SlideShare ist ein Scribd-Unternehmen logo

John Godwin's Presentation at Digital Leaders Conference 2015

Als PPTX, PDF herunterladen
Digital Leaders
Digital Leaders

9 December 2015, Microsoft, Central London.

Präsentationen & Vorträge
1 von 8
Page 1© Skyscape Cloud Services 2015 Commercial In Confidence The rise of public sector cloud A major drive by the UK Public Sector to improve public facing services and reduce costs. Digital by Default and Cloud First agendas. Secure multi-tenancy cloud environments enable better resource utilisation and lower prices for the customer. Key consideration for the rights of citizens and the protection of their data. So data security and assurance remains the most important consideration. Not all cloud service suppliers are the same – they need to willingly demonstrate their level of competence to their customers.
Page 2© Skyscape Cloud Services 2015 Commercial In Confidence Public sector data – it’s OFFICIAL Notthesame!
Page 3© Skyscape Cloud Services 2015 Commercial In Confidence The 14 CESG Cloud Security Principles 1. Data in transit protection 2. Asset protection and resilience 3. Separation between consumers 4. Governance (e.g. ISO27001) 5. Operational process security 6. Personnel security, screening 7. Secure code development (more detail on .gov.uk website) 8. Supply chain security 9. Secure consumer management 10. Identity and authentication 11. External interface protection 12. Secure service administration 13. Audit information provision to consumers 14. Secure use of the service by the consumer
Page 4© Skyscape Cloud Services 2015 Commercial In Confidence Demonstrating credibility 1. Cloud Service Provider Assertions  Demonstrating an acceptable level of information security maturity.  Experienced information and technical security resources.  Where is the cloud service (sovereignty, data protection, etc.)  Regular, proactive security testing activities.  Evidence of capable responses to previous security challenges. 2. Contractual Commitments  Specific, measurable performance indicators. within contracts (e.g. maintaining certifications, clean test results, security incident responses, etc.)
Page 5© Skyscape Cloud Services 2015 Commercial In Confidence Demonstrating credibility 3. Independent Validation of Assertions  Independent third party tests, properly scoped to test the supplier’s assertions.  Holding certificates of compliance against relevant, recognised standards.  Controls reviewed by a suitably qualified individual (e.g. CESG Cert. IA Auditor) 4. Independent Testing of Implementation  Proper scoping of testing activities, undertaken by a suitably qualified organisation/individual.  Testing activities to demonstrate that controls have been properly implemented:  CHECK, CREST, Tiger
Page 6© Skyscape Cloud Services 2015 Commercial In Confidence Demonstrating credibility 5. Assurance in the Service Design  Service designed/reviewed by a qualified individual (CESG Cert. IA Architect)  Provides additional independent assurance about robustness of security controls. 6. Assurance in the Service Components  Scope of testing of assured products/services.  Suitability of different assessment schemes.  Foundation Grade assurance is considered a good commercial level of security.  Also requires checks on configuration and use.
Page 7© Skyscape Cloud Services 2015 Commercial In Confidence Supporting cloud customers The Digital Marketplace allows public sector customers to make easier comparisons between different cloud service suppliers. Risk-based decisions remain with the data-owning customer. There is an expectation that customers will be “kicking the tyres”…  If information security skills need boosting, they should seek credible assistance.  They should challenge suppliers to evidence their security assertions willingly.  Gain confidence from existing accreditations or previous customer validations.  If it looks suspicious, or the supplier evidence doesn’t add up, trust their instincts.  Monitor cloud suppliers carefully, seek regular and meaningful interactions.
Page 8© Skyscape Cloud Services 2015 Commercial In Confidence Thank you jgodwin@skyscapecloud.com @johngodwin1

Empfohlen

Generating new revenue stream for an enterprise search solutions provider thr...
Generating new revenue stream for an enterprise search solutions provider thr...Generating new revenue stream for an enterprise search solutions provider thr...
Generating new revenue stream for an enterprise search solutions provider thr...
Mindtree Ltd.
 
