Downloaded 22 times
Uploaded byVladimir Jirasek
C-Level tools for Cloud security
The document discusses the importance of cloud security for organizations and highlights key tools and strategies for C-level executives to make informed decisions about cloud adoption. It outlines essential requirements for cloud service procurement, such as ensuring data security, compliance with regulations, and conducting due diligence on cloud providers. Additionally, it encourages participation in the development of new cloud security guidance from the Cloud Security Alliance.
More Related Content
Similar to C-Level tools for Cloud security
C-Level tools for Cloud security
- 1. @CSAUKResearch Cloud Security Alliance, UKchapter https://cloudsecurityalliance.org.uk Everyone is in Cloud, shouldn't we be too?” Tools C-level can use to make informed decisions Cloud World Forum 2015, 25 June 2015 Vladimir Jirasek, CSA UK Research
- 2. @CSAUKResearch Cloud Security Alliance, UKchapter https://cloudsecurityalliance.org.uk Case study
- 3. @CSAUKResearch Cloud Security Alliance, UKchapter https://cloudsecurityalliance.org.uk Your organisation stakeholders and Cloud Customers Business managers, CEO/CFO CIO Legal Security Is my data safe and available? Happiness 😀 Customer satisfaction, ROI, EBITDA ROI, System architecture, Migrations Legality of data processing and locations, Privacy Security architecture, Cyber threats, Monitoring
- 4. @CSAUKResearch Cloud Security Alliance, UKchapter https://cloudsecurityalliance.org.uk Prepare your organisation for Cloud deployments People training & awareness Processes & Governance Technology architecture & controls
- 5. @CSAUKResearch Cloud Security Alliance, UKchapter https://cloudsecurityalliance.org.uk Does you organisation have a Cloud policy? Generic requirements • Requirement 1: Discover Cloud services being used in organisation • Requirement 2: Alignment of organisation enterprise and security architectures with the Cloud Before a Cloud service procurement • Requirement 3: Comply with organisation data classification requirements • Requirement 4: Encrypt all sensitive data processed in the Cloud • Requirement 5: Link the Cloud service into the organisation Identity and Access architecture and monitoring of activities of users During a Cloud service procurement • Requirement 6: Perform due diligence activities before the contract is signed During a Cloud service procurement (contd) • Requirement 7: Require “Right to audit” clause in the contract • Requirement 8: Know locations of personal identifiable information in the cloud • Requirement 9: Assess the availability of the Cloud services • Requirement 10: Assess the cloud provider’s security arrangements • Requirement 11: Assess the Cloud provider’s ability to comply with the organisation forensic investigations Running a Cloud service • Requirement 12: Limit the use of live data for testing and development purposes • Requirement 13: Monitor Cloud providers security arrangements Decommissioning a Cloud service • Requirement 14: Destroy sensitive information when not required
- 6. @CSAUKResearch Cloud Security Alliance, UKchapter https://cloudsecurityalliance.org.uk Cloud Security Alliance offers multiple tools https://cloudsecurityalliance.org/star/ http://www.nist.gov/itl/cloud/
- 7. @CSAUKResearch Cloud Security Alliance, UKchapter https://cloudsecurityalliance.org.uk Get involved! Share knowledge and push towards transparency and standards Call for contributors for a new version of CSA Cloud Guidance, opened on Monday, June 8, for 6 weeks https://cloudsecurityalliance.org/media/news/call-for-volunteers- security-guidance-for-critical-areas-of-focus-in-cloud-computing/
Editor's Notes
- #3 Business need to have customer data in a new app and presented to customers IT quoted 6-9 months and £500k Business hired 3rd party to develop app and host it as well – 2 months and £50k cost to develop Hosted in small hosting provider, no security audit, separate employee login, no AIM connect, no data encryption Year later migration to an internal system Who is at fault?