SlideShare ist ein Scribd-Unternehmen logo

Security for Cloud Computing: 10 Steps to Ensure Success V3.0

Cloud Standards Customer Council
Cloud Standards Customer Council

Webinar presented live on January 10, 2018. Version 3.0 of Security for Cloud Computing: Ten Steps to Ensure Success has just been released for publication. Read it here: http://www.cloud-council.org/deliverables/security-for-cloud-computing-10-steps-to-ensure-success.htm As organizations consider a move to cloud computing, it is important to weigh the potential security benefits and risks involved and set realistic expectations with cloud service providers. The aim of this guide to help enterprise information technology (IT) and business decision makers analyze the security implications of cloud computing on their business. In this webinar, authors of the paper will discuss: • Security, privacy and data residency challenges relevant to cloud computing • Considerations that organizations should weigh when migrating data, applications, and infrastructure to a cloud computing environment • Threats, technology risks, and safeguards for cloud computing environments • A cloud security assessment to help customers assess the security capabilities of cloud service provide

Software
1 von 20
Downloaden Sie, um offline zu lesen
Security for Cloud Computing: 10 Steps to Ensure Success Version 3.0 Webinar January 10, 2018 http://www.cloud-council.org/deliverables/security-for-cloud-computing-10-steps-to-ensure-success.htm
©2018 Cloud Standards Customer Council 2 Tracie Berardi Program Manager Cloud Standards Customer Council Moderator Claude Baudoin Principal, cébé IT & Knowledge Management Cloud Standards Customer Council Steering Committee member Mike Edwards Mike Edwards Cloud Computing Standards expert IBM Cloud PaaS Evangelist Chris Dotson Senior Technical Staff Member and Executive Architect, IBM Watson and Cloud Platform Speakers
©2018 Cloud Standards Customer Council 3 The Cloud Standards Customer Council THE Customer’s Voice for Cloud Standards! • Provide customer-led guidance to multiple cloud standards-defining bodies • Establishing criteria for open standards-based cloud computing 700+ Organizations participating 2017 Deliverables  Cloud Customer Architecture for Hybrid Integration  Impact of Cloud Computing on Healthcare v2.0  Cloud Customer Architecture for API Management  Data Residency Challenges  Cloud Customer Architecture for Blockchain  Cloud Customer Architecture for Big Data and Analytics v2.0  Hybrid Cloud Considerations for Big Data and Analytics  Practical Guide to Cloud Management Platforms  Practical Guide to Cloud Computing v3.0  Interoperability and Portability for Cloud Computing: A Guide v2.0  Security for Cloud Computing: 10 Steps to Ensure Success v3.0 http://cloud-council.org2018 Projects  Migrating Apps to Public Cloud Services: Roadmap for Success v2.0  Cloud Customer Architecture for Artificial Intelligence  And more!
Security for Cloud Computing: 10 Steps to Ensure Success, Version 3 Revision Highlights • New worldwide privacy regulations taken into account • New and updated cloud security standards added • Data residency considerations added • More emphasis given to security logging and monitoring • Information governance framework highlighted more prominently • Key management services to safeguard cryptographic keys added • Security for continuous delivery and deployment explained • Managing identity and access of services emphasized • References to additional CSCC Security whitepapers added ©2017 Cloud Standards Customer Council 4
©2018 Cloud Standards Customer Council 5 Cloud Security Risks Risks Despite inherent loss of control implied by adoption of cloud computing, customers must take responsibility for impact on security and privacy for their business.  Loss of governance  Responsibility ambiguity  Compliance & legal risks  Visibility & audit  Handling of security incidents  Isolation failure  Authentication & authorization  Management interface vulnerability  Application protection  Data protection  Personal data regulation  Insecure or incomplete data deletion  Malicious behaviour of insiders  Business failure of provider  Service unavailability  Vendor lock-in
©2018 Cloud Standards Customer Council 6 CSCC Security for Cloud Computing: 10 Steps to Ensure Success 10 Steps to Manage Cloud Security A reference to help enterprise IT & business decision makers as they analyze and consider the security implications of cloud computing on their business. 1. Ensure effective governance, risk & compliance 2. Audit operational & business processes 3. Manage people, roles & identities 4. Ensure proper protection of data & information 5. Enforce privacy policies 6. Assess the security provisions for cloud applications 7. Ensure cloud networks & connections are secure 8. Evaluate security controls on physical infrastructure & facilities 9. Manage security terms in the cloud service agreement 10. Understand the security requirements of the exit process ““The CSCC has created a practical guide to help those with information security expertise as well as those that don’t have domain expertise. This work will help organizations step through ten areas to be cognizant of when evaluating cloud providers. The end effect is helping companies avoid decisions that put their data and service at risk.” Ryan Kean, Senior Director, Enterprise Architecture, The Kroger Company
