Forecast odcau6 100_eb
-
Upload
open-data-center-alliance -
Category
Documents
-
view
303 -
download
0
description
Transcript of Forecast odcau6 100_eb
SECURITY ASSURANCE
Matt Lowth (NAB)Ian Lamont (BMW)
RISK IN THE CLOUD
2ODCA Provider Assurance 2013 |
BACKGROUND – USAGE MODELS
3ODCA Provider Assurance 2013 |
Provider Assurance; Data Security Framework; Security Monitoring; Identity Mgmt Interoperability; Identity Mgmt and Governance; IaaS Privileged User Access; Single Sign On Authentication
IO Control;VM Interoperability in a Hybrid Cloud;Long Distance Workload Migration
Software Entitlement Mgmt;Regulatory Framework
PaaS Interoperability; SaaS Interoperability;Interoperability across Clouds; Carbon Footprint;Service Catalogue
Secure Federation
Automation
Common Management
and Policy
Transparency
AGENDA
4ODCA Provider Assurance 2013 |
Lessons that willsupport security in my business
Topic
Discuss
Learning
Cloud Provider Assurance
Why / What / How
UM CORE – MODEL & USAGE SCENARIOS
5ODCA Provider Assurance 2013 |
PROVIDER ASSURANCE FRAMEWORK
6ODCA Provider Assurance 2013 |
Assurance LevelBronze Silver Gold Platinum
Description
Represents the lower-end corporate security requirement and may
equate to a higher level for a small to medium business
customer
Represents a standard level of corporate
security likely to be evident in many
enterprises
Represents an improved level of
security that would normally be
associated with the processing of
sensitive corporate data.
Represents the highest level of contemplated
corporate requirements
Example Development environment
Test environment; “out of the-box” production
environment
Finance sector production
environment
Special purpose, high-end security
requirement
BRONZE
• Virus scanning• Physical Access control• Secure protocols used• ITIL Process Usage• Default Passwords removed
• Source Code analysis• IT Security Policy• Provider staff management• Data Security training
7ODCA Provider Assurance 2013 |
• Vulnerability Mgmt• Firewall isolation• Identity Management• Data retention and deletion• Security Incident and Event
Monitoring
SILVER
• Network Intrusion Prevention• Event Logging for
administrators• Technical Continuity Plan• Fully documented network
• Safe Harbor for EU subscribers
• Provider risk assessments• Provider config and asset
mgmt• DoS protection• Guaranteed data deletion 8ODCA Provider Assurance 2013 |
• Vulnerability Mgmt• Firewall isolation• Identity Management• Data retention and deletion• Security Incident and Event
Monitoring
• Encryption key mgmt
GOLD
• Option to perform pen testing• Physical segmentation of hw• Multi factor authentication• Ability to define geographic
hosting limits• No default admin access
• Strong data encryption• Accredited provider processes
9ODCA Provider Assurance 2013 |
• Vulnerability Mgmt• Firewall isolation• Identity Management• Data retention and deletion• Security Incident and Event
Monitoring
GENERAL QUESTIONS (TO THE AUDIENCE)
As providers, are your products secured to one or more of the levels described?
As subscribers, would you buy from a provider if he advertised one of these levels
10ODCA Provider Assurance 2013 |
INFORMATION AND ASSETS
11ODCA Provider Assurance 2013 |
Available to Members at: www.opendatacenteralliance.orgURL for Public content: www.opendatacenteralliance.org
StandardizedResponse Checklists
Accelerate TTM
Shared Practices Drive Scale
Streamlined Requirements
Accelerate Adoption
QUESTIONS
12ODCA Provider Assurance 2013 |
www.opendatacenteralliance.org
Security Provider AssuranceEnsuring that the Cloud is secure
© 2013 Open Data Center Alliance, Inc. ALL RIGHTS RESERVED.