SlideShare uma empresa Scribd logo

Csa about-threats-june-2010-ibm

Transferir como PPTX, PDF
S
Sergio Loureiro
TecnologiaNegócios
1 de 23
Cloud Security Alliance: Assuring the future of Cloud Computing Sergio Loureiro, CSA founding member sergio@secludit.com IBM La Gaude, 23rd June 2010
About the Cloud Security Alliance Global, not-for-profit organization Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
Membership 50+ Corporate Members 12 non-profit affiliations 10,000 individual members growing by 300/week Broad Geographical Distribution Working Group activities performed through individual membership class
Corporate Members
S-P-I Framework You “RFP” security in SaaS Software as a Service You build security in PaaS Platform as a Service IaaS Infrastructure as a Service
Top Threats to Cloud Computing
Shared Technology Vulnerabilities
Data Loss / Data Leakage
Malicious Insiders
Interception or Hijacking of Traffic
Insecure APIs
Nefarious Use of Service
Unknown Risk Profile
Top Threats - Status
CSA Research ProjectsGo to www.cloudsecurityalliance.org/Research.html for Research dashboard and Working Group signup
CSA Guidance Research Cloud Architecture Popular best practices for securing cloud computing 13 Domains of concern – governing & operating groupings Foundation for CSA research Governance and Enterprise Risk Management Legal and Electronic Discovery Governing the Cloud Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Operating in the Cloud Encryption and Key Management Identity and Access Management Virtualization Guidance > 100k downloads: cloudsecurityalliance.org/guidance
CSA Guidance Research - Status Cloud Architecture Ver 2.1 released Dec 2009 Ver 3 mid-2011 2010 focus Translations Wiki format Per domain whitepapers (not official guidance) Governance and Enterprise Risk Management Legal and Electronic Discovery Governing the Cloud Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Operating in the Cloud Encryption and Key Management Identity and Access Management Virtualization
Guidance Highlights - Governance Best opportunity to secure cloud engagement is before procurement – contracts, SLAs, architecture Know provider’s third parties, BCM/DR, financial viability, employee vetting Identify data location when possible Plan for provider termination & return of assets Preserve right to audit Reinvest provider cost savings into due diligence
Guidance Highlights - Operating Encrypt data when possible, segregate key mgt from cloud provider Adapt secure software development lifecycle Understand provider’s patching, provisioning, protection Logging, data exfiltration, granular customer segregation Hardened VM images Assess provider IdM integration, e.g. SAML, OpenID
CSA Research Projects Cloud Controls Matrix Tool Trusted Cloud Initiative Consensus Assessments Initiative Cloud Metrics Research
Contact Help us secure cloud computing www.cloudsecurityalliance.org info@cloudsecurityalliance.org LinkedIn: www.linkedin.com/groups?gid=1864210 Twitter: @cloudsa
Summary Cloud Computing is real and transformational Challenges for People, Process, Technology, Organizations and Countries Broad governance approach needed Tactical fixes needed Combination of updating existing best practices and creating completely new best practices Adapting controls into “all virtual” environment
Thank you!sergio@secludit.comBlog elastic-security.com, Twitter @elasticsecurity

Recomendados

Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
technext1
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseThe Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
Moshe Ferber
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs help
CipherCloud
 
Secure Cloud Reference Architecture
Secure Cloud Reference ArchitectureSecure Cloud Reference Architecture
Secure Cloud Reference Architecture
Mithilesh Kumar - AWS, VCP,ITIL,SSCA
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
Happiest Minds Technologies
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With IT
Nainil Chheda
 
Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyen
Thuan Ng
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - Zymr
ZYMR, INC.
 

Recomendados

Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
technext1
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseThe Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
Moshe Ferber
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs help
CipherCloud
 
Secure Cloud Reference Architecture
Secure Cloud Reference ArchitectureSecure Cloud Reference Architecture
Secure Cloud Reference Architecture
Mithilesh Kumar - AWS, VCP,ITIL,SSCA
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
Happiest Minds Technologies
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With IT
Nainil Chheda
 
Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyen
Thuan Ng
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - Zymr
ZYMR, INC.
 