©2018 Cloud Standards Customer Council 7 Step 1: Ensure effective governance, risk and compliance GRC Requirements  Cloud computing presents different risks than traditional IT solutions  A formal information governance framework establishes chains of responsibility, authority, and communication  Customers must understand their risk tolerance and must focus on mitigating risks most crucial to the organization  Customers must fully understand specific laws or regulations that apply to the services (data retention, privacy requirements, etc.)  Customers should be notified if any breach occurs regardless if the customer is directly impacted  Primary means to ensure application and data security is through Cloud Service Agreement ISO 27018 Data Protection for Cloud Services ISO 27017 Information Security Controls for Cloud Services
©2018 Cloud Standards Customer Council 8 Step 2: Audit operational & business processes Audit Requirements  Security audit of cloud service providers is essential  Security audits should be carried out by appropriately skilled staff  Security audits should leverage an established standard for security controls  Typically done as part of a formal certification process Critical Focus Areas  Understand the internal control environment of the provider • Ensure isolation in a multi-tenant environment • Provide protection of customer assets from provider’s staff  Ensure appropriate access to provider’s events, logs and audit trail  Self manage and monitor the usage of cloud hosted services CADF
©2018 Cloud Standards Customer Council 9 Step 3: Manage people, roles & identities Considerations  Key principle: limit access to what each role requires  Cloud service provider should support: • Federated identity management and/or single sign-on (see platforms at right) • Delegated user administration • Strong, multi-factor authentication • Role, entitlement and policy management • Identity and access auditing and reporting – needed by customers for assurance and regulatory compliance • Service identity & access management  Monitoring and logging of access to the provider’s management platform
©2018 Cloud Standards Customer Council 10 Step 4: Ensure proper protection of data & information Considerations  Data protection is a component of enterprise risk management  It is about confidentiality, integrity, availability  Applies to data at rest as well as data in motion  Cloud deployment model (XaaS) affects who is responsible for handling security controls  List of key controls for securing data in the cloud: • Create a data asset catalog (considering all forms of data) • Consider privacy requirements (see Step 5) • Require security logging and monitoring (particularly, data activity monitoring) • Require proactive notification of incidents ISO 27017 Information Security Controls for Cloud Services KMIP
©2018 Cloud Standards Customer Council 11 Step 5: Enforce privacy policies Considerations  Privacy is distinct from security. It’s mostly about handling of personally identifiable information (PII) • Includes right to inspect and correct data, and in some cases to be forgotten  Evolving and gaining importance • Multiple law and regulations (e.g., HIPAA) • EU’s GDPR (in force from 25 May 2018)  PII must be tagged correctly, stored securely (e.g., encrypted, anonymized or obfuscated), and made available only to authorized users  Primary responsibility typically remains with the cloud customer  In the Cloud Services Agreement, define clearly customer vs provider responsibilities  Customers should monitor compliance ISO 27018 Data Protection for Cloud Services ©2017 Cloud Standards Customer Council 11
©2018 Cloud Standards Customer Council 12 Step 6: Assess the security provisions for cloud applications Considerations  Organizations must apply same diligence to application security in the cloud as in a traditional IT environment  Split of responsibilities between customer and cloud provider depends on the deployment model • IaaS: • Customer responsible for most security components • Platform as a Service • Provider responsible for secure operating system, middleware, network, etc. • Customer responsible for application security • Software as a Service • Provider provides application security • Customer must understand data encryption standards, audit capabilities, SLAs  Incorporate security into a continuous delivery and deployment approach: DevOps  SecDevOps ISO 27034 Application Security ©2017 Cloud Standards Customer Council 12 ISO/IEC JTC1 SC 22/WG 23 TR 24772
