•The Roer Group: 1994•Author & blogger•Consulting, training and  speaking worldwide•Information security  and Risk Managem...
•Risk management•Compliance and legal matters•Humans•Technology•Business models
Source: http://en.wikipedia.org/wiki/Risk_management, 3rd June 2012
Risk is defined in ISO 31000 as the effect ofuncertainty on objectives, whether positiveor negativeRisk management is the i...
Risk management requires
Risk management requires•competence
Risk management requires•competence•resources
Risk management requires•competence•resources  Something most SME’s don’t have
• What are our risks when buying this service from this vendor?• Can we accept those risks?• How will our cloud supplier(s...
Plan for Cloud Fail!
• HIPAA             • Gramm-Leach-Bliley• SOx               • Breach Notification                      Legislation• PCI-DSS...
Data Protection Directive (Directive 95/46/EC)Personal data are defined as“any information relating to an identified or iden...
•Most laws and regulations fail to  recognize the service providers role, and  assume that the owner of the data also  con...
•Where (country) do you store the data?•Which jurisdiction controls your data?•What and who have access to the data?•Priva...
• What training will our users need in order to  successfully use the cloud service?• How does the cloud service impact ou...
• What alternative cloud services are available  to us?• What impact will the cloud implementation  have on our IT-departm...
•99% of companies in EU are SME•most lack knowledge, understanding and  competence for maintaining their own  systems•Clou...
• How will the cloud provider sustain  themselves and stay in business?• How important is price vs customation to us?• Wha...
?
Kai Roer  kai@roer.com http://roer.comTwitter: @kairoer
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
The Cloud Security Rules
Upcoming SlideShare
Loading in …5
×

The Cloud Security Rules

1,973 views

Published on

The Cloud Security Rules on hour presentation as given at The Norwegian Developer Conference in Oslo, June 2012 (NDC Oslo 2012).
Targeting managers and decision makers, helping them to understand how to choose the best cloud supplier for their needs.

Published in: Business, Technology
1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total views
1,973
On SlideShare
0
From Embeds
0
Number of Embeds
496
Actions
Shares
0
Downloads
17
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • The Cloud Security Rules

    1. 1. •The Roer Group: 1994•Author & blogger•Consulting, training and speaking worldwide•Information security and Risk Management
    2. 2. •Risk management•Compliance and legal matters•Humans•Technology•Business models
    3. 3. Source: http://en.wikipedia.org/wiki/Risk_management, 3rd June 2012
    4. 4. Risk is defined in ISO 31000 as the effect ofuncertainty on objectives, whether positiveor negativeRisk management is the identification,assessment, and prioritization of risksfollowed by coordinated and economicalapplication of resources to minimize,monitor, and control the probability and /orimpact of unfortunate events or to maximizethe realization of opportunities. Source: http://en.wikipedia.org/wiki/Risk_management, 3rd June 2012
    5. 5. Risk management requires
    6. 6. Risk management requires•competence
    7. 7. Risk management requires•competence•resources
    8. 8. Risk management requires•competence•resources Something most SME’s don’t have
    9. 9. • What are our risks when buying this service from this vendor?• Can we accept those risks?• How will our cloud supplier(s) impact our business contingency plan?• What if the cloud fail?
    10. 10. Plan for Cloud Fail!
    11. 11. • HIPAA • Gramm-Leach-Bliley• SOx • Breach Notification Legislation• PCI-DSS• The Patriot Act • Data Protection Directive• Basel I • The new EU Data Regulations• Basel II• Basel III • FISMA
    12. 12. Data Protection Directive (Directive 95/46/EC)Personal data are defined as“any information relating to an identified or identifiable natural person ("data subject");an identifiable person is one who can be identified, directly or indirectly, in particular byreference to an identification number or to one or more factors specific to his physical,physiological, mental, economic, cultural or social identity;" (art. 2 a) Any information connected to a person.
    13. 13. •Most laws and regulations fail to recognize the service providers role, and assume that the owner of the data also controls the infrastructure.
    14. 14. •Where (country) do you store the data?•Which jurisdiction controls your data?•What and who have access to the data?•Privacy regulations in EU != USA
    15. 15. • What training will our users need in order to successfully use the cloud service?• How does the cloud service impact our policies?• Are we ready for cloud? What will need to be changed to prepare us?
    16. 16. • What alternative cloud services are available to us?• What impact will the cloud implementation have on our IT-department?• Who is in charge of support?
    17. 17. •99% of companies in EU are SME•most lack knowledge, understanding and competence for maintaining their own systems•Cloud provides a more secure and cost- efficient solution to most of these companies
    18. 18. • How will the cloud provider sustain themselves and stay in business?• How important is price vs customation to us?• What kind of impact will the use of this service have on our business model?• What can we change in our current business model to benefit from the cloud possibilities?
    19. 19. ?
    20. 20. Kai Roer kai@roer.com http://roer.comTwitter: @kairoer

    ×