Ur vitals: Medical Records Vault
Ur vitals: Medical Records VaultUr vitals: Medical Records Vault
Ur vitals: Medical Records Vault
Codelattice
 
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2
 
[WSO2Con USA 2018] CIAM @ IDEXX: Changing the Auth Engine In-flight
[WSO2Con USA 2018] CIAM @ IDEXX: Changing the Auth Engine In-flight[WSO2Con USA 2018] CIAM @ IDEXX: Changing the Auth Engine In-flight
[WSO2Con USA 2018] CIAM @ IDEXX: Changing the Auth Engine In-flight
WSO2
 
IoT1
IoT1IoT1
IoT1
Khaly Ketoure
 
Observability with Elastic at Audi Business Innovation
Observability with Elastic at Audi Business InnovationObservability with Elastic at Audi Business Innovation
Observability with Elastic at Audi Business Innovation
Elasticsearch
 
Dsa practical-examples
Dsa practical-examplesDsa practical-examples
Dsa practical-examples
Craig Allen Keefner
 
Modernizing deployment in any environment with Elastic
Modernizing deployment in any environment with ElasticModernizing deployment in any environment with Elastic
Modernizing deployment in any environment with Elastic
Elasticsearch
 

Empfohlen

Generating new revenue stream for an enterprise search solutions provider thr...
Generating new revenue stream for an enterprise search solutions provider thr...Generating new revenue stream for an enterprise search solutions provider thr...
Generating new revenue stream for an enterprise search solutions provider thr...
Mindtree Ltd.
 
Ur vitals: Medical Records Vault
Ur vitals: Medical Records VaultUr vitals: Medical Records Vault
Ur vitals: Medical Records Vault
Codelattice
 
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2
 
[WSO2Con USA 2018] CIAM @ IDEXX: Changing the Auth Engine In-flight
[WSO2Con USA 2018] CIAM @ IDEXX: Changing the Auth Engine In-flight[WSO2Con USA 2018] CIAM @ IDEXX: Changing the Auth Engine In-flight
[WSO2Con USA 2018] CIAM @ IDEXX: Changing the Auth Engine In-flight
WSO2
 
IoT1
IoT1IoT1
IoT1
Khaly Ketoure
 
Observability with Elastic at Audi Business Innovation
Observability with Elastic at Audi Business InnovationObservability with Elastic at Audi Business Innovation
Observability with Elastic at Audi Business Innovation
Elasticsearch
 
Dsa practical-examples
Dsa practical-examplesDsa practical-examples
Dsa practical-examples
Craig Allen Keefner
 
Modernizing deployment in any environment with Elastic
Modernizing deployment in any environment with ElasticModernizing deployment in any environment with Elastic
Modernizing deployment in any environment with Elastic
Elasticsearch
 
OpenText - Moving content to the cloud: Your way, your pace
OpenText - Moving content to the cloud: Your way, your paceOpenText - Moving content to the cloud: Your way, your pace
OpenText - Moving content to the cloud: Your way, your pace
OpenText
 
Which Embedded Analytics is Right for You?
Which Embedded Analytics is Right for You?Which Embedded Analytics is Right for You?
Which Embedded Analytics is Right for You?
OpenText
 
Finteon Open Banking Solution
Finteon Open Banking SolutionFinteon Open Banking Solution
Finteon Open Banking Solution
Theo Adis
 
Reducing Aerospace and Defense Asset Costs and Improving Visibility
Reducing Aerospace and Defense Asset Costs and Improving VisibilityReducing Aerospace and Defense Asset Costs and Improving Visibility
Reducing Aerospace and Defense Asset Costs and Improving Visibility
Pamela Chasse
 
Increased market reach of an eDiscovery product suite for a pioneer in litiga...
Increased market reach of an eDiscovery product suite for a pioneer in litiga...Increased market reach of an eDiscovery product suite for a pioneer in litiga...
Increased market reach of an eDiscovery product suite for a pioneer in litiga...
Mindtree Ltd.
 
