SlideShare uma empresa Scribd logo

Forecast odcau6 100_eb

Transferir como PPTX, PDF
Open Data Center Alliance
Open Data Center Alliance
1 de 13
SECURITY ASSURANCE Matt Lowth (NAB) Ian Lamont (BMW)
RISK IN THE CLOUD 2ODCA Provider Assurance 2013 |
BACKGROUND – USAGE MODELS 3ODCA Provider Assurance 2013 | Provider Assurance; Data Security Framework; Security Monitoring; Identity Mgmt Interoperability; Identity Mgmt and Governance; IaaS Privileged User Access; Single Sign On Authentication IO Control; VM Interoperability in a Hybrid Cloud; Long Distance Workload Migration Software Entitlement Mgmt; Regulatory Framework PaaS Interoperability; SaaS Interoperability; Interoperability across Clouds; Carbon Footprint; Service Catalogue Secure Federation Automation Common Management and Policy Transparency
AGENDA 4ODCA Provider Assurance 2013 | Lessons that will support security in my business Topic Discuss Learning Cloud Provider Assurance Why / What / How
UM CORE – MODEL & USAGE SCENARIOS 5ODCA Provider Assurance 2013 |
PROVIDER ASSURANCE FRAMEWORK 6ODCA Provider Assurance 2013 | Assurance Level Bronze Silver Gold Platinum Description Represents the lower- end corporate security requirement and may equate to a higher level for a small to medium business customer Represents a standard level of corporate security likely to be evident in many enterprises Represents an improved level of security that would normally be associated with the processing of sensitive corporate data. Represents the highest level of contemplated corporate requirements Example Development environment Test environment; “out of the-box” production environment Finance sector production environment Special purpose, high-end security requirement
BRONZE • Virus scanning • Physical Access control • Secure protocols used • ITIL Process Usage • Default Passwords removed • Source Code analysis • IT Security Policy • Provider staff management • Data Security training 7ODCA Provider Assurance 2013 | • Vulnerability Mgmt • Firewall isolation • Identity Management • Data retention and deletion • Security Incident and Event Monitoring
SILVER • Network Intrusion Prevention • Event Logging for administrators • Technical Continuity Plan • Fully documented network • Safe Harbor for EU subscribers • Provider risk assessments • Provider config and asset mgmt • DoS protection • Guaranteed data deletion 8ODCA Provider Assurance 2013 | • Vulnerability Mgmt • Firewall isolation • Identity Management • Data retention and deletion • Security Incident and Event Monitoring • Encryption key mgmt
GOLD • Option to perform pen testing • Physical segmentation of hw • Multi factor authentication • Ability to define geographic hosting limits • No default admin access • Strong data encryption • Accredited provider processes 9ODCA Provider Assurance 2013 | • Vulnerability Mgmt • Firewall isolation • Identity Management • Data retention and deletion • Security Incident and Event Monitoring
GENERAL QUESTIONS (TO THE AUDIENCE)  As providers, are your products secured to one or more of the levels described?  As subscribers, would you buy from a provider if he advertised one of these levels 10ODCA Provider Assurance 2013 |
INFORMATION AND ASSETS 11ODCA Provider Assurance 2013 | Available to Members at: www.opendatacenteralliance.org URL for Public content: www.opendatacenteralliance.org Standardized Response Checklists Accelerate TTM Shared Practices Drive Scale Streamlined Requirements Accelerate Adoption
QUESTIONS 12ODCA Provider Assurance 2013 | www.opendatacenteralliance.org Security Provider Assurance Ensuring that the Cloud is secure
© 2013 Open Data Center Alliance, Inc. ALL RIGHTS RESERVED.

