Advantages of Hiring UIUX Design Service Providers for Your Business
Csa about-threats-june-2010-ibm
1. Cloud Security Alliance: Assuring the future of Cloud Computing Sergio Loureiro, CSA founding member sergio@secludit.com IBM La Gaude, 23rd June 2010
2. About the Cloud Security Alliance Global, not-for-profit organization Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
3. Membership 50+ Corporate Members 12 non-profit affiliations 10,000 individual members growing by 300/week Broad Geographical Distribution Working Group activities performed through individual membership class
15. CSA Research ProjectsGo to www.cloudsecurityalliance.org/Research.html for Research dashboard and Working Group signup
16. CSA Guidance Research Cloud Architecture Popular best practices for securing cloud computing 13 Domains of concern – governing & operating groupings Foundation for CSA research Governance and Enterprise Risk Management Legal and Electronic Discovery Governing the Cloud Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Operating in the Cloud Encryption and Key Management Identity and Access Management Virtualization Guidance > 100k downloads: cloudsecurityalliance.org/guidance
17. CSA Guidance Research - Status Cloud Architecture Ver 2.1 released Dec 2009 Ver 3 mid-2011 2010 focus Translations Wiki format Per domain whitepapers (not official guidance) Governance and Enterprise Risk Management Legal and Electronic Discovery Governing the Cloud Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Operating in the Cloud Encryption and Key Management Identity and Access Management Virtualization
18. Guidance Highlights - Governance Best opportunity to secure cloud engagement is before procurement – contracts, SLAs, architecture Know provider’s third parties, BCM/DR, financial viability, employee vetting Identify data location when possible Plan for provider termination & return of assets Preserve right to audit Reinvest provider cost savings into due diligence
19. Guidance Highlights - Operating Encrypt data when possible, segregate key mgt from cloud provider Adapt secure software development lifecycle Understand provider’s patching, provisioning, protection Logging, data exfiltration, granular customer segregation Hardened VM images Assess provider IdM integration, e.g. SAML, OpenID
20. CSA Research Projects Cloud Controls Matrix Tool Trusted Cloud Initiative Consensus Assessments Initiative Cloud Metrics Research
21. Contact Help us secure cloud computing www.cloudsecurityalliance.org info@cloudsecurityalliance.org LinkedIn: www.linkedin.com/groups?gid=1864210 Twitter: @cloudsa
22. Summary Cloud Computing is real and transformational Challenges for People, Process, Technology, Organizations and Countries Broad governance approach needed Tactical fixes needed Combination of updating existing best practices and creating completely new best practices Adapting controls into “all virtual” environment
The security approach and role varies depending on the delivery model
SecureCloud – ISACA, ENISA, IEEE & CSA
The CSA Guidance is our flagship research that provides a broad catalog of best practices. It contains 13 domains to address both broad governance and specific operational issues. This Guidance is used as a foundation for the other research projects in the following slides that relate to compliance.
The CSA Guidance is our flagship research that provides a broad catalog of best practices. It contains 13 domains to address both broad governance and specific operational issues. This Guidance is used as a foundation for the other research projects in the following slides that relate to compliance.
Do visit the websiteDo join the LinkedIn Groups – you will receive regular email updates