Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

C-Level tools for Cloud security

647 views

Published on

Cloud Security Alliance UK presentation for Cloud World Forum 2015 in London. What companies should do to make correct decision when considering cloud solutions.

Published in: Technology
  • The #1 Woodworking Resource With Over 16,000 Plans, Download 50 FREE Plans... ➤➤ http://t.cn/A6hKZsXN
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • There are over 16,000 woodworking plans that comes with step-by-step instructions and detailed photos, Click here to take a look ♣♣♣ http://tinyurl.com/yy9yh8fu
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • The #1 Woodworking Resource With Over 16,000 Plans, Download 50 FREE Plans... ◆◆◆ http://ishbv.com/tedsplans/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

C-Level tools for Cloud security

  1. 1. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Everyone is in Cloud, shouldn't we be too?” Tools C-level can use to make informed decisions Cloud World Forum 2015, 25 June 2015 Vladimir Jirasek, CSA UK Research
  2. 2. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Case study
  3. 3. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Your organisation stakeholders and Cloud Customers Business managers, CEO/CFO CIO Legal Security Is my data safe and available? Happiness 😀 Customer satisfaction, ROI, EBITDA ROI, System architecture, Migrations Legality of data processing and locations, Privacy Security architecture, Cyber threats, Monitoring
  4. 4. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Prepare your organisation for Cloud deployments People training & awareness Processes & Governance Technology architecture & controls
  5. 5. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Does you organisation have a Cloud policy? Generic requirements • Requirement 1: Discover Cloud services being used in organisation • Requirement 2: Alignment of organisation enterprise and security architectures with the Cloud Before a Cloud service procurement • Requirement 3: Comply with organisation data classification requirements • Requirement 4: Encrypt all sensitive data processed in the Cloud • Requirement 5: Link the Cloud service into the organisation Identity and Access architecture and monitoring of activities of users During a Cloud service procurement • Requirement 6: Perform due diligence activities before the contract is signed During a Cloud service procurement (contd) • Requirement 7: Require “Right to audit” clause in the contract • Requirement 8: Know locations of personal identifiable information in the cloud • Requirement 9: Assess the availability of the Cloud services • Requirement 10: Assess the cloud provider’s security arrangements • Requirement 11: Assess the Cloud provider’s ability to comply with the organisation forensic investigations Running a Cloud service • Requirement 12: Limit the use of live data for testing and development purposes • Requirement 13: Monitor Cloud providers security arrangements Decommissioning a Cloud service • Requirement 14: Destroy sensitive information when not required
  6. 6. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Cloud Security Alliance offers multiple tools https://cloudsecurityalliance.org/star/ http://www.nist.gov/itl/cloud/
  7. 7. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Get involved! Share knowledge and push towards transparency and standards Call for contributors for a new version of CSA Cloud Guidance, opened on Monday, June 8, for 6 weeks https://cloudsecurityalliance.org/media/news/call-for-volunteers- security-guidance-for-critical-areas-of-focus-in-cloud-computing/

×