What’s New in OpenText eDOCS Release 16 EP7
What’s New in OpenText eDOCS Release 16 EP7What’s New in OpenText eDOCS Release 16 EP7
What’s New in OpenText eDOCS Release 16 EP7
OpenText
 
[WSO2 Summit Americas 2020] Role of CIAM in Digital Transformation
[WSO2 Summit Americas 2020] Role of CIAM in Digital Transformation[WSO2 Summit Americas 2020] Role of CIAM in Digital Transformation
[WSO2 Summit Americas 2020] Role of CIAM in Digital Transformation
WSO2
 
Rubin Way - Blockchain Disruption in the Supply Chain
Rubin Way - Blockchain Disruption in the Supply ChainRubin Way - Blockchain Disruption in the Supply Chain
Rubin Way - Blockchain Disruption in the Supply Chain
Rubin Way Ltd
 
Blockit Seed Round Pitch Deck
Blockit Seed Round Pitch DeckBlockit Seed Round Pitch Deck
Blockit Seed Round Pitch Deck
Jake McCarley
 
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
CloudSecurityAllianceAustralia
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
Graeme Wood
 
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
CloudSecurityAllianceAustralia
 
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
Amazon Web Services
 
Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...
Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...
Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...
kalichargn70th171
 
Cloud Trust Management Framework Based On Cloud Market spaces
Cloud Trust Management Framework Based On Cloud Market spacesCloud Trust Management Framework Based On Cloud Market spaces
Cloud Trust Management Framework Based On Cloud Market spaces
IJERA Editor
 
Cloud Armor: An Overview of Trusty Supporting Reputation based Management for...
Cloud Armor: An Overview of Trusty Supporting Reputation based Management for...Cloud Armor: An Overview of Trusty Supporting Reputation based Management for...
Cloud Armor: An Overview of Trusty Supporting Reputation based Management for...
IRJET Journal
 
ACS Seminar: Components & perceptions of SerVal in B2B cloud computing
ACS Seminar: Components & perceptions of SerVal in B2B cloud computingACS Seminar: Components & perceptions of SerVal in B2B cloud computing
ACS Seminar: Components & perceptions of SerVal in B2B cloud computing
Roland Padilla
 
Sing Tel - Designing security into datacenter - Gerald Tang
Sing Tel - Designing security into datacenter - Gerald TangSing Tel - Designing security into datacenter - Gerald Tang
Sing Tel - Designing security into datacenter - Gerald Tang
Minh Le
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Cloud Standards Customer Council
 
Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...
Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...
Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...
poojalate59
 
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
Amazon Web Services
 
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudFive Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Cognizant
 

Weitere ähnliche Inhalte

Was ist angesagt?

OpenText - Moving content to the cloud: Your way, your pace
OpenText - Moving content to the cloud: Your way, your paceOpenText - Moving content to the cloud: Your way, your pace
OpenText - Moving content to the cloud: Your way, your pace
OpenText
 
Increased market reach of an eDiscovery product suite for a pioneer in litiga...
Increased market reach of an eDiscovery product suite for a pioneer in litiga...Increased market reach of an eDiscovery product suite for a pioneer in litiga...
Increased market reach of an eDiscovery product suite for a pioneer in litiga...
Mindtree Ltd.
 
What’s New in OpenText eDOCS Release 16 EP7
What’s New in OpenText eDOCS Release 16 EP7What’s New in OpenText eDOCS Release 16 EP7
What’s New in OpenText eDOCS Release 16 EP7
OpenText
 

Was ist angesagt? (9)

OpenText - Moving content to the cloud: Your way, your pace
OpenText - Moving content to the cloud: Your way, your paceOpenText - Moving content to the cloud: Your way, your pace
OpenText - Moving content to the cloud: Your way, your pace
 
Which Embedded Analytics is Right for You?
Which Embedded Analytics is Right for You?Which Embedded Analytics is Right for You?
Which Embedded Analytics is Right for You?
 
