SlideShare ist ein Scribd-Unternehmen logo

Why the Cloud can be Compliant and Secure

Als PPSX, PDF herunterladen
InnoTech
InnoTech

Presented at InnoTech Dallas on May 17, 2012. All rights reserved.

TechnologieBusiness
1 von 19
Why the Cloud can be Compliant and Secure Presented by: Jeff Reich Chief Risk Officer Layered Technologies
Agenda ● Abstract Review ● Layered Technologies Overview ● Speaker Overview ● What is a secure cloud? ● Table Stakes ● Compliance vs Security ● Components of Security 2 Complying To The Higher Standard
Abstract This session addresses misconceptions about security in the cloud and examines critical differences between compliance and security, including how compliance does not always ensure secure environments. To establish a secure cloud, one must make risk-based decisions that embrace compliance but also address practicalities and technical capabilities. While achieving compliance is considered “table stakes,” cloud security is an investment and must be continuous. The audience will learn about key security components, such as social engineering, patching, system interfaces and more. The presentation will also address the importance of grouping similar organizations in the cloud because they share common security control needs. Complying To The Higher Standard .3
About Layered Tech • First to offer full PCI support in market (since 2005) Leadership • Compliance cloud solution with built-in security position in and controls compliant • Comprehensive consulting and audit services (and partners) hosting Market-leading • One of first virtual private data center offers • Robust community cloud platform with built-in cloud/virtualization security and controls Tiered managed • Monitoring up to full management services for client • “LT Anywhere” extension choice High-touch and • Managed service team specialization process-driven • Unified system support for problem diagnostics client support • Disciplined change and log management Global reach • 3 primary and 9 secondary data centers Only service provider to offer Compliance Guaranteed: our compliance clients are guaranteed to pass 100 percent of every IT audit or assessment sanctioned by the relevant industry or regulatory entity. 4
Jeff Reich ●Over 30 years in Cyber Security, Risk Management, Physical Security and other areas ●Leadership roles in technology and financial services organizations ●Founding member of Cloud Security Alliance ●CRISC, CISSP, CHS-III certifications,… ●ISSA Distinguished Fellow Complying To The Higher Standard .5
What is a Secure Cloud? ●First, let’s agree on what a cloud is… ●5-4-3 ● 5 Essential Characteristics ● 4 Deployment Models ● 3 Service Models Complying To The Higher Standard .6
Let’s Agree on the Cloud According to NIST: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Source: The NIST Definition of Cloud Computing Authors: Peter Mell and Tim Grance Special Publication 800-145 7 Complying To The Higher Standard
5 Essential Characteristics ● On-demand self-service ● Broad network access ● Resource pooling ● Rapid elasticity ● Measured Service 8 Complying To The Higher Standard
4 Deployment Models ●Private cloud ●Community cloud ●Public cloud ●Hybrid cloud 9 Complying To The Higher Standard
3 Service Models ● Software as a Service (SaaS) ● Platform as a Service (PaaS) ● Infrastructure as a Service (IaaS) 10 Complying To The Higher Standard
Table Stakes Your compliance needs may include, but are not limited to: PCI-DSS HIPAA FISMA SOX GLB FedRAMP Industry Standards Corporate Policies and many, many more Complying To The Higher Standard . 11
Compliance vs Security Your Compliant Secure Best Practices Practices Practices Complying To The Higher Standard . 12
Managing Costs Around Controls Potential Cost of Losses Controls $ Good Business Sense Tree of FUD Level of Controls Complying To The Higher Standard . 13
Risk Management in the Cloud ● First mistake of many cloud prospects ● How am I managing risks now? ● Risk picture may not improve ● What are the most valuable information or process assets for your organization? ● Disclosure Confidentiality ● Modification Integrity ● Denial of Access Availability 14 Complying To The Higher Standard
Components of Security ● Trust ● Verification ● Policies, Standards, Guidelines and Procedures ● Situational Awareness ● Training ● Testing ● Lather, rinse, repeat,… Complying To The Higher Standard . 15
Components of Cloud Security ● Trust ● Verification ● Policies, Standards, Guidelines and Procedures ● Situational Awareness ● Training ● Testing ● Lather, rinse, repeat,… Complying To The Higher Standard . 16
Components of Cloud Security Your provider should offer: ●Policies ●Validation ●Transparency ●Demonstration of compliance ●Compliance support For more information, see www.cloudsecurityalliance.org Complying To The Higher Standard .1
Finding a Cloud Environment Private Hybrid Community Public Greater Control IaaS PaaS SaaS Greater Exposure 15 Complying To The Higher Standard
Contact Me ● Jeff Reich ● 972-379-8567 ● jeff.reich@layeredtech.com ● Twitter: @jnreich ● Skype: jnreich ● www.layeredtech.com 18 Complying To The Higher Standard

