SlideShare a Scribd company logo

Cloud computing provider assessment

Y
Yazan AlMasri

Getting the needed InfoSec assurance from a cloud provider by asking the right questions

Technology
1 of 11
Download to read offline
We are Visiting the Cloud, are you Joining? Yazan Almasri MSc, CISSP, PMP, ITIL Information Security Director, Aramex International
Cloud Adoption Growth
Cloud Drivers • Cost savings • Capex to Opex • Ease of deployment • Speed to solution • Accessibility • Scalability
…Security is still a top concern
Key Security Concerns • CSP insider threat • Identity and access management • Data protection/Handling • Data destruction • Backups security • Management Portal • Incident Response • Patching Vulnerabilities • Shadow IT
Our Role • Balance Agility with Security • Lead the effort to a more secure cloud • Build a cloud adoption strategy
Due Diligence Methods • POC • Trial Period • Reference visits • CSP site visit • Review Audits
Key questions to assess CSP • Years in service • Previous incidentsReputation • Authentication Controls (Customer, Admins) • Tenant IsolationAccess Control • Server Location • Data retention on terminationData Location • What’s there for customers • Logs for privileged activitiesAudit Trail • Backup Frequency & Security • Inline with your recovery objectivesRecovery • Certifications • Future plansCompliance • For Data In Transit and At Rest • Who owns the keyEncryption • Jurisdictional/Dispute Location • Auto renewalLegal
Takeaways Due Diligence Cloud adoption strategy Keep track of latest solutions
Questions
Resources • How to Secure Data in the Cloud: Due Diligence http://www.cloudcomputinginsights.com/security/how-to-secure-data- in-the-cloud-due-diligence/?mode=featured • Cloud Controls Matrix Working Group https://cloudsecurityalliance.org/group/cloud-controls-matrix/ • Cloud Computing Risk Assessment https://www.enisa.europa.eu/activities/risk- management/files/deliverables/cloud-computing-risk-assessment

Recommended

Getting ahead of the trend towards SSL and HTTPS
Getting ahead of the trend towards SSL and HTTPSGetting ahead of the trend towards SSL and HTTPS
Getting ahead of the trend towards SSL and HTTPS Array Networks
 
ECM Renovation Roadshow - ECM System Migration
ECM Renovation Roadshow - ECM System MigrationECM Renovation Roadshow - ECM System Migration
ECM Renovation Roadshow - ECM System MigrationZia Consulting
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be PreparedAlan Eardley
 
eAFG
eAFGeAFG
eAFGVijay Reddy
 
Webinar: Inside Apache Solr 5
Webinar: Inside Apache Solr 5 Webinar: Inside Apache Solr 5
Webinar: Inside Apache Solr 5 Lucidworks
 
Cloud Design Patterns
Cloud Design PatternsCloud Design Patterns
Cloud Design PatternsTaswar Bhatti
 
Hyperscale Security Data for Continuous Risk Monitoring
Hyperscale Security Data for Continuous Risk MonitoringHyperscale Security Data for Continuous Risk Monitoring
Hyperscale Security Data for Continuous Risk MonitoringAmazon Web Services
 
Bruger og kontekstbaseret tilgang til automatiseret IT-service levering - TOP...
Bruger og kontekstbaseret tilgang til automatiseret IT-service levering - TOP...Bruger og kontekstbaseret tilgang til automatiseret IT-service levering - TOP...
Bruger og kontekstbaseret tilgang til automatiseret IT-service levering - TOP...TOPdesk
 

Recommended

Getting ahead of the trend towards SSL and HTTPS
Getting ahead of the trend towards SSL and HTTPSGetting ahead of the trend towards SSL and HTTPS
Getting ahead of the trend towards SSL and HTTPS Array Networks
 
ECM Renovation Roadshow - ECM System Migration
ECM Renovation Roadshow - ECM System MigrationECM Renovation Roadshow - ECM System Migration
ECM Renovation Roadshow - ECM System MigrationZia Consulting
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be PreparedAlan Eardley
 
eAFG
eAFGeAFG
eAFGVijay Reddy
 
Webinar: Inside Apache Solr 5
Webinar: Inside Apache Solr 5 Webinar: Inside Apache Solr 5
Webinar: Inside Apache Solr 5 Lucidworks
 
Cloud Design Patterns
Cloud Design PatternsCloud Design Patterns
Cloud Design PatternsTaswar Bhatti
 
Hyperscale Security Data for Continuous Risk Monitoring
Hyperscale Security Data for Continuous Risk MonitoringHyperscale Security Data for Continuous Risk Monitoring
Hyperscale Security Data for Continuous Risk MonitoringAmazon Web Services
 
