SlideShare a Scribd company logo
1 of 9
Cloud & Compliance
SCOR experience
Les jeudis de l’Afai
2d of June, 2016
Henri Guiheux, Group CISO
2
Cloud & Compliance
Agenda
1 Cloud evolution and Regulatory pressure over the past 5 years
2 Cloud Experience of SCOR
3 Cloud Trends
3
Cloud & Compliance
Cloud evolution and Regulatory pressure over the past 5 years
 IT Infrastructure models
 Traditional architectures: In premises, Co-location, Outsourcing,
 Cloud Infrastructure: Public, Private, Hybrid, Sovereign Cloud, IAAS, PAAS, SAAS
 Big Cloud players: AWS Amazon, Google, Microsoft Azure, ..
 Increase of Data leakage and Cyber attacks
 Wikileaks, Snowden, Sony, Target, Anthem, Ashley Madison, T-Mobile, US government agency …
 Global environment highly regulated for SCOR
 Directives & standards: Solvency II, HIPAA, GLBA, U.S. Privacy Shield, General Data Protection
Regulation
 Financial authorities: Autorité des marchés financiers, (AMF), Autorité de contrôle prudentiel et de
résolution: L'ACPR, Financial Industry Regulatory Authority, Inc. (FINRA), Monetary Authority of
Singapore (MAS), Swiss Financial Market Supervisory Authority (FINMA), China Insurance
Regulatory Commission (CIRC), Prudential Regulation Authority (PRA) …
 Appearance of Security assurances to provide trust from Cloud providers
 BSI 27001, SSAE16, ISAE 3402, SOC1 Type 1, SOC 2 Type 2
4
Agenda of the meeting
1 Cloud evolution and Regulatory pressure
2 Cloud Experience of SCOR
3 Cloud Trends
5
Cloud & Compliance
SCOR Experience: Approach
 SCOR cloud strategy
 Develop digital with same SCOR IT resources
 Use Centralized Private Cloud if applicable for IAAS or PAAS
 Select Cloud SAAS if appropriate
 SCOR Implementations since 2012
 Move servers from SCOR premises or co-location datacenters to centralized private cloud
 Keep into SCOR premises minimum equipment strictly requiring proximity.
 Promote SAAS solutions implementation
 SCOR security & compliance
 Asses and monitor security of Cloud providers
 Enforce SCOR IT internal control using COBIT Framework and including cloud environment
 Align SCOR IT internal control with regulator security requirements and client security & data
privacy commitments
 Move toward SOC1 and SOC2 certifications for services provided to its clients.
6
Cloud & Compliance
SCOR Experience: SAAS implementation
 Corporate services
 Time tracking, general expenses, purchase to pay, e-learning, security awareness, …
 Collaborative services
 institutional web site, social network, streaming video
 Security services
 mail security gateway, authentication, security operation center
 Business services
 Marketing, CRM, Specialized Risk Expertise services.
 Additional services to come
 Messaging, Business Continuity (mass notification maessage), Privacy Compliance service, …
7
Cloud & Compliance
SCOR Experience: Lessons learned
 Cloud is not magic and simple.
 Different level of maturity of security and compliance are observed from cloud based
service providers.
 Risk Assessment during selection and contractual clauses (compliance, security, audit,
intellectual property, reversibility, SLA, …) are key steps.
 Transfer of IT activity to the cloud involves IT management transformation moving from
doer role to controlling/monitoring role with capacity of formalization.
 Network and technical architecture become critical to avoid:
 Performance, reliability and quality issues
 Interfacing issues with other IT Systems
 Hidden costs related to configuration and integration must be anticipated
 A strong internal control framework must be established to enable quality and performance
conformance and compliance with external requirements (Cobit 5 very valuable)
8
Agenda of the meeting
1 Cloud evolution and Regulatory pressure
2 Cloud Experience of SCOR
3 Cloud Trends
9
Cloud & Compliance
Cloud Trends
 Key to Monitor cloud players in a very competitive and moving industry
 Increase of Private Cloud offers to be competitive with Public Cloud offers
 Cloud evolution driven by IoT
 Key to watch disruptive cloud technology more economic, secure and productive
 Data encryption at rest
 application containers (data isolation)
 Container hypervisors
 Software Modelling enabling complex configuration :
 ready to use
 Dynamically Scalable,
 Highly automated,
 Fully traceable

