SlideShare a Scribd company logo

Cloud Security Alliance - Guidance

Subra Kumaraswamy CISSP CISM
Subra Kumaraswamy CISSP CISM

1. The Cloud Security Alliance is a global non-profit organization focused on best practices for cloud security. 2. It has an inclusive membership of cloud experts and produces guidance documents, checklists, and research on topics like threats, encryption, and compliance. 3. The Alliance aims to help secure cloud computing through education and by promoting best practices.

TechnologyBusiness
1 of 18
Download to read offline
• Global, not-for-profit organization, started Nov. 2008, individual members (free), corporate members and affiliated organizations • Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… • We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
•  April 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 1 •  July 2009: Version 1 translated into Japanese •  November 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 2 •  Q4 2009: Top Ten Cloud Threats (monthly) •  Q4 2009: Provider & Customer Checklists •  Q4 2009: eHealth Guidance •  Global CSA Executive Summits •  Q1 2010 – Europe •  Q1 or Q2 2010 - US Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Focusing the Security Discussion IaaS, Hybrid," Application Domains HPC/ SaaS, Analytics Public," CRM Private Software as a Service Hybrid Public XaaS Layers Platform as a Service Infrastructure as a Service IaaS, Public," Transcoding Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
1.  Architecture & Framework Governing in the Cloud Operating in the Cloud 1.  Governance & Risk Mgt 1.  Traditional, BCM, DR 2.  Legal 2.  Data Center Operations 3.  Electronic Discovery 3.  Incident Response 4.  Compliance & Audit 4.  Application Security 5.  Information Lifecycle Mgt 5.  Encryption & Key Mgt 6.  Portability & 6.  Identity & Access Mgt Interoperability 7.  Storage 8.  Virtualization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Analyzing Cloud Security • Some key issues:  Trust, multi-tenancy, encryption, key management compliance • Clouds are massively complex systems can be reduced to simple primitives that are replicated thousands of times and common functional units • Cloud security is a tractable problem  There are both advantages and challenges Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Balancing Threat Exposure and Cost Effectiveness • Private clouds may have less threat exposure than community or hosted clouds which have less threat exposure than public clouds. • Massive public clouds may be more cost effective than large community clouds which may be more cost effective than small private clouds. Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
General Security Advantages • Democratization of security capabilities • Shifting public data to a external cloud reduces the exposure of the internal sensitive data • Forcing functions to add security controls • Clouds enable automated security management • Redundancy / Disaster Recovery Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
General Security Challenges • Trusting vendor’s security model • Customer inability to respond to audit findings • Obtaining support for investigations • Indirect administrator accountability • Proprietary implementations can’t be examined • Loss of physical control Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
•  Geo-location of sensitive data •  Inability to deploy security services (e.g. scanning) •  Risk with shared computing platform (multi-tenant) •  Data confidentiality •  Access via internet – untrusted •  Cloud vendors for the most part non-committal on security •  Company data on 3rd party machine •  Compliance lacking – inability to satisfy auditors •  Vendors not up to speed from a guidance and auditing perspective •  Inability to perform forensic investigation Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
“We have to accept what we all know to be elemental - that taking a defensive position can, at best, only limit losses. And we need gains." Peter F. Drucker Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
• Cloud Computing is real and transformational • Cloud Computing can be secured but also can carry increased risk due to aggregation of assets • Broad governance approach needed • Tactical fixes needed • Combination of updating existing best practices and creating completely new best practices • Common sense not optional Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
• Join us, help make our work better • Discussions & announcements on LinkedIn • Hold regional CSA Meetups • Other research initiatives and events being planned Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
• Individual Membership (free) • Subject matter experts for research • Interested in learning about the topic • Administrative & organizational help • Corporate Sponsorship • Help fund outreach, events • Affiliated Organizations (free) • Joint projects in the community interest • Contact information on website Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
• www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • Twitter: @cloudsa, #csaguide • LinkedIn: www.linkedin.com/groups?gid=1864210 Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
Cloud Security Alliance - Guidance

Recommended

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Raj Sarode
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacytmather
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesMegan Eskey
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing securityAung Thu Rha Hein
 

Recommended

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Raj Sarode
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacytmather
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesMegan Eskey
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing securityAung Thu Rha Hein
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMHector Del Castillo, CPM, CPMM
 
