2. RISK IN THE CLOUD
2ODCA Provider Assurance 2013 |
3. BACKGROUND – USAGE MODELS
3ODCA Provider Assurance 2013 |
Provider Assurance; Data Security Framework; Security Monitoring;
Identity Mgmt Interoperability; Identity Mgmt and Governance;
IaaS Privileged User Access; Single Sign On Authentication
IO Control;
VM Interoperability in a Hybrid Cloud;
Long Distance Workload Migration
Software Entitlement Mgmt;
Regulatory Framework
PaaS Interoperability; SaaS Interoperability;
Interoperability across Clouds; Carbon Footprint;
Service Catalogue
Secure
Federation
Automation
Common
Management
and Policy
Transparency
4. AGENDA
4ODCA Provider Assurance 2013 |
Lessons that will
support security in my business
Topic
Discuss
Learning
Cloud Provider Assurance
Why / What / How
5. UM CORE – MODEL & USAGE SCENARIOS
5ODCA Provider Assurance 2013 |
6. PROVIDER ASSURANCE FRAMEWORK
6ODCA Provider Assurance 2013 |
Assurance Level
Bronze Silver Gold Platinum
Description
Represents the lower-
end corporate security
requirement and may
equate to a higher
level for a small to
medium business
customer
Represents a standard
level of corporate
security likely to be
evident in many
enterprises
Represents an
improved level of
security that would
normally be
associated with the
processing of
sensitive corporate
data.
Represents the
highest level of
contemplated
corporate
requirements
Example
Development
environment
Test environment; “out
of the-box” production
environment
Finance sector
production
environment
Special purpose,
high-end security
requirement
7. BRONZE
• Virus scanning
• Physical Access control
• Secure protocols used
• ITIL Process Usage
• Default Passwords removed
• Source Code analysis
• IT Security Policy
• Provider staff management
• Data Security training
7ODCA Provider Assurance 2013 |
• Vulnerability Mgmt
• Firewall isolation
• Identity Management
• Data retention and deletion
• Security Incident and Event
Monitoring
8. SILVER
• Network Intrusion Prevention
• Event Logging for
administrators
• Technical Continuity Plan
• Fully documented network
• Safe Harbor for EU
subscribers
• Provider risk assessments
• Provider config and asset
mgmt
• DoS protection
• Guaranteed data deletion
8ODCA Provider Assurance 2013 |
• Vulnerability Mgmt
• Firewall isolation
• Identity Management
• Data retention and deletion
• Security Incident and Event
Monitoring
• Encryption key mgmt
9. GOLD
• Option to perform pen testing
• Physical segmentation of hw
• Multi factor authentication
• Ability to define geographic
hosting limits
• No default admin access
• Strong data encryption
• Accredited provider processes
9ODCA Provider Assurance 2013 |
• Vulnerability Mgmt
• Firewall isolation
• Identity Management
• Data retention and deletion
• Security Incident and Event
Monitoring
10. GENERAL QUESTIONS (TO THE AUDIENCE)
As providers, are your products secured to one
or more of the levels described?
As subscribers, would you buy from a provider
if he advertised one of these levels
10ODCA Provider Assurance 2013 |
11. INFORMATION AND ASSETS
11ODCA Provider Assurance 2013 |
Available to Members at: www.opendatacenteralliance.org
URL for Public content: www.opendatacenteralliance.org
Standardized
Response
Checklists
Accelerate TTM
Shared Practices
Drive Scale
Streamlined
Requirements
Accelerate
Adoption