More Related Content

What's hot

Recent developments and future challenges in privacy
Recent developments and future challenges in privacyRecent developments and future challenges in privacy
Recent developments and future challenges in privacyPECB
 
Collateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisationsCollateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisationsPECB
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence MarketDatsun Arnold
 
Renewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorRenewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorCloudMask inc.
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security AspectsPECB
 
IBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterIBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterAnna Landolfi
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceDigital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceXenith Document Systems Ltd
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend MicroRoadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend MicroPrime Infoserv
 
CIO Review - Top 20 CyberSecurity
CIO Review - Top 20 CyberSecurityCIO Review - Top 20 CyberSecurity
CIO Review - Top 20 CyberSecurityBob Guimarin
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots   ulf mattsson - aug 2016How can i find my security blind spots   ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?PECB
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Cohesive Networks
 

What's hot (20)

Recent developments and future challenges in privacy
Recent developments and future challenges in privacyRecent developments and future challenges in privacy
Recent developments and future challenges in privacy
 
Collateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisationsCollateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisations
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
 
Renewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorRenewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security Sector
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
 
IBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterIBM per la sicurezza del Datacenter
IBM per la sicurezza del Datacenter
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisition
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceDigital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – Finance
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend MicroRoadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyber
 
CIO Review - Top 20 CyberSecurity
CIO Review - Top 20 CyberSecurityCIO Review - Top 20 CyberSecurity
CIO Review - Top 20 CyberSecurity
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots   ulf mattsson - aug 2016How can i find my security blind spots   ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
 

Viewers also liked

Cybersécurité, IOT automobile et aéronautique
Cybersécurité, IOTautomobile et aéronautiqueCybersécurité, IOTautomobile et aéronautique
Cybersécurité, IOT automobile et aéronautiqueAntoine Vigneron
 
Les ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussieLes ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussieAntoine Vigneron
 
DSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simpliciteDSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simpliciteAntoine Vigneron
 
Les enjeux de la transformation numérique
Les enjeux de la transformation numériqueLes enjeux de la transformation numérique
Les enjeux de la transformation numériqueAntoine Vigneron
 
Galtier Concilier securite et simplicite
Galtier Concilier securite et simpliciteGaltier Concilier securite et simplicite
Galtier Concilier securite et simpliciteAntoine Vigneron
 
Protéger ses données: mission impossible?
Protéger ses données: mission impossible?Protéger ses données: mission impossible?
Protéger ses données: mission impossible?Antoine Vigneron
 
Relever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en EuropeRelever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en EuropeAntoine Vigneron
 
Paiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitalePaiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitaleAntoine Vigneron
 
Challenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital eraChallenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital eraAntoine Vigneron
 
Protéger ses données: mission impossible?
Protéger ses données: mission impossible?Protéger ses données: mission impossible?
Protéger ses données: mission impossible?Antoine Vigneron
 
CFAO Concilier securité et simplicite
CFAO Concilier securité et simpliciteCFAO Concilier securité et simplicite
CFAO Concilier securité et simpliciteAntoine Vigneron
 
Jeudi de l AFAI - Evolutions des menaces et adaptation des SOC
Jeudi de l AFAI - Evolutions des menaces et adaptation des SOCJeudi de l AFAI - Evolutions des menaces et adaptation des SOC
Jeudi de l AFAI - Evolutions des menaces et adaptation des SOCAntoine Vigneron
 
