SlideShare a Scribd company logo

Cloud controls final2

Valencell, Inc.
Valencell, Inc.

6fusion and Network Box webinar on cloud security related to regulatory requirements, such as HIPAA, CSA CCM, FedRAMP, and PCI.

Technology
1 of 22
Download to read offline
Do you know your cloud controls? A"close"look"at"regulatory"requirements"for"cloud"security" Steven&Wolford& Chad&Walter& Director,&Informa4on&Security& Director,&Channel&Development& 6fusion& Network&Box&USA& swolford@6fusion.com& cwalter@networkboxusa.com&
Today’s Agenda •  Introduc6on" •  What"is"cloud?" •  Who"controls"cloud?" •  Cloud"types" •  Standards"impac6ng"security" •  CSA&CCM& •  FedRAMP& •  PCI& •  HIPAA& •  How"it"all"fits"together" •  Q&A"
Who We Are 6fusion" Network"Box"USA" 6fusion&breaks&down&tradi4onal&IT&boundaries& Network&Box&USA&provides&comprehensive,& by&delivering&universal&metering&and&access&to& fully&managed&perimeter&internet&security& global&IT&infrastructure.& solu4ons.&The&Network&Box&Unified&Threat& & Management&(UTM)&solu4on&combines& The&unique&metering&algorithm,&Workload& numerous&applica4ons&such&as&firewall,& Alloca4on&Cube&(WAC),&creates&a&commercial& intrusion&preven4on&and&detec4on,&an4Qvirus,& standard&to&quan4fy&supply&and&demand&for& content&filtering,&an4Qspan,&an4Qphishing,&an4Q compute&resources.&& spyware&and&VPN&into&one&single,& sophis4cated&mix&of&hardware&and&soSware.& Network&Box&USA&enables&businesses&of&all& sizes&to&secure&their&networks&easily&and&cost& effec4vely.& This&is&the&second&in&a&series&of&webinars&on&cloud&security.&We&will&let& you&shape&the&content&of&the&next&webinar&at&the&end&of&this&webinar.&&
What is “Cloud” Cloud&Consumer& Cloud&Auditor& Cloud&Broker& Cloud&Provider& Service&Orchestra4on& Cloud&Service& Management& Service&Layer& SaaS& Service& Security&Audit& Intermedia4on& PaaS& Business& Support& Security& IaaS& Privacy& Privacy&Impact& Service& Audit& Aggrega4on& Resource&Abstrac4on&and& Provisioning&/& Performance& Service& Control&Layer& Configura4on& Audit& Arbitrage& Physical&Resource&Layer& Hardware& Portability&/& Interoperability& Facility& Cloud&Carrier&
Who Controls “Cloud” Cloud&Consumer& SaaS& Applica4on&Layer& PaaS& Middleware&Layer& IaaS& SaaS& Opera4ng&System&Layer& PaaS& IaaS& Physical&Layer& Cloud&Provider&
Public Cloud Cloud&service& accessible&from&the& Internet& Enterprise& network& Public&consumers& Enterprise& accessing&workloads& consumers&accessing& from&the&Internet& workloads&from& enterprise&networks&
Private Cloud Enterprise&Network& Private&Cloud&
Community Cloud Community&is&defined&as&groups&of&consumers&with& similar&interests,&control&sets,&performance& characteris4cs&or&other&such&commonality&& Group&A& Public&Cloud&Provider& Group&B& Private&Cloud& Group&C&
Hybrid Cloud OnQsite&Private&Cloud& OnQsite&Private&Cloud& OnQsite&Private&Cloud& OnQsite&Private&Cloud& OnQsite&Private&Cloud& Outsourced&Private&Cloud& OnQsite&Private&Cloud& OnQsite&Private&Cloud& OnQsite&Private&Cloud& Outsourced&Community& OnQsite&Private&Cloud& OnQsite&Community&Cloud& Cloud& Public&Cloud& Public&Cloud& Public&Cloud&
Know the Rules •  Regula6on" •  FedRAMP& •  PCI&DSS&v2.0& •  HIPAA&/&HITECH& •  Standard" •  SSAE&16&SOC&2& •  ISO/IEC&27001Q2005& •  Framework" •  CSA&CCM& •  COBIT&4.1&
CSA CCM / CAIQ “"As"a"framework,"the"CSA"CCM" provides"organiza6ons"with"the" needed"structure,"detail"and" clarity"rela6ng"to"informa6on" security"tailored"to"the"cloud" industry.”" " The"CAIQ"“provides"a"set"of" ques6ons"a"cloud"consumer"and" cloud"auditor"may"wish"to"ask"of" a"cloud"provider."It"provides"a" series"of""yes"or"no""control" asser6on"ques6ons"which"can" then"be"tailored"to"suit"each" unique"cloud"customer's" eviden6ary"requirements."”"
Compliance&(6&controls)& Data&Governance&(8&controls)& Facility&Security&(8&controls)& Human&Resources&(3&controls)& Informa4on&Security&(34&controls)& Provider" Consumer" Legal&(2&controls)& Opera4ons&Management&&(4&controls)& CCM – Control Areas Risk&Management&&(5&controls)& Release&Management&(5&controls)& Resiliency&(8&controls)& Security&Architecture&(15&controls)&
