SlideShare ist ein Scribd-Unternehmen logo

Cloud security lessons learned and audit

•
•
Marc Vael
Marc Vael

A keynote presentation I gave for BELTUG in June 2015 based on ISACA research on cloud computing security and based on experiences in industry with proper references to SMALS, ISACA, ENISA, CSA and NIST

Technologie
1 von 41
Downloaden Sie, um offline zu lesen
CLOUD SECURITY 
 LESSONS LEARNED & AUDIT Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, 11 June 2015
WHEN WAS THE TERM USED FOR THE FIRST TIME? 26th of October 1997
WHO HYPED ALL THIS? “What's interesting [now] is that there is an emergent new model, and you all are here because you are part of that new model. I don't think people have really understood how big this opportunity really is. It starts with the premise that the data services and architecture should be on servers. We call it cloud computing – they should be in a "cloud" somewhere. And that if you have the right kind of browser or the right kind of access, it doesn't matter whether you have a PC or a Mac or a mobile phone or a BlackBerry or what have you – or new devices still to be developed – you can get access to the cloud.” Mr. Eric Schmidt, Chairman & CEO Google Search Engine Strategies Conference, 9th of August 2006 http://www.google.com/press/podium/ses2006.html
DEFINITION OF CLOUD COMPUTING A model for enabling convenient, on-demand broad network access to a shared pool of configurable computing resources that can be rapidly provisioned & released with minimal management effort or service provider interaction and with automatic measuring, controlling & optimization. 5 characteristics 3 service models 4 deployment models NIST, Definition of Cloud Computing, October 2009
NIST, Definition of Cloud Computing, October 2009 ISACA, Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives, 2010 1. On-demand self-service. 2. Broad network access. 3. Resource pooling. 4. Rapid & elastic provisioning (add & withdraw). 5. Automatically measured, controlled, optimized service. DEFINITION
Cloud Computing Taxonomy & Ontology v1.5 Chris Hoff +
https://www.ksz-bcss.fgov.be/binaries/documentation/nl/securite/policies/isms_050_cloud_computing_policy_nl.pdf
www.ksz-bcss.fgov.be/binaries/documentation/nl/securite/policies/isms_050_cloud_computing_policy_nl.pdf
http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment
http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment
http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment
1. Gegevensbescherming 2. Beveiliging van de rekencentra 3. Logische toegangsbeveiliging 4. Beveiliging van de systemen 5. Beveiliging van de netwerktoegangen 1. Clausule met betrekking tot de mogelijkheid voor een "cloud"-provider om een deel van zijn activiteiten uit te besteden. 2. Clausule met betrekking tot de integriteit, continuĂŻteit en kwaliteit van de dienstverlening 3. Clausule met betrekking tot de teruggave van de gegevens 4. Clausule met betrekking tot de overdraagbaarheid van de gegevens en de interoperabiliteit van de systemen 5. Clausule met betrekking tot de auditregeling 6. Clausule met betrekking tot de verplichtingen van de provider inzake vertrouwelijkheid van de gegevens 7. Clausule met betrekking tot de soevereiniteit 8. Clausule met betrekking tot de verplichtingen van de provider inzake gegevensbeveiliging www.ksz-bcss.fgov.be/binaries/documentation/nl/securite/policies/isms_050_cloud_computing_policy_nl.pdf
Never outsource 
 what you do not manage properly today! You always remain accountable!
Risk always exists! 
 (whether or not it is detected / recognised 
 by the organisation).
CLOUD COMPUTING AUDIT PROGRAM • Planning & Scoping the Audit • Define audit/assurance objectives. • Define boundaries of review • Identify & document risks • Define change process • Define assignment success • Define audit/assurance resources required • Define deliverables • Communications • Governing the Cloud • Governance & Enterprise Risk Management • Legal & Electronic Discovery • Compliance & Audit • Portability & Interoperability • Operating in the Cloud • Incident Response, Notification & Remediation • Application Security • Data Security & Integrity • Identity & Access Management • Virtualization
www.smalsresearch.be
www.smalsresearch.be
www.smalsresearch.be
FOR WHICH DATA?
www.smalsresearch.be Example pay slip storage
www.smalsresearch.be Example pay slip storage
GOVERNANCE QUESTIONS THE BOARD OF DIRECTORS SHOULD ASK ABOUT CLOUD 1. Do management teams have a plan for cloud computing? 
 Have they weighed value and opportunity costs? 2. How do current cloud plans support the enterprise’s mission? 3. Have executive teams systematically evaluated organizational readiness? 4. Have management teams considered what existing investments might be lost in their cloud planning? 5. Do management teams have strategies to measure and track 
 the value of cloud return versus risk?
Your cloud computing solution is as strong … … as its weakest link
CLOUD REFERENTIES NIST Special Publication 800-145: The NIST Definition of Cloud Computing. NIST, 2011 http://csrc.nist.gov/publications/nistpubs/ 800- 145/SP800-145.pdf ISACA Cloud Computing Guidance. 
 http://www.isaca.org/cloud European Union Agency for Network and Information Security ENISA
 http://www.enisa.europa.eu/ Cloud Security Alliance
 CSA
 https://cloudsecurityalliance.org/
Cloud security lessons learned and audit