L'informatique et la fraude Aix-en-Provence
L'informatique et la fraude   Aix-en-ProvenceL'informatique et la fraude   Aix-en-Provence
L'informatique et la fraude Aix-en-ProvenceAntoine Vigneron
 
Le risque informatique et sa dimension juridique
Le risque informatique et sa dimension juridiqueLe risque informatique et sa dimension juridique
Le risque informatique et sa dimension juridiqueAntoine Vigneron
 
Gouvernance et architecture des données - Groupe PSA
Gouvernance et architecture des données - Groupe PSAGouvernance et architecture des données - Groupe PSA
Gouvernance et architecture des données - Groupe PSAAntoine Vigneron
 
IoT, Sécurité et Santé: un cocktail détonnant ?
IoT, Sécurité et Santé: un cocktail détonnant ?IoT, Sécurité et Santé: un cocktail détonnant ?
IoT, Sécurité et Santé: un cocktail détonnant ?Antoine Vigneron
 
Jeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécuritéJeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécuritéAntoine Vigneron
 
Meeting the challenges of big data
Meeting the challenges of big dataMeeting the challenges of big data
Meeting the challenges of big dataAntoine Vigneron
 
Cloud Computing et Protection des Données - Guide pratique
Cloud Computing et Protection des Données - Guide pratiqueCloud Computing et Protection des Données - Guide pratique
Cloud Computing et Protection des Données - Guide pratiqueAntoine Vigneron
 
L'entreprise face à ses enjeux et risques numériques
L'entreprise face à ses enjeux et risques numériquesL'entreprise face à ses enjeux et risques numériques
L'entreprise face à ses enjeux et risques numériquesAntoine Vigneron
 

Viewers also liked (20)

Cybersécurité, IOT automobile et aéronautique
Cybersécurité, IOTautomobile et aéronautiqueCybersécurité, IOTautomobile et aéronautique
Cybersécurité, IOT automobile et aéronautique
 
Les ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussieLes ECNi : une transformation numérique réussie
Les ECNi : une transformation numérique réussie
 
DSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simpliciteDSBrowser Concilier securité et simplicite
DSBrowser Concilier securité et simplicite
 
Les enjeux de la transformation numérique
Les enjeux de la transformation numériqueLes enjeux de la transformation numérique
Les enjeux de la transformation numérique
 
Galtier Concilier securite et simplicite
Galtier Concilier securite et simpliciteGaltier Concilier securite et simplicite
Galtier Concilier securite et simplicite
 
Protéger ses données: mission impossible?
Protéger ses données: mission impossible?Protéger ses données: mission impossible?
Protéger ses données: mission impossible?
 
Relever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en EuropeRelever le défi SI de la transformation numérique en Europe
Relever le défi SI de la transformation numérique en Europe
 
Paiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitalePaiement mobile et biométrie, deux piliers de la transformation digitale
Paiement mobile et biométrie, deux piliers de la transformation digitale
 
Challenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital eraChallenges and Risks for the CIO from Outsourcing in the digital era
Challenges and Risks for the CIO from Outsourcing in the digital era
 
Protéger ses données: mission impossible?
Protéger ses données: mission impossible?Protéger ses données: mission impossible?
Protéger ses données: mission impossible?
 
CFAO Concilier securité et simplicite
CFAO Concilier securité et simpliciteCFAO Concilier securité et simplicite
CFAO Concilier securité et simplicite
 
Jeudi de l AFAI - Evolutions des menaces et adaptation des SOC
Jeudi de l AFAI - Evolutions des menaces et adaptation des SOCJeudi de l AFAI - Evolutions des menaces et adaptation des SOC
Jeudi de l AFAI - Evolutions des menaces et adaptation des SOC
 
L'informatique et la fraude Aix-en-Provence
L'informatique et la fraude   Aix-en-ProvenceL'informatique et la fraude   Aix-en-Provence
L'informatique et la fraude Aix-en-Provence
 
