SlideShare una empresa de Scribd logo

Building Trust in the Cloud Through Industry Certification

Descargar como PPTX, PDF
Databarracks
Databarracks

This document discusses how certification can help build trust in cloud services. It describes Databarracks' journey in becoming certified under the Cloud Industry Forum Code of Practice. The certification process took two months of part-time work from quality, security and external consultants. Certification promotes transparency, capability and accountability, which helps address customers' concerns over data security, privacy and loss of control. The presenter recommends certification as it builds confidence in core values and shapes the industry's focus on principles that foster trust.

Tecnología
1 de 20
Building Trust in the Cloud A Journey Through Certification to the CIF Code of Practice Peter Groucutt Member, Cloud Industry Forum DATABARRACKS www.cloudindustryforum.org
Who are Databarracks?  Databarracks (MSP)  IaaS  BaaS  DRaaS • Managed Service Provider for ten years • What qualifies me to talk to you about trust? www.cloudindustryforum.org
Why are we talking about TRUST?  Databarracks began life providing Managed Backup Services  Our Journey through backup is similar to where we are today with Infrastructure as a Service  People liked the concept and the business drivers  People were worried about Data Security and Privacy  They did not trust the technology nor the providers of it  Young industry / New technology www.cloudindustryforum.org
What is Trust? “Trust is the positive experience of many over time. It is a concept which is built in retrospect.” (my opinion) www.cloudindustryforum.org
Where are we now?  According to our latest Backup and Cloud Survey which questioned 500 business IT managers in the UK  39% of companies use online backup  Up from 23% in 2008 www.cloudindustryforum.org
Who trusts us now? www.cloudindustryforum.org
How does this compare to cloud today?  Companies want to use the cloud  They don’t want technology for technology’s sake  Hardware doesn’t add value to the business only application  Companies want users to access the information they need to perform the function of the business as quickly as possible  Managing physical infrastructure does not add value. www.cloudindustryforum.org
What are the drivers? 20% 10% 0% Operational Cost Flexibility of Scalability Saving service www.cloudindustryforum.org
What are the concerns? 100% 80% 60% 40% 20% 0% Data Security Data Privacy Dependency Fear of Loss of Confidence in on Internet Control Providers www.cloudindustryforum.org
What do the concerns tell us? They are issues of TRUST not technology www.cloudindustryforum.org
Can certification build trust?  Certification can build confidence and confidence can build trust  78% of respondents said they would see value in working with an organisation that was publically certified www.cloudindustryforum.org
Types of certification?  Management  ISO9001 / ISO27001 / ISO2000  Prescriptive  PCI-DSS / IL3 etc  Industry  CIF Code of Practice (CoP) www.cloudindustryforum.org
Management certifications • Customer complaints and support frameworks • Identification of risks of service delivery • Policies covering all elements of business operation • Continuous review and improvement • Third party audit www.cloudindustryforum.org
Prescriptive certifications • Capacity planning • Prescriptive configuration of systems (firewalls, switches and platforms etc) • Shielding of storage areas • Log harvesting and analysis • Strict, audited access controls • Regular penetration testing www.cloudindustryforum.org
Industry certifications • Tailored and specific to the service provided • Brings together the relevant elements other certs • Understands the specific issues • Industry governed www.cloudindustryforum.org
CIF Code of Practice? Three Pillars • Transparency • Capability • Accountability www.cloudindustryforum.org
What did it take to certify? • Two months total working part time • Quality Manager • Security Manager • External ISO Consultant • Two weeks dedicated • Lots of common ground between ISO and CoP www.cloudindustryforum.org
Why did Databarracks certify? • Be part of the conversation • Customers confidence in core values of the company • Looking beyond price www.cloudindustryforum.org
Would we recommend it? YES! Shaping the industry to revolve around the core principles set out by CIF will build confidence and TRUST. Good for customers and good for service providers. www.cloudindustryforum.org
Questions? info@cloudindustryforum.org www.cloudindustryforum.org www.cloudindustryforum.org

Recomendados

Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
The Challenges of Online Trust
The Challenges of Online TrustThe Challenges of Online Trust
The Challenges of Online TrustAlex Todd
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCSA Argentina
 