Cloud Computing - Challenges and Opportunities - Jens Nimis
Cloud Computing - Challenges and Opportunities - Jens NimisCloud Computing - Challenges and Opportunities - Jens Nimis
Cloud Computing - Challenges and Opportunities - Jens NimisJensNimis
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Ontario Cloud SIG
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")Vic Winkler
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesSusanneT
 
Public cloud: A Review
Public cloud: A ReviewPublic cloud: A Review
Public cloud: A ReviewAjay844
 
Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Raj Sarode
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksWilliam McBorrough
 
Understanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software SolutionsUnderstanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software SolutionsZannettos Zannettou
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computingsaurabh soni
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computingswamipise14
 
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityIntroduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityOran Epelbaum
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Services
 
Cloud computing 2
Cloud computing 2Cloud computing 2
Cloud computing 2Shyam Kona
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...SlideTeam
 
Cloud computing Basics
Cloud computing BasicsCloud computing Basics
Cloud computing BasicsSagar Sane
 
Opportunites and Challenges in Cloud COmputing
Opportunites and Challenges in Cloud COmputingOpportunites and Challenges in Cloud COmputing
Opportunites and Challenges in Cloud COmputingACMBangalore
 
Cloud computing
Cloud computing Cloud computing
Cloud computing Supriya Pase
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud finalguest50a642f
 
Internet of things - Frantic
Internet of things - FranticInternet of things - Frantic
Internet of things - FranticMiika Puputti
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines Skyhigh Networks
 

More Related Content

What's hot

Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMHector Del Castillo, CPM, CPMM
 
Cloud Computing - Challenges and Opportunities - Jens Nimis
Cloud Computing - Challenges and Opportunities - Jens NimisCloud Computing - Challenges and Opportunities - Jens Nimis
Cloud Computing - Challenges and Opportunities - Jens NimisJensNimis
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")Vic Winkler
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesSusanneT
 
Public cloud: A Review
Public cloud: A ReviewPublic cloud: A Review
Public cloud: A ReviewAjay844
 
Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Raj Sarode
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksWilliam McBorrough
 
Understanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software SolutionsUnderstanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software SolutionsZannettos Zannettou
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computingsaurabh soni
 
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityIntroduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityOran Epelbaum
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Services
 
Cloud computing 2
Cloud computing 2Cloud computing 2
Cloud computing 2Shyam Kona
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...SlideTeam
 
Cloud computing Basics
Cloud computing BasicsCloud computing Basics
Cloud computing BasicsSagar Sane
 
Opportunites and Challenges in Cloud COmputing
Opportunites and Challenges in Cloud COmputingOpportunites and Challenges in Cloud COmputing
Opportunites and Challenges in Cloud COmputingACMBangalore
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud finalguest50a642f
 

What's hot (20)

Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
 
Cloud Computing - Challenges and Opportunities - Jens Nimis
Cloud Computing - Challenges and Opportunities - Jens NimisCloud Computing - Challenges and Opportunities - Jens Nimis
Cloud Computing - Challenges and Opportunities - Jens Nimis
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
 
Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
 
Public cloud: A Review
Public cloud: A ReviewPublic cloud: A Review
Public cloud: A Review
 
Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
 
Understanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software SolutionsUnderstanding Cloud Computing & Its Relevance to Financial Software Solutions
Understanding Cloud Computing & Its Relevance to Financial Software Solutions
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityIntroduction to Cloud Computing and Security
Introduction to Cloud Computing and Security
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research Topics
 
Cloud computing 2
Cloud computing 2Cloud computing 2
Cloud computing 2
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...
 