©2018 Cloud Standards Customer Council 13 Step 7: Ensure cloud networks & connections are secure Considerations  Customer should gain assurance on provider’s internal and external network security  External network requirements • Traffic screening • Denial of service protection • Intrusion detection and prevention • Logging and notification  Internal network requirements • Protect clients from each other • Allow for network segmentation • Protect the provider’s network • Monitor for intrusion attempts ISO 20733 Network Security
©2018 Cloud Standards Customer Council 14 Considerations  Customer should gain assurance on provider’s physical security • Physical infrastructure & facilities should be in a secure area • Protection against external and environmental threats • Control of personnel in working areas • Equipment security controls • Controls on supporting utilities • Control security of cabling • Proper equipment maintenance • Control of removal and disposal of assets • Human resource security • DR and BC plans in place ISO 27017 Information Security Controls for Cloud Services Step 8: Evaluate security controls on physical infrastructure & facilities
©2018 Cloud Standards Customer Council 15 Step 9: Manage security terms in the cloud service agreement (CSA) Considerations  Security clauses in the CSA apply to cloud provider as well as any peer providers used to supply part of the service  CSA should explicitly document that the provider must notify the customer of any breach in their system  Establish metrics for performance and effectiveness of information security management  Require data compliance reports to communicate the strengths and weaknesses of controls, services and mechanisms.  Responsibilities will differ between IaaS, PaaS, and SaaS. ISO 19086 Cloud SLA Framework
©2018 Cloud Standards Customer Council 16 Step 10: Understand the security requirements of the exit process Considerations  Once termination process is complete, “the right to be forgotten” should be achieved  No customer data should reside with provider after the exit process  Require provider to cleanse log and audit data • Some jurisdictions may require retention of records of this type for specified periods by law  Exit process must allow customer a smooth transition without loss or disclosure of data ISO 27018 Data Protection for Cloud Services ISO 27017 Information Security Controls for Cloud Services
Summary  Cloud computing can have a positive impact on security and privacy for customer organizations  Cloud computing presents unique security and privacy challenges that need to be addressed  Cloud security and privacy is a joint responsibility between customers and providers • Customers do not abdicate sole responsibility to their provider  Responsibility split needs to be formalized in the Cloud Services Agreement ©2017 Cloud Standards Customer Council 17
Call to Action Join the CSCC Now! – To have an impact on customer use case based standards requirements – To learn about all Cloud Standards within one organization – To help define the CSCC’s future roadmap – Membership is free & easy: http://www.cloud-council.org/become-a- member Get Involved! – Join one or more of the CSCC Working Groups http://www.cloud-council.org/workinggroups Leverage CSCC Collateral – Visit http://www.cloud-council.org/resource-hub ©2017 Cloud Standards Customer Council 18
Additional CSCC Resources  Data Residency Challenges  http://www.cloud-council.org/deliverables/data-residency-challenges.htm  Cloud Customer Architecture for Securing Workloads on Cloud Services  http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm  Cloud Security Standards: What to Expect and What to Negotiate v2.0  http://www.cloud-council.org/deliverables/cloud-security-standards-what-to-expect-and-what-to-negotiate.htm  Practical Guide to Cloud Service Agreements v2.0  http://www.cloud-council.org/deliverables/practical-guide-to-cloud-service-agreements.htm  Public Cloud Service Agreements: What to Expect and What to Negotiate v2.0  http://www.cloud-council.org/deliverables/public-cloud-service-agreements-what-to-expect-and-what-to-negotiate.htm  Practical Guide to Cloud Computing v3.0  http://www.cloud-council.org/deliverables/practical-guide-to-cloud-computing.htm  Migrating Applications to Public Cloud Services: Roadmap for Success  http://www.cloud-council.org/deliverables/migrating-applications-to-public-cloud-services-roadmap-for-success.htm  Practical Guide to Hybrid Cloud Computing  http://www.cloud-council.org/deliverables/practical-guide-to-hybrid-cloud-computing.htm  Practical Guide to Platform-as-a-Service  http://www.cloud-council.org/deliverables/practical-guide-to-platform-as-a-service.htm  Practical Guide to Cloud Management Platforms  http://www.cloud-council.org/deliverables/practical-guide-to-cloud-management-platforms.htm ©2017 Cloud Standards Customer Council 19
Thank You! Join the conversation www.cloud-council.org

