SlideShare una empresa de Scribd logo

Why the Cloud Can Be Compliant and Secure

InnoTech
InnoTech

Presented at InnoTech San Antonio 2012 by Jeff Reich of Layered Technologies

TecnologíaEmpresariales
1 de 19
Why the Cloud can be Compliant and Secure Presented by: Jeff Reich Chief Risk Officer Layered Technologies
Agenda ● Abstract Review ● Layered Technologies Overview ● Speaker Overview ● What is a secure cloud? ● Table Stakes ● Compliance vs Security ● Components of Security 2 Layered Technologies Complying To The Higher Standard
Abstract This session addresses misconceptions about security in the cloud and examines critical differences between compliance and security, including how compliance does not always ensure secure environments. To establish a secure cloud, one must make risk-based decisions that embrace compliance but also address practicalities and technical capabilities. While achieving compliance is considered “table stakes,” cloud security is an investment and must be continuous. The audience will learn about key security components, such as social engineering, patching, system interfaces and more. The presentation will also address the importance of grouping similar organizations in the cloud because they share common security control needs. Complying To The Higher Standard .3
About  Layered  Tech   •  First  to  offer  full  PCI  support  in  market     (since  2005)   Leadership   •  Compliance  cloud  solu7on  with  built-­‐in  security   posi7on  in   and  controls   compliant  hos7ng   •  Comprehensive  consul7ng  and  audit  services   (and  partners)   Market-­‐leading   •  One  of  first  virtual  private  data  center  offers   cloud/virtualiza7on   •  Robust  community  cloud  plaOorm  with  built-­‐in   security  and  controls   Tiered  managed   •  Monitoring  up  to  full  management   services  for  client   •  “LT  Anywhere”  extension   choice   High-­‐touch  and   •  Managed  service  team  specializa7on   process-­‐driven  client   •  Unified  system  support  for  problem  diagnos7cs   support   •  Disciplined  change  and  log  management   Global  reach   •  3  primary  and  9  secondary  data  centers     Only  service  provider  to  offer    Compliance  Guaranteed:    our  compliance  clients  are  guaranteed     to  pass    100  percent  of  every  IT  audit  or  assessment  sanc7oned  by  the  relevant  industry  or  regulatory  en7ty.     4
Jeff Reich ●  Over 30 years in Cyber Security, Risk Management, Physical Security and other areas ●  Leadership roles in technology and financial services organizations ●  Founding member of Cloud Security Alliance ●  CRISC, CISSP, CHS-III certifications,… ●  ISSA Distinguished Fellow Complying To The Higher Standard .5
What is a Secure Cloud? ● First, let’s agree on what a cloud is… ● 5-4-3 ●  5 Essential Characteristics ●  4 Deployment Models ●  3 Service Models Complying To The Higher Standard .6
Let’s Agree on the Cloud According to NIST: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Source: The NIST Definition of Cloud Computing Authors: Peter Mell and Tim Grance Special Publication 800-145 7 Layered Technologies Complying To The Higher Standard
5 Essential Characteristics ● On-demand self-service ● Broad network access ● Resource pooling ● Rapid elasticity ● Measured Service 8 Layered Technologies Complying To The Higher Standard
4 Deployment Models ● Private cloud ● Community cloud ● Public cloud ● Hybrid cloud 9 Layered Technologies Complying To The Higher Standard
3 Service Models ● Cloud Software as a Service (SaaS) ● Cloud Platform as a Service (PaaS) ● Cloud Infrastructure as a Service (IaaS) 10 Layered Technologies Complying To The Higher Standard
Table Stakes ●  Your compliance needs may include, but are not limited to: ●  PCI-DSS ●  HIPAA ●  FISMA ●  SOX ●  GLB ●  FedRAMP ●  Industry Standards ●  Corporate Policies ●  and many, many more Complying To The Higher Standard . 11
Compliance vs Security Your Compliant Secure Best Practices Practices Practices Complying To The Higher Standard . 12
Managing Costs Around Controls Potential Cost of Losses Controls $ Good Business Sense Tree of FUD Level of Controls Complying To The Higher Standard . 13
Risk Management in the Cloud ●  First mistake of many cloud prospects ●  How am I managing risks now? ●  Risk picture may not improve ●  What are the most valuable information or process assets for your organization? ●  Disclosure Confidentiality ●  Modification Integrity ●  Denial of Access Availability 14 Layered Technologies Complying To The Higher Standard
Components of Security ●  Trust ●  Verification ●  Policies, Standards, Guidelines and Procedures ●  Situational Awareness ●  Training ●  Testing ●  Lather, rinse, repeat,… Complying To The Higher Standard . 15
Components of Cloud Security ●  Trust ●  Verification ●  Policies, Standards, Guidelines and Procedures ●  Situational Awareness ●  Training ●  Testing ●  Lather, rinse, repeat,… Complying To The Higher Standard . 16
Components of Cloud Security Your provider should offer: ●  Policies ●  Validation ●  Transparency ●  Demonstration of compliance ●  Compliance support For more information, see www.cloudsecurityalliance.org Complying To The Higher Standard . 17
Finding a Cloud Environment Private Hybrid Community Public Greater Control Iaas PaaS SaaS Greater Exposure 18 Layered Technologies Complying To The Higher Standard
Contact Me ● Jeff Reich ● 972-379-8567 ● jeff.reich@layeredtech.com ● Twitter: @jnreich ● Skype: jnreich ● www.layeredtech.com 19 Layered Technologies Complying To The Higher Standard

Recomendados

Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
Dataplex Company Overview
Dataplex Company OverviewDataplex Company Overview
Dataplex Company Overviewdataplex systems limited
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Skybox Security
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4EnterpriseGRC Solutions, Inc.
 
Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)sonnysonare
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02abhisheknayak29
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 

Recomendados

Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
Dataplex Company Overview
Dataplex Company OverviewDataplex Company Overview
Dataplex Company Overviewdataplex systems limited
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Skybox Security
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4EnterpriseGRC Solutions, Inc.
 
Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)sonnysonare
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02abhisheknayak29
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalHossam Hassanien
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forcescommandersaini
 
Why We Fail: How an architect learned to stop worrying and love the cloud
Why We Fail: How an architect learned to stop worrying and love the cloudWhy We Fail: How an architect learned to stop worrying and love the cloud
Why We Fail: How an architect learned to stop worrying and love the cloudAlex Jauch
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
NSX on VMware Data Center
NSX on VMware Data CenterNSX on VMware Data Center
NSX on VMware Data CenterAngel Villar Garea
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitecturePCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitectureHyTrust
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011commandersaini
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mwareReadWrite
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilitiesnickhutton
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2Azlan NL
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN ndelannoy
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesMegan Eskey
 
Why the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureWhy the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureInnoTech
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 

Más contenido relacionado

La actualidad más candente

What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalHossam Hassanien
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forcescommandersaini
 
Why We Fail: How an architect learned to stop worrying and love the cloud
Why We Fail: How an architect learned to stop worrying and love the cloudWhy We Fail: How an architect learned to stop worrying and love the cloud
Why We Fail: How an architect learned to stop worrying and love the cloudAlex Jauch
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitecturePCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitectureHyTrust
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011commandersaini
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mwareReadWrite
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilitiesnickhutton
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2Azlan NL
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN ndelannoy
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesMegan Eskey
 

La actualidad más candente (20)

What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach Final
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forces
 
Why We Fail: How an architect learned to stop worrying and love the cloud
Why We Fail: How an architect learned to stop worrying and love the cloudWhy We Fail: How an architect learned to stop worrying and love the cloud
Why We Fail: How an architect learned to stop worrying and love the cloud
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
 
NSX on VMware Data Center
NSX on VMware Data CenterNSX on VMware Data Center
NSX on VMware Data Center
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitecturePCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference Architecture
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mware
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcing
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilities
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
 
Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2Build 4 The Cloud By Cisco V Mware2
Build 4 The Cloud By Cisco V Mware2
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational Perspectives
 

Similar a Why the Cloud Can Be Compliant and Secure

Why the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureWhy the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureInnoTech
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudVISI
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityJisc
 
Security Authorization: An Approach for Community Cloud Computing Environments
Security Authorization: An Approach for Community Cloud Computing EnvironmentsSecurity Authorization: An Approach for Community Cloud Computing Environments
Security Authorization: An Approach for Community Cloud Computing EnvironmentsBooz Allen Hamilton
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for EnterprisesAmazon Web Services
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...Amazon Web Services
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityAndy Powell
 
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...Amazon Web Services
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Enterprise
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Tudor Damian
 
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...IndicThreads
 

Similar a Why the Cloud Can Be Compliant and Secure (20)

Why the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureWhy the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and Secure
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
Security Authorization: An Approach for Community Cloud Computing Environments
Security Authorization: An Approach for Community Cloud Computing EnvironmentsSecurity Authorization: An Approach for Community Cloud Computing Environments
Security Authorization: An Approach for Community Cloud Computing Environments
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
 
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
 

Más de InnoTech

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"InnoTech
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is MaturingInnoTech
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?InnoTech
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostInnoTech
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering StormInnoTech
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the fieldInnoTech
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implicationsInnoTech
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged InfrastructureInnoTech
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365InnoTech
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studiesInnoTech
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential InnoTech
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...InnoTech
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeInnoTech
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacyInnoTech
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio InnoTech
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumInnoTech
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2InnoTech
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionInnoTech
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentationInnoTech
 

Más de InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Why the Cloud Can Be Compliant and Secure

