SlideShare a Scribd company logo
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Everyone is in Cloud,
shouldn't we be too?”
Tools C-level can use to make informed decisions
Cloud World Forum 2015, 25 June 2015
Vladimir Jirasek, CSA UK Research
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Case study
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Your organisation stakeholders and Cloud
Customers Business
managers,
CEO/CFO
CIO Legal Security
Is my data safe
and available?
Happiness 😀
Customer
satisfaction,
ROI, EBITDA
ROI, System
architecture,
Migrations
Legality of data
processing and
locations,
Privacy
Security
architecture,
Cyber threats,
Monitoring
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Prepare your organisation
for Cloud deployments
People
training &
awareness
Processes &
Governance
Technology
architecture
& controls
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Does you organisation have a Cloud policy?
Generic requirements
• Requirement 1: Discover Cloud services being used in
organisation
• Requirement 2: Alignment of organisation enterprise and
security architectures with the Cloud
Before a Cloud service procurement
• Requirement 3: Comply with organisation data classification
requirements
• Requirement 4: Encrypt all sensitive data processed in the
Cloud
• Requirement 5: Link the Cloud service into the organisation
Identity and Access architecture and monitoring of activities
of users
During a Cloud service procurement
• Requirement 6: Perform due diligence activities before the
contract is signed
During a Cloud service procurement (contd)
• Requirement 7: Require “Right to audit” clause in the contract
• Requirement 8: Know locations of personal identifiable information in
the cloud
• Requirement 9: Assess the availability of the Cloud services
• Requirement 10: Assess the cloud provider’s security
arrangements
• Requirement 11: Assess the Cloud provider’s ability to comply with the
organisation forensic investigations
Running a Cloud service
• Requirement 12: Limit the use of live data for testing and development
purposes
• Requirement 13: Monitor Cloud providers security arrangements
Decommissioning a Cloud service
• Requirement 14: Destroy sensitive information when not required
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Cloud Security Alliance offers multiple tools
https://cloudsecurityalliance.org/star/
http://www.nist.gov/itl/cloud/
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Get involved! Share knowledge and push
towards transparency and standards
Call for contributors for a new version of CSA Cloud Guidance,
opened on Monday, June 8, for 6 weeks
https://cloudsecurityalliance.org/media/news/call-for-volunteers-
security-guidance-for-critical-areas-of-focus-in-cloud-computing/

More Related Content

What's hot

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
Iftikhar Ali Iqbal
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
Samrat Das
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
Kyle Watson
 
Cloud security
Cloud securityCloud security
Cloud security
François Boucher
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
Michael Torres
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases
Netskope
 
Guide to CASB Use Cases
Guide to CASB Use CasesGuide to CASB Use Cases
Guide to CASB Use Cases
Sachin Yadav
 
Automatizovaná bezpečnost – nadstandard nebo nutnost?
Automatizovaná bezpečnost – nadstandard nebo nutnost?Automatizovaná bezpečnost – nadstandard nebo nutnost?
Automatizovaná bezpečnost – nadstandard nebo nutnost?
MarketingArrowECS_CZ
 
Cloud Privacy & Security compliance
Cloud Privacy & Security complianceCloud Privacy & Security compliance
Cloud Privacy & Security compliance
Bryan Starbuck
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
Moshe Ferber
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development Summary
CloudSecurityAllianceAustralia
 
5 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 3655 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 365
Netskope
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
CloudSecurityAllianceAustralia
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
YounesChafi1
 
Security Challenges in Cloud
Security Challenges in CloudSecurity Challenges in Cloud
Security Challenges in Cloud
MarketingArrowECS_CZ
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First  Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First  Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Netskope
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
Forcepoint LLC
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Workshop on CASB Part 2
Workshop on CASB Part 2Workshop on CASB Part 2
Workshop on CASB Part 2
Priyanka Aash
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio Overview
Iftikhar Ali Iqbal
 

What's hot (20)

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases
 
Guide to CASB Use Cases
Guide to CASB Use CasesGuide to CASB Use Cases
Guide to CASB Use Cases
 
Automatizovaná bezpečnost – nadstandard nebo nutnost?
Automatizovaná bezpečnost – nadstandard nebo nutnost?Automatizovaná bezpečnost – nadstandard nebo nutnost?
Automatizovaná bezpečnost – nadstandard nebo nutnost?
 
Cloud Privacy & Security compliance
Cloud Privacy & Security complianceCloud Privacy & Security compliance
Cloud Privacy & Security compliance
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development Summary
 
5 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 3655 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 365
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
 
Security Challenges in Cloud
Security Challenges in CloudSecurity Challenges in Cloud
Security Challenges in Cloud
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First  Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First  Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Workshop on CASB Part 2
Workshop on CASB Part 2Workshop on CASB Part 2
Workshop on CASB Part 2
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio Overview
 

Similar to C-Level tools for Cloud security

Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015
Ray Bugg
 
Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016
Adrian Cockcroft
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Cloud Security Alliance Lviv Chapter
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloud
Nextel S.A.
 