Finteon Open Banking Solution
Finteon Open Banking SolutionFinteon Open Banking Solution
Finteon Open Banking Solution
 
Reducing Aerospace and Defense Asset Costs and Improving Visibility
Reducing Aerospace and Defense Asset Costs and Improving VisibilityReducing Aerospace and Defense Asset Costs and Improving Visibility
Reducing Aerospace and Defense Asset Costs and Improving Visibility
 
Increased market reach of an eDiscovery product suite for a pioneer in litiga...
Increased market reach of an eDiscovery product suite for a pioneer in litiga...Increased market reach of an eDiscovery product suite for a pioneer in litiga...
Increased market reach of an eDiscovery product suite for a pioneer in litiga...
 
What’s New in OpenText eDOCS Release 16 EP7
What’s New in OpenText eDOCS Release 16 EP7What’s New in OpenText eDOCS Release 16 EP7
What’s New in OpenText eDOCS Release 16 EP7
 
[WSO2 Summit Americas 2020] Role of CIAM in Digital Transformation
[WSO2 Summit Americas 2020] Role of CIAM in Digital Transformation[WSO2 Summit Americas 2020] Role of CIAM in Digital Transformation
[WSO2 Summit Americas 2020] Role of CIAM in Digital Transformation
 
Rubin Way - Blockchain Disruption in the Supply Chain
Rubin Way - Blockchain Disruption in the Supply ChainRubin Way - Blockchain Disruption in the Supply Chain
Rubin Way - Blockchain Disruption in the Supply Chain
 
Blockit Seed Round Pitch Deck
Blockit Seed Round Pitch DeckBlockit Seed Round Pitch Deck
Blockit Seed Round Pitch Deck
 

Ähnlich wie John Godwin's Presentation at Digital Leaders Conference 2015

CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
Graeme Wood
 
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
Amazon Web Services
 
Cloud Trust Management Framework Based On Cloud Market spaces
Cloud Trust Management Framework Based On Cloud Market spacesCloud Trust Management Framework Based On Cloud Market spaces
Cloud Trust Management Framework Based On Cloud Market spaces
IJERA Editor
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Cloud Standards Customer Council
 
Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...
Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...
Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...
poojalate59
 
CIF Self Certification MSP Oct15
CIF Self Certification MSP Oct15CIF Self Certification MSP Oct15
CIF Self Certification MSP Oct15
Jason Wyatt
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
patmisasi
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
promediakw
 

Ähnlich wie John Godwin's Presentation at Digital Leaders Conference 2015 (20)

Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
 
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
 
Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...
Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...
Revolutionizing CX_ How Digital Testing Leads the Way in Digital Transformati...
 
Cloud Trust Management Framework Based On Cloud Market spaces
Cloud Trust Management Framework Based On Cloud Market spacesCloud Trust Management Framework Based On Cloud Market spaces
Cloud Trust Management Framework Based On Cloud Market spaces
 
Cloud Armor: An Overview of Trusty Supporting Reputation based Management for...
Cloud Armor: An Overview of Trusty Supporting Reputation based Management for...Cloud Armor: An Overview of Trusty Supporting Reputation based Management for...
Cloud Armor: An Overview of Trusty Supporting Reputation based Management for...
 
ACS Seminar: Components & perceptions of SerVal in B2B cloud computing
ACS Seminar: Components & perceptions of SerVal in B2B cloud computingACS Seminar: Components & perceptions of SerVal in B2B cloud computing
ACS Seminar: Components & perceptions of SerVal in B2B cloud computing
 
Sing Tel - Designing security into datacenter - Gerald Tang
Sing Tel - Designing security into datacenter - Gerald TangSing Tel - Designing security into datacenter - Gerald Tang
Sing Tel - Designing security into datacenter - Gerald Tang
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...
Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...
Decoding Excellence Unraveling the Impact of Cloud Provider Services on Moder...
 