Cloud computing Basics
Cloud computing BasicsCloud computing Basics
Cloud computing Basics
 
Opportunites and Challenges in Cloud COmputing
Opportunites and Challenges in Cloud COmputingOpportunites and Challenges in Cloud COmputing
Opportunites and Challenges in Cloud COmputing
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud final
 

Viewers also liked

Internet of things - Frantic
Internet of things - FranticInternet of things - Frantic
Internet of things - FranticMiika Puputti
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines Skyhigh Networks
 
16 Inspirational Quotes From the Late, Great Steve Jobs
16 Inspirational Quotes From the Late, Great Steve Jobs16 Inspirational Quotes From the Late, Great Steve Jobs
16 Inspirational Quotes From the Late, Great Steve JobsHubSpot
 
Internet of Things - October 2013 - Chandna
Internet of Things - October 2013 - ChandnaInternet of Things - October 2013 - Chandna
Internet of Things - October 2013 - ChandnaAsheem Chandna
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouSkyhigh Networks
 
The 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudThe 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudSkyhigh Networks
 
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseThe Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseSkyhigh Networks
 
Csa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmCsa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmSergio Loureiro
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015Skyhigh Networks
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...Skyhigh Networks
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data BreachSkyhigh Networks
 
The Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaThe Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaSkyhigh Networks
 
Searching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSearching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSkyhigh Networks
 
How to make a presentation like Steve Jobs
How to make a presentation like Steve JobsHow to make a presentation like Steve Jobs
How to make a presentation like Steve JobsHeyday ApS
 
Make Your Presentation Memorable
Make Your Presentation MemorableMake Your Presentation Memorable
Make Your Presentation MemorableEthos3
 

Viewers also liked (17)

Internet of things - Frantic
Internet of things - FranticInternet of things - Frantic
Internet of things - Frantic
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines
 
16 Inspirational Quotes From the Late, Great Steve Jobs
16 Inspirational Quotes From the Late, Great Steve Jobs16 Inspirational Quotes From the Late, Great Steve Jobs
16 Inspirational Quotes From the Late, Great Steve Jobs
 
Internet of Things - October 2013 - Chandna
Internet of Things - October 2013 - ChandnaInternet of Things - October 2013 - Chandna
Internet of Things - October 2013 - Chandna
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink You
 
The Dark Side of the Web
The Dark Side of the WebThe Dark Side of the Web
The Dark Side of the Web
 
The 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudThe 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the Cloud
 
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseThe Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
 
Csa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmCsa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibm
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data Breach
 
The Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaThe Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and Sequoia
 
Searching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSearching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done Right
 
How to make a presentation like Steve Jobs
How to make a presentation like Steve JobsHow to make a presentation like Steve Jobs
How to make a presentation like Steve Jobs
 
Make Your Presentation Memorable
Make Your Presentation MemorableMake Your Presentation Memorable
Make Your Presentation Memorable
 

Similar to Cloud Security Alliance - Guidance

How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityNovell
 
Nils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic SlidesNils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic SlidesGovCloud Network
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computingikanow
 
Cloud Computing Webinar
Cloud Computing WebinarCloud Computing Webinar
Cloud Computing WebinarSaif Ahmad
 
Cloud Computing For Enterprises
Cloud Computing For EnterprisesCloud Computing For Enterprises
Cloud Computing For EnterprisesOne App Cloud
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Kim Jensen
 
Demystifying The Cloud-iON Cloud ERP
Demystifying The Cloud-iON Cloud ERPDemystifying The Cloud-iON Cloud ERP
Demystifying The Cloud-iON Cloud ERPChirantan Ghosh
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computingHossam Zein
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudnooralmousa
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy ArchitectureBob Rhubart
 
Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2contrastcbt
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHSHAIMA A R
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Agora Group
 
ON event - May 2010
ON event - May 2010ON event - May 2010
ON event - May 2010Ben Kepes
 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overviewdaklug
 

Similar to Cloud Security Alliance - Guidance (20)

Presd1 10
Presd1 10Presd1 10
Presd1 10
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
 
Nils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic SlidesNils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic Slides
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
 
Cloud Computing Webinar
Cloud Computing WebinarCloud Computing Webinar
Cloud Computing Webinar
 
Cloud Computing For Enterprises
Cloud Computing For EnterprisesCloud Computing For Enterprises
Cloud Computing For Enterprises
 
Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
 
Demystifying The Cloud-iON Cloud ERP
Demystifying The Cloud-iON Cloud ERPDemystifying The Cloud-iON Cloud ERP
Demystifying The Cloud-iON Cloud ERP
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computing
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy Architecture
 
Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2Contrast cbt cloud computing - v.2
Contrast cbt cloud computing - v.2
 
