• No results found

Global Efforts to Secure Cloud Computing

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Global Efforts to Secure Cloud Computing"

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

Global Efforts to Secure

Cloud Computing

Jim Reavis

Executive Director

(2)

Cloud: ushering in “IT Spring”

Technology consumerization and its offspring

Cloud: Compute as a utility

Smart Mobility: Compute anywhere

Challenges our assumptions about.. everything

Shifting balance of power towards technology users

Barriers to market entry in any industry

Organizational structure and business planning

Disrupting IT and IT security through agility

“Revolutions are not about trifles, but spring from trifles.”

(3)

The Hybrid Enterprise & Shadow IT

enterprise boundary public clouds private clouds cloud of users Notional organizational boundary

Cloud + Mobile

Dispersal of applications

Dispersal of data

Dispersal of users

Dispersal of endpoint

(4)

What is Cloud Computing?

Compute as a utility: third major era of computing

Cloud enabled by

Moore’s Law

Hyperconnectivity

Provider scale

SOA

Key characteristics

Elastic & on-demand

Multi-tenancy

Metered service

Broadly available

(5)

Key Trust Issues

Transparency & visibility from providers

Compatible laws across jurisdictions

Data sovereignty

Incomplete standards

True multi-tenant technologies & architecture

Incomplete Identity Mgt implementations

Consumer awareness & engagement

How do we gracefully “lose control” of IT and have

greater confidence in its security?

(6)

About the Cloud Security Alliance

Global, not-for-profit organization

Over 33,000 individual members, 150 corporate

members, 60 chapters

Building best practices and a trusted cloud ecosystem

Research

Education

Certification

Advocacy of prudent public policy

Innovation, Transparency, GRC, Identity

“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help

(7)

Global efforts

Europe

Proposed EU Data Privacy Regulation

EC European Cloud Partnership

US Federal government

NIST

FedRAMP

APAC

Standards bodies

ISO SC 27

ITU-T FG 17

(8)

Key CSA Contributions

Governance and Enterprise Risk Management

Legal and Electronic Discovery Compliance and Audit

Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster

Recovery

Data Center Operations

Incident Response, Notification, Remediation

Application Security

Encryption and Key Management Identity and Access Management

Virtualization Cloud Architecture O p e ra ti n g i n t h e C lo u d G o v e rn in g th e C lo u d Security as a Service

(9)

CSA GRC Stack

Control Requirements Provider Assertions Private, Community & Public Clouds

Family of 4 research projects

Cloud Controls Matrix

Consensus Assessments Initiative

Cloud Audit

Cloud Trust Protocol

Tools for governance, risk and compliance mgt

Enabling automation and

(10)

CSA STAR Registry

• CSA STAR (Security, Trust and Assurance Registry) • Public Registry of Cloud Provider self assessments

• Based on Consensus Assessments Initiative Questionnaire

• Provider may substitute documented Cloud Controls Matrix compliance

• Voluntary industry action promoting transparency • Security as a market differentiator

(11)

CCSK – Certificate of Cloud Security

Knowledge

• Benchmark of cloud security competency

• Measures mastery of CSA guidance and ENISA

cloud risks whitepaper

• Understand cloud issues

• Look for the CCSKs at cloud providers,

consulting partners

• Online web-based examination

www.cloudsecurityalliance.org/certifyme

(12)

Security as a Service

Information Security Industry Re-invented

Define Security as a Service – security delivered via

the cloud

Articulate solution categories within Security as a

Service

Guidance for adoption of Security as a Service

Align with other CSA research

Delivered as the 14

th

domain within CSA Guidance

version 3.

(13)

CSA Mobile

Mobile – the Portal to the Cloud

• BYOD, New OSes, application stores, mobile clouds…

Our Initiative

• Security Guidance for Critical Areas of Focus in Mobile Computing • Secure application stores

• Solutions for personal and business use of a common mobile device • Cloud-based security mgt of mobile devices

• Security frameworks and architecture

• Scalable authentication and secure mobile app development

(14)

Migrating to the Cloud

Shared

Responsibility

Strategy

Education

Architecture /

Framework

Due Diligence

(15)

Summary

• Challenges remain

• Governments, SDOs, Industry actively

addressing issues

• More tools available than you think

• Waiting not an option

• Identify IT options appropriate for specific

cloud

• Leverage business drivers & risk mgt

• Be Agile!

(16)

For more information

Research:

www.cloudsecurityalliance.org/research/

CCSK Certification:

www.cloudsecurityalliance.org/certifyme

Chapters:

www.cloudsecurityalliance.org/chapters

[email protected]

LinkedIn:

www.linkedin.com/groups?gid=1864210

Twitter: @cloudsa

(17)

References

Download now ( PDF - 17 Page - 1.66 MB )

Related documents

Inshore shrimps - Family, Genera and species of commercial importance in India

Thelycum with a long grooved tongue like anterior plate partially ensheathed in a horse shoe like process formed by lateral plates.. Body pale yellow

Roseleigh Care Home. Constantia Healthcare (Middlesbrough) Limited. Overall rating for this service. Inspection report. Ratings.

Effective – this means we looked for evidence that people's care, treatment and support achieved good outcomes and promoted a good quality of life, based on best available

UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT

Marshak quibbles with the district court’s reliance on the res judicata effect of the Nevada actions—the 2011 default judgment against FPI and the 2012 preliminary

Structural Interpretation of Abakiliki – Ugep, using Airborne Magnetic and Landsat Thematic Mapper (TM) Data

Structural interpretation of Abakaliki–Ugep area using aeromagnetic and Landsat data was carried out to determine the depth to the magnetic basement, delineate the basement

Rakennustuotedirektiivin (89/106/EEC) artiklan 10, neuvoston direktiivi 21. joulukuuta 1988, mukaisesti notifioitu tuotehyväksyntälaitos EOTAN JÄSEN

The fitness of the anchors for the intended use is given under the following conditions: The anchorages are designed in accordance with the “Guideline for European Technical

Detection Method of Subclinical Atherosclerosis of the Carotid Artery with a Hemodynamics Modeling Approach

Laminar and turbulent flow, dictated by Reynolds number and relative roughness, was modeled through the carotid artery bifurcation to compare shear stress and shear

Radiographic Comparison between Cervical Spine Lateral and Whole-Spine Lateral Standing Radiographs.

The radiographs were measured using standard techni- ques to obtain the following parameters from the two different radiographs: occipital– C2 angle, C2 –C7 angle, C7–sternal

Current but not past smoking increases the risk of cardiac events: insights from coronary computed tomographic angiography

The purpose of this study is to examine whether there is a difference in the presence, extent, severity of CAD as well as plaque type by CCTA to explore the relationships of these