Recomendados

Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
The Challenges of Online Trust
The Challenges of Online TrustThe Challenges of Online Trust
The Challenges of Online TrustAlex Todd
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCSA Argentina
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnKloudLearn
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingCloudSecurityAllianceAustralia
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust NetworksPractical Code, LLC
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA AustraliaCloudSecurityAllianceAustralia
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeVishwas Manral
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways IISPEastMids
 
IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SVVishwas Manral
 
Building trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationBuilding trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationDavid Terrar
 
Automated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft AzureAutomated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft Azure2nd Watch
 

Más contenido relacionado

La actualidad más candente

Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnKloudLearn
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeVishwas Manral
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways IISPEastMids
 
IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SVVishwas Manral
 

La actualidad más candente (20)

Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabia
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA Australia
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways
 
IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SV
 

Similar a Building Trust in the Cloud Through Industry Certification

Building trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationBuilding trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationDavid Terrar
 
Automated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft AzureAutomated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft Azure2nd Watch
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Cloud Standards Customer Council
 
Cloud Industry Forum - Cloud Adoption & Trends
Cloud Industry Forum - Cloud Adoption & TrendsCloud Industry Forum - Cloud Adoption & Trends
Cloud Industry Forum - Cloud Adoption & TrendsVuzion
 
Cloud computing
Cloud computingCloud computing
Cloud computingRazib M
 
How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...Amazon Web Services
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudVISI
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterPatrick Sklodowski
 
SIEM Vendor Neutrality
SIEM Vendor NeutralitySIEM Vendor Neutrality
SIEM Vendor NeutralityVandana Verma
 
Cloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestCloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestAvere Systems
 
VMware IT Academy Program
VMware IT Academy Program VMware IT Academy Program
VMware IT Academy Program EMC
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudMicro Focus
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Jason Mashak
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Cloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackCloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackLaurenWendler
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...Amazon Web Services
 
Transformation of IT Spending
Transformation of IT SpendingTransformation of IT Spending
Transformation of IT SpendingKokLeong Ong
 

Similar a Building Trust in the Cloud Through Industry Certification (20)

Building trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationBuilding trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certification
 
Automated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft AzureAutomated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft Azure
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
Cloud Industry Forum - Cloud Adoption & Trends
Cloud Industry Forum - Cloud Adoption & TrendsCloud Industry Forum - Cloud Adoption & Trends
Cloud Industry Forum - Cloud Adoption & Trends
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data Center
 
SIEM Vendor Neutrality
SIEM Vendor NeutralitySIEM Vendor Neutrality
SIEM Vendor Neutrality
 
Cloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestCloud Computing Gets Put to the Test
Cloud Computing Gets Put to the Test
 
Cloud Managed Services: Best Practices
Cloud Managed Services: Best PracticesCloud Managed Services: Best Practices
Cloud Managed Services: Best Practices
 
VMware IT Academy Program
VMware IT Academy Program VMware IT Academy Program
VMware IT Academy Program
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Cloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackCloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover Track
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
 
Transformation of IT Spending
Transformation of IT SpendingTransformation of IT Spending
Transformation of IT Spending
 

Más de Databarracks

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanDatabarracks
 
Lessons from 100+ ransomware recoveries
Lessons from 100+ ransomware recoveriesLessons from 100+ ransomware recoveries
Lessons from 100+ ransomware recoveriesDatabarracks
 
How to write an IT Disaster Recovery Plan
How to write an IT Disaster Recovery PlanHow to write an IT Disaster Recovery Plan
How to write an IT Disaster Recovery PlanDatabarracks
 
Cyber Incident Response Plan
Cyber Incident Response PlanCyber Incident Response Plan
Cyber Incident Response PlanDatabarracks
 
Who's responsible for what in a crisis
Who's responsible for what in a crisisWho's responsible for what in a crisis
Who's responsible for what in a crisisDatabarracks
 
How to communicate in a crisis
How to communicate in a crisisHow to communicate in a crisis
How to communicate in a crisisDatabarracks
 