Le risque informatique et sa dimension juridique
Le risque informatique et sa dimension juridiqueLe risque informatique et sa dimension juridique
Le risque informatique et sa dimension juridique
 
Gouvernance et architecture des données - Groupe PSA
Gouvernance et architecture des données - Groupe PSAGouvernance et architecture des données - Groupe PSA
Gouvernance et architecture des données - Groupe PSA
 
IoT, Sécurité et Santé: un cocktail détonnant ?
IoT, Sécurité et Santé: un cocktail détonnant ?IoT, Sécurité et Santé: un cocktail détonnant ?
IoT, Sécurité et Santé: un cocktail détonnant ?
 
Jeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécuritéJeudi de l AFAI - Transformations de la cybersécurité
Jeudi de l AFAI - Transformations de la cybersécurité
 
Meeting the challenges of big data
Meeting the challenges of big dataMeeting the challenges of big data
Meeting the challenges of big data
 
Cloud Computing et Protection des Données - Guide pratique
Cloud Computing et Protection des Données - Guide pratiqueCloud Computing et Protection des Données - Guide pratique
Cloud Computing et Protection des Données - Guide pratique
 
L'entreprise face à ses enjeux et risques numériques
L'entreprise face à ses enjeux et risques numériquesL'entreprise face à ses enjeux et risques numériques
L'entreprise face à ses enjeux et risques numériques
 

Similar to Cloud and compliance REX

Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...SLA-Ready Network
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?Jody Keyser
 
Private Cloud Hosting Services Market Trends Analysis.pdf
Private Cloud Hosting Services Market Trends Analysis.pdfPrivate Cloud Hosting Services Market Trends Analysis.pdf
Private Cloud Hosting Services Market Trends Analysis.pdfshreyaporekar9
 
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2ShivamSharma909
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...
Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...
Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...Cloud Security Alliance Lviv Chapter
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 
Cloud computing Risk management
Cloud computing Risk management  Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ramy Houssaini
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfCiente
 
Top Trends in Cloud Computing for 2023.pptx
Top Trends in Cloud Computing for 2023.pptxTop Trends in Cloud Computing for 2023.pptx
Top Trends in Cloud Computing for 2023.pptxSaadZaman23
 
Automation alley day in the cloud presentation - formatted
Automation alley   day in the cloud presentation - formattedAutomation alley   day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedMatthew Moldvan
 
Why CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfWhy CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfinfosec train
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 

Similar to Cloud and compliance REX (20)

Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
 
Private Cloud Hosting Services Market Trends Analysis.pdf
Private Cloud Hosting Services Market Trends Analysis.pdfPrivate Cloud Hosting Services Market Trends Analysis.pdf
Private Cloud Hosting Services Market Trends Analysis.pdf
 
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
 
Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...
Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...
Michael Kropyva - Security Compliance For Cloud Providers - Customer`s Perspe...
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Cloud computing Risk management
Cloud computing Risk management  Cloud computing Risk management
Cloud computing Risk management
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
 
Top Trends in Cloud Computing for 2023.pptx
Top Trends in Cloud Computing for 2023.pptxTop Trends in Cloud Computing for 2023.pptx
Top Trends in Cloud Computing for 2023.pptx
 
Automation alley day in the cloud presentation - formatted
Automation alley   day in the cloud presentation - formattedAutomation alley   day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
 
Why CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfWhy CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdf
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 

More from Antoine Vigneron

L'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécuritéL'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécuritéAntoine Vigneron
 
La signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usagesLa signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usagesAntoine Vigneron
 
La signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDASLa signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDASAntoine Vigneron
 
La signature électronique chez les notaires
La signature électronique chez les notairesLa signature électronique chez les notaires
La signature électronique chez les notairesAntoine Vigneron
 
La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?Antoine Vigneron
 
Internet des objets - Doc@Post
Internet des objets - Doc@PostInternet des objets - Doc@Post
Internet des objets - Doc@PostAntoine Vigneron
 
