SlideShare a Scribd company logo
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Everyone is in Cloud,
shouldn't we be too?”
Tools C-level can use to make informed decisions
Cloud World Forum 2015, 25 June 2015
Vladimir Jirasek, CSA UK Research
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Case study
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Your organisation stakeholders and Cloud
Customers Business
managers,
CEO/CFO
CIO Legal Security
Is my data safe
and available?
Happiness 😀
Customer
satisfaction,
ROI, EBITDA
ROI, System
architecture,
Migrations
Legality of data
processing and
locations,
Privacy
Security
architecture,
Cyber threats,
Monitoring
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Prepare your organisation
for Cloud deployments
People
training &
awareness
Processes &
Governance
Technology
architecture
& controls
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Does you organisation have a Cloud policy?
Generic requirements
• Requirement 1: Discover Cloud services being used in
organisation
• Requirement 2: Alignment of organisation enterprise and
security architectures with the Cloud
Before a Cloud service procurement
• Requirement 3: Comply with organisation data classification
requirements
• Requirement 4: Encrypt all sensitive data processed in the
Cloud
• Requirement 5: Link the Cloud service into the organisation
Identity and Access architecture and monitoring of activities
of users
During a Cloud service procurement
• Requirement 6: Perform due diligence activities before the
contract is signed
During a Cloud service procurement (contd)
• Requirement 7: Require “Right to audit” clause in the contract
• Requirement 8: Know locations of personal identifiable information in
the cloud
• Requirement 9: Assess the availability of the Cloud services
• Requirement 10: Assess the cloud provider’s security
arrangements
• Requirement 11: Assess the Cloud provider’s ability to comply with the
organisation forensic investigations
Running a Cloud service
• Requirement 12: Limit the use of live data for testing and development
purposes
• Requirement 13: Monitor Cloud providers security arrangements
Decommissioning a Cloud service
• Requirement 14: Destroy sensitive information when not required
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Cloud Security Alliance offers multiple tools
https://cloudsecurityalliance.org/star/
http://www.nist.gov/itl/cloud/
@CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Get involved! Share knowledge and push
towards transparency and standards
Call for contributors for a new version of CSA Cloud Guidance,
opened on Monday, June 8, for 6 weeks
https://cloudsecurityalliance.org/media/news/call-for-volunteers-
security-guidance-for-critical-areas-of-focus-in-cloud-computing/

More Related Content

PPTX
2012 10 cloud security architecture
PPTX
Secure your cloud applications by building solid foundations with enterprise ...
PPTX
Cloud Security
PPTX
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
PDF
Symantec Webinar | Tips for Successful CASB Projects
PPTX
Architect secure cloud services.
PPTX
Cloud security for financial services
PDF
CASB — Your new best friend for safe cloud adoption?
2012 10 cloud security architecture
Secure your cloud applications by building solid foundations with enterprise ...
Cloud Security
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Symantec Webinar | Tips for Successful CASB Projects
Architect secure cloud services.
Cloud security for financial services
CASB — Your new best friend for safe cloud adoption?

What's hot (20)

PPTX
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
PPTX
Cloud Access Security Brokers - CASB
PDF
63 Requirements for CASB
PPTX
Cloud security
PDF
Cloud Security Demystified
PPTX
5 Highest-Impact CASB Use Cases
PDF
Guide to CASB Use Cases
PDF
Automatizovaná bezpečnost – nadstandard nebo nutnost?
PPTX
Cloud Privacy & Security compliance
PPTX
Surviving the lions den - how to sell SaaS services to security oriented cust...
PDF
CSA Standards Development Summary
PPTX
5 Highest-Impact CASB Use Cases - Office 365
PDF
Global Mandate to Secure Cloud Computing
PDF
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
PDF
Security Challenges in Cloud
PDF
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
PPTX
CASB: Securing your cloud applications
PDF
Cloud Security: A New Perspective
PDF
Workshop on CASB Part 2
PPTX
McAfee - Portfolio Overview
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
Cloud Access Security Brokers - CASB
63 Requirements for CASB
Cloud security
Cloud Security Demystified
5 Highest-Impact CASB Use Cases
Guide to CASB Use Cases
Automatizovaná bezpečnost – nadstandard nebo nutnost?
Cloud Privacy & Security compliance
Surviving the lions den - how to sell SaaS services to security oriented cust...
CSA Standards Development Summary
5 Highest-Impact CASB Use Cases - Office 365
Global Mandate to Secure Cloud Computing
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
Security Challenges in Cloud
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
CASB: Securing your cloud applications
Cloud Security: A New Perspective
Workshop on CASB Part 2
McAfee - Portfolio Overview
Ad

Similar to C-Level tools for Cloud security (20)

PDF
Cloud Security Governance
PDF
Cloud services and it security
PPTX
Scott Hogg - Gtri cloud security knowledge and certs
PPTX
Global Efforts to Secure Cloud Computing
PPTX
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
PDF
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
PPTX
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
PDF
CCSK, cloud security framework, Indonesia
PPTX
Cloud and challenges isacakenya
PDF
Losing Control to the Cloud
PPT
3245224.ppt
PPT
2011 Digital Summit - Not So Cloudy - Agcaoili
PPTX
Csa summit argentina-reavis
PPTX
Cloud Security Concept in Security .pptx
PPTX
Shawn Harris - CCSP SAH v2
PDF
Cloud - Everyone is doing it, But is it safe?
PDF
The Cloud is in the details webinar - Rothke
PPT
Cloud security
PDF
Best Practices in Cloud Security Standards.pptx.pdf
PPT
Effectively and Securely Using the Cloud Computing Paradigm
Cloud Security Governance
Cloud services and it security
Scott Hogg - Gtri cloud security knowledge and certs
Global Efforts to Secure Cloud Computing
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
CCSK, cloud security framework, Indonesia
Cloud and challenges isacakenya
Losing Control to the Cloud
3245224.ppt
2011 Digital Summit - Not So Cloudy - Agcaoili
Csa summit argentina-reavis
Cloud Security Concept in Security .pptx
Shawn Harris - CCSP SAH v2
Cloud - Everyone is doing it, But is it safe?
The Cloud is in the details webinar - Rothke
Cloud security
Best Practices in Cloud Security Standards.pptx.pdf
Effectively and Securely Using the Cloud Computing Paradigm
Ad