FedRAMP &Federal&Risk&and& Authoriza4on&Management& Program&& & “a&governmentQwide&program& that&provides&a&standardized& approach&to&security& assessment,&authoriza4on,& and&con4nuous&monitoring&for& cloud&products&and&services.”&
Access&Control&(17&controls)& Awareness&and&Training&(4&controls)& Audit&and&Accountability&(12&controls)& Assessment&and&Authoriza4on&(6&controls)& Configura4on&Management&(9&controls)& Con4ngency&Planning&(9&controls)& Iden4fica4on&and&Authoriza4on&(8&controls)& Incident&Response&(8&controls)& Maintenance&(6&controls)& Media&Protec4on&(6&controls)& Provider" Consumer" Physical&and&Environmental&(18&controls)& Planning&(5&controls)& Personnel&Security&(8&controls)& Risk&Assessment&(4&controls)& FedRAMP – Control Areas Systems&Acquisi4on&(12&controls)& Systems&Communica4on&(24&controls)& System&and&Informa4on&Integrity&(12&controls)&
Payment Card Industry “En44es&planning&to&use&cloud&compu4ng& for&their&PCI&DSS&environments&should& first&ensure&that&they&thoroughly& understand&the&details&of&the&services& being&offered,&and&perform&a&detailed& assessment&of&the&unique&risks&associated& with&each&service.&& & Addi4onally,&as&with&any&managed& service,&it&is&crucial&that&the&hosted&en4ty& and&provider&clearly&define&and&document& the&responsibili4es&assigned&to&each&party& for&maintaining&PCI&DSS&requirements&and& any&other&controls&that&could&impact&the& security&of&cardholder&data.”&
Firewall& Encrypt&Transmission& Restrict&Access& Track&and&monitor&Access& Default&Passwords& An4Qvirus& Provider" UUID& Consumer" Test& PCI – Control Areas Stored&Cardholder&Data& Secure&Systems&/&Applica4ons& Physical&access& Personnel&Security&
HIPAA A&Brief&History&of&Healthcare&Security&Regula4on& A&regula4on&is&born:& & The&goal&of&HIPAA&was&to&protect& Passed&in&1996&to&simplify&the& pa4ents’&confiden4ality&while&enabling& administra4ve&processes&surrounding& healthcare&organiza4ons&to&pursue& ini4a4ves&that&furthered&innova4on&and& HIPAA& the&increasing&amounts&of&ePHI.& & pa4ent&care.& Health&Insurance&Portability&& The&Security&Rule&was&enacted&2/20/03& & and&Accountability&Act&& and&provided&administra4ve,&technical& However,&enforcement&was&very&limited.& and&physical&safeguards.& HITECH& American&Recovery&and&Reinvestment&Act&–& Health&Informa4on&Technology&for& HIPAA&gets&some&teeth:& HITECH&contains&specific&incen4ves& designed&to&accelerate&the&adop4on&of& Economic&and&Clinical&Health&& & & HITECH&extended&the&security&rule&to& EHR&systems.& include:& & •  Civil&penal4es& It&broadens&the&scope&of&protec4ons& listed&under&HIPAA&and&increases& Meaningful& •  BA’s&must&comply& •  Breach&no4fica4ons&are&mandatory& penal4es&for&nonQcompliance.& Use& Meaningful&Use&Guidelines& for&EHF&(2010)& CMS’&Meaningful&Use&program&provides& And&gains&some&incen4ves:& incen4ve&payouts&for&efficient&HER&use.& & & Meaningful&Use&includes&15&core& The&program&provides&further&incen4ves& measures.&The&program&is&funded&with& to&encourage&HIPAA&/&HITECH& $27bn&over&4&years&to&cover&akesta4ons.& compliance.&
Administra4ve&Safeguards&(30&controls)& Physical&Safeguards&(12&controls)& Provider" Consumer" HIPAA – Control Areas Technical&Safeguards&(12&controls)& Organiza4onal&Safeguards&(12&controls)&
Shared Responsibility
Integrated Compliance Taking"Requirements" • FISMA/FedRAMP& • PCI& • HIPAA& • ISO& • Other&requirements& Execute"integrated"program" Iden6fying"common"controls" • Iden4fy&data&sources& • Access&controls& • Define&&&assess&risk& • Passwords& • Develop&&&implement&controls& • Encryp4on& • Audit&&&correct& • Training& • Enforce,&monitor&&&support& • Risk&Assessments& Documenta6on" • Document&policy,&controls,&and&criteria&that& meet&minimum&requirements&across& standards& • Integrated&Control&Framework&
Questions
Thank You! Resources& What’s&next?& FedRAMP" 3rd""Webinar"in"the"Series" " •  Timing:&Early&May& hZp://www.gsa.gov/portal/ •  Topic:&Baselining&and&advancing& category/102371" your&security&posture& " •  Details:&You&tell&us…& Cloud"Security"Alliance" " "hZps://cloudsecurityalliance.org/" What"do"you"want"to"hear"about"in" " the"next"webinar?"" PCI" " " Email"us"at"marke6ng@6fusion.com" hZps:// with"your"ideas!" www.pcisecuritystandards.org/"" " " "" HIPAA" "hZp://www.hhs.gov/ocr/privacy/""

