16
Security, Trust and Assurance. Achieving confidence in the cloud. Erkan Kahraman| CISO of Projectplace.com | [email protected]

Erkan kahraman Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Embed Size (px)

DESCRIPTION

In his presentation Erkan Kahraman will show his methods to address common customer concerns from a cloud service provider point of view and provide useful insight to the industry and what cloud users should consider when purchasing solutions.

Citation preview

Page 1: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Security, Trust and

Assurance. Achieving confidence in the cloud.

Erkan Kahraman| CISO of Projectplace.com | [email protected]

Page 2: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

• whois erkan.kahraman• Top concerns for cloud computing.• Security, trust and assurance ecosystem. • Who to trust? Encryption and beyond. • What this talk does not address and what to

do next.

Agenda

Page 3: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

• Add text here• Add text here

• Add text here• Add text here

TOP CUSTOMER CONCERNS1

EFFICIENCYHIGHER PRODUCTIVITY

DEMAND

INCREASED COMPETITION

MULTIPLE TEAMS

INTERNALLYEXTERNALLY

1 According to ”2012 Cloud Computing Market Maturity” survey conducted jointly by Cloud Security Alliance (CSA) and ISACA.

LEGISLATION ACCOUNTABILITY PRIVACY CONFIDENTIALITYINTEGRATION RETENTION PRIVACY SECURITY AVAILABILITY LEGISLATION EXIT STRATEGIES ENCRYPTION CONFIDENTIALITPRIVACY DATA INTEGRITY REGULATIONS RETENTION AVAILABIENCRYPTION CONFIDENTIALITY DATA OWNERSHIP EXIT STRATDATA INTEGRITY ACCCOUNTABILITY RETENTION INTEGRATION

Page 4: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

• Add text here• Add text here

• Add text here• Add text here ASSURANCE

BEST PRACTICES AND INDUSTRY STANDARDS (I.E. ISO 27001)

ACCREDITATION AND CERTIFICATIONS

INDEPENDENT AUDITS

HOW TO ADDRESS CONCERNS

TRUST APPLICABLE LEGISLATION PRIVACY STATEMENT DATA RETENTION &

OWNERSHIP ESCROW AND EXIT

STRATEGIES

SECURITY• CONFIDENTIALITY• INTEGRITY• AVAILABILITY

Security, Trust and Assurance ecosystem.

Page 5: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Traditional Security Triad• Confidentiality

Perimeter security, Access control, Encryption, User Account and Password Management

• IntegrityPhysical and Environmental measures, protection against malware, FIM, audit logging, monitoring and traceability

• AvailabilitySLA, RPO/RTO, Independent monitoring, redundancy, Disaster Recovery and BCP, Backups and Restoration, Web Accelerators

Page 6: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation
Page 7: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Trust

Page 8: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Trust• Applicable legislation (Location, location,

location)• Data Ownership (Terms and Conditions)• Data Retention (and data portability)• Integration with existing systems (APIs,

Single Sign-on)• Escrow and Exit strategies• Privacy Statement, Cookie Information

Page 9: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Trust

Page 10: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Trust

Page 11: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Assurance

Page 12: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Assurance

• Industry accepted standards such as ISO27001.• SSAE-16 reports.• Cloud Security Alliance STAR.• Other technology certificates and seals. • Independent audits.

Page 13: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

• 91% of SMBs said the security of their organization had been positively impacted as a result of cloud adoption.

• 82% of SMBs have experienced improved service availability since moving to the cloud

• 93% of SMBs said they are confident their cloud provider can quickly and effectively restore services during an outage.

Cloud Trust Study results for the U.K, June 2013.

How perceptions change by experience

Page 14: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

• STA is to assess a single cloud vendor, you should have an overall strategy and processes to manage all your cloud providers.

• Do not forget the human factor. Educate and train your users.

What this talk did not cover…

Page 15: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Thank youQuestions?

Page 16: Erkan kahraman   Security, Trust, Assurance - 20131106 - nordic it security summit presentation

Projectplacewhere projects succeeds