SL
Uploaded bySergio Loureiro
PPTX, PDF1,101 views

Csa about-threats-june-2010-ibm

This document summarizes the work of the Cloud Security Alliance (CSA), a global non-profit organization focused on promoting best practices for security in cloud computing. The CSA has over 10,000 individual members from various industries and expertise areas working on cloud security issues. Some of the CSA's key initiatives include developing a Cloud Controls Matrix to help organizations assess security risks in cloud environments, as well as research projects on cloud metrics and the Consensus Assessments Initiative. The document outlines the top threats to cloud computing such as data leakage, malicious insiders, and insecure APIs. It also provides highlights from the CSA's guidance on best practices for governance and operating in the cloud.

Embed presentation

Downloaded 63 times
Cloud Security Alliance: Assuring the future of Cloud ComputingSergio Loureiro, CSA founding membersergio@secludit.comIBM La Gaude, 23rd June 2010
About the Cloud Security AllianceGlobal, not-for-profit organizationInclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on…We believe Cloud Computing has a robust future, we want to make it better“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
Membership50+ Corporate Members12 non-profit affiliations10,000 individual members growing by 300/weekBroad Geographical DistributionWorking Group activities performed through individual membership class
Corporate Members
S-P-I FrameworkYou “RFP”security inSaaSSoftware as a ServiceYou buildsecurity inPaaSPlatform as a ServiceIaaSInfrastructure as a Service
Top Threats to Cloud Computing
Shared Technology Vulnerabilities
Data Loss / Data Leakage
Malicious Insiders
Interception or Hijacking of Traffic
Insecure APIs
Nefarious Use of Service
Unknown Risk Profile
Top Threats - Status
CSA Research ProjectsGo to www.cloudsecurityalliance.org/Research.html for Research dashboard and Working Group signup
CSA Guidance ResearchCloud ArchitecturePopular best practices for securing cloud computing13 Domains of concern – governing & operating groupingsFoundation for CSA researchGovernance and Enterprise Risk ManagementLegal and Electronic DiscoveryGoverning the CloudCompliance and AuditInformation Lifecycle ManagementPortability and InteroperabilitySecurity, Bus. Cont,, and Disaster RecoveryData Center OperationsIncident Response, Notification, RemediationApplication SecurityOperating in the CloudEncryption and Key ManagementIdentity and Access ManagementVirtualizationGuidance > 100k downloads: cloudsecurityalliance.org/guidance
CSA Guidance Research - StatusCloud ArchitectureVer 2.1 released Dec 2009Ver 3 mid-20112010 focusTranslationsWiki formatPer domain whitepapers (not official guidance)Governance and Enterprise Risk ManagementLegal and Electronic DiscoveryGoverning the CloudCompliance and AuditInformation Lifecycle ManagementPortability and InteroperabilitySecurity, Bus. Cont,, and Disaster RecoveryData Center OperationsIncident Response, Notification, RemediationApplication SecurityOperating in the CloudEncryption and Key ManagementIdentity and Access ManagementVirtualization
Guidance Highlights - GovernanceBest opportunity to secure cloud engagement is before procurement – contracts, SLAs, architectureKnow provider’s third parties, BCM/DR, financial viability, employee vettingIdentify data location when possiblePlan for provider termination & return of assetsPreserve right to auditReinvest provider cost savings into due diligence
Guidance Highlights - OperatingEncrypt data when possible, segregate key mgt from cloud providerAdapt secure software development lifecycleUnderstand provider’s patching, provisioning, protectionLogging, data exfiltration, granular customer segregationHardened VM imagesAssess provider IdM integration, e.g. SAML, OpenID
CSA Research ProjectsCloud Controls Matrix ToolTrusted Cloud InitiativeConsensus Assessments InitiativeCloud Metrics Research
ContactHelp us secure cloud computingwww.cloudsecurityalliance.orginfo@cloudsecurityalliance.orgLinkedIn: www.linkedin.com/groups?gid=1864210Twitter: @cloudsa
SummaryCloud Computing is real and transformationalChallenges for People, Process, Technology, Organizations and CountriesBroad governance approach neededTactical fixes neededCombination of updating existing best practices and creating completely new best practicesAdapting controls into “all virtual” environment
Thank you!sergio@secludit.comBlog elastic-security.com, Twitter @elasticsecurity

More Related Content

PPTX
Microsoft Platform Security Briefing
bytechnext1
 
PPTX
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
byMoshe Ferber
 
PPTX
How can cas bs help
byCipherCloud
 
PPTX
Secure Cloud Reference Architecture
byMithilesh Kumar - AWS, VCP,ITIL,SSCA
 
PDF
SECURING THE CLOUD DATA LAKES
byHappiest Minds Technologies
 
PPT
Hipaa Compliance With IT
byNainil Chheda
 
PPTX
Dynamic access control sbc12 - thuan nguyen
byThuan Ng
 
PDF
Cyber Security Services & Solutions - Zymr
byZYMR, INC.
 