  • 1. Why the Cloud can be Compliant and Secure Presented by: Jeff Reich Chief Risk Officer Layered Technologies
  • 2. Agenda ● Abstract Review ● Layered Technologies Overview ● Speaker Overview ● What is a secure cloud? ● Table Stakes ● Compliance vs Security ● Components of Security 2 Layered Technologies Complying To The Higher Standard
  • 3. Abstract This session addresses misconceptions about security in the cloud and examines critical differences between compliance and security, including how compliance does not always ensure secure environments. To establish a secure cloud, one must make risk-based decisions that embrace compliance but also address practicalities and technical capabilities. While achieving compliance is considered “table stakes,” cloud security is an investment and must be continuous. The audience will learn about key security components, such as social engineering, patching, system interfaces and more. The presentation will also address the importance of grouping similar organizations in the cloud because they share common security control needs. Complying To The Higher Standard .3
  • 4. About  Layered  Tech   •  First  to  offer  full  PCI  support  in  market     (since  2005)   Leadership   •  Compliance  cloud  solu7on  with  built-­‐in  security   posi7on  in   and  controls   compliant  hos7ng   •  Comprehensive  consul7ng  and  audit  services   (and  partners)   Market-­‐leading   •  One  of  first  virtual  private  data  center  offers   cloud/virtualiza7on   •  Robust  community  cloud  plaOorm  with  built-­‐in   security  and  controls   Tiered  managed   •  Monitoring  up  to  full  management   services  for  client   •  “LT  Anywhere”  extension   choice   High-­‐touch  and   •  Managed  service  team  specializa7on   process-­‐driven  client   •  Unified  system  support  for  problem  diagnos7cs   support   •  Disciplined  change  and  log  management   Global  reach   •  3  primary  and  9  secondary  data  centers     Only  service  provider  to  offer    Compliance  Guaranteed:    our  compliance  clients  are  guaranteed     to  pass    100  percent  of  every  IT  audit  or  assessment  sanc7oned  by  the  relevant  industry  or  regulatory  en7ty.     4
  • 5. Jeff Reich ●  Over 30 years in Cyber Security, Risk Management, Physical Security and other areas ●  Leadership roles in technology and financial services organizations ●  Founding member of Cloud Security Alliance ●  CRISC, CISSP, CHS-III certifications,… ●  ISSA Distinguished Fellow Complying To The Higher Standard .5
  • 6. What is a Secure Cloud? ● First, let’s agree on what a cloud is… ● 5-4-3 ●  5 Essential Characteristics ●  4 Deployment Models ●  3 Service Models Complying To The Higher Standard .6
  • 7. Let’s Agree on the Cloud According to NIST: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Source: The NIST Definition of Cloud Computing Authors: Peter Mell and Tim Grance Special Publication 800-145 7 Layered Technologies Complying To The Higher Standard
  • 8. 5 Essential Characteristics ● On-demand self-service ● Broad network access ● Resource pooling ● Rapid elasticity ● Measured Service 8 Layered Technologies Complying To The Higher Standard
  • 9. 4 Deployment Models ● Private cloud ● Community cloud ● Public cloud ● Hybrid cloud 9 Layered Technologies Complying To The Higher Standard
  • 10. 3 Service Models ● Cloud Software as a Service (SaaS) ● Cloud Platform as a Service (PaaS) ● Cloud Infrastructure as a Service (IaaS) 10 Layered Technologies Complying To The Higher Standard
  • 11. Table Stakes ●  Your compliance needs may include, but are not limited to: ●  PCI-DSS ●  HIPAA ●  FISMA ●  SOX ●  GLB ●  FedRAMP ●  Industry Standards ●  Corporate Policies ●  and many, many more Complying To The Higher Standard . 11
  • 12. Compliance vs Security Your Compliant Secure Best Practices Practices Practices Complying To The Higher Standard . 12
  • 13. Managing Costs Around Controls Potential Cost of Losses Controls $ Good Business Sense Tree of FUD Level of Controls Complying To The Higher Standard . 13
  • 14. Risk Management in the Cloud ●  First mistake of many cloud prospects ●  How am I managing risks now? ●  Risk picture may not improve ●  What are the most valuable information or process assets for your organization? ●  Disclosure Confidentiality ●  Modification Integrity ●  Denial of Access Availability 14 Layered Technologies Complying To The Higher Standard
  • 15. Components of Security ●  Trust ●  Verification ●  Policies, Standards, Guidelines and Procedures ●  Situational Awareness ●  Training ●  Testing ●  Lather, rinse, repeat,… Complying To The Higher Standard . 15
  • 16. Components of Cloud Security ●  Trust ●  Verification ●  Policies, Standards, Guidelines and Procedures ●  Situational Awareness ●  Training ●  Testing ●  Lather, rinse, repeat,… Complying To The Higher Standard . 16
  • 17. Components of Cloud Security Your provider should offer: ●  Policies ●  Validation ●  Transparency ●  Demonstration of compliance ●  Compliance support For more information, see www.cloudsecurityalliance.org Complying To The Higher Standard . 17
  • 18. Finding a Cloud Environment Private Hybrid Community Public Greater Control Iaas PaaS SaaS Greater Exposure 18 Layered Technologies Complying To The Higher Standard
  • 19. Contact Me ● Jeff Reich ● 972-379-8567 ● jeff.reich@layeredtech.com ● Twitter: @jnreich ● Skype: jnreich ● www.layeredtech.com 19 Layered Technologies Complying To The Higher Standard