Recommended

Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksSAP Ariba
 
Overview of micro services architecture with spring cloud
Overview of micro services architecture with spring cloudOverview of micro services architecture with spring cloud
Overview of micro services architecture with spring cloudCheikh Ahmadou Bamba DIOP
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck finalScalar Decisions
 
Disasters DO Happen... Protecting/Recovering Your Business with Cloud Technology
Disasters DO Happen... Protecting/Recovering Your Business with Cloud TechnologyDisasters DO Happen... Protecting/Recovering Your Business with Cloud Technology
Disasters DO Happen... Protecting/Recovering Your Business with Cloud TechnologyIntegration Technologies Corp
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the CloudCloudPassage
 
Hastily Formed Networks (HFN) at the Waldo Canyon Fire
Hastily Formed Networks (HFN) at the Waldo Canyon FireHastily Formed Networks (HFN) at the Waldo Canyon Fire
Hastily Formed Networks (HFN) at the Waldo Canyon FireRakesh Bharania
 
After the Catastrophe: IP Resiliency In the Post-Disaster Environment
After the Catastrophe: IP Resiliency In the Post-Disaster Environment After the Catastrophe: IP Resiliency In the Post-Disaster Environment
After the Catastrophe: IP Resiliency In the Post-Disaster Environment Cisco Crisis Response
 

Recommended

Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksSAP Ariba
 
Overview of micro services architecture with spring cloud
Overview of micro services architecture with spring cloudOverview of micro services architecture with spring cloud
Overview of micro services architecture with spring cloudCheikh Ahmadou Bamba DIOP
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck finalScalar Decisions
 
Disasters DO Happen... Protecting/Recovering Your Business with Cloud Technology
Disasters DO Happen... Protecting/Recovering Your Business with Cloud TechnologyDisasters DO Happen... Protecting/Recovering Your Business with Cloud Technology
Disasters DO Happen... Protecting/Recovering Your Business with Cloud TechnologyIntegration Technologies Corp
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the CloudCloudPassage
 
Hastily Formed Networks (HFN) at the Waldo Canyon Fire
Hastily Formed Networks (HFN) at the Waldo Canyon FireHastily Formed Networks (HFN) at the Waldo Canyon Fire
Hastily Formed Networks (HFN) at the Waldo Canyon FireRakesh Bharania
 
After the Catastrophe: IP Resiliency In the Post-Disaster Environment
After the Catastrophe: IP Resiliency In the Post-Disaster Environment After the Catastrophe: IP Resiliency In the Post-Disaster Environment
After the Catastrophe: IP Resiliency In the Post-Disaster Environment Cisco Crisis Response
 
