Cloud Auditing Amazon.com’s AWS, Terremark, Inc. & Cloud Security Alliance’s Star Registry Valdez Ladd, MBA, MS ISM, CISSP, CISA
Cloud Audit - InfoSecCon ISSA Raleigh,NC 2012
Nov 29, 2014
Cloud Audit tools was Valdez Ladd's Flash (15 minute) presentation for the InfoSecCon conference hosted by the ISSA Raleigh, NC chapter on October 18, 2012. Its goal was to bring awareness for IT security auditors and administrators on how to conduct cloud assessments without re-inventing the security processes and procedures theme selves.
Too often this is a reactive process with little funding and even less time for IT security and audit professionals to insure that corporate integrity, availability and privacy are properly accounted for, authorized and merged within the business processes that enable the corporation's business strategy.
The main tools for this were the Cloud Security Alliance's STAR Registry and their Control Matrix to map audit requirements for cloud computing projects within the corporation. A final area was that cloud service providers are often using ITIL service framework for service operations and that it provided a common language to map cloud services operations and cloud service models: Software as a Service (SaaS), Platform as a Service (PaaS and IaaS to
The two primary use cases were Amazon.com's EC2 (elastic cloud compute)and storage along with Verizon, Inc.'s Terremark Infrastructure and Cloud Services.
LEGEND OF ABBREVIATION:
SaaS (Software as a Service)
PaaS (Platform as a Service}
IaaS (Infrastructure as a Service)
Information Technology Infrastructure Library (ITIL)
Too often this is a reactive process with little funding and even less time for IT security and audit professionals to insure that corporate integrity, availability and privacy are properly accounted for, authorized and merged within the business processes that enable the corporation's business strategy.
The main tools for this were the Cloud Security Alliance's STAR Registry and their Control Matrix to map audit requirements for cloud computing projects within the corporation. A final area was that cloud service providers are often using ITIL service framework for service operations and that it provided a common language to map cloud services operations and cloud service models: Software as a Service (SaaS), Platform as a Service (PaaS and IaaS to
The two primary use cases were Amazon.com's EC2 (elastic cloud compute)and storage along with Verizon, Inc.'s Terremark Infrastructure and Cloud Services.
LEGEND OF ABBREVIATION:
SaaS (Software as a Service)
PaaS (Platform as a Service}
IaaS (Infrastructure as a Service)
Information Technology Infrastructure Library (ITIL)
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cloud Auditing
Amazon.com ’s AWS,
Terremark, Inc. &
Cloud Security Alliance’s
Star Registry
Valdez Ladd, MBA, MS ISM, CISSP, CISA
Which Service Model?
“Software as a service (or SaaS) is a way of delivering applications over the Internet—as a service.
Instead of installing and maintaining software, you simply access it via the Internet, freeing yourself from complex software and hardware management.”
www.salesforce.com
Which Service Model?
AWS Security and Compliance Center
APPENDIX A – CSA CONSENSUS ASSESSMENTS INITIATIVE QUESTIONNAIRE V1.1
AWS Security and Compliance Center
http://aws.amazon.com/security/#features
pages 15-38
AWS Security and Compliance Center
APPENDIX A – CSA CONSENSUS ASSESSMENTS INITIATIVE QUESTIONNAIRE V1.1
Cloud Security Alliance’sCloud Controls Matrix v1.3
09/20/2012
TERREMARK
Enterprise-class IT with Data centers in North America, Latin America, Europe
and the Asia-Pacific region
TerreMark
Cloud Security Alliance’sCloud Controls Matrix v1.3
CLOUD AUDIT & IT SERVICE MANAGEMENT (ITIL to the Rescue?)
Questions?
By Valdez Ladd, MBA, MS ISM, CISSP, CISA
Education DirectorISSA Raleigh, NC chapter
www.linkedin.com/in/valdezladd
Twitter: valdez_zoro
Related Documents