Recomendados

Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...ForgeRock
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
Web application firewall advanced
Web application firewall advancedWeb application firewall advanced
Web application firewall advancedWeb Application Scanning
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?WSO2
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 

Recomendados

Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...ForgeRock
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
Web application firewall advanced
Web application firewall advancedWeb application firewall advanced
Web application firewall advancedWeb Application Scanning
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?WSO2
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - ApresentaçãoAdoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - ApresentaçãoClavis Segurança da Informação
 
RSA Advisory Part I
RSA Advisory Part IRSA Advisory Part I
RSA Advisory Part IOnomi
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.Workshop on Identity & Access Management.
Workshop on Identity & Access Management.cisoplatform
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsAnton Chuvakin
 
How Secure is Azure?
How Secure is Azure?How Secure is Azure?
How Secure is Azure?Lai Yoong Seng
 
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...Cloud Security Alliance, UK chapter
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.Moshe Ferber
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...Enterprise Management Associates
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
 
Conquest Security Capabilities
Conquest Security CapabilitiesConquest Security Capabilities
Conquest Security CapabilitiesConquest Security, Inc.
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataInMobi Technology
 
Respuesta ministerio sobre LIDEAUTO mayo 2014
Respuesta ministerio sobre LIDEAUTO mayo 2014Respuesta ministerio sobre LIDEAUTO mayo 2014
Respuesta ministerio sobre LIDEAUTO mayo 2014Jose Manuel Gonzalez Esquivel
 
A2 Media Evaluation - Question 2
A2 Media Evaluation - Question 2A2 Media Evaluation - Question 2
A2 Media Evaluation - Question 2Amisha Patel
 

Mais conteúdo relacionado

Mais procurados

Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - ApresentaçãoAdoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - ApresentaçãoClavis Segurança da Informação
 
RSA Advisory Part I
RSA Advisory Part IRSA Advisory Part I
RSA Advisory Part IOnomi
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.Workshop on Identity & Access Management.
Workshop on Identity & Access Management.cisoplatform
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsAnton Chuvakin
 
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...Cloud Security Alliance, UK chapter
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.Moshe Ferber
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...Enterprise Management Associates
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataInMobi Technology
 

Mais procurados (20)

Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...
 
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - ApresentaçãoAdoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
 
RSA Advisory Part I
RSA Advisory Part IRSA Advisory Part I
RSA Advisory Part I
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.Workshop on Identity & Access Management.
Workshop on Identity & Access Management.
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
 
How Secure is Azure?
How Secure is Azure?How Secure is Azure?
How Secure is Azure?
 
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial Services
 
Conquest Security Capabilities
Conquest Security CapabilitiesConquest Security Capabilities
Conquest Security Capabilities
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
 

Destaque

A2 Media Evaluation - Question 2
A2 Media Evaluation - Question 2A2 Media Evaluation - Question 2
A2 Media Evaluation - Question 2Amisha Patel
 
A2 Media Evaluation – Question 3
A2 Media Evaluation – Question 3A2 Media Evaluation – Question 3
A2 Media Evaluation – Question 3Amisha Patel
 
Media Presentation
Media PresentationMedia Presentation
Media PresentationAmisha Patel
 
Мономакс.
Мономакс.Мономакс.
Мономакс.Monomax
 
Music Magazine Evaluation
Music Magazine EvaluationMusic Magazine Evaluation
Music Magazine EvaluationAmisha Patel
 
A2 Media Evaluation - Question 4
A2 Media Evaluation - Question 4 A2 Media Evaluation - Question 4
A2 Media Evaluation - Question 4 Amisha Patel
 
A2 Media Evaluation - Question 1
A2 Media Evaluation - Question 1A2 Media Evaluation - Question 1
A2 Media Evaluation - Question 1Amisha Patel
 

Destaque (8)

Respuesta ministerio sobre LIDEAUTO mayo 2014
Respuesta ministerio sobre LIDEAUTO mayo 2014Respuesta ministerio sobre LIDEAUTO mayo 2014
Respuesta ministerio sobre LIDEAUTO mayo 2014
 
A2 Media Evaluation - Question 2
A2 Media Evaluation - Question 2A2 Media Evaluation - Question 2
A2 Media Evaluation - Question 2
 
A2 Media Evaluation – Question 3
A2 Media Evaluation – Question 3A2 Media Evaluation – Question 3
A2 Media Evaluation – Question 3
 
Media Presentation
Media PresentationMedia Presentation
Media Presentation
 
Мономакс.
Мономакс.Мономакс.
Мономакс.
 
