SlideShare a Scribd company logo

Taming the compliance beast in cloud

Download as PPTX, PDF
Saumya Vishnoi
Saumya Vishnoi

This talk was presented in Cloud Security Alliance (CSA) Bangalore chapter meet in March 2017 on the topic of implementing and maintaining compliance in the cloud environment.

Technology
1 of 17
By Saumya Vishnoi
 Currently working in FreeCharge Information Security team  Information Security profession – about 6 years of experience  Ex- PCI QSA  Audited multiple environments
 All the information, discussion and views  presented in the talk are  personal !!!
 Increases workload  Creates extra process  Costly
 Business enabler –  PCI DSS for processing card details  RBI PSS for getting and running a digital wallet  Give confidence to clients and third party  Force organizations to give security a thought  Act as baseline for security Compliance acts as an enabler for security
 Ensure the compliance of Cloud provider  Check and verify the services that are part of their compliance.  Include them in your third party risk assessment section Don’t Blindly trust them !!!
 Not just compliance, check their Security policies as well  Regular audits and/or reports Because they may be compliant but not Secure
EMAIL: SAUM98@GMAIL.COM TWITTER: @SAUM98

Recommended

PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed Introduction
ControlCase
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overviewsameh Abulfotooh
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
okrantz
 
PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,
Khaled Mosharraf
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
Kimberly Simon MBA
 

Recommended

PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed Introduction
ControlCase
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overviewsameh Abulfotooh
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
okrantz
 
PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,
Khaled Mosharraf
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
Kimberly Simon MBA
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
Mohammad Makchudul Alam (Arif)
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
Kimberly Simon MBA
 
Privacy frameworks 101
Privacy frameworks 101Privacy frameworks 101
Privacy frameworks 101
Saumya Vishnoi
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
Rochester Security Summit
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overviewb28stu
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
InMobi Technology
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
Vikrant Burbure
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarAriel Ben-Harosh
 
PA-DSS
PA-DSSPA-DSS
PA-DSS
Christian Heinrich
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
Kimberly Simon MBA
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
Kimberly Simon MBA
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certificationAlexander Polyakov
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
Kimberly Simon MBA
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
Kimberly Simon MBA
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to Know
Terra Verde
 
Newcastle web design
Newcastle web designNewcastle web design
Newcastle web design
smithlopan8
 
3Com 3C6055
3Com 3C60553Com 3C6055
3Com 3C6055
savomir
 

More Related Content

What's hot

Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
Mohammad Makchudul Alam (Arif)
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
Kimberly Simon MBA
 
Privacy frameworks 101
Privacy frameworks 101Privacy frameworks 101
Privacy frameworks 101
Saumya Vishnoi
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
Rochester Security Summit
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overviewb28stu
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
InMobi Technology
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
Vikrant Burbure
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarAriel Ben-Harosh
 
PA-DSS
PA-DSSPA-DSS
PA-DSS
Christian Heinrich
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
Kimberly Simon MBA
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
Kimberly Simon MBA
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certificationAlexander Polyakov
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
Kimberly Simon MBA
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
Kimberly Simon MBA
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to Know
Terra Verde
 

What's hot (20)

Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
Privacy frameworks 101
Privacy frameworks 101Privacy frameworks 101
Privacy frameworks 101
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overview
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
 
PA-DSS
PA-DSSPA-DSS
PA-DSS
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certification
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to Know
 

Viewers also liked

Newcastle web design
Newcastle web designNewcastle web design
Newcastle web design
smithlopan8
 
3Com 3C6055
3Com 3C60553Com 3C6055
3Com 3C6055
savomir
 
Aparato digestivo
Aparato digestivoAparato digestivo
Aparato digestivo
Infantil El LLano
 
COLOR
COLORCOLOR
COLOR
marielle gaza
 
GEC 2017: Carl Meyer
GEC 2017: Carl MeyerGEC 2017: Carl Meyer
GEC 2017: Carl Meyer
Mark Marich
 
Datary seminario de big data - 18.03.2017
Datary seminario de big data - 18.03.2017Datary seminario de big data - 18.03.2017
Datary seminario de big data - 18.03.2017
Daniel Jadraque de Soria
 
IQ TEST
IQ TESTIQ TEST
IQ TEST
marielle gaza
 
Most Beautiful Islands in the World
Most Beautiful Islands in the WorldMost Beautiful Islands in the World
Most Beautiful Islands in the World
Anne Sharma
 
Hotel Booking System by Template124
Hotel Booking System by Template124Hotel Booking System by Template124
Hotel Booking System by Template124
Template124
 
Internet of Things Architecture / Topology
Internet of Things Architecture / TopologyInternet of Things Architecture / Topology
Internet of Things Architecture / Topology
NEEVEE Technologies
 
EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016
EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016
EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016
Δρ. Γιώργος K. Κασάπης
 
Antorcha
AntorchaAntorcha
Antorcha
mangelestejedor
 
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS" Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
FRAPS
 
GEC 2017: Living Box
GEC 2017: Living BoxGEC 2017: Living Box
GEC 2017: Living Box
Mark Marich
 
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS" Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
FRAPS
 
3Com 655-0107-01
3Com 655-0107-013Com 655-0107-01
3Com 655-0107-01
savomir
 
You tube resources & animation
You tube resources & animationYou tube resources & animation
You tube resources & animation
jenirose877
 

Viewers also liked (17)

Newcastle web design
Newcastle web designNewcastle web design
Newcastle web design
 
