www.cloudsec.com | #CLOUDSEC Enabling Cloud Security – It’s more than just ticking a box
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
www.cloudsec.com | #CLOUDSEC
Enabling Cloud Security
– It’s more than just ticking a box
#CLOUDSEC
Th
e c
lou
d lan
dsca
pe
Source: https://steveblank.files.wordpress.com/2011/02/bessemercloudscape.jpg
Side Activities at Venue
“Opportunities and Challenges”
#CLOUDSEC
Clo
ud
op
po
rtun
itie
sFlexibility
On-demand Services
Rapid Deployment
AutomationScalability
Availability
Lower TCO
#CLOUDSEC
Clo
ud
ch
alle
nge
sTalent & Expertise
Security
Managing Multiple Services
ComplianceCost
Management
Governance and Control
Integration
“Why cloud hurts”
#CLOUDSEC
Th
e c
lassic
co
ntr
actsRequirements
Evaluations
Selection
DeploymentAdoption
Optimisation
Renewal
#CLOUDSEC
Standalone services
SLA based services
model
Business workflow
integration
Legacy infrastructure
integration
Data protection and
management
Source: https://www.simple-talk.com/iwritefor/articlefiles/cloud/2011/11/cloud-service-model.png
#CLOUDSEC
CSA shared responsibility model
#CLOUDSEC
Organisational implications• Clarity around scope and the primary motivation of moving to the cloud
• Changes to governance models and decision making
• Knowledge of cloud architecture, virtualization, multiple technology platforms
• Challenge of standardised processes supporting seamless integration across multiple systems
• Changing skillset from technology management to vendor management
• Upskilling on effective cloud-based systems management
#CLOUDSEC
http://cloudacademy.com/blog/wp-content/uploads/2014/07/CMS-in-VPC.jpg
#CLOUDSEC
Controls and Questions
295 Supporting Questions
133 Control Areas
16 Control
Domains
• Model for enabling active governance
• Enables cloud architecture discussions for business outputs
• Moves cloud decisions from audit assessment to a risk based outcomes
“A tale of three instances”
#CLOUDSEC
Three cloud projects
• IaaS contracts• PaaS contracts• SaaS Contracts
• Finance • HR Services• Collaboration• CRM• Business Intelligence
Global Bank Healthcare Provider Government Department
Complete Set
295 Questions133 Areas16 Domains
295 Questions
133 Areas16 Domains
• IaaS contracts• PaaS contracts• SaaS Contracts
• Finance • HR Services• Collaboration• Document Mgmt.• CRM
• GovCloud• SaaS Contracts
• Document Mgmt.• Collaboration• CRM
#CLOUDSEC
Th
e T
we
lve
Data Breaches
Access Management
Account Hijacking
System Vulnerabilities
Insufficient Due Diligence
Insecure Interface
Malicious Insider
Advanced Persistent
Threat
Tech Vulnerabilities
Data Loss
Services Abuse
Denial of Service
Puneet Kukreja
Partner, Cyber Advisory
Deloitte, Australia
@iPuneetKukreja
Related Documents