Music Magazine Evaluation
Music Magazine EvaluationMusic Magazine Evaluation
Music Magazine Evaluation
 
A2 Media Evaluation - Question 4
A2 Media Evaluation - Question 4 A2 Media Evaluation - Question 4
A2 Media Evaluation - Question 4
 
A2 Media Evaluation - Question 1
A2 Media Evaluation - Question 1A2 Media Evaluation - Question 1
A2 Media Evaluation - Question 1
 

Semelhante a Forecast odcau6 100_eb

Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
De-Witt Tromp- Introduction to Zero Trust & SASE.
De-Witt Tromp- Introduction to Zero Trust & SASE.De-Witt Tromp- Introduction to Zero Trust & SASE.
De-Witt Tromp- Introduction to Zero Trust & SASE.itnewsafrica
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
Softchoice & Microsoft: Public Cloud Security Webinar
Softchoice & Microsoft: Public Cloud Security WebinarSoftchoice & Microsoft: Public Cloud Security Webinar
Softchoice & Microsoft: Public Cloud Security WebinarSoftchoice Corporation
 
Barracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSBarracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSAmazon Web Services
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01promediakw
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10stavvmc
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
G06.2014 magic quadrant for secure web gateways
G06.2014 magic quadrant for secure web gatewaysG06.2014 magic quadrant for secure web gateways
G06.2014 magic quadrant for secure web gatewaysSatya Harish
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptxchelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfSahilSingh316535
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 

Semelhante a Forecast odcau6 100_eb (20)

Forecast odcau7 100_ak2
Forecast odcau7 100_ak2Forecast odcau7 100_ak2
Forecast odcau7 100_ak2
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
De-Witt Tromp- Introduction to Zero Trust & SASE.
De-Witt Tromp- Introduction to Zero Trust & SASE.De-Witt Tromp- Introduction to Zero Trust & SASE.
De-Witt Tromp- Introduction to Zero Trust & SASE.
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Softchoice & Microsoft: Public Cloud Security Webinar
Softchoice & Microsoft: Public Cloud Security WebinarSoftchoice & Microsoft: Public Cloud Security Webinar
Softchoice & Microsoft: Public Cloud Security Webinar
 
Barracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSBarracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWS
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azure
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
 
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
 
451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
G06.2014 magic quadrant for secure web gateways
G06.2014 magic quadrant for secure web gatewaysG06.2014 magic quadrant for secure web gateways
G06.2014 magic quadrant for secure web gateways
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 

Mais de Open Data Center Alliance

Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence StrategiesCloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence StrategiesOpen Data Center Alliance
 
Open Data Center Alliance 2014 Member Survey on Cloud Adoption
Open Data Center Alliance 2014 Member Survey on Cloud AdoptionOpen Data Center Alliance 2014 Member Survey on Cloud Adoption
Open Data Center Alliance 2014 Member Survey on Cloud AdoptionOpen Data Center Alliance
 
ODCA Board Best Practice: High Performance Computing at BMW
ODCA Board Best Practice: High Performance Computing at BMWODCA Board Best Practice: High Performance Computing at BMW
ODCA Board Best Practice: High Performance Computing at BMWOpen Data Center Alliance
 
Forecast 2014: Making Better Business Decisions with Big Data and IoT
Forecast 2014: Making Better Business Decisions with Big Data and IoTForecast 2014: Making Better Business Decisions with Big Data and IoT
Forecast 2014: Making Better Business Decisions with Big Data and IoTOpen Data Center Alliance
 