Objets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendreObjets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendreAntoine Vigneron
 
Données personnelles et SI - GDPR
Données personnelles et SI - GDPRDonnées personnelles et SI - GDPR
Données personnelles et SI - GDPRAntoine Vigneron
 
La transition numérique un des facteurs clé vers une performance globale des...
 La transition numérique un des facteurs clé vers une performance globale des... La transition numérique un des facteurs clé vers une performance globale des...
La transition numérique un des facteurs clé vers une performance globale des...Antoine Vigneron
 
Lexpresse de la Banque Postale - Privacy et Big Data
Lexpresse de la Banque Postale - Privacy et Big DataLexpresse de la Banque Postale - Privacy et Big Data
Lexpresse de la Banque Postale - Privacy et Big DataAntoine Vigneron
 
Protéger ses données: mission impossible?
Protéger ses données: mission impossible?Protéger ses données: mission impossible?
Protéger ses données: mission impossible?Antoine Vigneron
 
Cybercriminalité: menaces et parades
Cybercriminalité: menaces et paradesCybercriminalité: menaces et parades
Cybercriminalité: menaces et paradesAntoine Vigneron
 

More from Antoine Vigneron (15)

L'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécuritéL'automatisation au service de la cybersécurité
L'automatisation au service de la cybersécurité
 
La signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usagesLa signature électronique et eIDAS - De nouveaux usages
La signature électronique et eIDAS - De nouveaux usages
 
La signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDASLa signature électronique et les nouveaux services eIDAS
La signature électronique et les nouveaux services eIDAS
 
La signature électronique chez les notaires
La signature électronique chez les notairesLa signature électronique chez les notaires
La signature électronique chez les notaires
 
Bitcoin et le bitcoin
Bitcoin et le bitcoinBitcoin et le bitcoin
Bitcoin et le bitcoin
 
La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?La Blockchain: la fin des tiers de confiance?
La Blockchain: la fin des tiers de confiance?
 
CIO advisory English
CIO advisory English CIO advisory English
CIO advisory English
 
Les objets connectés
Les objets connectésLes objets connectés
Les objets connectés
 
Internet des objets - Doc@Post
Internet des objets - Doc@PostInternet des objets - Doc@Post
Internet des objets - Doc@Post
 
Objets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendreObjets connectés: un 360° pour les comprendre
Objets connectés: un 360° pour les comprendre
 
Données personnelles et SI - GDPR
Données personnelles et SI - GDPRDonnées personnelles et SI - GDPR
Données personnelles et SI - GDPR
 
La transition numérique un des facteurs clé vers une performance globale des...
 La transition numérique un des facteurs clé vers une performance globale des... La transition numérique un des facteurs clé vers une performance globale des...
La transition numérique un des facteurs clé vers une performance globale des...
 
Lexpresse de la Banque Postale - Privacy et Big Data
Lexpresse de la Banque Postale - Privacy et Big DataLexpresse de la Banque Postale - Privacy et Big Data
Lexpresse de la Banque Postale - Privacy et Big Data
 
Protéger ses données: mission impossible?
Protéger ses données: mission impossible?Protéger ses données: mission impossible?
Protéger ses données: mission impossible?
 
Cybercriminalité: menaces et parades
Cybercriminalité: menaces et paradesCybercriminalité: menaces et parades
Cybercriminalité: menaces et parades
 

Recently uploaded

TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimaginedpanagenda
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentationyogeshlabana357357
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jNeo4j
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxBT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxNeo4j
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 

Recently uploaded (20)

TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxBT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 