Empfohlen

How secure are chat and webconf tools
How secure are chat and webconf toolsHow secure are chat and webconf tools
How secure are chat and webconf toolsMarc Vael
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoEMarc Vael
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Shawn Nutley
 
Iot Security and Privacy at Scale
Iot Security and Privacy at ScaleIot Security and Privacy at Scale
Iot Security and Privacy at ScaleWinston Morton
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for CybersecurityThe 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for Cybersecuritynathan-axonius
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
Close the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote WorkforceClose the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote Workforcejlieberman07
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 

Empfohlen

How secure are chat and webconf tools
How secure are chat and webconf toolsHow secure are chat and webconf tools
How secure are chat and webconf toolsMarc Vael
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoEMarc Vael
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Shawn Nutley
 
Iot Security and Privacy at Scale
Iot Security and Privacy at ScaleIot Security and Privacy at Scale
Iot Security and Privacy at ScaleWinston Morton
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for CybersecurityThe 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for Cybersecuritynathan-axonius
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
Close the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote WorkforceClose the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote Workforcejlieberman07
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
BYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessBYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessMike Brannon
 
WP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONWP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONJohn Pinson
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Burton Lee
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramNetIQ
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problemsscoopnewsgroup
 
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...Infosecurity2010
 
Privacy by design
Privacy by designPrivacy by design
Privacy by designMichelangelo van Dam
 
Instituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesInstituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesWill Kelly
 
Secure Your Mobile Content!
Secure Your Mobile Content!Secure Your Mobile Content!
Secure Your Mobile Content!Mike Brannon
 
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open InternetION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open InternetDeploy360 Programme (Internet Society)
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
Cert Overview
Cert OverviewCert Overview
Cert Overviewmattnik
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesPaige Rasid
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to usPeter Wood
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills GapStephen Cobb
 
The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...United Security Providers AG
 
Stepping Up conference 2013
Stepping Up conference 2013Stepping Up conference 2013
Stepping Up conference 2013kumar641
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Security Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomySecurity Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomyCisco Russia
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing RisksMarc Vael
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 

Weitere ähnliche Inhalte

Was ist angesagt?

BYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessBYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessMike Brannon
 
WP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONWP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONJohn Pinson
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Burton Lee
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramNetIQ
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problemsscoopnewsgroup
 
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...Infosecurity2010
 
Instituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesInstituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesWill Kelly
 
Secure Your Mobile Content!
Secure Your Mobile Content!Secure Your Mobile Content!
Secure Your Mobile Content!Mike Brannon
 
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open InternetION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open InternetDeploy360 Programme (Internet Society)
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
Cert Overview
Cert OverviewCert Overview
Cert Overviewmattnik
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesPaige Rasid
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to usPeter Wood
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills GapStephen Cobb
 
The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...United Security Providers AG
 
Stepping Up conference 2013
Stepping Up conference 2013Stepping Up conference 2013
Stepping Up conference 2013kumar641
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Security Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomySecurity Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomyCisco Russia
 

Was ist angesagt? (20)

BYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessBYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with business
 
WP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONWP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTION
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
 
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
 
Instituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesInstituting_Wi-Fi_Policies
Instituting_Wi-Fi_Policies
 
Secure Your Mobile Content!
Secure Your Mobile Content!Secure Your Mobile Content!
Secure Your Mobile Content!
 
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open InternetION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
Cert Overview
Cert OverviewCert Overview
Cert Overview
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass Houses
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills Gap
 
The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...
 
Stepping Up conference 2013
Stepping Up conference 2013Stepping Up conference 2013
Stepping Up conference 2013
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Security Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomySecurity Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital Economy
 

Ähnlich wie Cloud security lessons learned and audit

ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing RisksMarc Vael
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Tech equity - Cloud presentation
Tech equity - Cloud presentationTech equity - Cloud presentation
Tech equity - Cloud presentationAdrian Hall
 
Cloud Computing and Security - by KLC Consulting
Cloud Computing and Security - by KLC ConsultingCloud Computing and Security - by KLC Consulting
Cloud Computing and Security - by KLC Consultingkylelai
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityIndonesia Honeynet Chapter
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHSHAIMA A R
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityAndy Powell
 
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValueThe Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValueRapidValue
 
Demystifying The Cloud-iON Cloud ERP
Demystifying The Cloud-iON Cloud ERPDemystifying The Cloud-iON Cloud ERP
Demystifying The Cloud-iON Cloud ERPChirantan Ghosh
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityJisc
 
LinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
LinuxCon North America 2013: Why Lease When You Can Buy Your CloudLinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
LinuxCon North America 2013: Why Lease When You Can Buy Your CloudMark Hinkle
 
Enabling Cloud Computing
Enabling Cloud ComputingEnabling Cloud Computing
Enabling Cloud Computingtntsa1972
 
Cloud Computing Course Overview
Cloud Computing Course OverviewCloud Computing Course Overview
Cloud Computing Course OverviewAshraf Ali
 
Cloud Computing Course Content
Cloud Computing Course ContentCloud Computing Course Content
Cloud Computing Course ContentAshraf Ali
 
Agenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraAgenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraZeleno d.o.o.
 
Insurtech, Cloud and Cybersecurity - Chartered Insurance Institute
Insurtech, Cloud and Cybersecurity - Chartered Insurance InstituteInsurtech, Cloud and Cybersecurity - Chartered Insurance Institute
Insurtech, Cloud and Cybersecurity - Chartered Insurance InstituteHenrique Centieiro
 

Ähnlich wie Cloud security lessons learned and audit (20)

ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Tech equity - Cloud presentation
Tech equity - Cloud presentationTech equity - Cloud presentation
Tech equity - Cloud presentation
 
Cloud Computing and Security - by KLC Consulting
Cloud Computing and Security - by KLC ConsultingCloud Computing and Security - by KLC Consulting
Cloud Computing and Security - by KLC Consulting
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACH
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValueThe Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue
 
Demystifying The Cloud-iON Cloud ERP
Demystifying The Cloud-iON Cloud ERPDemystifying The Cloud-iON Cloud ERP
Demystifying The Cloud-iON Cloud ERP
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
 
LinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
LinuxCon North America 2013: Why Lease When You Can Buy Your CloudLinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
LinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
 
Enabling Cloud Computing
Enabling Cloud ComputingEnabling Cloud Computing
Enabling Cloud Computing
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Cloud Computing Course Overview
Cloud Computing Course OverviewCloud Computing Course Overview
Cloud Computing Course Overview
 
Cloud Computing Course Content
Cloud Computing Course ContentCloud Computing Course Content
Cloud Computing Course Content
 
Agenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraAgenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembra
 
Insurtech, Cloud and Cybersecurity - Chartered Insurance Institute
Insurtech, Cloud and Cybersecurity - Chartered Insurance InstituteInsurtech, Cloud and Cybersecurity - Chartered Insurance Institute
Insurtech, Cloud and Cybersecurity - Chartered Insurance Institute
 

Mehr von Marc Vael

my experience as ciso
my experience as cisomy experience as ciso
my experience as cisoMarc Vael
 
Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Marc Vael
 
Cybersecurity nexus vision
Cybersecurity nexus visionCybersecurity nexus vision
Cybersecurity nexus visionMarc Vael
 
ISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholdersISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholdersMarc Vael
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
ISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentationISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentationMarc Vael
 
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?Marc Vael
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analyticsMarc Vael
 
Social media risks and controls
Social media risks and controlsSocial media risks and controls
Social media risks and controlsMarc Vael
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrimeMarc Vael
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
Belgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programmeBelgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programmeMarc Vael
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutMarc Vael
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
Securing big data (july 2012)
Securing big data (july 2012)Securing big data (july 2012)
Securing big data (july 2012)Marc Vael
 
Valuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handoutValuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handoutMarc Vael
 
How to handle multilayered IT security today
How to handle multilayered IT security todayHow to handle multilayered IT security today
How to handle multilayered IT security todayMarc Vael
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
Valuendo cyberwar and security (okt 2011) handout
Valuendo cyberwar and security (okt 2011) handoutValuendo cyberwar and security (okt 2011) handout
Valuendo cyberwar and security (okt 2011) handoutMarc Vael
 
Isaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printIsaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printMarc Vael
 

Mehr von Marc Vael (20)

my experience as ciso
my experience as cisomy experience as ciso
my experience as ciso
 
Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)
 
Cybersecurity nexus vision
Cybersecurity nexus visionCybersecurity nexus vision
Cybersecurity nexus vision
 
ISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholdersISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholders
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
ISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentationISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentation
 
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analytics
 
Social media risks and controls
Social media risks and controlsSocial media risks and controls
Social media risks and controls
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrime
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentation
 
Belgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programmeBelgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programme
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
Securing big data (july 2012)
Securing big data (july 2012)Securing big data (july 2012)
Securing big data (july 2012)
 
Valuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handoutValuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handout
 
How to handle multilayered IT security today
How to handle multilayered IT security todayHow to handle multilayered IT security today
How to handle multilayered IT security today
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011
 