3Com 3C6055
3Com 3C60553Com 3C6055
3Com 3C6055
 
Aparato digestivo
Aparato digestivoAparato digestivo
Aparato digestivo
 
COLOR
COLORCOLOR
COLOR
 
GEC 2017: Carl Meyer
GEC 2017: Carl MeyerGEC 2017: Carl Meyer
GEC 2017: Carl Meyer
 
Datary seminario de big data - 18.03.2017
Datary seminario de big data - 18.03.2017Datary seminario de big data - 18.03.2017
Datary seminario de big data - 18.03.2017
 
IQ TEST
IQ TESTIQ TEST
IQ TEST
 
Most Beautiful Islands in the World
Most Beautiful Islands in the WorldMost Beautiful Islands in the World
Most Beautiful Islands in the World
 
Hotel Booking System by Template124
Hotel Booking System by Template124Hotel Booking System by Template124
Hotel Booking System by Template124
 
Internet of Things Architecture / Topology
Internet of Things Architecture / TopologyInternet of Things Architecture / Topology
Internet of Things Architecture / Topology
 
EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016
EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016
EAEE παραγωγή ασφαλίστρων δωδεκαμήνου 2016
 
Antorcha
AntorchaAntorcha
Antorcha
 
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS" Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №20 "MYFOOTBALL.WS"
 
GEC 2017: Living Box
GEC 2017: Living BoxGEC 2017: Living Box
GEC 2017: Living Box
 
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS" Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
Футбол (Украина) 2017 №21 "MYFOOTBALL.WS"
 
3Com 655-0107-01
3Com 655-0107-013Com 655-0107-01
3Com 655-0107-01
 
You tube resources & animation
You tube resources & animationYou tube resources & animation
You tube resources & animation
 

Similar to Taming the compliance beast in cloud

Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
Forte Advisory, Inc.
 
Cybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - CincinnatiCybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - Cincinnati
Identity Defined Security Alliance
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
1 Pci Compliance How To Doc
1 Pci Compliance How To Doc1 Pci Compliance How To Doc
1 Pci Compliance How To Doc
Loverboy3126
 
Information Security Statutory Compliance
Information Security Statutory ComplianceInformation Security Statutory Compliance
Information Security Statutory Compliance
Skillmine Technology Consulting
 
March Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance MeetupMarch Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance Meetup
Identity Defined Security Alliance
 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and Reality
Anton Chuvakin
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
Tariq Juneja
 
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategyIdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
Jean-François LOMBARDO
 
VendorRisk - Vendor Management Software
VendorRisk - Vendor Management SoftwareVendorRisk - Vendor Management Software
VendorRisk - Vendor Management Software
vendorrisk
 
123930653 cisa
123930653 cisa123930653 cisa
123930653 cisa
Anurag Kumar
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
ControlCase
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Just Enough Authentication
Just Enough AuthenticationJust Enough Authentication
Just Enough Authentication
ForgeRock Identity Tech Talks
 
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_finalSso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Grant Reveal
 
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days
 
PCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS TrainingPCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS Training
himalya sharma
 
PCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS TrainingPCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS Training
himalya sharma
 
Payment account data security – PCI DSS
Payment account data security – PCI DSSPayment account data security – PCI DSS
Payment account data security – PCI DSS
socassurance
 
SAS70 And Information Security
SAS70 And Information SecuritySAS70 And Information Security
SAS70 And Information SecurityEdgar352Harris
 

Similar to Taming the compliance beast in cloud (20)

Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
 
Cybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - CincinnatiCybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - Cincinnati
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
1 Pci Compliance How To Doc
1 Pci Compliance How To Doc1 Pci Compliance How To Doc
1 Pci Compliance How To Doc
 
Information Security Statutory Compliance
Information Security Statutory ComplianceInformation Security Statutory Compliance
Information Security Statutory Compliance
 
March Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance MeetupMarch Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance Meetup
 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and Reality
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategyIdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
 
VendorRisk - Vendor Management Software
VendorRisk - Vendor Management SoftwareVendorRisk - Vendor Management Software
VendorRisk - Vendor Management Software
 
123930653 cisa
123930653 cisa123930653 cisa
123930653 cisa
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Just Enough Authentication
Just Enough AuthenticationJust Enough Authentication
Just Enough Authentication
 
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_finalSso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
 
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
 
PCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS TrainingPCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS Training
 
PCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS TrainingPCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS Training
 
Payment account data security – PCI DSS
Payment account data security – PCI DSSPayment account data security – PCI DSS
Payment account data security – PCI DSS
 
SAS70 And Information Security
SAS70 And Information SecuritySAS70 And Information Security
SAS70 And Information Security
 

Recently uploaded

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
UiPathCommunity
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 

Recently uploaded (20)

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 

Taming the compliance beast in cloud

  • 2.  Currently working in FreeCharge Information Security team  Information Security profession – about 6 years of experience  Ex- PCI QSA  Audited multiple environments
  • 3.  All the information, discussion and views  presented in the talk are  personal !!!
  • 4.
  • 5.
  • 6.  Increases workload  Creates extra process  Costly
  • 7.  Business enabler –  PCI DSS for processing card details  RBI PSS for getting and running a digital wallet  Give confidence to clients and third party  Force organizations to give security a thought  Act as baseline for security Compliance acts as an enabler for security
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.  Ensure the compliance of Cloud provider  Check and verify the services that are part of their compliance.  Include them in your third party risk assessment section Don’t Blindly trust them !!!
  • 14.  Not just compliance, check their Security policies as well  Regular audits and/or reports Because they may be compliant but not Secure
  • 15.
  • 16.