Más contenido relacionado
La actualidad más candente (20)
Similar a Nils Puhlmann Ncoic Slides (20)
Más de GovCloud Network (20)
Nils Puhlmann Ncoic Slides
- 1. NCOIC
Federal Cloud Storefront Workshop
Nils Puhlmann
Co-Founder
September 21st, 2009
- 2. Security is a concern
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
- 3. S-P-I Model
You “RFP” SaaS
security in
You build
security in
PaaS
IaaS
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
- 4. Security and the SPI model
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
- 5. Risk Examples
• Geo-location of sensitive data
• Inability to deploy security services (e.g. scanning)
• Risk with shared computing platform (multi-tenant)
• Data confidentiality
• Access via internet – untrusted
• Cloud vendors for the most part non-committal on security
• Company data on 3rd party machine
• Compliance lacking – inability to satisfy auditors
• Vendors not up to speed from a guidance and auditing perspective
• Inability to perform forensic investigation
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
- 6. Meet the Cloud Security Alliance
• Global, not-for-profit organization, started Nov. 2008,
individual members (free), corporate members and
affiliated organizations
• Inclusive membership, supporting broad spectrum of
subject matter expertise: cloud experts, security,
legal, compliance, virtualization, and on and on…
• We believe Cloud Computing has a robust future, we
want to make it better
“To promote the use of best practices for providing security assurance
within Cloud Computing, and provide education on the uses of Cloud
Computing to help secure all other forms of computing.”
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
- 8. Current affiliates
Cloud-Standards.org
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
- 9. Individual Members
• 4,174 as of September 15th
• Broad Geographical Distribution
• Active Working Groups
• Editorial
• New Working Groups
• Educational Outreach
• Healthcare
• Architecture
• Cloud Threat Analysis
• Governance, Risk Mgt, Compliance, Business
• US Federal Government
Continuity • Financial Services
• Legal & E-Discovery
• Portability, Interoperability and Application Security
• Identity and Access Mgt, Encryption & Key Mgt
• Data Center Operations and Incident Response
• Information Lifecycle Management & Storage
• Virtualization and Technology Compartmentalization
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
- 10. Project Roadmap
• April 2009: Security Guidance for Critical Areas of Focus for
Cloud Computing – Version 1
• July 2009: Version 1 translated into Japanese
• October 2009: Security Guidance for Critical Areas of Focus for
Cloud Computing – Version 2
• October 2009: Top Ten Cloud Threats (monthly)
• November 2009: Provider & Customer Checklists
• December 2009: eHealth Guidance
• Global CSA Executive Summits
• Q1 2010 – Europe
• Q1 or Q2 2010 - US
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
- 11. Security Guidance for
Critical Areas of Focus in
Cloud Computing
Download at:
www.cloudsecurityalliance.org/guidance
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
- 12. Overview of Guidance
1. Architecture & Framework
Governing in the Cloud Operating in the Cloud
2. Governance & Risk Mgt 8. Traditional, BCM, DR
3. Legal 9. Data Center Operations
4. Electronic Discovery 10. Incident Response
5. Compliance & Audit 11. Application Security
6. Information Lifecycle Mgt 12. Encryption & Key Mgt
7. Portability & 13. Identity & Access Mgt
Interoperability 14. Storage
15. Virtualization
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org
- 13. Contact
• www.cloudsecurityalliance.org
• info@cloudsecurityalliance.org
• Twitter: @cloudsa, #csaguide
• LinkedIn: www.linkedin.com/groups?gid=1864210
Copyright © 2009 Cloud Security Alliance www.cloudsecurityalliance.org