SlideShare a Scribd company logo

Taming the compliance beast in cloud

Download as PPTX, PDF
Saumya Vishnoi
Saumya Vishnoi

This talk was presented in Cloud Security Alliance (CSA) Bangalore chapter meet in March 2017 on the topic of implementing and maintaining compliance in the cloud environment.

Technology
1 of 17
By Saumya Vishnoi
 Currently working in FreeCharge Information Security team  Information Security profession – about 6 years of experience  Ex- PCI QSA  Audited multiple environments
 All the information, discussion and views  presented in the talk are  personal !!!
 Increases workload  Creates extra process  Costly
 Business enabler –  PCI DSS for processing card details  RBI PSS for getting and running a digital wallet  Give confidence to clients and third party  Force organizations to give security a thought  Act as baseline for security Compliance acts as an enabler for security
 Ensure the compliance of Cloud provider  Check and verify the services that are part of their compliance.  Include them in your third party risk assessment section Don’t Blindly trust them !!!
 Not just compliance, check their Security policies as well  Regular audits and/or reports Because they may be compliant but not Secure
EMAIL: SAUM98@GMAIL.COM TWITTER: @SAUM98

Recommended

PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed Introduction
ControlCase
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
sameh Abulfotooh
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
okrantz
 
PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,
Khaled Mosharraf
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
Kimberly Simon MBA
 

Recommended

PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed Introduction
ControlCase
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
sameh Abulfotooh
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
okrantz
 
PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,
Khaled Mosharraf
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
Kimberly Simon MBA
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
Mohammad Makchudul Alam (Arif)
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
Kimberly Simon MBA
 
Privacy frameworks 101
Privacy frameworks 101Privacy frameworks 101
Privacy frameworks 101
Saumya Vishnoi
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
Rochester Security Summit
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overview
b28stu
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
InMobi Technology
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
Vikrant Burbure
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Ariel Ben-Harosh
 
PA-DSS
PA-DSSPA-DSS
PA-DSS
Christian Heinrich
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
Kimberly Simon MBA
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
Kimberly Simon MBA
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certification
Alexander Polyakov
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
Kimberly Simon MBA
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
Kimberly Simon MBA
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to Know
Terra Verde
 
Newcastle web design
Newcastle web designNewcastle web design
Newcastle web design
smithlopan8
 
3Com 3C6055
3Com 3C60553Com 3C6055
3Com 3C6055
savomir
 

More Related Content

What's hot

PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
Rochester Security Summit
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overview
b28stu
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Ariel Ben-Harosh
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certification
Alexander Polyakov
 

What's hot (20)

Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
Privacy frameworks 101
Privacy frameworks 101Privacy frameworks 101
Privacy frameworks 101
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overview
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
 
PA-DSS
PA-DSSPA-DSS
PA-DSS
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certification
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to Know
 

Viewers also liked

Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS" Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
FRAPS
 
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS" Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
FRAPS
 

Viewers also liked (17)

Newcastle web design
Newcastle web designNewcastle web design
Newcastle web design
 
3Com 3C6055
3Com 3C60553Com 3C6055
3Com 3C6055
 
Aparato digestivo
Aparato digestivoAparato digestivo
Aparato digestivo
 
COLOR
COLORCOLOR
COLOR
 
GEC 2017: Carl Meyer
GEC 2017: Carl MeyerGEC 2017: Carl Meyer
GEC 2017: Carl Meyer
 
Datary seminario de big data - 18.03.2017
Datary seminario de big data - 18.03.2017Datary seminario de big data - 18.03.2017
Datary seminario de big data - 18.03.2017
 
IQ TEST
IQ TESTIQ TEST
IQ TEST
 
Most Beautiful Islands in the World
Most Beautiful Islands in the WorldMost Beautiful Islands in the World
Most Beautiful Islands in the World
 
Hotel Booking System by Template124
Hotel Booking System by Template124Hotel Booking System by Template124
Hotel Booking System by Template124
 
Internet of Things Architecture / Topology
Internet of Things Architecture / TopologyInternet of Things Architecture / Topology
Internet of Things Architecture / Topology
 
EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016
EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016
EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016
 
Antorcha
AntorchaAntorcha
Antorcha
 
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS" Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
 
GEC 2017: Living Box
GEC 2017: Living BoxGEC 2017: Living Box
GEC 2017: Living Box
 
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS" Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
 
3Com 655-0107-01
3Com 655-0107-013Com 655-0107-01
3Com 655-0107-01
 
You tube resources & animation
You tube resources & animationYou tube resources & animation
You tube resources & animation
 

Similar to Taming the compliance beast in cloud

Cybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - CincinnatiCybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - Cincinnati
Identity Defined Security Alliance
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
Divya Kothari
 
March Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance MeetupMarch Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance Meetup
Identity Defined Security Alliance
 
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days
 
SAS70 And Information Security
SAS70 And Information SecuritySAS70 And Information Security
SAS70 And Information Security
Edgar352Harris
 

Similar to Taming the compliance beast in cloud (20)

Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
 
Cybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - CincinnatiCybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - Cincinnati
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
1 Pci Compliance How To Doc
1 Pci Compliance How To Doc1 Pci Compliance How To Doc
1 Pci Compliance How To Doc
 
Information Security Statutory Compliance
Information Security Statutory ComplianceInformation Security Statutory Compliance
Information Security Statutory Compliance
 
March Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance MeetupMarch Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance Meetup
 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and Reality
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategyIdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
 
VendorRisk - Vendor Management Software
VendorRisk - Vendor Management SoftwareVendorRisk - Vendor Management Software
VendorRisk - Vendor Management Software
 
123930653 cisa
123930653 cisa123930653 cisa
123930653 cisa
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Just Enough Authentication
Just Enough AuthenticationJust Enough Authentication
Just Enough Authentication
 
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_finalSso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
 
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
 
PCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS TrainingPCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS Training
 
PCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS TrainingPCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS Training
 
Payment account data security – PCI DSS
Payment account data security – PCI DSSPayment account data security – PCI DSS
Payment account data security – PCI DSS
 
SAS70 And Information Security
SAS70 And Information SecuritySAS70 And Information Security
SAS70 And Information Security
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Taming the compliance beast in cloud

  • 2.  Currently working in FreeCharge Information Security team  Information Security profession – about 6 years of experience  Ex- PCI QSA  Audited multiple environments
  • 3.  All the information, discussion and views  presented in the talk are  personal !!!
  • 4.
  • 5.
  • 6.  Increases workload  Creates extra process  Costly
  • 7.  Business enabler –  PCI DSS for processing card details  RBI PSS for getting and running a digital wallet  Give confidence to clients and third party  Force organizations to give security a thought  Act as baseline for security Compliance acts as an enabler for security
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.  Ensure the compliance of Cloud provider  Check and verify the services that are part of their compliance.  Include them in your third party risk assessment section Don’t Blindly trust them !!!
  • 14.  Not just compliance, check their Security policies as well  Regular audits and/or reports Because they may be compliant but not Secure
  • 15.
  • 16.