Empfohlen

Hybrid Cloud Considerations for Big Data and Analytics
Hybrid Cloud Considerations for Big Data and AnalyticsHybrid Cloud Considerations for Big Data and Analytics
Hybrid Cloud Considerations for Big Data and AnalyticsCloud Standards Customer Council
 
IBM + REDHAT "Creating the World's Leading Hybrid Cloud Provider..."
IBM + REDHAT "Creating the World's Leading Hybrid Cloud Provider..."IBM + REDHAT "Creating the World's Leading Hybrid Cloud Provider..."
IBM + REDHAT "Creating the World's Leading Hybrid Cloud Provider..."Gustavo Cuervo
 
Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Cloud Standards Customer Council
 
Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0Cloud Standards Customer Council
 
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Cloud Customer Architecture for Big Data and Analytics V2.0
Cloud Customer Architecture for Big Data and Analytics V2.0Cloud Customer Architecture for Big Data and Analytics V2.0
Cloud Customer Architecture for Big Data and Analytics V2.0Cloud Standards Customer Council
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Standards Customer Council
 
Cloud Foundry Road Map in 2017
Cloud Foundry Road Map in 2017Cloud Foundry Road Map in 2017
Cloud Foundry Road Map in 2017Cloud Standards Customer Council
 

Empfohlen

Hybrid Cloud Considerations for Big Data and Analytics
Hybrid Cloud Considerations for Big Data and AnalyticsHybrid Cloud Considerations for Big Data and Analytics
Hybrid Cloud Considerations for Big Data and AnalyticsCloud Standards Customer Council
 
IBM + REDHAT "Creating the World's Leading Hybrid Cloud Provider..."
IBM + REDHAT "Creating the World's Leading Hybrid Cloud Provider..."IBM + REDHAT "Creating the World's Leading Hybrid Cloud Provider..."
IBM + REDHAT "Creating the World's Leading Hybrid Cloud Provider..."Gustavo Cuervo
 
Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Cloud Standards Customer Council
 
Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0Cloud Standards Customer Council
 
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Cloud Customer Architecture for Big Data and Analytics V2.0
Cloud Customer Architecture for Big Data and Analytics V2.0Cloud Customer Architecture for Big Data and Analytics V2.0
Cloud Customer Architecture for Big Data and Analytics V2.0Cloud Standards Customer Council
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Standards Customer Council
 
Cloud Foundry Road Map in 2017
Cloud Foundry Road Map in 2017Cloud Foundry Road Map in 2017
Cloud Foundry Road Map in 2017Cloud Standards Customer Council
 
Practical Guide to Cloud Management Platforms
Practical Guide to Cloud Management PlatformsPractical Guide to Cloud Management Platforms
Practical Guide to Cloud Management PlatformsCloud Standards Customer Council
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Standards Customer Council
 
Cloud Customer Architecture for Big Data and Analytics
Cloud Customer Architecture for Big Data and AnalyticsCloud Customer Architecture for Big Data and Analytics
Cloud Customer Architecture for Big Data and AnalyticsCloud Standards Customer Council
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
Cloud Customer Architecture for Hybrid Integration
Cloud Customer Architecture for Hybrid IntegrationCloud Customer Architecture for Hybrid Integration
Cloud Customer Architecture for Hybrid IntegrationCloud Standards Customer Council
 
Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service Cloud Standards Customer Council
 
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google CloudPSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google CloudRohit Agarwalla
 
Hyperledger: Market, Technology & Community Update
Hyperledger: Market, Technology & Community UpdateHyperledger: Market, Technology & Community Update
Hyperledger: Market, Technology & Community UpdateCloud Standards Customer Council
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013David Linthicum
 
Cloud Customer Architecture for Enterprise Social Collaboration
Cloud Customer Architecture for Enterprise Social CollaborationCloud Customer Architecture for Enterprise Social Collaboration
Cloud Customer Architecture for Enterprise Social CollaborationCloud Standards Customer Council
 
Kubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing FoundationKubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing FoundationCloud Standards Customer Council
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture ApproachMaganathin Veeraragaloo
 
Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013David Linthicum
 
Hybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationHybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationPT Datacomm Diangraha
 
Hyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the CloudHyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the Cloudbhgolden
 
Calculating the true value of industry specific clouds linthicum
Calculating the true value of industry specific clouds linthicumCalculating the true value of industry specific clouds linthicum
Calculating the true value of industry specific clouds linthicumDavid Linthicum
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Software Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing PresentationSoftware Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing Presentationddcarr
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
 

Weitere ähnliche Inhalte

Was ist angesagt?

PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google CloudPSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google CloudRohit Agarwalla
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013David Linthicum
 
Cloud Customer Architecture for Enterprise Social Collaboration
Cloud Customer Architecture for Enterprise Social CollaborationCloud Customer Architecture for Enterprise Social Collaboration
Cloud Customer Architecture for Enterprise Social CollaborationCloud Standards Customer Council
 
Kubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing FoundationKubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing FoundationCloud Standards Customer Council
 
Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013David Linthicum
 
Hybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationHybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationPT Datacomm Diangraha
 
Hyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the CloudHyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the Cloudbhgolden
 
Calculating the true value of industry specific clouds linthicum
Calculating the true value of industry specific clouds linthicumCalculating the true value of industry specific clouds linthicum
Calculating the true value of industry specific clouds linthicumDavid Linthicum
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Software Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing PresentationSoftware Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing Presentationddcarr
 

Was ist angesagt? (20)

Practical Guide to Cloud Management Platforms
Practical Guide to Cloud Management PlatformsPractical Guide to Cloud Management Platforms
Practical Guide to Cloud Management Platforms
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
 
Cloud Customer Architecture for Big Data and Analytics
Cloud Customer Architecture for Big Data and AnalyticsCloud Customer Architecture for Big Data and Analytics
Cloud Customer Architecture for Big Data and Analytics
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
Cloud Customer Architecture for Hybrid Integration
Cloud Customer Architecture for Hybrid IntegrationCloud Customer Architecture for Hybrid Integration
Cloud Customer Architecture for Hybrid Integration
 
Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service
 
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google CloudPSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
 
Hyperledger: Market, Technology & Community Update
Hyperledger: Market, Technology & Community UpdateHyperledger: Market, Technology & Community Update
Hyperledger: Market, Technology & Community Update
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
 
Cloud Customer Architecture for Enterprise Social Collaboration
Cloud Customer Architecture for Enterprise Social CollaborationCloud Customer Architecture for Enterprise Social Collaboration
Cloud Customer Architecture for Enterprise Social Collaboration
 
Kubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing FoundationKubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing Foundation
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 
Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013
 
Hybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationHybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
 
Hyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the CloudHyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the Cloud
 
Calculating the true value of industry specific clouds linthicum
Calculating the true value of industry specific clouds linthicumCalculating the true value of industry specific clouds linthicum
Calculating the true value of industry specific clouds linthicum
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-External
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Software Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing PresentationSoftware Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing Presentation
 

Ähnlich wie Security for Cloud Computing: 10 Steps to Ensure Success V3.0

Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?Alvin Integrated Services [AIS]
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
Security Management in the Cloud
Security Management in the CloudSecurity Management in the Cloud
Security Management in the CloudGaryArdito
 
ITAM UK 2017 ITAM Risks in Cloud Era Eric Chiu & Ian Scille
ITAM UK 2017 ITAM Risks in Cloud Era Eric Chiu & Ian ScilleITAM UK 2017 ITAM Risks in Cloud Era Eric Chiu & Ian Scille
ITAM UK 2017 ITAM Risks in Cloud Era Eric Chiu & Ian ScilleMartin Thompson
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
dtechnClouologyassociatepart2
dtechnClouologyassociatepart2dtechnClouologyassociatepart2
dtechnClouologyassociatepart2Anne Starr
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial ServicesCloudera, Inc.
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2Anne Starr
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Skybox Security
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 

Ähnlich wie Security for Cloud Computing: 10 Steps to Ensure Success V3.0 (20)

Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
Security Management in the Cloud
Security Management in the CloudSecurity Management in the Cloud
Security Management in the Cloud
 
ITAM UK 2017 ITAM Risks in Cloud Era Eric Chiu & Ian Scille
ITAM UK 2017 ITAM Risks in Cloud Era Eric Chiu & Ian ScilleITAM UK 2017 ITAM Risks in Cloud Era Eric Chiu & Ian Scille
ITAM UK 2017 ITAM Risks in Cloud Era Eric Chiu & Ian Scille
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
 
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
 
dtechnClouologyassociatepart2
dtechnClouologyassociatepart2dtechnClouologyassociatepart2
dtechnClouologyassociatepart2
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 

Mehr von Cloud Standards Customer Council

Interoperability and Portability for Cloud Computing: A Guide
Interoperability and Portability for Cloud Computing: A GuideInteroperability and Portability for Cloud Computing: A Guide
Interoperability and Portability for Cloud Computing: A GuideCloud Standards Customer Council
 

Mehr von Cloud Standards Customer Council (12)

What's New in Cloud Foundry
What's New in Cloud FoundryWhat's New in Cloud Foundry
What's New in Cloud Foundry
 
Where's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency ChallengeWhere's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency Challenge
 
Cloud Customer Architecture for Blockchain
Cloud Customer Architecture for BlockchainCloud Customer Architecture for Blockchain
Cloud Customer Architecture for Blockchain
 
Hyperledger: Advancing Blockchain Technology for Business
Hyperledger: Advancing Blockchain Technology for BusinessHyperledger: Advancing Blockchain Technology for Business
Hyperledger: Advancing Blockchain Technology for Business
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
 