Microsoft Platform Security Briefing
bytechnext1
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
byMoshe Ferber
 
How can cas bs help
byCipherCloud
 
Secure Cloud Reference Architecture
byMithilesh Kumar - AWS, VCP,ITIL,SSCA
 
SECURING THE CLOUD DATA LAKES
byHappiest Minds Technologies
 
Hipaa Compliance With IT
byNainil Chheda
 
Dynamic access control sbc12 - thuan nguyen
byThuan Ng
 
Cyber Security Services & Solutions - Zymr
byZYMR, INC.
 

What's hot

PDF
Cloud Security Top Threats
byTiago de Almeida
 
PDF
Threats and risks to cloud computing
byRyo Matsumoto
 
PPTX
Network Security Policies
byAamir Sohail
 
PPTX
Top 5 Cloud Security Threats in Healthcare
byBitglass
 
PDF
The Cloud Crossover
byArmor
 
PDF
Cybersecurity frameworks globally and saudi arabia
byFaysal Ghauri
 
PDF
Windstream Managed Network Security Infographic
byIdeba
 
PDF
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
byShah Sheikh
 
PDF
Aujas Cyber Security
byVivianMarcello3
 
PPTX
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
byPistoia Alliance
 
PDF
Csathreats.v1.0
byvivek_kale27
 
PDF
Cloud Types and Security- Which one is right for you?
byFuji Xerox Asia Pacific
 
PDF
Data loss prevention by using MRSH-v2 algorithm
byIJECEIAES
 
PDF
Windstream Managed Network Security Ebook
byIdeba
 
PDF
Risk based it auditing for non it auditors (basics of it auditing) final 12
byThilak Pathirage -Senior IT Gov and Risk Consultant
 
PPTX
Windstream Managed Network Security Presentation
byIdeba
 
PPTX
Cloud Computing Security Threats and Responses
byshafzonly
 
PDF
Enterprise policy-management
byAmit Bhargava
 
PDF
Cyber Security - Maintaining Operational Control of Critical Services
byDave Reeves
 
PPTX
Seclore: Information Rights Management
byRahul Neel Mani
 
Cloud Security Top Threats
byTiago de Almeida
 
Threats and risks to cloud computing
byRyo Matsumoto
 
Network Security Policies
byAamir Sohail
 
Top 5 Cloud Security Threats in Healthcare
byBitglass
 
The Cloud Crossover
byArmor
 
Cybersecurity frameworks globally and saudi arabia
byFaysal Ghauri
 
Windstream Managed Network Security Infographic
byIdeba
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
byShah Sheikh
 
Aujas Cyber Security
byVivianMarcello3
 
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
byPistoia Alliance
 
Csathreats.v1.0
byvivek_kale27
 
Cloud Types and Security- Which one is right for you?
byFuji Xerox Asia Pacific
 
Data loss prevention by using MRSH-v2 algorithm
byIJECEIAES
 
Windstream Managed Network Security Ebook
byIdeba
 
Risk based it auditing for non it auditors (basics of it auditing) final 12
byThilak Pathirage -Senior IT Gov and Risk Consultant
 
Windstream Managed Network Security Presentation
byIdeba
 
Cloud Computing Security Threats and Responses
byshafzonly
 
Enterprise policy-management
byAmit Bhargava
 
Cyber Security - Maintaining Operational Control of Critical Services
byDave Reeves
 
Seclore: Information Rights Management
byRahul Neel Mani
 

Viewers also liked

PPTX
Internet of Things - October 2013 - Chandna
byAsheem Chandna
 
PDF
How to Find Security Breaches Before They Sink You
bySkyhigh Networks
 
PDF
The Dark Side of the Web
bySkyhigh Networks
 
PDF
The 80-20 Rule for Data in the Cloud
bySkyhigh Networks
 
PDF
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
bySkyhigh Networks
 
PDF
State of the Cloud in 2015
bySkyhigh Networks
 
PDF
Internet of things - Frantic
byMiika Puputti
 
PDF
Cloud Security Alliance - Guidance
bySubra Kumaraswamy CISSP CISM
 
PDF
11 European Privacy Regulations That Could Cost You €1 Million in Fines
bySkyhigh Networks
 
