cloud security alliance (csa) chapter meeting atlanta 082312
DESCRIPTION
Q3\'2012 CSA Atlanta Chapter MeetingTRANSCRIPT
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Monthly Chapter CallThursday, August 23rd, 2012
Phil Agcaoili, CSA Atlanta Chapter
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Agenda
Panel: Cloud, Consumerization, BYOD/Mobility, and virtualization
CSA Chapter Update (Phil Agcaoili)
Open forum
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Panel
Moderator: Russell Eubanks, Cox Communications
Panelists:Esther Lee, Silverpop
John Sapp, McKesson
Phil Agcaoili, Cox Communications
Mike Rothman, Securosis
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
UPDATE
New CSA Chapters in Development
CSA, Northeast OhioCSA, South Florida
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
UPDATE
Welcome new Corporate Members
Singapore Infocomm Technology Federation (SITF) Security and Governance Chapter (SGC)GemaltoYammerCovisintIntermedia
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Open Certification Framework
CSA partnership with BSI (British Standards Institution)
Ensures alignment with international standards and based upon a comprehensive certification process
Industry initiative that offers cloud providers a trusted global certification scheme.
Flexible three-stage scheme will be created in line with the CSA’s industry-leading security guidance and control objectives.
Supports an independent third-party assessment, as well as attestation statements developed within the public accounting community
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Open Certification FrameworkStructured in three levels, each one of them will provide an
incremental level of trust and transparency to the operations of cloud service providers and a higher level of assurance to the cloud consumer.
The initial level is CSA STAR Self Assessment: Cloud providers can submit reports to the CSA STAR Registry to indicate their compliance with CSA best practices. This is available immediately.
The second level, CSA STAR CERTIFICATION, is a third-party independent assessment: this certification leverages the requirements of the ISO/IEC 27001:2005 management systems standard together with the CSA Cloud Controls Matrix (CCM). These assessments will be conducted by approved certification bodies only. Availability is expected in H1 2013.
The STAR Certification will be enhanced in the future by continuous monitoring-based certification: this third level is currently under development.
The development of the STAR CERTIFICATION (third-party independent assessment) will be driven jointly by CSA and BSI. Based upon the ‘Plan, Do, Check, Act’ (PDCA) approach and the specified set of criteria as outlined in the Cloud Controls Matrix (CCM), this service enables the assessor to numerically score a company’s performance against the CCM, allowing senior management to measure improvement year over year.
Further details can be found at: http://cloudsecurityalliance.org/research/ocf/
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
2012
Events
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Events
September 25-26, 2012Amsterdam, NetherlandsFor more information visit:
http://www.cloudsecuritycongress.com/
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Events
CSA Congress USA Workshops November 7,8, 9Venue: Hilton Disney World ResortTo register and for more information visit: https://misti.com/cloud
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Early 2012
Chapter Tools
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Website Usability Survey
The Cloud Security Alliance invites you to participate in its website usability survey, a short questionnaire about your experience with the CSA site.
https://cloudsecurityalliance.org/about/website-survey/
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Chapter Support Survey
https://www.surveymonkey.com/s/5CSF2CR
Help us increase support to ChaptersChapter statusChallengesGoals
Contact [email protected]
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Basecamp
The CSA Projects will begin migrating to the "new" Basecamp found at the following URL:
https://launchpad.37signals.com/
This site will give you access to all of your CSA projects on the new Basecamp and the pre-existing projects found in the renamed "Basecamp Classic". The 37Signals Launchpad will help you navigate to both Basecamp sites if you are participating in multiple CSA Working Groups.
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
http://cloudsecurityalliance.org/research/
Research
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA SLA Research Group
Looking for CSA Chapters world-wide participation Regional representation Effective SLAs and their Management is a key factor in
the successful adoption of the Cloud Contact [email protected]
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Mobile
Initiative 1 - Top Mobile Threats Working Draft Peer Review (June 29th) Survey (June 29th)
Initiative 6 - Mobile Device Management Mobile Device Management Key Components Peer Review (July 5th)
www.cloudsecurityalliance.org/mobile
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Top Threats
Identify Threats unique to, or magnified by Cloud Development of V2.1 Top Threats Submission and Reviewhttps://cloudsecurityalliance.org/research/top-threats/#_submit For more information on the Top Threats Working
Grouphttps://cloudsecurityalliance.org/topthreats/
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Big Data Working Group
https://cloudsecurityalliance.org/research/big-data/Initiatives Data Analytics for Security Privacy Preserving/Enhancing Technologies Big Data-Scale Crypto Cloud Infrastructures’ Attack Surface Analysis and
Reduction Policy and Governance Big Data Framework
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Telecom Working Group
5 Telecom Initiatives Telecom and the GRC Stack ISO 27017 Interviews to CSP’s – NEED carrier CSP’sContact: [email protected] for more details SIEM Compliance Monitoring Cloud Forensics and Legalhttps://cloudsecurityalliance.org/research/telecom/
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Cloud Controls Matrix
New Working Group Co-chairs Introducing Sean Cordero, Evelyn de Souza, Thomas
Kenyon CCM 1.3 peer review released in July More updates scheduled in 2012 (AICPA, NIST, and
more) CCM 2.0 release 2013 CSA Interact coming soon
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Trusted Cloud Initiative
CSA, Trusted Cloud Initiative Interactive Site
https://research.cloudsecurityalliance.org/tci/
TCI Roadmap for Q2
Architecture Maintenance Site – on CSA Interact soon
Architecture Feedback Forum
Interactive Site: Phase II - Heatmapping
Interactive Site: Phase III – Input/Output Questionnaire
Get Involved
https://cloudsecurityalliance.org/research/tci/#_get-involved
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
HIM Working Group
Health Initiatives
HIPAA and HiTech Best Practices
https://cloudsecurityalliance.org/research/him/
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
SecaaS Working Group
Implementation Guidance for Categories
LAST CALL FOR WRITERS
Implementation and Considerations of:
Email Security
Peer Reviews coming in July
contact [email protected]
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CDG Project
Cloud Data Governance Initiatives – COMING SOON
Key Concerns of Cloud Data Stakeholders
Data Lifecycle Model and Taxonomy
Emerging Technologies
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Online
Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing
http://www.linkedin.com/groups?gid=1864210https://cloudsecurityalliance.org/get-involved/
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Online
Do you have an idea for a research project on a cloud security topic? If so, please take the time to describe your concept. Ideas are monitored by the CSA research team, who will review your proposal and respond to you with feedback.
https://cloudsecurityalliance.org/research/, the Submit Ideas tab
Submit Your Research Ideas
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Online
The Cloud Security Alliance is a community non-profit which is driven by its members. Have a white paper or information on a cloud security product you want to contribute?
https://cloudsecurityalliance.org/education/white-papers-and-educational-material/
Contribute to the CSA library
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Open Questions
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Contact
JR Santos, CSA Global Research [email protected]
Daniele Catteddu, Managing Director [email protected]
Aloysius Cheang, Managing Director [email protected]
John Yeoh, CSA Global Research [email protected]
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
ContactHelp Us Secure Cloud Computing
www.cloudsecurityalliance.org
LinkedIn: www.linkedin.com/groups?gid=1864210
Twitter: @cloudsa
Thank you!
Phil Agcaoili
@hacksec
www.linkedin.com/in/philA
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Thank You