Más contenido relacionado
Más de Cisco Security (15)
Leveraging Industry Initiatives for Data Center and Cloud
- 1. Evelyn de Souza
Cisco Security Product Marketing
November 1 2012
© 2012 Cisco and/or its affiliates. All rights reserved. 1
- 2. Overview of Industry Initiatives?
NIST Cloud Models
CSA compliance and service provider assessment tools
ODCA usage models
Questions
2
© 2012 Cisco and/or its affiliates. All rights reserved. 2
- 3. • Transparency & visibility from providers
• Compatible laws across jurisdictions
• Data sovereignty
• Incomplete standards
• True Consumer awareness & engagement
© 2012 Cisco and/or its affiliates. All rights reserved. 3
- 4. via consensus on security best practices
Reduce manual audit cycles via common framework for regulatory standards
Streamline security implementations via standards for controls and APIs
across cloud environments
Enable IT to easily compare cloud provider security levels
Example: Aligning hardware and software
controls to ODCA requirements
ODCA Security Provider Assurance Usage Model 1.0 – Solution should be able to support the
following functional requirements by assurance levels, where applicable:
Bronze (basic): Identity management, security incident & event monitoring
Silver (enterprise): Network intrusion prevention, event logging, administrative changes tracking
Gold (financial): Penetration testing, asset segmentation, encrypted communication, Geo limits,
storage encryption
Platinum (military): Strong encryption for data
*Several of the requirements are supported by Intel / McAfee
4
© 2012 Cisco and/or its affiliates. All rights reserved. 4
- 5. Hybrid Clouds
Deployment
Models Private Community
Public Cloud
Cloud Cloud
Service Software as a Platform as a Infrastructure as a
Models Service (SaaS) Service (PaaS) Service (IaaS)
On Demand Self-Service
Essential
Broad Network Access Rapid Elasticity
Characteristics
Resource Pooling Measured Service
Massive Scale Resilient Computing
Common Homogeneity Geographic Distribution
Characteristics Virtualization Service Orientation
Low Cost Software Advanced Security
© 2012 Cisco and/or its affiliates. All rights reserved.
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com 5
5
- 6. • Global, not-for-profit organization
• Over 33,000 individual members, 150 corporate members,
60 chapters
• Building best practices and a trusted cloud ecosystem
Research
Education
Certification
Advocacy of prudent public policy
• Innovation, Transparency, GRC, Identity
“To promote the use of best practices for providing security
assurance within Cloud Computing, and provide education
on the uses of Cloud Computing to help secure all other
forms of computing.”
© 2012 Cisco and/or its affiliates. All rights reserved. 6
- 7. Provider Assertions
• Family of 4 research projects
• Cloud Controls Matrix
• Consensus Assessments
Initiative
• Cloud Audit
• Cloud Trust Protocol
• Tools for governance, risk and
compliance mgt
• Enabling automation and Private, Com
continuous monitoring of GRC munity &
Public Clouds
Control Requirements
© 2012 Cisco and/or its affiliates. All rights reserved. 7
- 8. • CSA STAR (Security, Trust and Assurance Registry)
• Public Registry of Cloud Provider self assessments
• Based on Consensus Assessments Initiative Questionnaire
Provider may substitute documented Cloud Controls Matrix
compliance
• Voluntary industry action promoting transparency
• Security as a market differentiator
• www.cloudsecurityalliance.org/star
© 2012 Cisco and/or its affiliates. All rights reserved. 8
- 9. YOUR CALL TO ACTION
Your Call to Action
Integrate security into your cloud planning – don’t bolt it
on
Engage CSA and ODCA - ask the right questions of
your cloud service providers
Become a participating member of one of an industry
based organization
9
© 2012 Cisco and/or its affiliates. All rights reserved. 9