Forecast 2014: The Grand Challenge, Simplifying IT to Unleash Innovation
Forecast 2014: The Grand Challenge, Simplifying IT to Unleash InnovationForecast 2014: The Grand Challenge, Simplifying IT to Unleash Innovation
Forecast 2014: The Grand Challenge, Simplifying IT to Unleash InnovationOpen Data Center Alliance
 
Forecast 2014: Why Open Platforms Matter to Enterprises and Developers
Forecast 2014: Why Open Platforms Matter to Enterprises and DevelopersForecast 2014: Why Open Platforms Matter to Enterprises and Developers
Forecast 2014: Why Open Platforms Matter to Enterprises and DevelopersOpen Data Center Alliance
 
Forecast 2014: ODCA Cloud Maturity Model V2.0
Forecast 2014: ODCA Cloud Maturity Model V2.0Forecast 2014: ODCA Cloud Maturity Model V2.0
Forecast 2014: ODCA Cloud Maturity Model V2.0Open Data Center Alliance
 
Forecast 2014: TOSCA: An Open Standard for Business Application Agility and P...
Forecast 2014: TOSCA: An Open Standard for Business Application Agility and P...Forecast 2014: TOSCA: An Open Standard for Business Application Agility and P...
Forecast 2014: TOSCA: An Open Standard for Business Application Agility and P...Open Data Center Alliance
 
Forecast 2014: Maximizing Your Cloud Service Quality and Costs
Forecast 2014: Maximizing Your Cloud Service Quality and Costs Forecast 2014: Maximizing Your Cloud Service Quality and Costs
Forecast 2014: Maximizing Your Cloud Service Quality and Costs Open Data Center Alliance
 
Forecast 2014: Welcome to the ODCA University - School is Way Cool!
Forecast 2014: Welcome to the ODCA University - School is Way Cool!Forecast 2014: Welcome to the ODCA University - School is Way Cool!
Forecast 2014: Welcome to the ODCA University - School is Way Cool!Open Data Center Alliance
 
Forecast 2014: Software Defined Networking - What's New?
Forecast 2014: Software Defined Networking - What's New? Forecast 2014: Software Defined Networking - What's New?
Forecast 2014: Software Defined Networking - What's New? Open Data Center Alliance
 
Forecast 2014: Infrastructure as a Service (IaaS)
Forecast 2014: Infrastructure as a Service (IaaS)Forecast 2014: Infrastructure as a Service (IaaS)
Forecast 2014: Infrastructure as a Service (IaaS)Open Data Center Alliance
 
Forecast 2014: Business Strategy Enabled by Cloud
Forecast 2014: Business Strategy Enabled by Cloud Forecast 2014: Business Strategy Enabled by Cloud
Forecast 2014: Business Strategy Enabled by Cloud Open Data Center Alliance
 
Forecast 2014 Keynote: Re-architecting the Data Center for the Digital Servic...
Forecast 2014 Keynote: Re-architecting the Data Center for the Digital Servic...Forecast 2014 Keynote: Re-architecting the Data Center for the Digital Servic...
Forecast 2014 Keynote: Re-architecting the Data Center for the Digital Servic...Open Data Center Alliance
 

Mais de Open Data Center Alliance (20)

ODCA DevOps: Magnifying Business Value
ODCA DevOps: Magnifying Business ValueODCA DevOps: Magnifying Business Value
ODCA DevOps: Magnifying Business Value
 
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence StrategiesCloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
 
Open Data Center Alliance 2014 Member Survey on Cloud Adoption
Open Data Center Alliance 2014 Member Survey on Cloud AdoptionOpen Data Center Alliance 2014 Member Survey on Cloud Adoption
Open Data Center Alliance 2014 Member Survey on Cloud Adoption
 
ODCA Board Best Practice: High Performance Computing at BMW
ODCA Board Best Practice: High Performance Computing at BMWODCA Board Best Practice: High Performance Computing at BMW
ODCA Board Best Practice: High Performance Computing at BMW
 