CSA Concepts of Sovereignty & Cloud User Rights
CSA Concepts of Sovereignty & Cloud User RightsCSA Concepts of Sovereignty & Cloud User Rights
CSA Concepts of Sovereignty & Cloud User RightsCloudSecurityAllianceAustralia
 
Web Enabled DDS - London Connext DDS Conference
Web Enabled DDS - London Connext DDS ConferenceWeb Enabled DDS - London Connext DDS Conference
Web Enabled DDS - London Connext DDS ConferenceGerardo Pardo-Castellote
 
The Network Enabled EOC
The Network Enabled EOCThe Network Enabled EOC
The Network Enabled EOCCisco Crisis Response
 
Connecting Syria's Refugees
Connecting Syria's RefugeesConnecting Syria's Refugees
Connecting Syria's RefugeesCisco Crisis Response
 
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITProposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITJürgen Ambrosi
 
Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...
Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...
Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...Cisco Crisis Response
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 
Changing the Economics of IT
Changing the Economics of ITChanging the Economics of IT
Changing the Economics of ITValencell, Inc.
 
ELITE.BCS-Cloud-and-Mobile-Risk-Assessments
ELITE.BCS-Cloud-and-Mobile-Risk-AssessmentsELITE.BCS-Cloud-and-Mobile-Risk-Assessments
ELITE.BCS-Cloud-and-Mobile-Risk-AssessmentsJames '​-- Mckinlay
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overviewb28stu
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated ComplianceKimberly Simon MBA
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudKimberly Simon MBA
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2Kimberly Simon MBA
 
IoT Expo: 7 Steps to Business Success on the Internet of Things
IoT Expo: 7 Steps to Business Success on the Internet of ThingsIoT Expo: 7 Steps to Business Success on the Internet of Things
IoT Expo: 7 Steps to Business Success on the Internet of ThingsLogMeIn
 
Alta 3-2013
Alta 3-2013Alta 3-2013
Alta 3-2013HartVidaRaffo
 
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, SkycureMobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, SkycureCodemotion Tel Aviv
 
Mobile Security: A Glimpse from the Trenches
Mobile Security: A Glimpse from the TrenchesMobile Security: A Glimpse from the Trenches
Mobile Security: A Glimpse from the TrenchesYair Amit
 
Making Sense of the Cloud
Making Sense of the CloudMaking Sense of the Cloud
Making Sense of the CloudSpiceworks
 
OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...
OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...
OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...mfrancis
 
Cloud Computing And Soa Convergence Linthicum 02 09 10
Cloud Computing And Soa Convergence Linthicum 02 09 10Cloud Computing And Soa Convergence Linthicum 02 09 10
Cloud Computing And Soa Convergence Linthicum 02 09 10David Linthicum
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud StrategyInternap
 

More Related Content

What's hot

Web Enabled DDS - London Connext DDS Conference
Web Enabled DDS - London Connext DDS ConferenceWeb Enabled DDS - London Connext DDS Conference
Web Enabled DDS - London Connext DDS ConferenceGerardo Pardo-Castellote
 
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITProposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITJürgen Ambrosi
 
Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...
Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...
Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...Cisco Crisis Response
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 

What's hot (7)

CSA Concepts of Sovereignty & Cloud User Rights
CSA Concepts of Sovereignty & Cloud User RightsCSA Concepts of Sovereignty & Cloud User Rights
CSA Concepts of Sovereignty & Cloud User Rights
 
Web Enabled DDS - London Connext DDS Conference
Web Enabled DDS - London Connext DDS ConferenceWeb Enabled DDS - London Connext DDS Conference
Web Enabled DDS - London Connext DDS Conference
 
The Network Enabled EOC
The Network Enabled EOCThe Network Enabled EOC
The Network Enabled EOC
 
Connecting Syria's Refugees
Connecting Syria's RefugeesConnecting Syria's Refugees
Connecting Syria's Refugees
 
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITProposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
 
Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...
Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...
Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity Management
 

Viewers also liked

Changing the Economics of IT
Changing the Economics of ITChanging the Economics of IT
Changing the Economics of ITValencell, Inc.
 
