Suche senden
Hochladen
CSA & GRC Stack
•
1 gefällt mir
•
1,303 views
CloudSecurityAllianceAustralia
Folgen
Cloud Security Alliance
Weniger lesen
Mehr lesen
Technologie
Business
Melden
Teilen
Melden
Teilen
1 von 33
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Democratizing IT Automation in a Multi-Cloud World
Democratizing IT Automation in a Multi-Cloud World
Enterprise Management Associates
CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0
CloudSecurityAllianceAustralia
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
SusanneT
Cloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
CloudSecurityAllianceAustralia
Chap 6 cloud security
Chap 6 cloud security
Raj Sarode
Cloud security
Cloud security
Mohamed Shalash
Cloud Security 101 by Madhav Chablani
Cloud Security 101 by Madhav Chablani
OWASP Delhi
Empfohlen
Democratizing IT Automation in a Multi-Cloud World
Democratizing IT Automation in a Multi-Cloud World
Enterprise Management Associates
CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0
CloudSecurityAllianceAustralia
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
SusanneT
Cloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
CloudSecurityAllianceAustralia
Chap 6 cloud security
Chap 6 cloud security
Raj Sarode
Cloud security
Cloud security
Mohamed Shalash
Cloud Security 101 by Madhav Chablani
Cloud Security 101 by Madhav Chablani
OWASP Delhi
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak
4.5.cloud security
4.5.cloud security
DrRajapraveenkN
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
Vivek Maurya
SaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
Kannan Subbiah
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
أحلام انصارى
Multitenant, Dedicated or Hybrid - Which cloud to choose?
Multitenant, Dedicated or Hybrid - Which cloud to choose?
RapidScale
Keys to success and security in the cloud
Keys to success and security in the cloud
Scalar Decisions
Scaling the Cloud - Cloud Security
Scaling the Cloud - Cloud Security
Bill Burns
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
Glenn Ambler
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
ijfcstjournal
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and Security
Oran Epelbaum
Cloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
Microsoft Private Cloud Strategy
Microsoft Private Cloud Strategy
Amit Gatenyo
Cloud Security
Cloud Security
AWS User Group Bengaluru
DAM 2018 Review, What's next 2019 ?
DAM 2018 Review, What's next 2019 ?
Activo Consulting
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
Peter HJ van Eijk
Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")
Vic Winkler
Cloud Services: Types of Cloud
Cloud Services: Types of Cloud
Dr. Sunil Kr. Pandey
Security & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
saurabh soni
Cloud Computing Security Issues
Cloud Computing Security Issues
Discover Cloud Computing
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
Valdez Ladd MBA, CISSP, CISA,
5787355.ppt
5787355.ppt
ahmad21315
Weitere ähnliche Inhalte
Was ist angesagt?
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak
4.5.cloud security
4.5.cloud security
DrRajapraveenkN
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
Vivek Maurya
SaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
Kannan Subbiah
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
أحلام انصارى
Multitenant, Dedicated or Hybrid - Which cloud to choose?
Multitenant, Dedicated or Hybrid - Which cloud to choose?
RapidScale
Keys to success and security in the cloud
Keys to success and security in the cloud
Scalar Decisions
Scaling the Cloud - Cloud Security
Scaling the Cloud - Cloud Security
Bill Burns
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
Glenn Ambler
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
ijfcstjournal
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and Security
Oran Epelbaum
Cloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
Microsoft Private Cloud Strategy
Microsoft Private Cloud Strategy
Amit Gatenyo
Cloud Security
Cloud Security
AWS User Group Bengaluru
DAM 2018 Review, What's next 2019 ?
DAM 2018 Review, What's next 2019 ?
Activo Consulting
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
Peter HJ van Eijk
Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")
Vic Winkler
Cloud Services: Types of Cloud
Cloud Services: Types of Cloud
Dr. Sunil Kr. Pandey
Security & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
saurabh soni
Cloud Computing Security Issues
Cloud Computing Security Issues
Discover Cloud Computing
Was ist angesagt?
(20)
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
4.5.cloud security
4.5.cloud security
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
SaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
Multitenant, Dedicated or Hybrid - Which cloud to choose?
Multitenant, Dedicated or Hybrid - Which cloud to choose?