Cloud Security Top Threats
Cloud Security Top ThreatsCloud Security Top Threats
Cloud Security Top Threats
Tiago de Almeida
 
Threats and risks to cloud computing
Threats and risks to cloud computingThreats and risks to cloud computing
Threats and risks to cloud computing
Ryo Matsumoto
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security Policies
Aamir Sohail
 
Top 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in HealthcareTop 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in Healthcare
Bitglass
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
Armor
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabia
Faysal Ghauri
 
Windstream Managed Network Security Infographic
Windstream Managed Network Security InfographicWindstream Managed Network Security Infographic
Windstream Managed Network Security Infographic
Ideba
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
Shah Sheikh
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
VivianMarcello3
 
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataSecuring Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
Pistoia Alliance
 
Csathreats.v1.0
Csathreats.v1.0Csathreats.v1.0
Csathreats.v1.0
vivek_kale27
 
Cloud Types and Security- Which one is right for you?
Cloud Types and Security- Which one is right for you?Cloud Types and Security- Which one is right for you?
Cloud Types and Security- Which one is right for you?
Fuji Xerox Asia Pacific
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Windstream Managed Network Security Ebook
Windstream Managed Network Security EbookWindstream Managed Network Security Ebook
Windstream Managed Network Security Ebook
Ideba
 
Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12
Thilak Pathirage -Senior IT Gov and Risk Consultant
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security Presentation
Ideba
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responses
shafzonly
 
Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-management
Amit Bhargava
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical Services
Dave Reeves
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights Management
Rahul Neel Mani
 
Internet of Things - October 2013 - Chandna
Internet of Things - October 2013 - ChandnaInternet of Things - October 2013 - Chandna
Internet of Things - October 2013 - Chandna
Asheem Chandna
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink You
Skyhigh Networks
 

Mais conteúdo relacionado

Mais procurados

Threats and risks to cloud computing
Threats and risks to cloud computingThreats and risks to cloud computing
Threats and risks to cloud computing
Ryo Matsumoto
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 

Mais procurados (20)

Cloud Security Top Threats
Cloud Security Top ThreatsCloud Security Top Threats
Cloud Security Top Threats
 
Threats and risks to cloud computing
Threats and risks to cloud computingThreats and risks to cloud computing
Threats and risks to cloud computing
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security Policies
 
Top 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in HealthcareTop 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in Healthcare
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabia
 
Windstream Managed Network Security Infographic
Windstream Managed Network Security InfographicWindstream Managed Network Security Infographic
Windstream Managed Network Security Infographic
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
 
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataSecuring Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
 
Csathreats.v1.0
Csathreats.v1.0Csathreats.v1.0
Csathreats.v1.0
 
Cloud Types and Security- Which one is right for you?
Cloud Types and Security- Which one is right for you?Cloud Types and Security- Which one is right for you?
Cloud Types and Security- Which one is right for you?
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Windstream Managed Network Security Ebook
Windstream Managed Network Security EbookWindstream Managed Network Security Ebook
Windstream Managed Network Security Ebook
 
Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security Presentation
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responses
 
Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-management
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical Services
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights Management
 

Destaque

Internet of Things - October 2013 - Chandna
Internet of Things - October 2013 - ChandnaInternet of Things - October 2013 - Chandna
Internet of Things - October 2013 - Chandna
Asheem Chandna
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink You
Skyhigh Networks
 
Internet of things - Frantic
Internet of things - FranticInternet of things - Frantic
Internet of things - Frantic
Miika Puputti
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
Amazon Web Services
 

Destaque (19)

Internet of Things - October 2013 - Chandna
Internet of Things - October 2013 - ChandnaInternet of Things - October 2013 - Chandna
Internet of Things - October 2013 - Chandna
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink You
 
The Dark Side of the Web
The Dark Side of the WebThe Dark Side of the Web
The Dark Side of the Web
 
The 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudThe 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the Cloud
 
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseThe Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015
 
Internet of things - Frantic
Internet of things - FranticInternet of things - Frantic
Internet of things - Frantic
 
Cloud Security Alliance - Guidance
Cloud Security Alliance - GuidanceCloud Security Alliance - Guidance
Cloud Security Alliance - Guidance
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
 
16 Inspirational Quotes From the Late, Great Steve Jobs
16 Inspirational Quotes From the Late, Great Steve Jobs16 Inspirational Quotes From the Late, Great Steve Jobs
16 Inspirational Quotes From the Late, Great Steve Jobs
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
 
Deployer son propre SOC !
Deployer son propre SOC ! Deployer son propre SOC !
Deployer son propre SOC !
 
Cloud workload protection for obs by seclud it
Cloud workload protection for obs by seclud itCloud workload protection for obs by seclud it
Cloud workload protection for obs by seclud it
 
Microservices docker-security
Microservices docker-securityMicroservices docker-security
Microservices docker-security
 
The real cost of ignoring network security.
The real cost of ignoring network security.The real cost of ignoring network security.
The real cost of ignoring network security.
 
