Global Mandate to Secure Cloud Computing

576 views

Published on

Cloud Security Alliance presentation

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
576
On SlideShare
0
From Embeds
0
Number of Embeds
41
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Global Mandate to Secure Cloud Computing

  1. 1. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Ken Low Chairman, Asia Pacific Executive Council Cloud Security Alliance
  2. 2. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Cloud One million new mobile devices - each day! Social Networking Digital Natives
  3. 3. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance State Sponsored Cyberattacks? Organized Crime? Legal Jurisdiction & Data Sovereignty? Global Security Standards? Privacy Protection for Citizens? Transparency & Visibility from Cloud Providers?
  4. 4. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Shift the balance of power to consumers of IT Enable innovation to solve difficult problems of humanity Give the individual the tools to control their digital destiny Do this by creating confidence, trust and transparency in IT systems Security is not overhead, it is the enabler
  5. 5. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Transparency & visibility from providers Compatible laws across jurisdictions Data sovereignty Incomplete standards Lack true multi-tenant technologies & architecture Incomplete Identity Mgt implementations Risk Concentration
  6. 6. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Shared Responsibility Incident sharing Legal frameworks Human intelligence Agile communities
  7. 7. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Global, not-for-profit organization, founded 2009 Geographically divided into Americas, EMEA and APAC regions to meet strategic objectives 200 member driven organization with over 44,000 individual members in 64 chapters worldwide Established with the aim of bringing trust to the cloud Develop a global trusted cloud ecosystem Building best practices and standards for next-gen IT Grounded in an agile philosophy, rapid development of applied research that supports all activities
  8. 8. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance 2009 CSA launch at RSA 2009 with Security Guidance for Critical Areas of Focus in Cloud Computing 6,000 members 2010 Launch Certificate of Cloud Security Knowledge (CCSK) 15,000 members 2011 Launch CSA Security, Trust and Assurance Registry (STAR) 27,000 members 2012 Launch CSA Mobile and Big Data research to address emerging needs 42,000 members North America EMEA APAC Latin America 0 5,000 10,000 15,000 20,000 25,000 30,000 35,000 40,000 45,000 Membership Growth
  9. 9. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  10. 10. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Corporate HQ is established in Singapore Global CSA Research Centre Global Standards Secretariat CCSK Global Centre of Excellence Secondary hub is established in Hong Kong anchored by CloudCERT APAC Operational Base Both locations also serve as APAC business centre Serving as a regional hub and operations magnet our members Subsequently satellite hubs are established in Thailand, Taiwan and New Zealand
  11. 11. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  12. 12. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance CSA research is organized under a framework based on CSA Security Guidance for Critical Area of Focus in Cloud Computing Total of 14 domains organised under 3 key areas of focus – Architecture, Governance and Operational Security
  13. 13. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Our research includes fundamental projects needed to define and implement trust within the future of information technology CSA continues to be aggressive in producing critical research, education and tools Sponsorship opportunities Selected research projects in following slides
  14. 14. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  15. 15. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance The industry’s first user certification program for secure cloud computing Based on CSA research framework, specifically the Security Guidance for Critical Area of Focus in Cloud Computing Designed to ensure that a broad range of professionals with responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud
  16. 16. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance CCSK Basic One day course to enable student to pass CCSK CCSK Plus Two day course includes practical cloud lab work CCSK Train-the-Trainer Three day course including CCSK Plus GRC Stack Training Additional one day course to use GRC Stack components PCI/DSS In the Cloud Additional one day course focusing on achieving PCI compliance in cloud computing http://cloudsecurityalliance.org/education/training/
  17. 17. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  18. 18. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Public visibility into Providers Corporate Governance Supply Chain Information Security Program Policies Impacting Customers Consumer right to know Public will demand better Sunlight is the best disinfectant,” U.S. Supreme Court Justice Louis Brandeis
  19. 19. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers. The CSA Open Certification Framework is a program for flexible, incremental and multi- layered certification Based on CSA best practices Integrating with popular third-party assessment and attestation statements, initially ISO 27001 & AICPA SSAE16 (SOC2) Pilots in progress, will be released Q3 2013 under the STAR brand
  20. 20. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance OPEN CERTIFICATION FRAMEWORK CONTINUOUS ATTESTATION | CERTIFICATION SELF ASSESSMENT TRANSPERANCY ASSURANCE
  21. 21. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Clear GRC objectives 3rd Party Assessment Real time, continuous monitoring + + Self Assessment +
  22. 22. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance CSA STAR (Security, Trust and Assurance Registry) Public Registry of Cloud Provider self assessments Based on Consensus Assessments Initiative Questionnaire Provider may substitute documented Cloud Controls Matrix compliance Voluntary industry action promoting transparency Security as a market differentiator www.cloudsecurityalliance.org/star STAR – Demand it from your providers!
  23. 23. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance 2 Registered (December 2012) 22 Registered (February 2013)
  24. 24. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  25. 25. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Industry thought leadership Traditional Monday start to RSA Conference 2011: White House launches Federal Cloud Strategy 2012: Keynote from Former NSA Director Mike McConnell, announce CSA Mobile 2013: DHS Undersecretary for Cybersecurity and Presiding Director of Coca Cola Company, James Robinson III
  26. 26. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance One day conferences in conjunction with chapters Engage with local thought leaders Project CSA best practices globally 2013 Regional Summits (so far) 16 in Asia Pacific 4 in Americas 4 in EMEA http://www.csathailand.org
  27. 27. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Only multi-track, multi-day conference focused on cloud security Key venue for new research Primarily attended by enterprise end users 2013 CSA Congress Plans CSA Congress APAC, Singapore, May 14-17 CSA Congress EMEA, Europe, September CSA Congress US, Orlando, November http://www.csa-apac.org
  28. 28. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  29. 29. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Challenges remain, there will always be insecurity Global collaboration, public & private Innovation can make policy restrictions obsolete Major focus on identity needed The Internet of Things is a ticking bomb Must solve tomorrow’s problems today Transparency must be our guide
  30. 30. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance Be Pragmatic, Be Agile Follow the law, but do not concede to poor interpretations of the law. Defend the spirit of the law forcefully. More tools available than you think Advocate through procurement Waiting not an option, but don’t forget Strategy Risk Management Cloud-ready Enterprise Architecture Be Educated
  31. 31. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance For more information on the Cloud Security Alliance, please contact: Global/Americas Jim Reavis jreavis@cloudsecurityalliance.org EMEA Daniele Catteddu dcatteddu@cloudsecurityalliance.org APAC Aloysius Cheang acheang@cloudsecurityalliance.org
  32. 32. www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

×