Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Erkan kahraman Security, Trust, Assurance - 20131106 - nordic it security summit presentation
Similar to Erkan kahraman Security, Trust, Assurance - 20131106 - nordic it security summit presentation (20)
Recently uploaded
Recently uploaded (20)
Erkan kahraman Security, Trust, Assurance - 20131106 - nordic it security summit presentation
- 1. Security, Trust and Assurance. Achieving confidence in the cloud. Erkan Kahraman| CISO of Projectplace.com | erkank@projectplace.com
- 2. Agenda • whois erkan.kahraman • Top concerns for cloud computing. • Security, trust and assurance ecosystem. • Who to trust? Encryption and beyond. • What this talk does not address and what to do next.
- 3. TOP CUSTOMER CONCERNS1 • Add text here LEGISLATION ACCOUNTABILITY PRIVACY CONFIDENTIALITY • Add text here INTEGRATION • Add RETENTION text here PRIVACY SECURITY AVAILABILITY LEGISLATION • EXIT Add text STRATEGIES here EFFICIENCY ENCRYPTION CONFIDENTIALIT HIGHER PRODUCTIVITY PRIVACY DATA INTEGRITY REGULATIONS DEMAND RETENTION AVAILABI ENCRYPTION CONFIDENTIALITY DATA OWNERSHIP EXIT STRAT DATA INTEGRITY ACCCOUNTABILITY RETENTION INTEGRATION INCREASED COMPETITION MULTIPLE TEAMS INTERNALLY EXTERNALLY 1 According to ”2012 Cloud Computing Market Maturity” survey conducted jointly by Cloud Security Alliance (CSA) and ISACA.
- 4. HOW TO ADDRESS CONCERNS • Add text here • Add text here • Add text here ASSURANCE • Add text here BEST PRACTICES AND INDUSTRY STANDARDS (I.E. ISO 27001) ACCREDITATION AND CERTIFICATIONS INDEPENDENT AUDITS TRUST APPLICABLE LEGISLATION PRIVACY STATEMENT DATA RETENTION & OWNERSHIP ESCROW AND EXIT STRATEGIES SECURITY • CONFIDENTIALITY • INTEGRITY • AVAILABILITY Security, Trust and Assurance ecosystem.
- 5. Traditional Security Triad • Confidentiality Perimeter security, Access control, Encryption, User Account and Password Management • Integrity Physical and Environmental measures, protection against malware, FIM, audit logging, monitoring and traceability • Availability SLA, RPO/RTO, Independent monitoring, redundancy, Disaster Recovery and BCP, Backups and Restoration, Web Accelerators
- 7. Trust
- 8. Trust • Applicable legislation (Location, location, location) • Data Ownership (Terms and Conditions) • Data Retention (and data portability) • Integration with existing systems (APIs, Single Sign-on) • Escrow and Exit strategies • Privacy Statement, Cookie Information
- 9. Trust
- 10. Trust
- 11. Assurance
- 12. Assurance • Industry accepted standards such as ISO27001. • SSAE-16 reports. • Cloud Security Alliance STAR. • Other technology certificates and seals. • Independent audits.
- 13. How perceptions change by experience • 91% of SMBs said the security of their organization had been positively impacted as a result of cloud adoption. • 82% of SMBs have experienced improved service availability since moving to the cloud • 93% of SMBs said they are confident their cloud provider can quickly and effectively restore services during an outage. Cloud Trust Study results for the U.K, June 2013.
- 14. What this talk did not cover… • STA is to assess a single cloud vendor, you should have an overall strategy and processes to manage all your cloud providers. • Do not forget the human factor. Educate and train your users.
- 16. Projectplace where projects succeeds
Editor's Notes
- Headquarters of the NSA (Fort Meade) and UK GCHQ (Cheltenham, Gloucestershire)
- When no longer using the service, archiving can be done offline. The service also features data portability, which provides users with tools to facilitate easy data exports; needless to say, access control rules apply.
- The Director of the National Security Agency Gen. Keith Alexander during his speech at the 2013 black hat conference earlier this year.