Bruger og kontekstbaseret tilgang til automatiseret IT-service levering - TOP...
Bruger og kontekstbaseret tilgang til automatiseret IT-service levering - TOP...Bruger og kontekstbaseret tilgang til automatiseret IT-service levering - TOP...
Bruger og kontekstbaseret tilgang til automatiseret IT-service levering - TOP...TOPdesk
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsTaswar Bhatti
 
Azure Reference Architectures
Azure Reference ArchitecturesAzure Reference Architectures
Azure Reference ArchitecturesChristopher Bennage
 
Operations manager first call customer presentation
Operations manager first call customer presentationOperations manager first call customer presentation
Operations manager first call customer presentationxKinAnx
 
Achieving cyber mission assurance with near real-time impact
Achieving cyber mission assurance with near real-time impactAchieving cyber mission assurance with near real-time impact
Achieving cyber mission assurance with near real-time impactElasticsearch
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018Taswar Bhatti
 
AWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAmazon Web Services
 
Improving search at Wellcome Collection
Improving search at Wellcome CollectionImproving search at Wellcome Collection
Improving search at Wellcome CollectionElasticsearch
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudLahav Savir
 
Centralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLACentralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLAElasticsearch
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Product Overview: An Analytics Primer
Product Overview: An Analytics PrimerProduct Overview: An Analytics Primer
Product Overview: An Analytics PrimerZenoss
 
GWAVACon 2015: GWAVA - Sneak Peek
GWAVACon 2015: GWAVA - Sneak PeekGWAVACon 2015: GWAVA - Sneak Peek
GWAVACon 2015: GWAVA - Sneak PeekGWAVA
 
LoadBalancing_Print_Webair
LoadBalancing_Print_WebairLoadBalancing_Print_Webair
LoadBalancing_Print_WebairAndrew Paladino
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Spiceworks
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...RightScale
 
CEPTES Product Deck
CEPTES Product Deck CEPTES Product Deck
CEPTES Product Deck CEPTES Software Inc
 
Office 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutOffice 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutQuest
 
JakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native Companion
JakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native CompanionJakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native Companion
JakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native CompanionJakarta_EE
 
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAmazon Web Services
 
Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...
Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...
Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...p6academy
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeResolver Inc.
 

More Related Content

What's hot

Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsTaswar Bhatti
 
Operations manager first call customer presentation
Operations manager first call customer presentationOperations manager first call customer presentation
Operations manager first call customer presentationxKinAnx
 
Achieving cyber mission assurance with near real-time impact
Achieving cyber mission assurance with near real-time impactAchieving cyber mission assurance with near real-time impact
Achieving cyber mission assurance with near real-time impactElasticsearch
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018Taswar Bhatti
 
AWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAmazon Web Services
 
Improving search at Wellcome Collection
Improving search at Wellcome CollectionImproving search at Wellcome Collection
Improving search at Wellcome CollectionElasticsearch
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudLahav Savir
 
Centralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLACentralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLAElasticsearch
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Product Overview: An Analytics Primer
Product Overview: An Analytics PrimerProduct Overview: An Analytics Primer
Product Overview: An Analytics PrimerZenoss
 
GWAVACon 2015: GWAVA - Sneak Peek
GWAVACon 2015: GWAVA - Sneak PeekGWAVACon 2015: GWAVA - Sneak Peek
GWAVACon 2015: GWAVA - Sneak PeekGWAVA
 
LoadBalancing_Print_Webair
LoadBalancing_Print_WebairLoadBalancing_Print_Webair
LoadBalancing_Print_WebairAndrew Paladino
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Spiceworks
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...RightScale
 
Office 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutOffice 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutQuest
 
JakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native Companion
JakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native CompanionJakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native Companion
JakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native CompanionJakarta_EE
 
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAmazon Web Services
 
Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...
Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...
Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...p6academy
 

What's hot (20)

Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
 
Azure Reference Architectures
Azure Reference ArchitecturesAzure Reference Architectures
Azure Reference Architectures
 
Operations manager first call customer presentation
Operations manager first call customer presentationOperations manager first call customer presentation
Operations manager first call customer presentation
 
Achieving cyber mission assurance with near real-time impact
Achieving cyber mission assurance with near real-time impactAchieving cyber mission assurance with near real-time impact
Achieving cyber mission assurance with near real-time impact
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018
 
AWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security Keynote
 
Improving search at Wellcome Collection
Improving search at Wellcome CollectionImproving search at Wellcome Collection
Improving search at Wellcome Collection
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloud
 
Centralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLACentralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLA
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
Product Overview: An Analytics Primer
Product Overview: An Analytics PrimerProduct Overview: An Analytics Primer
Product Overview: An Analytics Primer
 
GWAVACon 2015: GWAVA - Sneak Peek
GWAVACon 2015: GWAVA - Sneak PeekGWAVACon 2015: GWAVA - Sneak Peek
GWAVACon 2015: GWAVA - Sneak Peek
 
LoadBalancing_Print_Webair
LoadBalancing_Print_WebairLoadBalancing_Print_Webair
LoadBalancing_Print_Webair
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
 
CEPTES Product Deck
CEPTES Product Deck CEPTES Product Deck
CEPTES Product Deck
 
Office 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutOffice 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking About
 
JakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native Companion
JakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native CompanionJakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native Companion
JakartaOne Livestream CN4J: Eclipse MicroProfile - Your Cloud-Native Companion
 
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
 
Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...
Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...
Extending primavera through the fusion stack - Oracle Primavera P6 Collaborat...
 

Similar to Cloud computing provider assessment

The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeResolver Inc.
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency ImperativeDistil Networks
 
Cloud First. Be Prepared
Cloud First. Be PreparedCloud First. Be Prepared
Cloud First. Be PreparedBIWUG
 
Houd controle over uw data
Houd controle over uw dataHoud controle over uw data
Houd controle over uw dataICT-Partners
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be PreparedAlan Eardley
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSCloudHesive
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Harry McLaren
 
Considerations for your Cloud Journey
Considerations for your Cloud JourneyConsiderations for your Cloud Journey
Considerations for your Cloud JourneyAmazon Web Services
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudAmazon Web Services
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be PreparedAlan Eardley
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Tudor Damian
 
CCSP Official Review Notes - 2019 version by Ben.pptx
CCSP Official Review Notes - 2019 version by Ben.pptxCCSP Official Review Notes - 2019 version by Ben.pptx
CCSP Official Review Notes - 2019 version by Ben.pptxnoob95
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 
Trust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpTrust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpHarshit Garg
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 

Similar to Cloud computing provider assessment (20)

The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data Safe
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency Imperative
 
Cloud First. Be Prepared
Cloud First. Be PreparedCloud First. Be Prepared
Cloud First. Be Prepared
 
Houd controle over uw data
Houd controle over uw dataHoud controle over uw data
Houd controle over uw data
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWS
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?
 
Considerations for your Cloud Journey
Considerations for your Cloud JourneyConsiderations for your Cloud Journey
Considerations for your Cloud Journey
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS Cloud
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
CCSP Official Review Notes - 2019 version by Ben.pptx
CCSP Official Review Notes - 2019 version by Ben.pptxCCSP Official Review Notes - 2019 version by Ben.pptx
CCSP Official Review Notes - 2019 version by Ben.pptx
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 
Trust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpTrust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erp
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Cloud computing provider assessment

  • 1. We are Visiting the Cloud, are you Joining? Yazan Almasri MSc, CISSP, PMP, ITIL Information Security Director, Aramex International
  • 3. Cloud Drivers • Cost savings • Capex to Opex • Ease of deployment • Speed to solution • Accessibility • Scalability
  • 4. …Security is still a top concern
  • 5. Key Security Concerns • CSP insider threat • Identity and access management • Data protection/Handling • Data destruction • Backups security • Management Portal • Incident Response • Patching Vulnerabilities • Shadow IT
  • 6. Our Role • Balance Agility with Security • Lead the effort to a more secure cloud • Build a cloud adoption strategy
  • 7. Due Diligence Methods • POC • Trial Period • Reference visits • CSP site visit • Review Audits
  • 8. Key questions to assess CSP • Years in service • Previous incidentsReputation • Authentication Controls (Customer, Admins) • Tenant IsolationAccess Control • Server Location • Data retention on terminationData Location • What’s there for customers • Logs for privileged activitiesAudit Trail • Backup Frequency & Security • Inline with your recovery objectivesRecovery • Certifications • Future plansCompliance • For Data In Transit and At Rest • Who owns the keyEncryption • Jurisdictional/Dispute Location • Auto renewalLegal
  • 9. Takeaways Due Diligence Cloud adoption strategy Keep track of latest solutions
  • 11. Resources • How to Secure Data in the Cloud: Due Diligence http://www.cloudcomputinginsights.com/security/how-to-secure-data- in-the-cloud-due-diligence/?mode=featured • Cloud Controls Matrix Working Group https://cloudsecurityalliance.org/group/cloud-controls-matrix/ • Cloud Computing Risk Assessment https://www.enisa.europa.eu/activities/risk- management/files/deliverables/cloud-computing-risk-assessment