Presentation focusing on contextual cloud data security governance - also links to an enterprise data classification and control model as well as a cloud data security maturity model

1. Turning the Corner on Cloud Data
Governance
Evelyn de Souza
Data Privacy and Compliance Leader, Cisco Systems
Chair Cloud Security Alliance Data Governance Group
June, 2015

2. AGENDA
Why Cloud Data Governance
Data Types
Data Governance Models
Business-consumable Data Protection
Your Call to Action

3. Why Cloud Data Governance?

4. Cloud Data Governance Challenges
1.Data Protection
(65%)
2. Security
Management (42%)
3. Compliance (53%) 4. Data Governance
(73%)
Is data safely protected
while in motion, in use or
stored in the cloud
How is the availability of
data in the cloud assured?
How are assurance levels
effectively managed by the
cloud provider
Can I get a snapshot of the
cloud provider’s security
capabilities at any given
time?
Can the cloud provider
demonstrate that
regulatory controls are
implemented effectively
and sustainably?
Who owns/accesses/edits/
modifies my data in the
cloud?
Data does not equal a one-
size fits all model
How do you measure
policy
Based upon informal survey with CISOs and InfoSec leaders from Dimension Data, Kloud, CSA Enterprise
Council (43 InfoSec leaders worldwide from SP and Enterprise) and FSISAC Banking Leaders – NEED to set
up User Focus Groups to hone in by segment and industry

5. Cloud is Not a Single Amorphous Model

6. 6
Trust Does Not Equal Compliance

7. Data is Not a One-Size-Fits All Model

8. Contextual Data Governance

9. Data Governance Milestones
KPIs and tools for
measurements in
place
Sporadic
data issues
communication
Standardized data
definitions and rules
in place
Processes
defined by individual
technology functions
Standardized
process per
organization/
Processes are centralized, controlled
and measured
Undefined data
management
policies
Ad hoc
processes / per data
management
AD HOC MANAGED DEFINED PROACTIVE OPTIMIZING
Value driven
Quantitative
management of
data
Real-time analysis and resolution
Continuous process
improvements
– way of life

10. Establishing a Data Governance Board

11. 11
Making Data Protection Business
Consumable

12. 1
Exploring Toolsets for Cloud Data Governance
Steps
2
3
4
http://clouddataprotection.org/cert/

13. 13
CHAOS Theory for Building Beyond..

14. • Build an Executive Data Governance Board
• Join the CSA Cloud Data Governance Working Group on
LinkedIn or Join our Mailing List at
https://lists.cloudsecurityalliance.org/mailman/listinfo/
datagovernance
• Contribute your own data governance model and share
with us at http://clouddataprotection.org/cert/
• Continue the conversation – Twitter @e_desouza or
email: evdesouz@cisco.com
Your Call to Action