ELITE.BCS-Cloud-and-Mobile-Risk-Assessments
ELITE.BCS-Cloud-and-Mobile-Risk-AssessmentsELITE.BCS-Cloud-and-Mobile-Risk-Assessments
ELITE.BCS-Cloud-and-Mobile-Risk-AssessmentsJames '​-- Mckinlay
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overviewb28stu
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 

Viewers also liked (7)

Changing the Economics of IT
Changing the Economics of ITChanging the Economics of IT
Changing the Economics of IT
 
ELITE.BCS-Cloud-and-Mobile-Risk-Assessments
ELITE.BCS-Cloud-and-Mobile-Risk-AssessmentsELITE.BCS-Cloud-and-Mobile-Risk-Assessments
ELITE.BCS-Cloud-and-Mobile-Risk-Assessments
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overview
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated Compliance
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
 

Similar to Cloud controls final2

IoT Expo: 7 Steps to Business Success on the Internet of Things
IoT Expo: 7 Steps to Business Success on the Internet of ThingsIoT Expo: 7 Steps to Business Success on the Internet of Things
IoT Expo: 7 Steps to Business Success on the Internet of ThingsLogMeIn
 
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, SkycureMobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, SkycureCodemotion Tel Aviv
 
Mobile Security: A Glimpse from the Trenches
Mobile Security: A Glimpse from the TrenchesMobile Security: A Glimpse from the Trenches
Mobile Security: A Glimpse from the TrenchesYair Amit
 
Making Sense of the Cloud
Making Sense of the CloudMaking Sense of the Cloud
Making Sense of the CloudSpiceworks
 
OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...
OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...
OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...mfrancis
 
Cloud Computing And Soa Convergence Linthicum 02 09 10
Cloud Computing And Soa Convergence Linthicum 02 09 10Cloud Computing And Soa Convergence Linthicum 02 09 10
Cloud Computing And Soa Convergence Linthicum 02 09 10David Linthicum
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud StrategyInternap
 
When Clouds Collide - Session Sponsored by Datacom
When Clouds Collide - Session Sponsored by DatacomWhen Clouds Collide - Session Sponsored by Datacom
When Clouds Collide - Session Sponsored by DatacomAmazon Web Services
 
Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2David Linthicum
 
Oracle cloud computing strategy
Oracle cloud computing strategyOracle cloud computing strategy
Oracle cloud computing strategyjameskenney
 
Future of cloud computing linthicum 2
Future of cloud computing linthicum 2Future of cloud computing linthicum 2
Future of cloud computing linthicum 2David Linthicum
 
Future of cloud computing linthicum
Future of cloud computing linthicumFuture of cloud computing linthicum
Future of cloud computing linthicumDavid Linthicum
 
Capacity Management in a Cloud Computing World
Capacity Management in a Cloud Computing WorldCapacity Management in a Cloud Computing World
Capacity Management in a Cloud Computing WorldDavid Linthicum
 
Redefining cloud computing again linthicum with bonus
Redefining cloud computing again linthicum with bonusRedefining cloud computing again linthicum with bonus
Redefining cloud computing again linthicum with bonusDavid Linthicum
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudreshmaroberts
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloudreshmaroberts
 
Nyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 finalNyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 finalInternap
 

Similar to Cloud controls final2 (20)

IoT Expo: 7 Steps to Business Success on the Internet of Things
IoT Expo: 7 Steps to Business Success on the Internet of ThingsIoT Expo: 7 Steps to Business Success on the Internet of Things
IoT Expo: 7 Steps to Business Success on the Internet of Things
 
Alta 3-2013
Alta 3-2013Alta 3-2013
Alta 3-2013
 
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, SkycureMobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
 
Mobile Security: A Glimpse from the Trenches
Mobile Security: A Glimpse from the TrenchesMobile Security: A Glimpse from the Trenches
Mobile Security: A Glimpse from the Trenches
 
Making Sense of the Cloud
Making Sense of the CloudMaking Sense of the Cloud
Making Sense of the Cloud
 
OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...
OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...
OSGi Technology in the IST Integrated Project - Hans-Werner Bitzer, Systems I...
 