Empfohlen

Crowdsourcing IT Projects - A New Model for Outsourcing
Crowdsourcing IT Projects - A New Model for OutsourcingCrowdsourcing IT Projects - A New Model for Outsourcing
Crowdsourcing IT Projects - A New Model for OutsourcingInnoTech
 
Embedding Security in IT Projects
Embedding Security in IT ProjectsEmbedding Security in IT Projects
Embedding Security in IT ProjectsKaali Dass PMP, PhD.
 
Leading Enterprise Wide Projects
Leading Enterprise Wide ProjectsLeading Enterprise Wide Projects
Leading Enterprise Wide ProjectsKaali Dass PMP, PhD.
 
The value of our data
The value of our dataThe value of our data
The value of our dataEnterpriseGRC Solutions, Inc.
 
RSA Presentation - 5 Steps to Improving PCI Compliance
RSA Presentation - 5 Steps to Improving PCI ComplianceRSA Presentation - 5 Steps to Improving PCI Compliance
RSA Presentation - 5 Steps to Improving PCI ComplianceEMC
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCCloudflare
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and ResponseDigital Transformation EXPO Event Series
 

Empfohlen

Crowdsourcing IT Projects - A New Model for Outsourcing
Crowdsourcing IT Projects - A New Model for OutsourcingCrowdsourcing IT Projects - A New Model for Outsourcing
Crowdsourcing IT Projects - A New Model for OutsourcingInnoTech
 
Embedding Security in IT Projects
Embedding Security in IT ProjectsEmbedding Security in IT Projects
Embedding Security in IT ProjectsKaali Dass PMP, PhD.
 
Leading Enterprise Wide Projects
Leading Enterprise Wide ProjectsLeading Enterprise Wide Projects
Leading Enterprise Wide ProjectsKaali Dass PMP, PhD.
 
The value of our data
The value of our dataThe value of our data
The value of our dataEnterpriseGRC Solutions, Inc.
 
RSA Presentation - 5 Steps to Improving PCI Compliance
RSA Presentation - 5 Steps to Improving PCI ComplianceRSA Presentation - 5 Steps to Improving PCI Compliance
RSA Presentation - 5 Steps to Improving PCI ComplianceEMC
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCCloudflare
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and ResponseDigital Transformation EXPO Event Series
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Scalar Decisions
 
Detecon Cyber Security Radar
Detecon Cyber Security RadarDetecon Cyber Security Radar
Detecon Cyber Security RadarDaniel Steinfeld
 
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseThe Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseDenim Group
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the CloudRochester Security Summit
 
JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? ManageForce
 
Real life with Oracle's JD Edwards Applications in the Cloud
Real life with Oracle's JD Edwards Applications in the CloudReal life with Oracle's JD Edwards Applications in the Cloud
Real life with Oracle's JD Edwards Applications in the CloudVelocity Technology Solutions
 
Sphere 3D presentation for Credit Suisse technology conference 2014
Sphere 3D presentation for Credit Suisse technology conference 2014Sphere 3D presentation for Credit Suisse technology conference 2014
Sphere 3D presentation for Credit Suisse technology conference 2014Peter Bookman
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing RisksMarc Vael
 
Reddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - PresentationReddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - PresentationJoe Reddix
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechDell EMC World
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsDenim Group
 
Salesforce Development and Integration Services for Your Business
Salesforce Development and Integration Services for Your BusinessSalesforce Development and Integration Services for Your Business
Salesforce Development and Integration Services for Your BusinessSoftheme
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesDell EMC World
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Why the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureWhy the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureInnoTech
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudVISI
 

Weitere ähnliche Inhalte

Was ist angesagt?

Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Scalar Decisions
 
Detecon Cyber Security Radar
Detecon Cyber Security RadarDetecon Cyber Security Radar
Detecon Cyber Security RadarDaniel Steinfeld
 
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseThe Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseDenim Group
 
JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? ManageForce
 
Real life with Oracle's JD Edwards Applications in the Cloud
Real life with Oracle's JD Edwards Applications in the CloudReal life with Oracle's JD Edwards Applications in the Cloud
Real life with Oracle's JD Edwards Applications in the CloudVelocity Technology Solutions
 
Sphere 3D presentation for Credit Suisse technology conference 2014
Sphere 3D presentation for Credit Suisse technology conference 2014Sphere 3D presentation for Credit Suisse technology conference 2014
Sphere 3D presentation for Credit Suisse technology conference 2014Peter Bookman
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing RisksMarc Vael
 
Reddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - PresentationReddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - PresentationJoe Reddix
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechDell EMC World
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsDenim Group
 
Salesforce Development and Integration Services for Your Business
Salesforce Development and Integration Services for Your BusinessSalesforce Development and Integration Services for Your Business
Salesforce Development and Integration Services for Your BusinessSoftheme
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesDell EMC World
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 

Was ist angesagt? (20)

Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and Complexity
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6
 
Detecon Cyber Security Radar
Detecon Cyber Security RadarDetecon Cyber Security Radar
Detecon Cyber Security Radar
 
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseThe Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing?
 
Real life with Oracle's JD Edwards Applications in the Cloud
Real life with Oracle's JD Edwards Applications in the CloudReal life with Oracle's JD Edwards Applications in the Cloud
Real life with Oracle's JD Edwards Applications in the Cloud
 
Sphere 3D presentation for Credit Suisse technology conference 2014
Sphere 3D presentation for Credit Suisse technology conference 2014Sphere 3D presentation for Credit Suisse technology conference 2014
Sphere 3D presentation for Credit Suisse technology conference 2014
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
 
Reddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - PresentationReddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - Presentation
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
Salesforce Development and Integration Services for Your Business
Salesforce Development and Integration Services for Your BusinessSalesforce Development and Integration Services for Your Business
Salesforce Development and Integration Services for Your Business
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 

Ähnlich wie Why the Cloud can be Compliant and Secure

Why the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureWhy the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureInnoTech
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudVISI
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Enterprise
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
Considering The Cloud? Thinking Beyond The Readme File
Considering The Cloud? Thinking Beyond The Readme FileConsidering The Cloud? Thinking Beyond The Readme File
Considering The Cloud? Thinking Beyond The Readme FileBill Malchisky Jr.
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 
DeepArmor
DeepArmorDeepArmor
DeepArmorbrand44
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Tudor Damian
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02abhisheknayak29
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementOracleIDM
 

Ähnlich wie Why the Cloud can be Compliant and Secure (20)

Why the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureWhy the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and Secure
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Considering The Cloud? Thinking Beyond The Readme File
Considering The Cloud? Thinking Beyond The Readme FileConsidering The Cloud? Thinking Beyond The Readme File
Considering The Cloud? Thinking Beyond The Readme File
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
 
DeepArmor
DeepArmorDeepArmor
DeepArmor
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
 

Mehr von InnoTech

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"InnoTech
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is MaturingInnoTech
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?InnoTech
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostInnoTech
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering StormInnoTech
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the fieldInnoTech
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implicationsInnoTech
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged InfrastructureInnoTech
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365InnoTech
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studiesInnoTech
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential InnoTech
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...InnoTech
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeInnoTech
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacyInnoTech
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio InnoTech
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumInnoTech
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2InnoTech
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionInnoTech
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentationInnoTech
 

