DLP i/t CloudRob Kloots, CSA representative                                 March 2011
Agenda•   About the Cloud Security Alliance•   What is cloud computing?•   CSA GRC•   Consensus Assessment Initiative Ques...
About the Cloud Security Alliance• Global, not-for-profit organization• Over 17,000 individual members, 90 corporate  memb...
What is Cloud Computing?•   Compute as a utility: third major era of computing•   Aligning IT costs with business needs an...
CSA GRC (Governance Risk•              Compliance) Stack    Suite of tools, best practices                                ...
Consensus Assessment Initiative                  Questionnaire (CAIQ)• 148 Questions to ask cloud providers
Control Matrix
Additional relevant GRC tools &              initiatives• Jericho Forum• BITS Shared Assessments• ISF• CAMM• Risk Ontology...
CS-DLP Roadmap•    Assess Current situation•    Define Target situation•    Use CSA GRC Stack•    Organise, Test and Adapt...
Thank you!Thank You!
Upcoming SlideShare
Loading in …5
×

Csa dlp

438 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
438
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Csa dlp

  1. 1. DLP i/t CloudRob Kloots, CSA representative March 2011
  2. 2. Agenda• About the Cloud Security Alliance• What is cloud computing?• CSA GRC• Consensus Assessment Initiative Questionnaire• Control Matrix• Industry GRC activities in the cloud• CS-DLP roadmap• Q&A
  3. 3. About the Cloud Security Alliance• Global, not-for-profit organization• Over 17,000 individual members, 90 corporate members• Building best practices and a trusted cloud ecosystem• Agile philosophy, rapid development of applied research – GRC: Balance compliance with risk management – Reference models: build using existing standards
  4. 4. What is Cloud Computing?• Compute as a utility: third major era of computing• Aligning IT costs with business needs and revenue• Accelerate innovation• Not one cloud – 3 Delivery Models – 4 Deployment Modes – Thousands of providers – Several unique cloud solutions for any given business problem
  5. 5. CSA GRC (Governance Risk• Compliance) Stack Suite of tools, best practices Provider Assertions and enabling technology• For cloud providers, enterprises, solution providers and audit/compliance – CCM: Controls Framework Private & Public – CAI: Assessment Questionnaire Clouds – CloudAudit: Continuous Controls Monitoring Automation Control Requirementswww.cloudsecurityalliance.org/grcstack
  6. 6. Consensus Assessment Initiative Questionnaire (CAIQ)• 148 Questions to ask cloud providers
  7. 7. Control Matrix
  8. 8. Additional relevant GRC tools & initiatives• Jericho Forum• BITS Shared Assessments• ISF• CAMM• Risk Ontology for Basel III• ISACA Cloud Computing Mgt Audit/Assurance Program• NIST, SANS, ... in all these initiatives & organizations CSA participates
  9. 9. CS-DLP Roadmap• Assess Current situation• Define Target situation• Use CSA GRC Stack• Organise, Test and Adapt GRC Process including Monitoring & Audit• Test run & adopt Cloud Services• ...
  10. 10. Thank you!Thank You!

×