Upload
erkan-kahraman
View
89
Download
2
Tags:
Embed Size (px)
DESCRIPTION
In his presentation Erkan Kahraman will show his methods to address common customer concerns from a cloud service provider point of view and provide useful insight to the industry and what cloud users should consider when purchasing solutions.
Citation preview
Security, Trust and
Assurance. Achieving confidence in the cloud.
Erkan Kahraman| CISO of Projectplace.com | [email protected]
• whois erkan.kahraman• Top concerns for cloud computing.• Security, trust and assurance ecosystem. • Who to trust? Encryption and beyond. • What this talk does not address and what to
do next.
Agenda
• Add text here• Add text here
• Add text here• Add text here
TOP CUSTOMER CONCERNS1
EFFICIENCYHIGHER PRODUCTIVITY
DEMAND
INCREASED COMPETITION
MULTIPLE TEAMS
INTERNALLYEXTERNALLY
1 According to ”2012 Cloud Computing Market Maturity” survey conducted jointly by Cloud Security Alliance (CSA) and ISACA.
LEGISLATION ACCOUNTABILITY PRIVACY CONFIDENTIALITYINTEGRATION RETENTION PRIVACY SECURITY AVAILABILITY LEGISLATION EXIT STRATEGIES ENCRYPTION CONFIDENTIALITPRIVACY DATA INTEGRITY REGULATIONS RETENTION AVAILABIENCRYPTION CONFIDENTIALITY DATA OWNERSHIP EXIT STRATDATA INTEGRITY ACCCOUNTABILITY RETENTION INTEGRATION
• Add text here• Add text here
• Add text here• Add text here ASSURANCE
BEST PRACTICES AND INDUSTRY STANDARDS (I.E. ISO 27001)
ACCREDITATION AND CERTIFICATIONS
INDEPENDENT AUDITS
HOW TO ADDRESS CONCERNS
TRUST APPLICABLE LEGISLATION PRIVACY STATEMENT DATA RETENTION &
OWNERSHIP ESCROW AND EXIT
STRATEGIES
SECURITY• CONFIDENTIALITY• INTEGRITY• AVAILABILITY
Security, Trust and Assurance ecosystem.
Traditional Security Triad• Confidentiality
Perimeter security, Access control, Encryption, User Account and Password Management
• IntegrityPhysical and Environmental measures, protection against malware, FIM, audit logging, monitoring and traceability
• AvailabilitySLA, RPO/RTO, Independent monitoring, redundancy, Disaster Recovery and BCP, Backups and Restoration, Web Accelerators
Trust
Trust• Applicable legislation (Location, location,
location)• Data Ownership (Terms and Conditions)• Data Retention (and data portability)• Integration with existing systems (APIs,
Single Sign-on)• Escrow and Exit strategies• Privacy Statement, Cookie Information
Trust
Trust
Assurance
Assurance
• Industry accepted standards such as ISO27001.• SSAE-16 reports.• Cloud Security Alliance STAR.• Other technology certificates and seals. • Independent audits.
• 91% of SMBs said the security of their organization had been positively impacted as a result of cloud adoption.
• 82% of SMBs have experienced improved service availability since moving to the cloud
• 93% of SMBs said they are confident their cloud provider can quickly and effectively restore services during an outage.
Cloud Trust Study results for the U.K, June 2013.
How perceptions change by experience
• STA is to assess a single cloud vendor, you should have an overall strategy and processes to manage all your cloud providers.
• Do not forget the human factor. Educate and train your users.
What this talk did not cover…
Thank youQuestions?
Projectplacewhere projects succeeds