Keys to success and security in the cloud
Keys to success and security in the cloud
Scaling the Cloud - Cloud Security
Scaling the Cloud - Cloud Security
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and Security
Cloud Security: A New Perspective
Cloud Security: A New Perspective
Microsoft Private Cloud Strategy
Microsoft Private Cloud Strategy
Cloud Security
Cloud Security
DAM 2018 Review, What's next 2019 ?
DAM 2018 Review, What's next 2019 ?
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")
Cloud Services: Types of Cloud
Cloud Services: Types of Cloud
Security & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
Cloud Computing Security Issues
Cloud Computing Security Issues
Ähnlich wie CSA & GRC Stack
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
Valdez Ladd MBA, CISSP, CISA,
5787355.ppt
5787355.ppt
ahmad21315
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
Phil Agcaoili
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Wise Pacific Venture
Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09
Rex Wang
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
3245224.ppt
3245224.ppt
ahmad21315
Oracle Cloud Computing Strategy
Oracle Cloud Computing Strategy
Rex Wang
Gitex journey to the cloud
Gitex journey to the cloud
Jorge Sebastiao
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Stefaan Van daele
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
patmisasi
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Bill Annibell
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
TT L
Cloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
jmcdaniel650
Lucw lsec-securit-20110907-4-final-5
Lucw lsec-securit-20110907-4-final-5
Luc Wijns
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2
Ashnikbiz
Cloud Computing
Cloud Computing
Alicja Sieminska
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
IOSR Journals
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
Iftikhar Ali Iqbal
Implementing security groups in open stack
Implementing security groups in open stack
Rishabh Agarwal
Ähnlich wie CSA & GRC Stack
(20)
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
5787355.ppt
5787355.ppt
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
3245224.ppt
3245224.ppt
Oracle Cloud Computing Strategy
Oracle Cloud Computing Strategy
Gitex journey to the cloud
Gitex journey to the cloud
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Cloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
Lucw lsec-securit-20110907-4-final-5
Lucw lsec-securit-20110907-4-final-5
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2
Cloud Computing
Cloud Computing
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
Implementing security groups in open stack
Implementing security groups in open stack
Kürzlich hochgeladen
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Kürzlich hochgeladen
(20)
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
CSA & GRC Stack
1.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Cloud Security Alliance & GRC Stack Materials by Cloud Security Alliance.org © & PCI in the cloud training, created by SecurityWarrior LLC for Cloud Security Alliance , & Prof. Kai Hwang, University of Southern California Presented to Triad ISSA, NC January 26, 2012 Valdez Ladd, ISSA Raleigh, NC 2012 1
2.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. About the Cloud Security Alliance Global, not-for-profit organization Building best practices and a trusted cloud ecosystem Comprehensive research and tools Certificate of Cloud Security Knowledge (CCSK) www.cloudsecurityalliance.org 2
3.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Presentation Outline Introduction What this class is about, prerequisites, how to benefit Cloud basics PCI DSS + cloud scenario for example Cloud Security Alliance toolsets: Control Matrix, Consensus Assessments, etc., Conclusions and action items 3
4.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Cloud? 4
5.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. NIST Definition of Cloud Computing “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. “ 55
6.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 5 Essential Cloud Characteristics 1. On-demand self-service 2. Broad network access 3. Resource pooling – Location independence 4. Rapid elasticity 5. Measured service 66
7.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 3 Cloud Service Models 1. Cloud Software as a Service (SaaS) – Use provider’s applications over a network 2. Cloud Platform as a Service (PaaS) – Deploy customer-created applications to a cloud 3. Cloud Infrastructure as a Service (IaaS) – Rent processing, storage, network capacity, and other fundamental computing resources To be considered “cloud” they must be deployed on top of cloud infrastructure that has the essential characteristics 7
8.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 4 Cloud Deployment Models Private cloud Enterprise owned or leased Community cloud Shared infrastructure for specific community Public cloud <- our focus in this class! Sold to the public, mega-scale infrastructure Hybrid cloud Composition of two or more clouds 88
9.
© 2011 Cloud
Security Alliance, Inc. All rights reserved.