How to protect backups from ransomware
How to protect backups from ransomwareHow to protect backups from ransomware
How to protect backups from ransomwareDatabarracks
 
Requirements for cyber insurance
Requirements for cyber insuranceRequirements for cyber insurance
Requirements for cyber insuranceDatabarracks
 
How to make your supply chain resilient
How to make your supply chain resilientHow to make your supply chain resilient
How to make your supply chain resilientDatabarracks
 
How to recover from ransomware lessons from real recoveries
How to recover from ransomware lessons from real recoveriesHow to recover from ransomware lessons from real recoveries
How to recover from ransomware lessons from real recoveriesDatabarracks
 
How to decommission a data centre
How to decommission a data centreHow to decommission a data centre
How to decommission a data centreDatabarracks
 
Zerto in azure technical deep dive
Zerto in azure technical deep diveZerto in azure technical deep dive
Zerto in azure technical deep diveDatabarracks
 
How to know when combined backup and replication is for you
How to know when combined backup and replication is for youHow to know when combined backup and replication is for you
How to know when combined backup and replication is for youDatabarracks
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanDatabarracks
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionDatabarracks
 
How to invoke Disaster Recovery
How to invoke Disaster RecoveryHow to invoke Disaster Recovery
How to invoke Disaster RecoveryDatabarracks
 
How to setup disaster recovery
How to setup disaster recoveryHow to setup disaster recovery
How to setup disaster recoveryDatabarracks
 
DRaaS to Azure with Zerto
DRaaS to Azure with ZertoDRaaS to Azure with Zerto
DRaaS to Azure with ZertoDatabarracks
 
The Databarracks Continuity Toolshed: Free tools for better recoveries
The Databarracks Continuity Toolshed: Free tools for better recoveriesThe Databarracks Continuity Toolshed: Free tools for better recoveries
The Databarracks Continuity Toolshed: Free tools for better recoveriesDatabarracks
 

Más de Databarracks (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response Plan
 
Lessons from 100+ ransomware recoveries
Lessons from 100+ ransomware recoveriesLessons from 100+ ransomware recoveries
Lessons from 100+ ransomware recoveries
 
How to write an IT Disaster Recovery Plan
How to write an IT Disaster Recovery PlanHow to write an IT Disaster Recovery Plan
How to write an IT Disaster Recovery Plan
 
Cyber Incident Response Plan
Cyber Incident Response PlanCyber Incident Response Plan
Cyber Incident Response Plan
 
Who's responsible for what in a crisis
Who's responsible for what in a crisisWho's responsible for what in a crisis
Who's responsible for what in a crisis
 
How to communicate in a crisis
How to communicate in a crisisHow to communicate in a crisis
How to communicate in a crisis
 
How to protect backups from ransomware
How to protect backups from ransomwareHow to protect backups from ransomware
How to protect backups from ransomware
 
Requirements for cyber insurance
Requirements for cyber insuranceRequirements for cyber insurance
Requirements for cyber insurance
 
How to make your supply chain resilient
How to make your supply chain resilientHow to make your supply chain resilient
How to make your supply chain resilient
 
How to recover from ransomware lessons from real recoveries
How to recover from ransomware lessons from real recoveriesHow to recover from ransomware lessons from real recoveries
How to recover from ransomware lessons from real recoveries
 
How to decommission a data centre
How to decommission a data centreHow to decommission a data centre
How to decommission a data centre
 
Zerto in azure technical deep dive
Zerto in azure technical deep diveZerto in azure technical deep dive
Zerto in azure technical deep dive
 
How to know when combined backup and replication is for you
How to know when combined backup and replication is for youHow to know when combined backup and replication is for you
How to know when combined backup and replication is for you
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response Plan
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protection
 
How to invoke Disaster Recovery
How to invoke Disaster RecoveryHow to invoke Disaster Recovery
How to invoke Disaster Recovery
 
How to setup disaster recovery
How to setup disaster recoveryHow to setup disaster recovery
How to setup disaster recovery
 