Interoperability and Portability for Cloud Computing: A Guide
Interoperability and Portability for Cloud Computing: A GuideInteroperability and Portability for Cloud Computing: A Guide
Interoperability and Portability for Cloud Computing: A Guide
 
Cloud Customer Architecture for e-Commerce
Cloud Customer Architecture for e-CommerceCloud Customer Architecture for e-Commerce
Cloud Customer Architecture for e-Commerce
 
Cloud Foundry Roadmap in 2016
Cloud Foundry Roadmap in 2016Cloud Foundry Roadmap in 2016
Cloud Foundry Roadmap in 2016
 
Practical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud ComputingPractical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud Computing
 
Cloud Customer Architecture for IoT
Cloud Customer Architecture for IoTCloud Customer Architecture for IoT
Cloud Customer Architecture for IoT
 
OASIS TOSCA: Cloud Portability and Lifecycle Management
OASIS TOSCA: Cloud Portability and Lifecycle ManagementOASIS TOSCA: Cloud Portability and Lifecycle Management
OASIS TOSCA: Cloud Portability and Lifecycle Management
 
Highlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitHighlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack Summit
 

Kürzlich hochgeladen

Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROmotivationalword821
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 

Kürzlich hochgeladen (20)

Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTRO
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 

Security for Cloud Computing: 10 Steps to Ensure Success V3.0

  • 1. Security for Cloud Computing: 10 Steps to Ensure Success Version 3.0 Webinar January 10, 2018 http://www.cloud-council.org/deliverables/security-for-cloud-computing-10-steps-to-ensure-success.htm
  • 2. ©2018 Cloud Standards Customer Council 2 Tracie Berardi Program Manager Cloud Standards Customer Council Moderator Claude Baudoin Principal, cébé IT & Knowledge Management Cloud Standards Customer Council Steering Committee member Mike Edwards Mike Edwards Cloud Computing Standards expert IBM Cloud PaaS Evangelist Chris Dotson Senior Technical Staff Member and Executive Architect, IBM Watson and Cloud Platform Speakers
  • 3. ©2018 Cloud Standards Customer Council 3 The Cloud Standards Customer Council THE Customer’s Voice for Cloud Standards! • Provide customer-led guidance to multiple cloud standards-defining bodies • Establishing criteria for open standards-based cloud computing 700+ Organizations participating 2017 Deliverables  Cloud Customer Architecture for Hybrid Integration  Impact of Cloud Computing on Healthcare v2.0  Cloud Customer Architecture for API Management  Data Residency Challenges  Cloud Customer Architecture for Blockchain  Cloud Customer Architecture for Big Data and Analytics v2.0  Hybrid Cloud Considerations for Big Data and Analytics  Practical Guide to Cloud Management Platforms  Practical Guide to Cloud Computing v3.0  Interoperability and Portability for Cloud Computing: A Guide v2.0  Security for Cloud Computing: 10 Steps to Ensure Success v3.0 http://cloud-council.org2018 Projects  Migrating Apps to Public Cloud Services: Roadmap for Success v2.0  Cloud Customer Architecture for Artificial Intelligence  And more!
  • 4. Security for Cloud Computing: 10 Steps to Ensure Success, Version 3 Revision Highlights • New worldwide privacy regulations taken into account • New and updated cloud security standards added • Data residency considerations added • More emphasis given to security logging and monitoring • Information governance framework highlighted more prominently • Key management services to safeguard cryptographic keys added • Security for continuous delivery and deployment explained • Managing identity and access of services emphasized • References to additional CSCC Security whitepapers added ©2017 Cloud Standards Customer Council 4
  • 5. ©2018 Cloud Standards Customer Council 5 Cloud Security Risks Risks Despite inherent loss of control implied by adoption of cloud computing, customers must take responsibility for impact on security and privacy for their business.  Loss of governance  Responsibility ambiguity  Compliance & legal risks  Visibility & audit  Handling of security incidents  Isolation failure  Authentication & authorization  Management interface vulnerability  Application protection  Data protection  Personal data regulation  Insecure or incomplete data deletion  Malicious behaviour of insiders  Business failure of provider  Service unavailability  Vendor lock-in