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2
Trish McGinity, CCSK
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
Scalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
patmisasi
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 security
Cisco
 
Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013
David Linthicum
 
CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution Overview
CipherCloud
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Thin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityThin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud Security
Dan Fitzgerald, CISSP, CIPM
 
Cisco at v mworld 2015 cisco-on-demand-private-cloud-for-vmworld-01_sep2015-a...
Cisco at v mworld 2015 cisco-on-demand-private-cloud-for-vmworld-01_sep2015-a...Cisco at v mworld 2015 cisco-on-demand-private-cloud-for-vmworld-01_sep2015-a...
Cisco at v mworld 2015 cisco-on-demand-private-cloud-for-vmworld-01_sep2015-a...
ldangelo0772
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
JacksonMorgan9
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
PolarSeven Pty Ltd
 
PaaS in the Real World
PaaS in the Real WorldPaaS in the Real World
PaaS in the Real World
Angie Hirata
 
Cloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestCloud Computing Gets Put to the Test
Cloud Computing Gets Put to the Test
Avere Systems
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
Marc Vael
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
promediakw
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
David Linthicum
 

Similar to C-Level tools for Cloud security (20)

Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015
 
Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloud
 
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 security
 
Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013
 
CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution Overview
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA Australia
 
Thin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityThin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud Security
 
Cisco at v mworld 2015 cisco-on-demand-private-cloud-for-vmworld-01_sep2015-a...
Cisco at v mworld 2015 cisco-on-demand-private-cloud-for-vmworld-01_sep2015-a...Cisco at v mworld 2015 cisco-on-demand-private-cloud-for-vmworld-01_sep2015-a...
Cisco at v mworld 2015 cisco-on-demand-private-cloud-for-vmworld-01_sep2015-a...
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 
PaaS in the Real World
PaaS in the Real WorldPaaS in the Real World
PaaS in the Real World
 
Cloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestCloud Computing Gets Put to the Test
Cloud Computing Gets Put to the Test
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
 

More from Vladimir Jirasek

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
Vladimir Jirasek
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London Gathering
Vladimir Jirasek
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
Vladimir Jirasek
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009
Vladimir Jirasek
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
Vladimir Jirasek
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metrics
Vladimir Jirasek
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
Vladimir Jirasek
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
Vladimir Jirasek
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
Vladimir Jirasek
 
CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011
Vladimir Jirasek
 
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008  Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008  Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
Vladimir Jirasek
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
Vladimir Jirasek
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud  Opportunities For A Single IdentityFederation For The Cloud  Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
Vladimir Jirasek
 

More from Vladimir Jirasek (15)

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London Gathering
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metrics
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011
 
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008  Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008  Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud  Opportunities For A Single IdentityFederation For The Cloud  Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
 

Recently uploaded

Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Torry Harris
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
KAMAL CHOUDHARY
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling  in real worldImplementations of Fused Deposition Modeling  in real world
Implementations of Fused Deposition Modeling in real world
Emerging Tech
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
313mohammedarshad
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Mydbops
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
chetankumar9855
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
ishalveerrandhawa1
 

Recently uploaded (20)

Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling  in real worldImplementations of Fused Deposition Modeling  in real world
Implementations of Fused Deposition Modeling in real world
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
 

C-Level tools for Cloud security

  • 1. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Everyone is in Cloud, shouldn't we be too?” Tools C-level can use to make informed decisions Cloud World Forum 2015, 25 June 2015 Vladimir Jirasek, CSA UK Research
  • 2. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Case study
  • 3. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Your organisation stakeholders and Cloud Customers Business managers, CEO/CFO CIO Legal Security Is my data safe and available? Happiness 😀 Customer satisfaction, ROI, EBITDA ROI, System architecture, Migrations Legality of data processing and locations, Privacy Security architecture, Cyber threats, Monitoring
  • 4. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Prepare your organisation for Cloud deployments People training & awareness Processes & Governance Technology architecture & controls
  • 5. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Does you organisation have a Cloud policy? Generic requirements • Requirement 1: Discover Cloud services being used in organisation • Requirement 2: Alignment of organisation enterprise and security architectures with the Cloud Before a Cloud service procurement • Requirement 3: Comply with organisation data classification requirements • Requirement 4: Encrypt all sensitive data processed in the Cloud • Requirement 5: Link the Cloud service into the organisation Identity and Access architecture and monitoring of activities of users During a Cloud service procurement • Requirement 6: Perform due diligence activities before the contract is signed During a Cloud service procurement (contd) • Requirement 7: Require “Right to audit” clause in the contract • Requirement 8: Know locations of personal identifiable information in the cloud • Requirement 9: Assess the availability of the Cloud services • Requirement 10: Assess the cloud provider’s security arrangements • Requirement 11: Assess the Cloud provider’s ability to comply with the organisation forensic investigations Running a Cloud service • Requirement 12: Limit the use of live data for testing and development purposes • Requirement 13: Monitor Cloud providers security arrangements Decommissioning a Cloud service • Requirement 14: Destroy sensitive information when not required
  • 6. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Cloud Security Alliance offers multiple tools https://cloudsecurityalliance.org/star/ http://www.nist.gov/itl/cloud/
  • 7. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Get involved! Share knowledge and push towards transparency and standards Call for contributors for a new version of CSA Cloud Guidance, opened on Monday, June 8, for 6 weeks https://cloudsecurityalliance.org/media/news/call-for-volunteers- security-guidance-for-critical-areas-of-focus-in-cloud-computing/

Editor's Notes

  1. Business need to have customer data in a new app and presented to customers IT quoted 6-9 months and £500k Business hired 3rd party to develop app and host it as well – 2 months and £50k cost to develop Hosted in small hosting provider, no security audit, separate employee login, no AIM connect, no data encryption Year later migration to an internal system Who is at fault?