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
 
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudFive Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the Cloud
 
Optiv Security Award Write Up
Optiv Security Award Write UpOptiv Security Award Write Up
Optiv Security Award Write Up
 
CIF Self Certification MSP Oct15
CIF Self Certification MSP Oct15CIF Self Certification MSP Oct15
CIF Self Certification MSP Oct15
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
 
EMC Perspective: What Customers Seek from Cloud Services Providers
EMC Perspective: What Customers Seek from Cloud Services ProvidersEMC Perspective: What Customers Seek from Cloud Services Providers
EMC Perspective: What Customers Seek from Cloud Services Providers
 

Mehr von Digital Leaders

The Business Case for Digital Accessibility
The Business Case for Digital AccessibilityThe Business Case for Digital Accessibility
The Business Case for Digital Accessibility
Digital Leaders
 

Mehr von Digital Leaders (20)

The Business Case for Digital Accessibility
The Business Case for Digital AccessibilityThe Business Case for Digital Accessibility
The Business Case for Digital Accessibility
 
Digital Business- Challenges to Growth, by Nick Williams
Digital Business- Challenges to Growth, by Nick WilliamsDigital Business- Challenges to Growth, by Nick Williams
Digital Business- Challenges to Growth, by Nick Williams
 
Learn Science, Think Science, Live Science: BeScience STEM, by Jessica Okoro
Learn Science, Think Science, Live Science: BeScience STEM, by Jessica OkoroLearn Science, Think Science, Live Science: BeScience STEM, by Jessica Okoro
Learn Science, Think Science, Live Science: BeScience STEM, by Jessica Okoro
 
Business Built on Life Experiences & Passion for Inclusion, by Molly watt
Business Built on Life Experiences & Passion for Inclusion, by Molly wattBusiness Built on Life Experiences & Passion for Inclusion, by Molly watt
Business Built on Life Experiences & Passion for Inclusion, by Molly watt
 
The next opportunity: GovTech by Daniel Korski
The next opportunity: GovTech by Daniel KorskiThe next opportunity: GovTech by Daniel Korski
The next opportunity: GovTech by Daniel Korski
 
Skills and Capability in a Digital Age by Cameron Stewart
Skills and Capability in a Digital Age by Cameron StewartSkills and Capability in a Digital Age by Cameron Stewart
Skills and Capability in a Digital Age by Cameron Stewart
 
Nominet
NominetNominet
Nominet
 
Aston University
Aston UniversityAston University
Aston University
 
Cobweb Information
Cobweb InformationCobweb Information
Cobweb Information
 
EMSI
EMSIEMSI
EMSI
 
Buckinghamshire Business First
Buckinghamshire Business FirstBuckinghamshire Business First
Buckinghamshire Business First
 
Good Things Foundation: Digital People = Digital Businesses
Good Things Foundation: Digital People = Digital BusinessesGood Things Foundation: Digital People = Digital Businesses
Good Things Foundation: Digital People = Digital Businesses
 
Driving Digital Skills Adoption – Doteveryone Digital Connect Pilot
Driving Digital Skills Adoption – Doteveryone Digital Connect PilotDriving Digital Skills Adoption – Doteveryone Digital Connect Pilot
Driving Digital Skills Adoption – Doteveryone Digital Connect Pilot
 
Digital insights for small businesses – bringing the Lloyds Bank Business Dig...
Digital insights for small businesses – bringing the Lloyds Bank Business Dig...Digital insights for small businesses – bringing the Lloyds Bank Business Dig...
Digital insights for small businesses – bringing the Lloyds Bank Business Dig...
 