  • 6. ©2018 Cloud Standards Customer Council 6 CSCC Security for Cloud Computing: 10 Steps to Ensure Success 10 Steps to Manage Cloud Security A reference to help enterprise IT & business decision makers as they analyze and consider the security implications of cloud computing on their business. 1. Ensure effective governance, risk & compliance 2. Audit operational & business processes 3. Manage people, roles & identities 4. Ensure proper protection of data & information 5. Enforce privacy policies 6. Assess the security provisions for cloud applications 7. Ensure cloud networks & connections are secure 8. Evaluate security controls on physical infrastructure & facilities 9. Manage security terms in the cloud service agreement 10. Understand the security requirements of the exit process ““The CSCC has created a practical guide to help those with information security expertise as well as those that don’t have domain expertise. This work will help organizations step through ten areas to be cognizant of when evaluating cloud providers. The end effect is helping companies avoid decisions that put their data and service at risk.” Ryan Kean, Senior Director, Enterprise Architecture, The Kroger Company
  • 7. ©2018 Cloud Standards Customer Council 7 Step 1: Ensure effective governance, risk and compliance GRC Requirements  Cloud computing presents different risks than traditional IT solutions  A formal information governance framework establishes chains of responsibility, authority, and communication  Customers must understand their risk tolerance and must focus on mitigating risks most crucial to the organization  Customers must fully understand specific laws or regulations that apply to the services (data retention, privacy requirements, etc.)  Customers should be notified if any breach occurs regardless if the customer is directly impacted  Primary means to ensure application and data security is through Cloud Service Agreement ISO 27018 Data Protection for Cloud Services ISO 27017 Information Security Controls for Cloud Services
  • 8. ©2018 Cloud Standards Customer Council 8 Step 2: Audit operational & business processes Audit Requirements  Security audit of cloud service providers is essential  Security audits should be carried out by appropriately skilled staff  Security audits should leverage an established standard for security controls  Typically done as part of a formal certification process Critical Focus Areas  Understand the internal control environment of the provider • Ensure isolation in a multi-tenant environment • Provide protection of customer assets from provider’s staff  Ensure appropriate access to provider’s events, logs and audit trail  Self manage and monitor the usage of cloud hosted services CADF
  • 9. ©2018 Cloud Standards Customer Council 9 Step 3: Manage people, roles & identities Considerations  Key principle: limit access to what each role requires  Cloud service provider should support: • Federated identity management and/or single sign-on (see platforms at right) • Delegated user administration • Strong, multi-factor authentication • Role, entitlement and policy management • Identity and access auditing and reporting – needed by customers for assurance and regulatory compliance • Service identity & access management  Monitoring and logging of access to the provider’s management platform
  • 10. ©2018 Cloud Standards Customer Council 10 Step 4: Ensure proper protection of data & information Considerations  Data protection is a component of enterprise risk management  It is about confidentiality, integrity, availability  Applies to data at rest as well as data in motion  Cloud deployment model (XaaS) affects who is responsible for handling security controls  List of key controls for securing data in the cloud: • Create a data asset catalog (considering all forms of data) • Consider privacy requirements (see Step 5) • Require security logging and monitoring (particularly, data activity monitoring) • Require proactive notification of incidents ISO 27017 Information Security Controls for Cloud Services KMIP
  • 11. ©2018 Cloud Standards Customer Council 11 Step 5: Enforce privacy policies Considerations  Privacy is distinct from security. It’s mostly about handling of personally identifiable information (PII) • Includes right to inspect and correct data, and in some cases to be forgotten  Evolving and gaining importance • Multiple law and regulations (e.g., HIPAA) • EU’s GDPR (in force from 25 May 2018)  PII must be tagged correctly, stored securely (e.g., encrypted, anonymized or obfuscated), and made available only to authorized users  Primary responsibility typically remains with the cloud customer  In the Cloud Services Agreement, define clearly customer vs provider responsibilities  Customers should monitor compliance ISO 27018 Data Protection for Cloud Services ©2017 Cloud Standards Customer Council 11
  • 12. ©2018 Cloud Standards Customer Council 12 Step 6: Assess the security provisions for cloud applications Considerations  Organizations must apply same diligence to application security in the cloud as in a traditional IT environment  Split of responsibilities between customer and cloud provider depends on the deployment model • IaaS: • Customer responsible for most security components • Platform as a Service • Provider responsible for secure operating system, middleware, network, etc. • Customer responsible for application security • Software as a Service • Provider provides application security • Customer must understand data encryption standards, audit capabilities, SLAs  Incorporate security into a continuous delivery and deployment approach: DevOps  SecDevOps ISO 27034 Application Security ©2017 Cloud Standards Customer Council 12 ISO/IEC JTC1 SC 22/WG 23 TR 24772