More from Vladimir Jirasek (15)

PDF
Vulnerability management - beyond scanning
PPTX
Vulnerability Management @ DevSecOps London Gathering
PPTX
Cloud security and security architecture
PPT
Mobile phone as Trusted identity assistant
KEY
Security architecture for LSE 2009
PPTX
Mobile security summit - 10 mobile risks
PDF
Information Risk Security model and metrics
PPTX
Integrating Qualys into the patch and vulnerability management processes
PPTX
Securing mobile population for White Hats
PPTX
Security models for security architecture
PPTX
Meaningfull security metrics
PPTX
CAMM presentation for Cyber Security Gas and Oil june 2011
PDF
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
PPT
Qualys Webex 24 June 2008
PPTX
Federation For The Cloud Opportunities For A Single Identity
Vulnerability management - beyond scanning
Vulnerability Management @ DevSecOps London Gathering
Cloud security and security architecture
Mobile phone as Trusted identity assistant
Security architecture for LSE 2009
Mobile security summit - 10 mobile risks
Information Risk Security model and metrics
Integrating Qualys into the patch and vulnerability management processes
Securing mobile population for White Hats
Security models for security architecture
Meaningfull security metrics
CAMM presentation for Cyber Security Gas and Oil june 2011
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
Qualys Webex 24 June 2008
Federation For The Cloud Opportunities For A Single Identity

Recently uploaded (20)

PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
PDF
Unlocking AI with Model Context Protocol (MCP)
PDF
Advanced IT Governance
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
PDF
KodekX | Application Modernization Development
PDF
Network Security Unit 5.pdf for BCA BBA.
DOCX
The AUB Centre for AI in Media Proposal.docx
PPT
Teaching material agriculture food technology
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
PPTX
Big Data Technologies - Introduction.pptx
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
PDF
Review of recent advances in non-invasive hemoglobin estimation
Mobile App Security Testing_ A Comprehensive Guide.pdf
Unlocking AI with Model Context Protocol (MCP)
Advanced IT Governance
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
Diabetes mellitus diagnosis method based random forest with bat algorithm
KodekX | Application Modernization Development
Network Security Unit 5.pdf for BCA BBA.
The AUB Centre for AI in Media Proposal.docx
Teaching material agriculture food technology
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
Big Data Technologies - Introduction.pptx
Advanced methodologies resolving dimensionality complications for autism neur...
The Rise and Fall of 3GPP – Time for a Sabbatical?
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
Reach Out and Touch Someone: Haptics and Empathic Computing
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Review of recent advances in non-invasive hemoglobin estimation

C-Level tools for Cloud security

  • 1. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Everyone is in Cloud, shouldn't we be too?” Tools C-level can use to make informed decisions Cloud World Forum 2015, 25 June 2015 Vladimir Jirasek, CSA UK Research
  • 2. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Case study
  • 3. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Your organisation stakeholders and Cloud Customers Business managers, CEO/CFO CIO Legal Security Is my data safe and available? Happiness 😀 Customer satisfaction, ROI, EBITDA ROI, System architecture, Migrations Legality of data processing and locations, Privacy Security architecture, Cyber threats, Monitoring
  • 4. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Prepare your organisation for Cloud deployments People training & awareness Processes & Governance Technology architecture & controls
  • 5. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Does you organisation have a Cloud policy? Generic requirements • Requirement 1: Discover Cloud services being used in organisation • Requirement 2: Alignment of organisation enterprise and security architectures with the Cloud Before a Cloud service procurement • Requirement 3: Comply with organisation data classification requirements • Requirement 4: Encrypt all sensitive data processed in the Cloud • Requirement 5: Link the Cloud service into the organisation Identity and Access architecture and monitoring of activities of users During a Cloud service procurement • Requirement 6: Perform due diligence activities before the contract is signed During a Cloud service procurement (contd) • Requirement 7: Require “Right to audit” clause in the contract • Requirement 8: Know locations of personal identifiable information in the cloud • Requirement 9: Assess the availability of the Cloud services • Requirement 10: Assess the cloud provider’s security arrangements • Requirement 11: Assess the Cloud provider’s ability to comply with the organisation forensic investigations Running a Cloud service • Requirement 12: Limit the use of live data for testing and development purposes • Requirement 13: Monitor Cloud providers security arrangements Decommissioning a Cloud service • Requirement 14: Destroy sensitive information when not required
  • 6. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Cloud Security Alliance offers multiple tools https://cloudsecurityalliance.org/star/ http://www.nist.gov/itl/cloud/
  • 7. @CSAUKResearch Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk Get involved! Share knowledge and push towards transparency and standards Call for contributors for a new version of CSA Cloud Guidance, opened on Monday, June 8, for 6 weeks https://cloudsecurityalliance.org/media/news/call-for-volunteers- security-guidance-for-critical-areas-of-focus-in-cloud-computing/

Editor's Notes

  • #3: Business need to have customer data in a new app and presented to customers IT quoted 6-9 months and £500k Business hired 3rd party to develop app and host it as well – 2 months and £50k cost to develop Hosted in small hosting provider, no security audit, separate employee login, no AIM connect, no data encryption Year later migration to an internal system Who is at fault?