Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Global Efforts to Secure Cloud Computing

673 views

Published on

Presented at InnoTech Oregon 2013. All rights reserved.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Global Efforts to Secure Cloud Computing

  1. 1. www.cloudsecurityalliance.org
  2. 2. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceCloudOne million newmobile devices -each day!Social NetworkingDigital Nativeswww.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  3. 3. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgState Sponsored Cyberattacks?Organized Crime?Legal Jurisdiction & Data Sovereignty?Global Security Standards?Privacy Protection for Citizens?Transparency & Visibility from Cloud Providers?Copyright © 2013 Cloud Security Alliance
  4. 4. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgShift the balance of power to consumers of ITEnable innovation to solve difficult problems ofhumanityGive the individual the tools to control their digitaldestinyDo this by creating confidence, trust andtransparency in IT systemsSecurity is not overhead, it is the enablerCopyright © 2013 Cloud Security Alliance
  5. 5. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  6. 6. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  7. 7. www.cloudsecurityalliance.org7enterpriseboundarypublic cloudsprivate cloudscloud of usersNotionalorganizationalboundary• Cloud + Mobile• Dispersal of applications• Dispersal of data• Dispersal of users• Dispersal of endpointdevices
  8. 8. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancehttps://cloudsecurityalliance.org/research/top-threats/
  9. 9. www.cloudsecurityalliance.org
  10. 10. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  11. 11. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceSunlight is the bestdisinfectant,”U.S. Supreme Court Justice LouisBrandeis
  12. 12. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceControlRequirementsProviderAssertions
  13. 13. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceGRC StackFamily of 4 research projectsCloud Controls Matrix (CCM)Consensus Assessments Initiative(CAI)Cloud AuditCloud Trust Protocol (CTP)Impact to the IndustryDeveloped tools for governance,risk and compliance managementin the cloudTechnical pilotsProvider certification throughSTAR programControlRequirementsProviderAssertions
  14. 14. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  15. 15. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  16. 16. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  17. 17. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance2 Registered(December 2012)30 Registered(April 2013)
  18. 18. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  19. 19. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceDG 4.2: Do you have a documented procedure for responding to requestsfor tenant data from governments or third parties?Amazon AWSAWS errs on the side of protecting customer privacy and is vigilant indetermining which law enforcement requests we must comply with. AWSdoes not hesitate to challenge orders from law enforcement if we think theorders lack a solid basis.Box.netBox does have documented procedures for responding to requests for tenantdata from governments and third parties.SHICustomer responsibility. SHI has no direct access, so requests for datathrough third parties will be responded to by the customer themselves,however, SHI can sanitize and delete customer data upon migration from thecloud.Verizon/Terremark Yes
  20. 20. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  21. 21. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceOPEN CERTIFICATION FRAMEWORKCONTINUOUSATTESTATION | CERTIFICATIONSELF ASSESSMENTTRANSPERANCYASSURANCE
  22. 22. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceClear GRC objectives3rd PartyAssessmentReal time,continuousmonitoring++Self Assessment+
  23. 23. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  24. 24. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancewww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
  25. 25. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliancewww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
  26. 26. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  27. 27. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  28. 28. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgOur research includesfundamental projects neededto define and implement trustwithin the future ofinformation technologyCSA continues to beaggressive in producingcritical research, educationand toolsCopyright © 2013 Cloud Security Alliance
  29. 29. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AlliancePreviously known as Trusted CloudInitiativeSecurity reference architecture for cloudArchitecture in use by early adopters of cloud inGlobal 2000Cloud brokeringTo do:Management toolsTechnical implementation guidesDocumented case studies & use cases
  30. 30. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  31. 31. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security AllianceCertificate of Cloud SecurityKnowledge (CCSK)Benchmark of cloud securitycompetencyOnline web-based examinationwww.cloudsecurityalliance.org/certifymeTraining partnershipsDeveloping new curriculum foraudit, software development andarchitecturePartnership with (ISC)2 for cloudsecurity architecture certification
  32. 32. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  33. 33. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  34. 34. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
  35. 35. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgPlease contact Jim Reavis atjreavis@cloudsecurityalliance.org for more information on theCloud Security AllianceI will see you at the CSAEMEA Congress, September24-26 in EdinburghCopyright © 2013 Cloud Security Alliancehttps://cloudsecurityalliance.org/events/csa-emea-congress-2013/
  36. 36. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

×