Forecast 2014: Making Better Business Decisions with Big Data and IoT
Forecast 2014: Making Better Business Decisions with Big Data and IoTForecast 2014: Making Better Business Decisions with Big Data and IoT
Forecast 2014: Making Better Business Decisions with Big Data and IoT
 
Forecast 2014: The Grand Challenge, Simplifying IT to Unleash Innovation
Forecast 2014: The Grand Challenge, Simplifying IT to Unleash InnovationForecast 2014: The Grand Challenge, Simplifying IT to Unleash Innovation
Forecast 2014: The Grand Challenge, Simplifying IT to Unleash Innovation
 
Forecast 2014: Why Open Platforms Matter to Enterprises and Developers
Forecast 2014: Why Open Platforms Matter to Enterprises and DevelopersForecast 2014: Why Open Platforms Matter to Enterprises and Developers
Forecast 2014: Why Open Platforms Matter to Enterprises and Developers
 
Forecast 2014: ODCA Cloud Maturity Model V2.0
Forecast 2014: ODCA Cloud Maturity Model V2.0Forecast 2014: ODCA Cloud Maturity Model V2.0
Forecast 2014: ODCA Cloud Maturity Model V2.0
 
Forecast 2014: TOSCA: An Open Standard for Business Application Agility and P...
Forecast 2014: TOSCA: An Open Standard for Business Application Agility and P...Forecast 2014: TOSCA: An Open Standard for Business Application Agility and P...
Forecast 2014: TOSCA: An Open Standard for Business Application Agility and P...
 
Forecast 2014: Maximizing Your Cloud Service Quality and Costs
Forecast 2014: Maximizing Your Cloud Service Quality and Costs Forecast 2014: Maximizing Your Cloud Service Quality and Costs
Forecast 2014: Maximizing Your Cloud Service Quality and Costs
 
Forecast 2014: TOSCA Proof of Concept
Forecast 2014: TOSCA Proof of ConceptForecast 2014: TOSCA Proof of Concept
Forecast 2014: TOSCA Proof of Concept
 
Forecast 2014: Welcome to the ODCA University - School is Way Cool!
Forecast 2014: Welcome to the ODCA University - School is Way Cool!Forecast 2014: Welcome to the ODCA University - School is Way Cool!
Forecast 2014: Welcome to the ODCA University - School is Way Cool!
 
Forecast 2014: Software Defined Networking - What's New?
Forecast 2014: Software Defined Networking - What's New? Forecast 2014: Software Defined Networking - What's New?
Forecast 2014: Software Defined Networking - What's New?
 
Forecast 2014: Cloud-Aware Applications
Forecast 2014: Cloud-Aware Applications Forecast 2014: Cloud-Aware Applications
Forecast 2014: Cloud-Aware Applications
 
Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics
 
Forecast 2014: Cloud Service Brokering
Forecast 2014: Cloud Service BrokeringForecast 2014: Cloud Service Brokering
Forecast 2014: Cloud Service Brokering
 
Forecast 2014: Infrastructure as a Service (IaaS)
Forecast 2014: Infrastructure as a Service (IaaS)Forecast 2014: Infrastructure as a Service (IaaS)
Forecast 2014: Infrastructure as a Service (IaaS)
 
Forecast 2014: SaaS Data Exchange
Forecast 2014: SaaS Data ExchangeForecast 2014: SaaS Data Exchange
Forecast 2014: SaaS Data Exchange
 
Forecast 2014: Business Strategy Enabled by Cloud
Forecast 2014: Business Strategy Enabled by Cloud Forecast 2014: Business Strategy Enabled by Cloud
Forecast 2014: Business Strategy Enabled by Cloud
 
Forecast 2014 Keynote: Re-architecting the Data Center for the Digital Servic...
Forecast 2014 Keynote: Re-architecting the Data Center for the Digital Servic...Forecast 2014 Keynote: Re-architecting the Data Center for the Digital Servic...
Forecast 2014 Keynote: Re-architecting the Data Center for the Digital Servic...
 