Cloud Computing And Soa Convergence Linthicum 02 09 10
Cloud Computing And Soa Convergence Linthicum 02 09 10Cloud Computing And Soa Convergence Linthicum 02 09 10
Cloud Computing And Soa Convergence Linthicum 02 09 10
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
When Clouds Collide - Session Sponsored by Datacom
When Clouds Collide - Session Sponsored by DatacomWhen Clouds Collide - Session Sponsored by Datacom
When Clouds Collide - Session Sponsored by Datacom
 
Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2
 
Oracle cloud computing strategy
Oracle cloud computing strategyOracle cloud computing strategy
Oracle cloud computing strategy
 
Future of cloud computing linthicum 2
Future of cloud computing linthicum 2Future of cloud computing linthicum 2
Future of cloud computing linthicum 2
 
Future of cloud computing linthicum
Future of cloud computing linthicumFuture of cloud computing linthicum
Future of cloud computing linthicum
 
Capacity Management in a Cloud Computing World
Capacity Management in a Cloud Computing WorldCapacity Management in a Cloud Computing World
Capacity Management in a Cloud Computing World
 
Redefining cloud computing again linthicum with bonus
Redefining cloud computing again linthicum with bonusRedefining cloud computing again linthicum with bonus
Redefining cloud computing again linthicum with bonus
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Nyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 finalNyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 final
 

More from Valencell, Inc.

Giga om 6fusion webinar iaas marketplaces - final for slideshare
Giga om 6fusion webinar iaas marketplaces - final for slideshareGiga om 6fusion webinar iaas marketplaces - final for slideshare
Giga om 6fusion webinar iaas marketplaces - final for slideshareValencell, Inc.
 
2013 cloud it metering survey results
2013 cloud it metering survey results 2013 cloud it metering survey results
2013 cloud it metering survey results Valencell, Inc.
 
Metered IT - The Path to Utility Computing
Metered IT - The Path to Utility ComputingMetered IT - The Path to Utility Computing
Metered IT - The Path to Utility ComputingValencell, Inc.
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
Considering Backup in the Cloud? Here's What you need to know
Considering Backup in the Cloud? Here's What you need to knowConsidering Backup in the Cloud? Here's What you need to know
Considering Backup in the Cloud? Here's What you need to knowValencell, Inc.
 
Top 5 Ways the Cloud is Impacting Your IT
Top 5 Ways the Cloud is Impacting Your ITTop 5 Ways the Cloud is Impacting Your IT
Top 5 Ways the Cloud is Impacting Your ITValencell, Inc.
 
Utility metered cloud slideshare
Utility metered cloud slideshareUtility metered cloud slideshare
Utility metered cloud slideshareValencell, Inc.
 

More from Valencell, Inc. (7)

Giga om 6fusion webinar iaas marketplaces - final for slideshare
Giga om 6fusion webinar iaas marketplaces - final for slideshareGiga om 6fusion webinar iaas marketplaces - final for slideshare
Giga om 6fusion webinar iaas marketplaces - final for slideshare
 
2013 cloud it metering survey results
2013 cloud it metering survey results 2013 cloud it metering survey results
2013 cloud it metering survey results
 
Metered IT - The Path to Utility Computing
Metered IT - The Path to Utility ComputingMetered IT - The Path to Utility Computing
Metered IT - The Path to Utility Computing
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
Considering Backup in the Cloud? Here's What you need to know
Considering Backup in the Cloud? Here's What you need to knowConsidering Backup in the Cloud? Here's What you need to know
Considering Backup in the Cloud? Here's What you need to know
 
Top 5 Ways the Cloud is Impacting Your IT
Top 5 Ways the Cloud is Impacting Your ITTop 5 Ways the Cloud is Impacting Your IT
Top 5 Ways the Cloud is Impacting Your IT
 
Utility metered cloud slideshare
Utility metered cloud slideshareUtility metered cloud slideshare
Utility metered cloud slideshare
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 

