What is Cloud? The biggest evolution in technology that can have an impact similar to the birth of the Internet Number 1 on the list of ‘10 strategic technologies’ of all the analysts‘Unless you’ve been under a rock recently, you’ve probably heard Cloud Computing as the next revolution in IT’ - CFO Magazine
  • What is Cloud?A pay-as-you-go model for using applications,development platforms and/or IT infrastructure 7
  • 8
  • Corporate mandates Manage risk Manage cost Improve service Align IT investments• Compliance • IT Portfolio Management • Optimize resources • Service Availability• Asset protection • Value Management • Automate processes • Service Management• Continuity Management • Process Management Optimal value providingManage operational and Better CAPEX and effective and efficient Align investments with business risk OPEX management services corporate objectives 9
  • The same principles... different context
  • 11
  • Some numbers Security Management Monitoring Availability Cloud Adoption 60 59% 9% 12% 45 30 27% 79% 15 17%Security concerns Manageability Cost Priorities 7% Sources: IBM survey 2010, Ponemon Institute, CA Technologies, ISACA, ENISA, CSA
  • Business-driven
  • Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster RecoveryOperating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization
  • Key Cloud Security problemsFrom CSA Top Threats Research Trust: Lack of Provider transparency. Impacts Governance, Risk & Compliance Data: Leakage, Loss or Storage in unfriendly geography Insecure Cloud software Malicious use of Cloud services Account/Service Hijacking Malicious Insiders Cloud-specific attacks
  • Security is paramount
  • Useful resources
  • 10 questions to ask to the Cloud1. How is identity and access managed in the Cloud?2. Where will my data be geographically located?3. How securely is my data handled?4. How is access by privileged users controlled?5. How is data protected against privileged user abuse?6. What levels of isolation are supported?7. How is my data protected in virtual environments?8. How are the systems protected against Internet threats?9. How are activities monitored and logged?10. What kind of information security certification do you have?
  • THANK YOU Ramsés GallegoCISM, CGEIT, CISSP SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt , Chief Strategy Officer - Entel Security & Risk Management rgallego@entel.es