ITU‐TRCSL Symposium on Cloud Computing (28‐30 July 2015 Colombo Sri Lanka)

Cloud Security Challenges and Solutions

Jayaraj SayanthanLead Engineering Manager – IDC and CloudDialog Axiata PLC

Evolving Cloud Computing Challenges

Cloud Security Concerns and Threats

Cloud Security and Defense Plans (lots of devices???)

CIO’s Preferred Ways to Improve Cloud Security

What are we missing? and Bridging the gap…!!!

Setting and Enforcing Security Policies

Effective Mapping of Security Control 

Information and Cloud Security Compliance 

/Standards

ISO/IEC 27001: 2013

Cloud Controls Matrix v3.0.1

ISO/IEC 27000 – a success story 

Original requirement identified by the Department of Trade and Industry (DTI) in late 1980s 

• UK companies held back by lack of information security advice and guidance 

• Market needed a “code of practice” 

Developed for DTI, published by BSI 

Became a British Standard, BS 7799, in 1995 and Certification standard BS 7799‐2 followed in 1999 

Became International Standards ISO/IEC 27001 and 27002 in 2005 

Other information security standards now being developed or harmonized into 270xx series standards 

ISO/IEC 27001 family of standards

27001

27002

27000

27004

27011

27799

Applicability

Telecommunications

Health

Financial services

Inter-sector andInter organizational

2700327005

Risk Management

31000

Guide 73

27006

Certification

27007

27008

19011 Guidelines for ISMSauditing

17021

Governance

Measurements

Code of practice

Requirements

Implementation guidance

27001+20000-1

Overview and vocabulary

Requirements for bodiesaudit and certification

Guidance for auditors on controls - TR

Guidelines for auditing management system

Conformity assessment- ISMS

Vocabulary

Principles andguidelines

27016 Organizational economics

27018

Cloud Computing service

17000

Conformity Assessment –Vocabulary and general principals

31010Risk assessment techniques 27001

+ industry vertical

27010

27009

27013

27014

27015

Process control system -TR

27019

27017

Data protection control of public cloud computing service

27x Extended Range

27016

New, Cleaner Organization of Domains in ISO 27001:2013

The New ISO/IEC 27001:2013 Structure

Cloud Control Matrix

Cloud Control Matrix – Domains and Controls

Sample Control and Applicability

Cloud Control Matrix Mapping with Other Standards

Cloud Security Alliance : The CSA STAR Certification

The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of

cloud providers.

Copyright © 2014 Cloud Security Alliance

Suitable Security Policies / Controls are mandatory to enforce proper security with security devices and applications

Cloud Security Solutions On Demand

QUESTIONS…?

Thank You Very Much