Cloud controls final2

  • 1. Do you know your cloud controls? A"close"look"at"regulatory"requirements"for"cloud"security" Steven&Wolford& Chad&Walter& Director,&Informa4on&Security& Director,&Channel&Development& 6fusion& Network&Box&USA& swolford@6fusion.com& cwalter@networkboxusa.com&
  • 2. Today’s Agenda •  Introduc6on" •  What"is"cloud?" •  Who"controls"cloud?" •  Cloud"types" •  Standards"impac6ng"security" •  CSA&CCM& •  FedRAMP& •  PCI& •  HIPAA& •  How"it"all"fits"together" •  Q&A"
  • 3. Who We Are 6fusion" Network"Box"USA" 6fusion&breaks&down&tradi4onal&IT&boundaries& Network&Box&USA&provides&comprehensive,& by&delivering&universal&metering&and&access&to& fully&managed&perimeter&internet&security& global&IT&infrastructure.& solu4ons.&The&Network&Box&Unified&Threat& & Management&(UTM)&solu4on&combines& The&unique&metering&algorithm,&Workload& numerous&applica4ons&such&as&firewall,& Alloca4on&Cube&(WAC),&creates&a&commercial& intrusion&preven4on&and&detec4on,&an4Qvirus,& standard&to&quan4fy&supply&and&demand&for& content&filtering,&an4Qspan,&an4Qphishing,&an4Q compute&resources.&& spyware&and&VPN&into&one&single,& sophis4cated&mix&of&hardware&and&soSware.& Network&Box&USA&enables&businesses&of&all& sizes&to&secure&their&networks&easily&and&cost& effec4vely.& This&is&the&second&in&a&series&of&webinars&on&cloud&security.&We&will&let& you&shape&the&content&of&the&next&webinar&at&the&end&of&this&webinar.&&
  • 4. What is “Cloud” Cloud&Consumer& Cloud&Auditor& Cloud&Broker& Cloud&Provider& Service&Orchestra4on& Cloud&Service& Management& Service&Layer& SaaS& Service& Security&Audit& Intermedia4on& PaaS& Business& Support& Security& IaaS& Privacy& Privacy&Impact& Service& Audit& Aggrega4on& Resource&Abstrac4on&and& Provisioning&/& Performance& Service& Control&Layer& Configura4on& Audit& Arbitrage& Physical&Resource&Layer& Hardware& Portability&/& Interoperability& Facility& Cloud&Carrier&
  • 5. Who Controls “Cloud” Cloud&Consumer& SaaS& Applica4on&Layer& PaaS& Middleware&Layer& IaaS& SaaS& Opera4ng&System&Layer& PaaS& IaaS& Physical&Layer& Cloud&Provider&
  • 6. Public Cloud Cloud&service& accessible&from&the& Internet& Enterprise& network& Public&consumers& Enterprise& accessing&workloads& consumers&accessing& from&the&Internet& workloads&from& enterprise&networks&
  • 7. Private Cloud Enterprise&Network& Private&Cloud&
  • 8. Community Cloud Community&is&defined&as&groups&of&consumers&with& similar&interests,&control&sets,&performance& characteris4cs&or&other&such&commonality&& Group&A& Public&Cloud&Provider& Group&B& Private&Cloud& Group&C&
  • 9. Hybrid Cloud OnQsite&Private&Cloud& OnQsite&Private&Cloud& OnQsite&Private&Cloud& OnQsite&Private&Cloud& OnQsite&Private&Cloud& Outsourced&Private&Cloud& OnQsite&Private&Cloud& OnQsite&Private&Cloud& OnQsite&Private&Cloud& Outsourced&Community& OnQsite&Private&Cloud& OnQsite&Community&Cloud& Cloud& Public&Cloud& Public&Cloud& Public&Cloud&
  • 10. Know the Rules •  Regula6on" •  FedRAMP& •  PCI&DSS&v2.0& •  HIPAA&/&HITECH& •  Standard" •  SSAE&16&SOC&2& •  ISO/IEC&27001Q2005& •  Framework" •  CSA&CCM& •  COBIT&4.1&
  • 11. CSA CCM / CAIQ “"As"a"framework,"the"CSA"CCM" provides"organiza6ons"with"the" needed"structure,"detail"and" clarity"rela6ng"to"informa6on" security"tailored"to"the"cloud" industry.”" " The"CAIQ"“provides"a"set"of" ques6ons"a"cloud"consumer"and" cloud"auditor"may"wish"to"ask"of" a"cloud"provider."It"provides"a" series"of""yes"or"no""control" asser6on"ques6ons"which"can" then"be"tailored"to"suit"each" unique"cloud"customer's" eviden6ary"requirements."”"
