Nils Puhlmann Ncoic Slides
-
Upload
cloudtek-university -
Category
Technology
-
view
1.775 -
download
1
description
Transcript of Nils Puhlmann Ncoic Slides
NCOIC
Federal Cloud Storefront Workshop
Nils PuhlmannCo-Founder
September 21st, 2009
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Security is a concern
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
S-P-I Model
IaaS
PaaS
SaaS
You build
security in
You “RFP”
security in
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Security and the SPI model
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Risk Examples• Geo-location of sensitive data
• Inability to deploy security services (e.g. scanning)
• Risk with shared computing platform (multi-tenant)
• Data confidentiality
• Access via internet – untrusted
• Cloud vendors for the most part non-committal on security
• Company data on 3rd party machine
• Compliance lacking – inability to satisfy auditors
• Vendors not up to speed from a guidance and auditing perspective
• Inability to perform forensic investigation
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Meet the Cloud Security Alliance
• Global, not-for-profit organization, started Nov. 2008, individual members (free), corporate members and affiliated organizations
• Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on…
• We believe Cloud Computing has a robust future, we want to make it better
“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud
Computing to help secure all other forms of computing.”
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Current corporate members
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Current affiliates
Cloud-Standards.org
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Individual Members
• 4,174 as of September 15th
• Broad Geographical Distribution
• Active Working Groups
• Editorial
• Educational Outreach
• Architecture
• Governance, Risk Mgt, Compliance, Business
Continuity
• Legal & E-Discovery
• Portability, Interoperability and Application Security
• Identity and Access Mgt, Encryption & Key Mgt
• Data Center Operations and Incident Response
• Information Lifecycle Management & Storage
• Virtualization and Technology Compartmentalization
• New Working Groups
• Healthcare
• Cloud Threat Analysis
• US Federal Government
• Financial Services
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Project Roadmap
• April 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 1
• July 2009: Version 1 translated into Japanese
• October 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 2
• October 2009: Top Ten Cloud Threats (monthly)
• November 2009: Provider & Customer Checklists
• December 2009: eHealth Guidance
• Global CSA Executive Summits
• Q1 2010 – Europe
• Q1 or Q2 2010 - US
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Security Guidance for Critical Areas of Focus in
Cloud Computing
Download at:
www.cloudsecurityalliance.org/guidance
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Overview of Guidance
Governing in the Cloud
2. Governance & Risk Mgt
3. Legal
4. Electronic Discovery
5. Compliance & Audit
6. Information Lifecycle Mgt
7. Portability & Interoperability
Operating in the Cloud
8. Traditional, BCM, DR
9. Data Center Operations
10. Incident Response
11. Application Security
12. Encryption & Key Mgt
13. Identity & Access Mgt
14. Storage
15. Virtualization
1. Architecture & Framework
www.cloudsecurityalliance.orgCopyright © 2009 Cloud Security Alliance
Contact
• www.cloudsecurityalliance.org
• Twitter: @cloudsa, #csaguide
• LinkedIn: www.linkedin.com/groups?gid=1864210