managing risk and s ecurity in the cloud
DESCRIPTION
Managing Risk and S ecurity in the cloud. Stuart Strathdee / Chief Security Advisor. Session outline. - PowerPoint PPT PresentationTRANSCRIPT
Managing Risk and Security in the cloud.
Stuart Strathdee / Chief Security Advisor
Session outline
No cloud strategy is complete without a comprehensive risk management plan. In this session, you can learn more about how Microsoft addresses security, regulatory compliance, the potential for data to cross borders, and interoperability to prevent 'Cloud Lock'.
If this is how you do Threat Analysis, then this presentation is not for you.
Translating the Threat relation[[ trs av −! dt ]] := [[ trs ]] [[ av ]] of [[ dt ]] attacking the system[[ trs av −! v ]] := [[ trs ]] [[ av ]] of [[ v ]] being exploited[[ trs av −! ts(l ) ]] := [[ trs ]] [[ av ]] of [[ ts(l ) ]] being initiated
To illustrate how a diagram is translated we will use the threat diagram in Fig. 5
Fig. 5. Threat diagram
AUSTRAC provides help: http://www.austrac.gov.au/files/risk_management_tool.pdf
Microsoft Threat Analysis and modelling tool. http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
Get your head in the cloud.
Why where doesn’t matter.
On premise
Off premise
Why cloud represents greater profitability for partners.
• Allows transitioning of resources from low margin business to high margin business.
• Provides the customer with service levels which would have been prohibitively expensive on an individual scale. Think standards compliance.
• Reduces the exposure for customers and partners.
Case Study time.
Starting today, you can….• Focus more of your
resources on high profit aspects of your business.
• Deliver competitive advantages to your customers.
• Have Microsoft be the foundation for both you and your customers in transforming your businesses.
Acknowledgements:• International Standards Organisation: http://www.iso.org• AUSTRAC• SourceForge.net for the CORAS Security Risk Modelling
Language.• Bsi Group. Http://www.bsigroup.com• http://am3218.k12.sd.us/Event/Wall.htm• http://photosdie.typepad.com• http://www.jhartfound.org• http://www.fashion-res.com• http://www.jodixonjeweller.co.uk/