  • 13. ©2018 Cloud Standards Customer Council 13 Step 7: Ensure cloud networks & connections are secure Considerations  Customer should gain assurance on provider’s internal and external network security  External network requirements • Traffic screening • Denial of service protection • Intrusion detection and prevention • Logging and notification  Internal network requirements • Protect clients from each other • Allow for network segmentation • Protect the provider’s network • Monitor for intrusion attempts ISO 20733 Network Security
  • 14. ©2018 Cloud Standards Customer Council 14 Considerations  Customer should gain assurance on provider’s physical security • Physical infrastructure & facilities should be in a secure area • Protection against external and environmental threats • Control of personnel in working areas • Equipment security controls • Controls on supporting utilities • Control security of cabling • Proper equipment maintenance • Control of removal and disposal of assets • Human resource security • DR and BC plans in place ISO 27017 Information Security Controls for Cloud Services Step 8: Evaluate security controls on physical infrastructure & facilities
  • 15. ©2018 Cloud Standards Customer Council 15 Step 9: Manage security terms in the cloud service agreement (CSA) Considerations  Security clauses in the CSA apply to cloud provider as well as any peer providers used to supply part of the service  CSA should explicitly document that the provider must notify the customer of any breach in their system  Establish metrics for performance and effectiveness of information security management  Require data compliance reports to communicate the strengths and weaknesses of controls, services and mechanisms.  Responsibilities will differ between IaaS, PaaS, and SaaS. ISO 19086 Cloud SLA Framework
  • 16. ©2018 Cloud Standards Customer Council 16 Step 10: Understand the security requirements of the exit process Considerations  Once termination process is complete, “the right to be forgotten” should be achieved  No customer data should reside with provider after the exit process  Require provider to cleanse log and audit data • Some jurisdictions may require retention of records of this type for specified periods by law  Exit process must allow customer a smooth transition without loss or disclosure of data ISO 27018 Data Protection for Cloud Services ISO 27017 Information Security Controls for Cloud Services
  • 17. Summary  Cloud computing can have a positive impact on security and privacy for customer organizations  Cloud computing presents unique security and privacy challenges that need to be addressed  Cloud security and privacy is a joint responsibility between customers and providers • Customers do not abdicate sole responsibility to their provider  Responsibility split needs to be formalized in the Cloud Services Agreement ©2017 Cloud Standards Customer Council 17
  • 18. Call to Action Join the CSCC Now! – To have an impact on customer use case based standards requirements – To learn about all Cloud Standards within one organization – To help define the CSCC’s future roadmap – Membership is free & easy: http://www.cloud-council.org/become-a- member Get Involved! – Join one or more of the CSCC Working Groups http://www.cloud-council.org/workinggroups Leverage CSCC Collateral – Visit http://www.cloud-council.org/resource-hub ©2017 Cloud Standards Customer Council 18
  • 19. Additional CSCC Resources  Data Residency Challenges  http://www.cloud-council.org/deliverables/data-residency-challenges.htm  Cloud Customer Architecture for Securing Workloads on Cloud Services  http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm  Cloud Security Standards: What to Expect and What to Negotiate v2.0  http://www.cloud-council.org/deliverables/cloud-security-standards-what-to-expect-and-what-to-negotiate.htm  Practical Guide to Cloud Service Agreements v2.0  http://www.cloud-council.org/deliverables/practical-guide-to-cloud-service-agreements.htm  Public Cloud Service Agreements: What to Expect and What to Negotiate v2.0  http://www.cloud-council.org/deliverables/public-cloud-service-agreements-what-to-expect-and-what-to-negotiate.htm  Practical Guide to Cloud Computing v3.0  http://www.cloud-council.org/deliverables/practical-guide-to-cloud-computing.htm  Migrating Applications to Public Cloud Services: Roadmap for Success  http://www.cloud-council.org/deliverables/migrating-applications-to-public-cloud-services-roadmap-for-success.htm  Practical Guide to Hybrid Cloud Computing  http://www.cloud-council.org/deliverables/practical-guide-to-hybrid-cloud-computing.htm  Practical Guide to Platform-as-a-Service  http://www.cloud-council.org/deliverables/practical-guide-to-platform-as-a-service.htm  Practical Guide to Cloud Management Platforms  http://www.cloud-council.org/deliverables/practical-guide-to-cloud-management-platforms.htm ©2017 Cloud Standards Customer Council 19
  • 20. Thank You! Join the conversation www.cloud-council.org