Forecast odcau6 100_eb

  • 1. SECURITY ASSURANCE Matt Lowth (NAB) Ian Lamont (BMW)
  • 2. RISK IN THE CLOUD 2ODCA Provider Assurance 2013 |
  • 3. BACKGROUND – USAGE MODELS 3ODCA Provider Assurance 2013 | Provider Assurance; Data Security Framework; Security Monitoring; Identity Mgmt Interoperability; Identity Mgmt and Governance; IaaS Privileged User Access; Single Sign On Authentication IO Control; VM Interoperability in a Hybrid Cloud; Long Distance Workload Migration Software Entitlement Mgmt; Regulatory Framework PaaS Interoperability; SaaS Interoperability; Interoperability across Clouds; Carbon Footprint; Service Catalogue Secure Federation Automation Common Management and Policy Transparency
  • 4. AGENDA 4ODCA Provider Assurance 2013 | Lessons that will support security in my business Topic Discuss Learning Cloud Provider Assurance Why / What / How
  • 5. UM CORE – MODEL & USAGE SCENARIOS 5ODCA Provider Assurance 2013 |
  • 6. PROVIDER ASSURANCE FRAMEWORK 6ODCA Provider Assurance 2013 | Assurance Level Bronze Silver Gold Platinum Description Represents the lower- end corporate security requirement and may equate to a higher level for a small to medium business customer Represents a standard level of corporate security likely to be evident in many enterprises Represents an improved level of security that would normally be associated with the processing of sensitive corporate data. Represents the highest level of contemplated corporate requirements Example Development environment Test environment; “out of the-box” production environment Finance sector production environment Special purpose, high-end security requirement
  • 7. BRONZE • Virus scanning • Physical Access control • Secure protocols used • ITIL Process Usage • Default Passwords removed • Source Code analysis • IT Security Policy • Provider staff management • Data Security training 7ODCA Provider Assurance 2013 | • Vulnerability Mgmt • Firewall isolation • Identity Management • Data retention and deletion • Security Incident and Event Monitoring
  • 8. SILVER • Network Intrusion Prevention • Event Logging for administrators • Technical Continuity Plan • Fully documented network • Safe Harbor for EU subscribers • Provider risk assessments • Provider config and asset mgmt • DoS protection • Guaranteed data deletion 8ODCA Provider Assurance 2013 | • Vulnerability Mgmt • Firewall isolation • Identity Management • Data retention and deletion • Security Incident and Event Monitoring • Encryption key mgmt
  • 9. GOLD • Option to perform pen testing • Physical segmentation of hw • Multi factor authentication • Ability to define geographic hosting limits • No default admin access • Strong data encryption • Accredited provider processes 9ODCA Provider Assurance 2013 | • Vulnerability Mgmt • Firewall isolation • Identity Management • Data retention and deletion • Security Incident and Event Monitoring
  • 10. GENERAL QUESTIONS (TO THE AUDIENCE)  As providers, are your products secured to one or more of the levels described?  As subscribers, would you buy from a provider if he advertised one of these levels 10ODCA Provider Assurance 2013 |
  • 11. INFORMATION AND ASSETS 11ODCA Provider Assurance 2013 | Available to Members at: www.opendatacenteralliance.org URL for Public content: www.opendatacenteralliance.org Standardized Response Checklists Accelerate TTM Shared Practices Drive Scale Streamlined Requirements Accelerate Adoption
  • 12. QUESTIONS 12ODCA Provider Assurance 2013 | www.opendatacenteralliance.org Security Provider Assurance Ensuring that the Cloud is secure
  • 13. © 2013 Open Data Center Alliance, Inc. ALL RIGHTS RESERVED.