10.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 7 Common Cloud Characteristics 1. Massive scale 2. Homogeneity 3. Virtualization 4. Resilient computing 5. Low cost software 6. Geographic distribution 7. Service orientation 10
11.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. All of this TOGETHER: The Cloud Community Cloud Private Cloud Public Cloud Hybrid Clouds Deployment Models Service Models Essential Characteristics Common Characteristics Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Resource Pooling Broad Network Access Rapid Elasticity Measured Service On Demand Self-Service Low Cost Software Virtualization Service Orientation Advanced Security Homogeneity Massive Scale Resilient Computing Geographic Distribution 1111
12.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Example IaaS// Amazon Cloud Amazon cloud components – Elastic Compute Cloud (EC2) • Run your own or Amazon’s OS “instances” – Simple Storage Service (S3) – SimpleDB – Other services 1212
13.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Example PaaS// Google App Engine Create, deploy and run applications NO control (or, in fact, even visibility) of OS Use SDK to develop the applications Run “natively” in the cloud 13
14.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Example SaaS// Salesforce Well-known SaaS CRM application Cloud CRM + a lot more applications 1414
15.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Example P/IaaS // Azure Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das 1515
16.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Service Model Architectures Cloud Infrastructure IaaS PaaS SaaS Infrastructure as a Service (IaaS) Architectures Platform as a Service (PaaS) Architectures Software as a Service (SaaS) Architectures Cloud Infrastructure SaaS Cloud Infrastructure PaaS SaaS Cloud Infrastructure IaaS PaaS Cloud Infrastructure PaaS Cloud Infrastructure IaaS 1616
17.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 18 Security: Barrier to Adoption?
18.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 19 What is Different about Cloud?
19.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Security Relevant Cloud Components Cloud Provisioning Services Cloud Data Storage Services Cloud Processing Infrastructure Cloud Support Services Cloud Network and Perimeter Security Elastic Elements: Storage, Processing, and Virtual Networks 2020
20.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 21 What is Different about Cloud? SERVICE OWNER SaaS PaaS IaaS Data Joint Tenant Tenant Application Joint Joint Tenant Compute Provider Joint Tenant Storage Provider Provider Joint Network Provider Provider Joint Physical Provider Provider Provider
21.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 22 What is Different about Cloud?
22.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 23 What is Different about Cloud?
23.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. CSA Cloud “Threats” 1. Abuse & Nefarious Use of Cloud Computing 2. Insecure Interfaces & APIs 3. Malicious Insiders 4. Shared Technology Issues 5. Data Loss or Leakage 6. Account or Service Hijacking 7. Unknown Risk Profile 24
24.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. ENISA Cloud Computing Risk Assessment http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment 1. Loss of governance 2. Lock-in 3. Isolation failure 4. Compliance risks 5. Management interface compromise 6. Data protection 7. Insecure or incomplete data deletion 8. Malicious insider 25
25.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Cloud “Threats” – Top 3 1. Authentication abuse 2. Operations breakdown 3. Misuse of cloud-specific technology 26
26.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. FBI Takes Cloud Away 27
27.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. While we are “in the cloud” Here are some additional CSA/cloud security resources… 28
28.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. CSA GRC Stack Bringing it all together to peel back the layers of control ownership and address concerns for trusted Cloud adoption. 29 Control Requirements Provider Assertions Private, Community & Public Clouds
29.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. CSA CloudAudit Open standard and API to automate provider audit assertions Change audit from data gathering to data analysis Necessary to provide audit & assurance at the scale demanded by cloud providers Uses Cloud Controls Matrix as controls namespace Use to instrument cloud for continuous controls monitoring 30
30.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. CSA Cloud Controls Matrix 31 Controls derived from guidance Mapped to familiar frameworks: ISO 27001, COBIT, PCI, HIPAA Rated as applicable to SaaS/PaaS/IaaS Customer vs Provider role Help bridge the “cloud gap” for IT & IT auditors https://cloudsecurityalliance.org/research/projects/cloud-controls-matrix-ccm/
31.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 32 Next?
32.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. Thanks for Your Review! Acknowledgement to Dr. Anton Chuvakin, SecurityWarrior LLC for Cloud Security Alliance, Cloud Security Alliance.org, Materials by Cloud Security Alliance.org © & PCI in the cloud training, created by for Triad ISSA, NC January 26, 2012 Valdez Ladd, ISSA Raleigh, NC 2011 33
33.
© 2011 Cloud
Security Alliance, Inc. All rights reserved. 34
Jetzt herunterladen