Cloud Computing Enables Consumer-Centered Healthcare
Cloud Computing Enables Consumer-Centered HealthcareCloud Computing Enables Consumer-Centered Healthcare
Cloud Computing Enables Consumer-Centered Healthcare
 
Introduction Of Cloud Computing
Introduction Of Cloud Computing Introduction Of Cloud Computing
Introduction Of Cloud Computing
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACH
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012
 
ON event - May 2010
ON event - May 2010ON event - May 2010
ON event - May 2010
 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overview
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 

Recently uploaded

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 

Recently uploaded (20)

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 

Cloud Security Alliance - Guidance

  • 1.
  • 2. • Global, not-for-profit organization, started Nov. 2008, individual members (free), corporate members and affiliated organizations • Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… • We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 3. •  April 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 1 •  July 2009: Version 1 translated into Japanese •  November 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 2 •  Q4 2009: Top Ten Cloud Threats (monthly) •  Q4 2009: Provider & Customer Checklists •  Q4 2009: eHealth Guidance •  Global CSA Executive Summits •  Q1 2010 – Europe •  Q1 or Q2 2010 - US Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 4.
  • 5. Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 6. Focusing the Security Discussion IaaS, Hybrid," Application Domains HPC/ SaaS, Analytics Public," CRM Private Software as a Service Hybrid Public XaaS Layers Platform as a Service Infrastructure as a Service IaaS, Public," Transcoding Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 7. 1.  Architecture & Framework Governing in the Cloud Operating in the Cloud 1.  Governance & Risk Mgt 1.  Traditional, BCM, DR 2.  Legal 2.  Data Center Operations 3.  Electronic Discovery 3.  Incident Response 4.  Compliance & Audit 4.  Application Security 5.  Information Lifecycle Mgt 5.  Encryption & Key Mgt 6.  Portability & 6.  Identity & Access Mgt Interoperability 7.  Storage 8.  Virtualization Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 8. Analyzing Cloud Security • Some key issues:  Trust, multi-tenancy, encryption, key management compliance • Clouds are massively complex systems can be reduced to simple primitives that are replicated thousands of times and common functional units • Cloud security is a tractable problem  There are both advantages and challenges Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 9. Balancing Threat Exposure and Cost Effectiveness • Private clouds may have less threat exposure than community or hosted clouds which have less threat exposure than public clouds. • Massive public clouds may be more cost effective than large community clouds which may be more cost effective than small private clouds. Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 10. General Security Advantages • Democratization of security capabilities • Shifting public data to a external cloud reduces the exposure of the internal sensitive data • Forcing functions to add security controls • Clouds enable automated security management • Redundancy / Disaster Recovery Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 11. General Security Challenges • Trusting vendor’s security model • Customer inability to respond to audit findings • Obtaining support for investigations • Indirect administrator accountability • Proprietary implementations can’t be examined • Loss of physical control Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 12. •  Geo-location of sensitive data •  Inability to deploy security services (e.g. scanning) •  Risk with shared computing platform (multi-tenant) •  Data confidentiality •  Access via internet – untrusted •  Cloud vendors for the most part non-committal on security •  Company data on 3rd party machine •  Compliance lacking – inability to satisfy auditors •  Vendors not up to speed from a guidance and auditing perspective •  Inability to perform forensic investigation Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 13. “We have to accept what we all know to be elemental - that taking a defensive position can, at best, only limit losses. And we need gains." Peter F. Drucker Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 14. • Cloud Computing is real and transformational • Cloud Computing can be secured but also can carry increased risk due to aggregation of assets • Broad governance approach needed • Tactical fixes needed • Combination of updating existing best practices and creating completely new best practices • Common sense not optional Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 15. • Join us, help make our work better • Discussions & announcements on LinkedIn • Hold regional CSA Meetups • Other research initiatives and events being planned Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 16. • Individual Membership (free) • Subject matter experts for research • Interested in learning about the topic • Administrative & organizational help • Corporate Sponsorship • Help fund outreach, events • Affiliated Organizations (free) • Joint projects in the community interest • Contact information on website Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
  • 17. • www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • Twitter: @cloudsa, #csaguide • LinkedIn: www.linkedin.com/groups?gid=1864210 Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org