PDF
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
bySkyhigh Networks
 
PDF
16 Inspirational Quotes From the Late, Great Steve Jobs
byHubSpot
 
PPTX
Cloud security and security architecture
byVladimir Jirasek
 
PDF
Seclud it polesc_sjuly7
bySergio Loureiro
 
PPTX
Deployer son propre SOC !
bySecludIT
 
PPTX
Cloud workload protection for obs by seclud it
bySecludIT
 
PPTX
Microservices docker-security
bySergio Loureiro
 
PDF
The real cost of ignoring network security.
bySecludIT
 
PPTX
Innovations dans la cybersecurite
bySecludIT
 
Internet of Things - October 2013 - Chandna
byAsheem Chandna
 
How to Find Security Breaches Before They Sink You
bySkyhigh Networks
 
The Dark Side of the Web
bySkyhigh Networks
 
The 80-20 Rule for Data in the Cloud
bySkyhigh Networks
 
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
bySkyhigh Networks
 
State of the Cloud in 2015
bySkyhigh Networks
 
Internet of things - Frantic
byMiika Puputti
 
Cloud Security Alliance - Guidance
bySubra Kumaraswamy CISSP CISM
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
bySkyhigh Networks
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
bySkyhigh Networks
 
16 Inspirational Quotes From the Late, Great Steve Jobs
byHubSpot
 
Cloud security and security architecture
byVladimir Jirasek
 
Seclud it polesc_sjuly7
bySergio Loureiro
 
Deployer son propre SOC !
bySecludIT
 
Cloud workload protection for obs by seclud it
bySecludIT
 
Microservices docker-security
bySergio Loureiro
 
The real cost of ignoring network security.
bySecludIT
 
Innovations dans la cybersecurite
bySecludIT
 

Similar to Csa about-threats-june-2010-ibm

PDF
Nils Puhlmann Ncoic Slides
byGovCloud Network
 
PPT
3245224.ppt
byahmad21315
 
PDF
Presd1 10
byNiels Groeneveld
 
PPTX
Csa summit argentina-reavis
byCSA Argentina
 
PDF
CCSK, cloud security framework, Indonesia
byWise Pacific Venture
 
PDF
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
byAdnene Guabtni
 
PPTX
Governing in the Cloud
byRolf Frydenberg
 
PPTX
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
byPhil Agcaoili
 
PPT
Your clouds must be transparent - an intro to Cloud Security Alliance
byDavid Jones
 
PPTX
CSA Atlanta Q1'2016 Chapter Meeting
byPhil Agcaoili
 
PDF
Cloud Security - What you Should Be Concerned About
byLuong Trung Thanh
 
PPTX
Cloud security Presentation
byAjay p
 
PPTX
security and compliance in the cloud
byAjay Rathi
 
PDF
CSA Argentina - Jornada CXO Cloud
byCSA Argentina
 
PDF
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
byCloud Security Alliance Lviv Chapter
 
PDF
Csaguide
byณชเล จันทร์สีเงิน
 
PDF
Trusted Cloud Initiative: Identity Management Research
byguestba832ad
 
PPT
Cloud Security Alliance's GRC Stack Overview
byValdez Ladd MBA, CISSP, CISA,
 
PDF
Cloud Security Enforcement First Meetup 10092025.pdf
bylior mazor
 
PDF
A Cloud Security Ghost Story Craig Balding
bycraigbalding
 
Nils Puhlmann Ncoic Slides
byGovCloud Network
 
3245224.ppt
byahmad21315
 
Presd1 10
byNiels Groeneveld
 
Csa summit argentina-reavis
byCSA Argentina
 
CCSK, cloud security framework, Indonesia
byWise Pacific Venture
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
byAdnene Guabtni
 
Governing in the Cloud
byRolf Frydenberg
 
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
byPhil Agcaoili
 
Your clouds must be transparent - an intro to Cloud Security Alliance
byDavid Jones
 
CSA Atlanta Q1'2016 Chapter Meeting
byPhil Agcaoili
 
Cloud Security - What you Should Be Concerned About
byLuong Trung Thanh
 
Cloud security Presentation
byAjay p
 
security and compliance in the cloud
byAjay Rathi
 
CSA Argentina - Jornada CXO Cloud
byCSA Argentina
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
byCloud Security Alliance Lviv Chapter
 
Csaguide
byณชเล จันทร์สีเงิน
 
Trusted Cloud Initiative: Identity Management Research
byguestba832ad
 
Cloud Security Alliance's GRC Stack Overview
byValdez Ladd MBA, CISSP, CISA,
 
Cloud Security Enforcement First Meetup 10092025.pdf
bylior mazor
 
A Cloud Security Ghost Story Craig Balding
bycraigbalding
 

Recently uploaded

PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
PDF
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PPTX
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
PDF
Self-Correction Failure Diagnostic: Detecting Drift in Complex Systems
bySystems Research Group
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PPTX
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
Self-Correction Failure Diagnostic: Detecting Drift in Complex Systems
bySystems Research Group
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 

