ITU TRCSL Symposium on Cloud Computing...ITU‐TRCSL Symposium on Cloud Computing (28‐30 July 2015...
Transcript of ITU TRCSL Symposium on Cloud Computing...ITU‐TRCSL Symposium on Cloud Computing (28‐30 July 2015...
ITU‐TRCSL Symposium on Cloud Computing (28‐30 July 2015 Colombo Sri Lanka)
Cloud Security Challenges and Solutions
Jayaraj SayanthanLead Engineering Manager – IDC and CloudDialog Axiata PLC
Evolving Cloud Computing Challenges
Cloud Security Concerns and Threats
Cloud Security and Defense Plans (lots of devices???)
CIO’s Preferred Ways to Improve Cloud Security
What are we missing? and Bridging the gap…!!!
Setting and Enforcing Security Policies
Effective Mapping of Security Control
Information and Cloud Security Compliance
/Standards
ISO/IEC 27001: 2013
Cloud Controls Matrix v3.0.1
ISO/IEC 27000 – a success story
Original requirement identified by the Department of Trade and Industry (DTI) in late 1980s
• UK companies held back by lack of information security advice and guidance
• Market needed a “code of practice”
Developed for DTI, published by BSI
Became a British Standard, BS 7799, in 1995 and Certification standard BS 7799‐2 followed in 1999
Became International Standards ISO/IEC 27001 and 27002 in 2005
Other information security standards now being developed or harmonized into 270xx series standards
ISO/IEC 27001 family of standards
27001
27002
27000
27004
27011
27799
Applicability
Telecommunications
Health
Financial services
Inter-sector andInter organizational
2700327005
Risk Management
31000
Guide 73
27006
Certification
27007
27008
19011 Guidelines for ISMSauditing
17021
Governance
Measurements
Code of practice
Requirements
Implementation guidance
27001+20000-1
Overview and vocabulary
Requirements for bodiesaudit and certification
Guidance for auditors on controls - TR
Guidelines for auditing management system
Conformity assessment- ISMS
Vocabulary
Principles andguidelines
27016 Organizational economics
27018
Cloud Computing service
17000
Conformity Assessment –Vocabulary and general principals
31010Risk assessment techniques 27001
+ industry vertical
27010
27009
27013
27014
27015
Process control system -TR
27019
27017
Data protection control of public cloud computing service
27x Extended Range
27016
New, Cleaner Organization of Domains in ISO 27001:2013
The New ISO/IEC 27001:2013 Structure
Cloud Control Matrix
Cloud Control Matrix – Domains and Controls
Sample Control and Applicability
Cloud Control Matrix Mapping with Other Standards
Cloud Security Alliance : The CSA STAR Certification
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of
cloud providers.
Copyright © 2014 Cloud Security Alliance
Suitable Security Policies / Controls are mandatory to enforce proper security with security devices and applications
Cloud Security Solutions On Demand
QUESTIONS…?
Thank You Very Much