Cloud and compliance REX

  • 1. Cloud & Compliance SCOR experience Les jeudis de l’Afai 2d of June, 2016 Henri Guiheux, Group CISO
  • 2. 2 Cloud & Compliance Agenda 1 Cloud evolution and Regulatory pressure over the past 5 years 2 Cloud Experience of SCOR 3 Cloud Trends
  • 3. 3 Cloud & Compliance Cloud evolution and Regulatory pressure over the past 5 years  IT Infrastructure models  Traditional architectures: In premises, Co-location, Outsourcing,  Cloud Infrastructure: Public, Private, Hybrid, Sovereign Cloud, IAAS, PAAS, SAAS  Big Cloud players: AWS Amazon, Google, Microsoft Azure, ..  Increase of Data leakage and Cyber attacks  Wikileaks, Snowden, Sony, Target, Anthem, Ashley Madison, T-Mobile, US government agency …  Global environment highly regulated for SCOR  Directives & standards: Solvency II, HIPAA, GLBA, U.S. Privacy Shield, General Data Protection Regulation  Financial authorities: Autorité des marchés financiers, (AMF), Autorité de contrôle prudentiel et de résolution: L'ACPR, Financial Industry Regulatory Authority, Inc. (FINRA), Monetary Authority of Singapore (MAS), Swiss Financial Market Supervisory Authority (FINMA), China Insurance Regulatory Commission (CIRC), Prudential Regulation Authority (PRA) …  Appearance of Security assurances to provide trust from Cloud providers  BSI 27001, SSAE16, ISAE 3402, SOC1 Type 1, SOC 2 Type 2
  • 4. 4 Agenda of the meeting 1 Cloud evolution and Regulatory pressure 2 Cloud Experience of SCOR 3 Cloud Trends
  • 5. 5 Cloud & Compliance SCOR Experience: Approach  SCOR cloud strategy  Develop digital with same SCOR IT resources  Use Centralized Private Cloud if applicable for IAAS or PAAS  Select Cloud SAAS if appropriate  SCOR Implementations since 2012  Move servers from SCOR premises or co-location datacenters to centralized private cloud  Keep into SCOR premises minimum equipment strictly requiring proximity.  Promote SAAS solutions implementation  SCOR security & compliance  Asses and monitor security of Cloud providers  Enforce SCOR IT internal control using COBIT Framework and including cloud environment  Align SCOR IT internal control with regulator security requirements and client security & data privacy commitments  Move toward SOC1 and SOC2 certifications for services provided to its clients.
  • 6. 6 Cloud & Compliance SCOR Experience: SAAS implementation  Corporate services  Time tracking, general expenses, purchase to pay, e-learning, security awareness, …  Collaborative services  institutional web site, social network, streaming video  Security services  mail security gateway, authentication, security operation center  Business services  Marketing, CRM, Specialized Risk Expertise services.  Additional services to come  Messaging, Business Continuity (mass notification maessage), Privacy Compliance service, …
  • 7. 7 Cloud & Compliance SCOR Experience: Lessons learned  Cloud is not magic and simple.  Different level of maturity of security and compliance are observed from cloud based service providers.  Risk Assessment during selection and contractual clauses (compliance, security, audit, intellectual property, reversibility, SLA, …) are key steps.  Transfer of IT activity to the cloud involves IT management transformation moving from doer role to controlling/monitoring role with capacity of formalization.  Network and technical architecture become critical to avoid:  Performance, reliability and quality issues  Interfacing issues with other IT Systems  Hidden costs related to configuration and integration must be anticipated  A strong internal control framework must be established to enable quality and performance conformance and compliance with external requirements (Cobit 5 very valuable)
  • 8. 8 Agenda of the meeting 1 Cloud evolution and Regulatory pressure 2 Cloud Experience of SCOR 3 Cloud Trends
  • 9. 9 Cloud & Compliance Cloud Trends  Key to Monitor cloud players in a very competitive and moving industry  Increase of Private Cloud offers to be competitive with Public Cloud offers  Cloud evolution driven by IoT  Key to watch disruptive cloud technology more economic, secure and productive  Data encryption at rest  application containers (data isolation)  Container hypervisors  Software Modelling enabling complex configuration :  ready to use  Dynamically Scalable,  Highly automated,  Fully traceable