Innovations dans la cybersecurite
Innovations dans la cybersecuriteInnovations dans la cybersecurite
Innovations dans la cybersecurite
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
 

Semelhante a Csa about-threats-june-2010-ibm

Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
INFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTINGINFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTING
ijitcs
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
Matthew Moldvan
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
inventionjournals
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
Kashyap Kunal
 

Semelhante a Csa about-threats-june-2010-ibm (20)

UNIT -V.docx
UNIT -V.docxUNIT -V.docx
UNIT -V.docx
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
 
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdfUNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
 
INFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTINGINFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTING
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
legal and ethical.ppt
legal and ethical.pptlegal and ethical.ppt
legal and ethical.ppt
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
 
OWASP Cloud Top 10
OWASP Cloud Top 10OWASP Cloud Top 10
OWASP Cloud Top 10
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
 
cloud1_aggy.pdf
cloud1_aggy.pdfcloud1_aggy.pdf
cloud1_aggy.pdf
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
 
htcia-5-2015
htcia-5-2015htcia-5-2015
htcia-5-2015
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

Csa about-threats-june-2010-ibm

  • 1. Cloud Security Alliance: Assuring the future of Cloud Computing Sergio Loureiro, CSA founding member sergio@secludit.com IBM La Gaude, 23rd June 2010
  • 2. About the Cloud Security Alliance Global, not-for-profit organization Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
  • 3. Membership 50+ Corporate Members 12 non-profit affiliations 10,000 individual members growing by 300/week Broad Geographical Distribution Working Group activities performed through individual membership class
  • 5. S-P-I Framework You “RFP” security in SaaS Software as a Service You build security in PaaS Platform as a Service IaaS Infrastructure as a Service
  • 6. Top Threats to Cloud Computing
  • 8. Data Loss / Data Leakage
  • 12. Nefarious Use of Service
  • 14. Top Threats - Status
  • 15. CSA Research ProjectsGo to www.cloudsecurityalliance.org/Research.html for Research dashboard and Working Group signup
  • 16. CSA Guidance Research Cloud Architecture Popular best practices for securing cloud computing 13 Domains of concern – governing & operating groupings Foundation for CSA research Governance and Enterprise Risk Management Legal and Electronic Discovery Governing the Cloud Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Operating in the Cloud Encryption and Key Management Identity and Access Management Virtualization Guidance > 100k downloads: cloudsecurityalliance.org/guidance
  • 17. CSA Guidance Research - Status Cloud Architecture Ver 2.1 released Dec 2009 Ver 3 mid-2011 2010 focus Translations Wiki format Per domain whitepapers (not official guidance) Governance and Enterprise Risk Management Legal and Electronic Discovery Governing the Cloud Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Operating in the Cloud Encryption and Key Management Identity and Access Management Virtualization
  • 18. Guidance Highlights - Governance Best opportunity to secure cloud engagement is before procurement – contracts, SLAs, architecture Know provider’s third parties, BCM/DR, financial viability, employee vetting Identify data location when possible Plan for provider termination & return of assets Preserve right to audit Reinvest provider cost savings into due diligence
  • 19. Guidance Highlights - Operating Encrypt data when possible, segregate key mgt from cloud provider Adapt secure software development lifecycle Understand provider’s patching, provisioning, protection Logging, data exfiltration, granular customer segregation Hardened VM images Assess provider IdM integration, e.g. SAML, OpenID
  • 20. CSA Research Projects Cloud Controls Matrix Tool Trusted Cloud Initiative Consensus Assessments Initiative Cloud Metrics Research
  • 21. Contact Help us secure cloud computing www.cloudsecurityalliance.org info@cloudsecurityalliance.org LinkedIn: www.linkedin.com/groups?gid=1864210 Twitter: @cloudsa
  • 22. Summary Cloud Computing is real and transformational Challenges for People, Process, Technology, Organizations and Countries Broad governance approach needed Tactical fixes needed Combination of updating existing best practices and creating completely new best practices Adapting controls into “all virtual” environment

Notas do Editor

  1. The security approach and role varies depending on the delivery model
  2. SecureCloud – ISACA, ENISA, IEEE & CSA
  3. The CSA Guidance is our flagship research that provides a broad catalog of best practices. It contains 13 domains to address both broad governance and specific operational issues. This Guidance is used as a foundation for the other research projects in the following slides that relate to compliance.
  4. The CSA Guidance is our flagship research that provides a broad catalog of best practices. It contains 13 domains to address both broad governance and specific operational issues. This Guidance is used as a foundation for the other research projects in the following slides that relate to compliance.
  5. Do visit the websiteDo join the LinkedIn Groups – you will receive regular email updates