DRaaS to Azure with Zerto
DRaaS to Azure with ZertoDRaaS to Azure with Zerto
DRaaS to Azure with Zerto
 
The Databarracks Continuity Toolshed: Free tools for better recoveries
The Databarracks Continuity Toolshed: Free tools for better recoveriesThe Databarracks Continuity Toolshed: Free tools for better recoveries
The Databarracks Continuity Toolshed: Free tools for better recoveries
 

Último

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Último (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Building Trust in the Cloud Through Industry Certification

  • 1. Building Trust in the Cloud A Journey Through Certification to the CIF Code of Practice Peter Groucutt Member, Cloud Industry Forum DATABARRACKS www.cloudindustryforum.org
  • 2. Who are Databarracks?  Databarracks (MSP)  IaaS  BaaS  DRaaS • Managed Service Provider for ten years • What qualifies me to talk to you about trust? www.cloudindustryforum.org
  • 3. Why are we talking about TRUST?  Databarracks began life providing Managed Backup Services  Our Journey through backup is similar to where we are today with Infrastructure as a Service  People liked the concept and the business drivers  People were worried about Data Security and Privacy  They did not trust the technology nor the providers of it  Young industry / New technology www.cloudindustryforum.org
  • 4. What is Trust? “Trust is the positive experience of many over time. It is a concept which is built in retrospect.” (my opinion) www.cloudindustryforum.org
  • 5. Where are we now?  According to our latest Backup and Cloud Survey which questioned 500 business IT managers in the UK  39% of companies use online backup  Up from 23% in 2008 www.cloudindustryforum.org
  • 6. Who trusts us now? www.cloudindustryforum.org
  • 7. How does this compare to cloud today?  Companies want to use the cloud  They don’t want technology for technology’s sake  Hardware doesn’t add value to the business only application  Companies want users to access the information they need to perform the function of the business as quickly as possible  Managing physical infrastructure does not add value. www.cloudindustryforum.org
  • 8. What are the drivers? 20% 10% 0% Operational Cost Flexibility of Scalability Saving service www.cloudindustryforum.org
  • 9. What are the concerns? 100% 80% 60% 40% 20% 0% Data Security Data Privacy Dependency Fear of Loss of Confidence in on Internet Control Providers www.cloudindustryforum.org
  • 10. What do the concerns tell us? They are issues of TRUST not technology www.cloudindustryforum.org
  • 11. Can certification build trust?  Certification can build confidence and confidence can build trust  78% of respondents said they would see value in working with an organisation that was publically certified www.cloudindustryforum.org
  • 12. Types of certification?  Management  ISO9001 / ISO27001 / ISO2000  Prescriptive  PCI-DSS / IL3 etc  Industry  CIF Code of Practice (CoP) www.cloudindustryforum.org
  • 13. Management certifications • Customer complaints and support frameworks • Identification of risks of service delivery • Policies covering all elements of business operation • Continuous review and improvement • Third party audit www.cloudindustryforum.org
  • 14. Prescriptive certifications • Capacity planning • Prescriptive configuration of systems (firewalls, switches and platforms etc) • Shielding of storage areas • Log harvesting and analysis • Strict, audited access controls • Regular penetration testing www.cloudindustryforum.org
  • 15. Industry certifications • Tailored and specific to the service provided • Brings together the relevant elements other certs • Understands the specific issues • Industry governed www.cloudindustryforum.org
  • 16. CIF Code of Practice? Three Pillars • Transparency • Capability • Accountability www.cloudindustryforum.org
  • 17. What did it take to certify? • Two months total working part time • Quality Manager • Security Manager • External ISO Consultant • Two weeks dedicated • Lots of common ground between ISO and CoP www.cloudindustryforum.org
  • 18. Why did Databarracks certify? • Be part of the conversation • Customers confidence in core values of the company • Looking beyond price www.cloudindustryforum.org
  • 19. Would we recommend it? YES! Shaping the industry to revolve around the core principles set out by CIF will build confidence and TRUST. Good for customers and good for service providers. www.cloudindustryforum.org
  • 20. Questions? info@cloudindustryforum.org www.cloudindustryforum.org www.cloudindustryforum.org