DL Conference 2016: Max Kreijn, NearSt
DL Conference 2016: Max Kreijn, NearStDL Conference 2016: Max Kreijn, NearSt
DL Conference 2016: Max Kreijn, NearSt
 
DL Conference 2016: Simon Hansford, UKCloud
DL Conference 2016: Simon Hansford, UKCloudDL Conference 2016: Simon Hansford, UKCloud
DL Conference 2016: Simon Hansford, UKCloud
 
DL Conference 2016: Edoardo Volta, Mastercard UK&I
DL Conference 2016: Edoardo Volta, Mastercard UK&IDL Conference 2016: Edoardo Volta, Mastercard UK&I
DL Conference 2016: Edoardo Volta, Mastercard UK&I
 
DL Conference: Garrett Goodman, Wochit
DL Conference: Garrett Goodman, WochitDL Conference: Garrett Goodman, Wochit
DL Conference: Garrett Goodman, Wochit
 
DL Conference 2016: Katie O’Donovan, Google
DL Conference 2016: Katie O’Donovan, GoogleDL Conference 2016: Katie O’Donovan, Google
DL Conference 2016: Katie O’Donovan, Google
 
DL Conference 2016: Seth Finegan, Informed Solutions
DL Conference 2016: Seth Finegan, Informed SolutionsDL Conference 2016: Seth Finegan, Informed Solutions
DL Conference 2016: Seth Finegan, Informed Solutions
 

Kürzlich hochgeladen

527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf
rajpreetkaur75080
 
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Rahsaan L. Browne
 
Cymulate (Breach and Attack Simulation).
Cymulate (Breach and Attack Simulation).Cymulate (Breach and Attack Simulation).
Cymulate (Breach and Attack Simulation).
luckyk1575
 

Kürzlich hochgeladen (15)

527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf
 
OC Streetcar Final Presentation-Downtown Santa Ana
OC Streetcar Final Presentation-Downtown Santa AnaOC Streetcar Final Presentation-Downtown Santa Ana
OC Streetcar Final Presentation-Downtown Santa Ana
 
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
 
Cymulate (Breach and Attack Simulation).
Cymulate (Breach and Attack Simulation).Cymulate (Breach and Attack Simulation).
Cymulate (Breach and Attack Simulation).
 
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
 
Oracle Database Administration I (1Z0-082) Exam Dumps 2024.pdf
Oracle Database Administration I (1Z0-082) Exam Dumps 2024.pdfOracle Database Administration I (1Z0-082) Exam Dumps 2024.pdf
Oracle Database Administration I (1Z0-082) Exam Dumps 2024.pdf
 
Breathing in New Life_ Part 3 05 22 2024.pptx
Breathing in New Life_ Part 3 05 22 2024.pptxBreathing in New Life_ Part 3 05 22 2024.pptx
Breathing in New Life_ Part 3 05 22 2024.pptx
 
Deciding The Topic of our Magazine.pptx.
Deciding The Topic of our Magazine.pptx.Deciding The Topic of our Magazine.pptx.
Deciding The Topic of our Magazine.pptx.
 
ServiceNow CIS-Discovery Exam Dumps 2024
ServiceNow CIS-Discovery Exam Dumps 2024ServiceNow CIS-Discovery Exam Dumps 2024
ServiceNow CIS-Discovery Exam Dumps 2024
 
Understanding Poverty: A Community Questionnaire
Understanding Poverty: A Community QuestionnaireUnderstanding Poverty: A Community Questionnaire
Understanding Poverty: A Community Questionnaire
 
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docxThe Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
 
123445566544333222333444dxcvbcvcvharsh.pptx
123445566544333222333444dxcvbcvcvharsh.pptx123445566544333222333444dxcvbcvcvharsh.pptx
123445566544333222333444dxcvbcvcvharsh.pptx
 
Hi-Tech Industry 2024-25 Prospective.pptx
Hi-Tech Industry 2024-25 Prospective.pptxHi-Tech Industry 2024-25 Prospective.pptx
Hi-Tech Industry 2024-25 Prospective.pptx
 