Mehr von InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 

Kürzlich hochgeladen

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 

Kürzlich hochgeladen (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 

Why the Cloud can be Compliant and Secure

  • 1. Why the Cloud can be Compliant and Secure Presented by: Jeff Reich Chief Risk Officer Layered Technologies
  • 2. Agenda ● Abstract Review ● Layered Technologies Overview ● Speaker Overview ● What is a secure cloud? ● Table Stakes ● Compliance vs Security ● Components of Security 2 Complying To The Higher Standard
  • 3. Abstract This session addresses misconceptions about security in the cloud and examines critical differences between compliance and security, including how compliance does not always ensure secure environments. To establish a secure cloud, one must make risk-based decisions that embrace compliance but also address practicalities and technical capabilities. While achieving compliance is considered “table stakes,” cloud security is an investment and must be continuous. The audience will learn about key security components, such as social engineering, patching, system interfaces and more. The presentation will also address the importance of grouping similar organizations in the cloud because they share common security control needs. Complying To The Higher Standard .3
  • 4. About Layered Tech • First to offer full PCI support in market (since 2005) Leadership • Compliance cloud solution with built-in security position in and controls compliant • Comprehensive consulting and audit services (and partners) hosting Market-leading • One of first virtual private data center offers • Robust community cloud platform with built-in cloud/virtualization security and controls Tiered managed • Monitoring up to full management services for client • “LT Anywhere” extension choice High-touch and • Managed service team specialization process-driven • Unified system support for problem diagnostics client support • Disciplined change and log management Global reach • 3 primary and 9 secondary data centers Only service provider to offer Compliance Guaranteed: our compliance clients are guaranteed to pass 100 percent of every IT audit or assessment sanctioned by the relevant industry or regulatory entity. 4
  • 5. Jeff Reich ●Over 30 years in Cyber Security, Risk Management, Physical Security and other areas ●Leadership roles in technology and financial services organizations ●Founding member of Cloud Security Alliance ●CRISC, CISSP, CHS-III certifications,… ●ISSA Distinguished Fellow Complying To The Higher Standard .5
  • 6. What is a Secure Cloud? ●First, let’s agree on what a cloud is… ●5-4-3 ● 5 Essential Characteristics ● 4 Deployment Models ● 3 Service Models Complying To The Higher Standard .6
  • 7. Let’s Agree on the Cloud According to NIST: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Source: The NIST Definition of Cloud Computing Authors: Peter Mell and Tim Grance Special Publication 800-145 7 Complying To The Higher Standard
  • 8. 5 Essential Characteristics ● On-demand self-service ● Broad network access ● Resource pooling ● Rapid elasticity ● Measured Service 8 Complying To The Higher Standard
  • 9. 4 Deployment Models ●Private cloud ●Community cloud ●Public cloud ●Hybrid cloud 9 Complying To The Higher Standard
  • 10. 3 Service Models ● Software as a Service (SaaS) ● Platform as a Service (PaaS) ● Infrastructure as a Service (IaaS) 10 Complying To The Higher Standard
  • 11. Table Stakes Your compliance needs may include, but are not limited to: PCI-DSS HIPAA FISMA SOX GLB FedRAMP Industry Standards Corporate Policies and many, many more Complying To The Higher Standard . 11
  • 12. Compliance vs Security Your Compliant Secure Best Practices Practices Practices Complying To The Higher Standard . 12
  • 13. Managing Costs Around Controls Potential Cost of Losses Controls $ Good Business Sense Tree of FUD Level of Controls Complying To The Higher Standard . 13
  • 14. Risk Management in the Cloud ● First mistake of many cloud prospects ● How am I managing risks now? ● Risk picture may not improve ● What are the most valuable information or process assets for your organization? ● Disclosure Confidentiality ● Modification Integrity ● Denial of Access Availability 14 Complying To The Higher Standard
  • 15. Components of Security ● Trust ● Verification ● Policies, Standards, Guidelines and Procedures ● Situational Awareness ● Training ● Testing ● Lather, rinse, repeat,… Complying To The Higher Standard . 15
  • 16. Components of Cloud Security ● Trust ● Verification ● Policies, Standards, Guidelines and Procedures ● Situational Awareness ● Training ● Testing ● Lather, rinse, repeat,… Complying To The Higher Standard . 16
  • 17. Components of Cloud Security Your provider should offer: ●Policies ●Validation ●Transparency ●Demonstration of compliance ●Compliance support For more information, see www.cloudsecurityalliance.org Complying To The Higher Standard .1
  • 18. Finding a Cloud Environment Private Hybrid Community Public Greater Control IaaS PaaS SaaS Greater Exposure 15 Complying To The Higher Standard
  • 19. Contact Me ● Jeff Reich ● 972-379-8567 ● jeff.reich@layeredtech.com ● Twitter: @jnreich ● Skype: jnreich ● www.layeredtech.com 18 Complying To The Higher Standard