Csa about-threats-june-2010-ibm

  • 1.
    Cloud Security Alliance:Assuring the future of Cloud ComputingSergio Loureiro, CSA founding membersergio@secludit.comIBM La Gaude, 23rd June 2010
  • 2.
    About the CloudSecurity AllianceGlobal, not-for-profit organizationInclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on…We believe Cloud Computing has a robust future, we want to make it better“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
  • 3.
    Membership50+ Corporate Members12non-profit affiliations10,000 individual members growing by 300/weekBroad Geographical DistributionWorking Group activities performed through individual membership class
  • 4.
  • 5.
    S-P-I FrameworkYou “RFP”securityinSaaSSoftware as a ServiceYou buildsecurity inPaaSPlatform as a ServiceIaaSInfrastructure as a Service
  • 6.
    Top Threats toCloud Computing
  • 7.
  • 8.
    Data Loss /Data Leakage
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
    CSA Research ProjectsGoto www.cloudsecurityalliance.org/Research.html for Research dashboard and Working Group signup
  • 16.
    CSA Guidance ResearchCloudArchitecturePopular best practices for securing cloud computing13 Domains of concern – governing & operating groupingsFoundation for CSA researchGovernance and Enterprise Risk ManagementLegal and Electronic DiscoveryGoverning the CloudCompliance and AuditInformation Lifecycle ManagementPortability and InteroperabilitySecurity, Bus. Cont,, and Disaster RecoveryData Center OperationsIncident Response, Notification, RemediationApplication SecurityOperating in the CloudEncryption and Key ManagementIdentity and Access ManagementVirtualizationGuidance > 100k downloads: cloudsecurityalliance.org/guidance
  • 17.
    CSA Guidance Research- StatusCloud ArchitectureVer 2.1 released Dec 2009Ver 3 mid-20112010 focusTranslationsWiki formatPer domain whitepapers (not official guidance)Governance and Enterprise Risk ManagementLegal and Electronic DiscoveryGoverning the CloudCompliance and AuditInformation Lifecycle ManagementPortability and InteroperabilitySecurity, Bus. Cont,, and Disaster RecoveryData Center OperationsIncident Response, Notification, RemediationApplication SecurityOperating in the CloudEncryption and Key ManagementIdentity and Access ManagementVirtualization
  • 18.
    Guidance Highlights -GovernanceBest opportunity to secure cloud engagement is before procurement – contracts, SLAs, architectureKnow provider’s third parties, BCM/DR, financial viability, employee vettingIdentify data location when possiblePlan for provider termination & return of assetsPreserve right to auditReinvest provider cost savings into due diligence
  • 19.
    Guidance Highlights -OperatingEncrypt data when possible, segregate key mgt from cloud providerAdapt secure software development lifecycleUnderstand provider’s patching, provisioning, protectionLogging, data exfiltration, granular customer segregationHardened VM imagesAssess provider IdM integration, e.g. SAML, OpenID
  • 20.
    CSA Research ProjectsCloudControls Matrix ToolTrusted Cloud InitiativeConsensus Assessments InitiativeCloud Metrics Research
  • 21.
    ContactHelp us securecloud computingwww.cloudsecurityalliance.orginfo@cloudsecurityalliance.orgLinkedIn: www.linkedin.com/groups?gid=1864210Twitter: @cloudsa
  • 22.
    SummaryCloud Computing isreal and transformationalChallenges for People, Process, Technology, Organizations and CountriesBroad governance approach neededTactical fixes neededCombination of updating existing best practices and creating completely new best practicesAdapting controls into “all virtual” environment
  • 23.

Editor's Notes

  • #6 The security approach and role varies depending on the delivery model
  • #15 SecureCloud – ISACA, ENISA, IEEE & CSA
  • #17 The CSA Guidance is our flagship research that provides a broad catalog of best practices. It contains 13 domains to address both broad governance and specific operational issues. This Guidance is used as a foundation for the other research projects in the following slides that relate to compliance.
  • #18 The CSA Guidance is our flagship research that provides a broad catalog of best practices. It contains 13 domains to address both broad governance and specific operational issues. This Guidance is used as a foundation for the other research projects in the following slides that relate to compliance.
  • #22 Do visit the websiteDo join the LinkedIn Groups – you will receive regular email updates