05232024 Joint Meeting - Community Networking
05232024 Joint Meeting - Community Networking05232024 Joint Meeting - Community Networking
05232024 Joint Meeting - Community Networking
 
The Canoga Gardens Development Project. PDF
The Canoga Gardens Development Project. PDFThe Canoga Gardens Development Project. PDF
The Canoga Gardens Development Project. PDF
 

John Godwin's Presentation at Digital Leaders Conference 2015

  • 1. Page 1© Skyscape Cloud Services 2015 Commercial In Confidence The rise of public sector cloud A major drive by the UK Public Sector to improve public facing services and reduce costs. Digital by Default and Cloud First agendas. Secure multi-tenancy cloud environments enable better resource utilisation and lower prices for the customer. Key consideration for the rights of citizens and the protection of their data. So data security and assurance remains the most important consideration. Not all cloud service suppliers are the same – they need to willingly demonstrate their level of competence to their customers.
  • 2. Page 2© Skyscape Cloud Services 2015 Commercial In Confidence Public sector data – it’s OFFICIAL Notthesame!
  • 3. Page 3© Skyscape Cloud Services 2015 Commercial In Confidence The 14 CESG Cloud Security Principles 1. Data in transit protection 2. Asset protection and resilience 3. Separation between consumers 4. Governance (e.g. ISO27001) 5. Operational process security 6. Personnel security, screening 7. Secure code development (more detail on .gov.uk website) 8. Supply chain security 9. Secure consumer management 10. Identity and authentication 11. External interface protection 12. Secure service administration 13. Audit information provision to consumers 14. Secure use of the service by the consumer
  • 4. Page 4© Skyscape Cloud Services 2015 Commercial In Confidence Demonstrating credibility 1. Cloud Service Provider Assertions  Demonstrating an acceptable level of information security maturity.  Experienced information and technical security resources.  Where is the cloud service (sovereignty, data protection, etc.)  Regular, proactive security testing activities.  Evidence of capable responses to previous security challenges. 2. Contractual Commitments  Specific, measurable performance indicators. within contracts (e.g. maintaining certifications, clean test results, security incident responses, etc.)
  • 5. Page 5© Skyscape Cloud Services 2015 Commercial In Confidence Demonstrating credibility 3. Independent Validation of Assertions  Independent third party tests, properly scoped to test the supplier’s assertions.  Holding certificates of compliance against relevant, recognised standards.  Controls reviewed by a suitably qualified individual (e.g. CESG Cert. IA Auditor) 4. Independent Testing of Implementation  Proper scoping of testing activities, undertaken by a suitably qualified organisation/individual.  Testing activities to demonstrate that controls have been properly implemented:  CHECK, CREST, Tiger
  • 6. Page 6© Skyscape Cloud Services 2015 Commercial In Confidence Demonstrating credibility 5. Assurance in the Service Design  Service designed/reviewed by a qualified individual (CESG Cert. IA Architect)  Provides additional independent assurance about robustness of security controls. 6. Assurance in the Service Components  Scope of testing of assured products/services.  Suitability of different assessment schemes.  Foundation Grade assurance is considered a good commercial level of security.  Also requires checks on configuration and use.
  • 7. Page 7© Skyscape Cloud Services 2015 Commercial In Confidence Supporting cloud customers The Digital Marketplace allows public sector customers to make easier comparisons between different cloud service suppliers. Risk-based decisions remain with the data-owning customer. There is an expectation that customers will be “kicking the tyres”…  If information security skills need boosting, they should seek credible assistance.  They should challenge suppliers to evidence their security assertions willingly.  Gain confidence from existing accreditations or previous customer validations.  If it looks suspicious, or the supplier evidence doesn’t add up, trust their instincts.  Monitor cloud suppliers carefully, seek regular and meaningful interactions.
  • 8. Page 8© Skyscape Cloud Services 2015 Commercial In Confidence Thank you jgodwin@skyscapecloud.com @johngodwin1