The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I,
CISO challenges with the cloud
When the winds of change blow, some people
build walls and others build windmills.
- Chinese Proverb
Information security professional for over 20 years
Founder, partner and investor at various cyber initiatives and startups
Popular industry speaker & lecturer (DefCon, BlackHat, Infosec and more)
Founding committee member for ISC2 CCSP certification.
CCSK Certification lecturer for the Cloud Security Alliance.
Member of the board at Macshava Tova – Narrowing societal gaps
Chairman of the Board, Cloud Security Alliance, Israeli Chapter
“Moving to cloud will
expose our data to foreign
“I got a virtualized
servers, so I already in the
“I don’t trust the vendors”
“What about compliance?”
“Our regulator forbid
us from moving to the
“Cloud lacks the visibility
“We use hosting, so
we are already in the
“We will loose control
over our assets”
“And What about the
NSA…?” “Cloud services are
not mature enough”
The shared responsibility model
Network & Data Center
Virtual Machines & OS
Data layer & development
Audit & Monitoring
IaaS PaaS SaaS
(running apps in the
(Private Cloud adapters)
Cloud challenges varies depending on the market sector
The Challenge: Private cloud still got the same attack vectors!
Multi tenancy &
The Challenge: Look for those abundant applications that can
benefit from cloud computing
The cloud providers AWS and Azure provide a number of compliance certifications. These certifications save time and resources if customers can rely on 3rd party audits by the bodies awarding these certifications (due diligence should be carried out where required). This is not an exhaustive list..There may be more.
CCM has been adopted by both Amazon and Microsoft for their IaaS and PaaS services.
Microsoft have it for some of their SaaS products such as Office 365 and CRM Dynamics as mentioned earlier.