  • 12. Compliance&(6&controls)& Data&Governance&(8&controls)& Facility&Security&(8&controls)& Human&Resources&(3&controls)& Informa4on&Security&(34&controls)& Provider" Consumer" Legal&(2&controls)& Opera4ons&Management&&(4&controls)& CCM – Control Areas Risk&Management&&(5&controls)& Release&Management&(5&controls)& Resiliency&(8&controls)& Security&Architecture&(15&controls)&
  • 14. Access&Control&(17&controls)& Awareness&and&Training&(4&controls)& Audit&and&Accountability&(12&controls)& Assessment&and&Authoriza4on&(6&controls)& Configura4on&Management&(9&controls)& Con4ngency&Planning&(9&controls)& Iden4fica4on&and&Authoriza4on&(8&controls)& Incident&Response&(8&controls)& Maintenance&(6&controls)& Media&Protec4on&(6&controls)& Provider" Consumer" Physical&and&Environmental&(18&controls)& Planning&(5&controls)& Personnel&Security&(8&controls)& Risk&Assessment&(4&controls)& FedRAMP – Control Areas Systems&Acquisi4on&(12&controls)& Systems&Communica4on&(24&controls)& System&and&Informa4on&Integrity&(12&controls)&
  • 16. Firewall& Encrypt&Transmission& Restrict&Access& Track&and&monitor&Access& Default&Passwords& An4Qvirus& Provider" UUID& Consumer" Test& PCI – Control Areas Stored&Cardholder&Data& Secure&Systems&/&Applica4ons& Physical&access& Personnel&Security&
  • 17. HIPAA A&Brief&History&of&Healthcare&Security&Regula4on& A&regula4on&is&born:& & The&goal&of&HIPAA&was&to&protect& Passed&in&1996&to&simplify&the& pa4ents’&confiden4ality&while&enabling& administra4ve&processes&surrounding& healthcare&organiza4ons&to&pursue& ini4a4ves&that&furthered&innova4on&and& HIPAA& the&increasing&amounts&of&ePHI.& & pa4ent&care.& Health&Insurance&Portability&& The&Security&Rule&was&enacted&2/20/03& & and&Accountability&Act&& and&provided&administra4ve,&technical& However,&enforcement&was&very&limited.& and&physical&safeguards.& HITECH& American&Recovery&and&Reinvestment&Act&–& Health&Informa4on&Technology&for& HIPAA&gets&some&teeth:& HITECH&contains&specific&incen4ves& designed&to&accelerate&the&adop4on&of& Economic&and&Clinical&Health&& & & HITECH&extended&the&security&rule&to& EHR&systems.& include:& & •  Civil&penal4es& It&broadens&the&scope&of&protec4ons& listed&under&HIPAA&and&increases& Meaningful& •  BA’s&must&comply& •  Breach&no4fica4ons&are&mandatory& penal4es&for&nonQcompliance.& Use& Meaningful&Use&Guidelines& for&EHF&(2010)& CMS’&Meaningful&Use&program&provides& And&gains&some&incen4ves:& incen4ve&payouts&for&efficient&HER&use.& & & Meaningful&Use&includes&15&core& The&program&provides&further&incen4ves& measures.&The&program&is&funded&with& to&encourage&HIPAA&/&HITECH& $27bn&over&4&years&to&cover&akesta4ons.& compliance.&
  • 18. Administra4ve&Safeguards&(30&controls)& Physical&Safeguards&(12&controls)& Provider" Consumer" HIPAA – Control Areas Technical&Safeguards&(12&controls)& Organiza4onal&Safeguards&(12&controls)&
  • 20. Integrated Compliance Taking"Requirements" • FISMA/FedRAMP& • PCI& • HIPAA& • ISO& • Other&requirements& Execute"integrated"program" Iden6fying"common"controls" • Iden4fy&data&sources& • Access&controls& • Define&&&assess&risk& • Passwords& • Develop&&&implement&controls& • Encryp4on& • Audit&&&correct& • Training& • Enforce,&monitor&&&support& • Risk&Assessments& Documenta6on" • Document&policy,&controls,&and&criteria&that& meet&minimum&requirements&across& standards& • Integrated&Control&Framework&
  • 22. Thank You! Resources& What’s&next?& FedRAMP" 3rd""Webinar"in"the"Series" " •  Timing:&Early&May& hZp://www.gsa.gov/portal/ •  Topic:&Baselining&and&advancing& category/102371" your&security&posture& " •  Details:&You&tell&us…& Cloud"Security"Alliance" " "hZps://cloudsecurityalliance.org/" What"do"you"want"to"hear"about"in" " the"next"webinar?"" PCI" " " Email"us"at"marke6ng@6fusion.com" hZps:// with"your"ideas!" www.pcisecuritystandards.org/"" " " "" HIPAA" "hZp://www.hhs.gov/ocr/privacy/""