Valuendo cyberwar and security (okt 2011) handout
Valuendo cyberwar and security (okt 2011) handoutValuendo cyberwar and security (okt 2011) handout
Valuendo cyberwar and security (okt 2011) handout
 
Isaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printIsaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) print
 

KĂźrzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂşjo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

KĂźrzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Cloud security lessons learned and audit

  • 1. CLOUD SECURITY 
 LESSONS LEARNED & AUDIT Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, 11 June 2015
  • 2.
  • 3.
  • 4. WHEN WAS THE TERM USED FOR THE FIRST TIME? 26th of October 1997
  • 5. WHO HYPED ALL THIS? “What's interesting [now] is that there is an emergent new model, and you all are here because you are part of that new model. I don't think people have really understood how big this opportunity really is. It starts with the premise that the data services and architecture should be on servers. We call it cloud computing – they should be in a "cloud" somewhere. And that if you have the right kind of browser or the right kind of access, it doesn't matter whether you have a PC or a Mac or a mobile phone or a BlackBerry or what have you – or new devices still to be developed – you can get access to the cloud.” Mr. Eric Schmidt, Chairman & CEO Google Search Engine Strategies Conference, 9th of August 2006 http://www.google.com/press/podium/ses2006.html
  • 6. DEFINITION OF CLOUD COMPUTING A model for enabling convenient, on-demand broad network access to a shared pool of configurable computing resources that can be rapidly provisioned & released with minimal management effort or service provider interaction and with automatic measuring, controlling & optimization. 5 characteristics 3 service models 4 deployment models NIST, Definition of Cloud Computing, October 2009
  • 7. NIST, Definition of Cloud Computing, October 2009 ISACA, Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives, 2010 1. On-demand self-service. 2. Broad network access. 3. Resource pooling. 4. Rapid & elastic provisioning (add & withdraw). 5. Automatically measured, controlled, optimized service. DEFINITION
  • 8. Cloud Computing Taxonomy & Ontology v1.5 Chris Hoff +
  • 14. 1. Gegevensbescherming 2. Beveiliging van de rekencentra 3. Logische toegangsbeveiliging 4. Beveiliging van de systemen 5. Beveiliging van de netwerktoegangen 1. Clausule met betrekking tot de mogelijkheid voor een "cloud"-provider om een deel van zijn activiteiten uit te besteden. 2. Clausule met betrekking tot de integriteit, continuĂŻteit en kwaliteit van de dienstverlening 3. Clausule met betrekking tot de teruggave van de gegevens 4. Clausule met betrekking tot de overdraagbaarheid van de gegevens en de interoperabiliteit van de systemen 5. Clausule met betrekking tot de auditregeling 6. Clausule met betrekking tot de verplichtingen van de provider inzake vertrouwelijkheid van de gegevens 7. Clausule met betrekking tot de soevereiniteit 8. Clausule met betrekking tot de verplichtingen van de provider inzake gegevensbeveiliging www.ksz-bcss.fgov.be/binaries/documentation/nl/securite/policies/isms_050_cloud_computing_policy_nl.pdf
  • 15.
  • 16.
  • 17. Never outsource 
 what you do not manage properly today! You always remain accountable!
  • 18. Risk always exists! 
 (whether or not it is detected / recognised 
 by the organisation).
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26. CLOUD COMPUTING AUDIT PROGRAM • Planning & Scoping the Audit • Define audit/assurance objectives. • Define boundaries of review • Identify & document risks • Define change process • Define assignment success • Define audit/assurance resources required • Define deliverables • Communications • Governing the Cloud • Governance & Enterprise Risk Management • Legal & Electronic Discovery • Compliance & Audit • Portability & Interoperability • Operating in the Cloud • Incident Response, Notification & Remediation • Application Security • Data Security & Integrity • Identity & Access Management • Virtualization
  • 27.
  • 28.
  • 35.
  • 36.
  • 37.
  • 38. GOVERNANCE QUESTIONS THE BOARD OF DIRECTORS SHOULD ASK ABOUT CLOUD 1. Do management teams have a plan for cloud computing? 
 Have they weighed value and opportunity costs? 2. How do current cloud plans support the enterprise’s mission? 3. Have executive teams systematically evaluated organizational readiness? 4. Have management teams considered what existing investments might be lost in their cloud planning? 5. Do management teams have strategies to measure and track 
 the value of cloud return versus risk?
  • 39. Your cloud computing solution is as strong … … as its weakest link
  • 40. CLOUD REFERENTIES NIST Special Publication 800-145: The NIST Definition of Cloud Computing. NIST, 2011 http://csrc.nist.gov/publications/nistpubs/ 800- 145/SP800-145.pdf ISACA Cloud Computing Guidance. 
 http://www.isaca.org/cloud European Union Agency for Network and Information Security ENISA
 http://www.enisa.europa.eu/ Cloud Security Alliance
 CSA
 https://cloudsecurityalliance.org/