security strategy when moving to the public cloud · 2018. 3. 19. · keith prabhu. founder &...
TRANSCRIPT
www.cloudsec.com | #CLOUDSEC
Security Strategy when moving to the Public CloudKeith PrabhuFounder & Director, Cloud Security Alliance – Mumbai ChapterExecutive Director, Confidis
CLOUDSEC INDIA 2016
Security Strategy for the Cloud
Select the right candidates based on security and regulatory concerns
Select the right deployment model
Security criteria for selecting a Public Cloud Services Provider
Select the RIGHT deployment/Service Model
How would we be harmed if the
confidentiality of information was compromised?
How would we be harmed if the integrityof the information/data
was compromised?
How would we be harmed if the asset was
not available?
How would we be harmed if there was an
insider breach at the CSP?
How would we be harmed if integrity of
the process or function was manipulated by an
outsider?
How would we be harmed if the process or function failed to
provide expected results?
Select the RIGHT deployment/Service Model
Source: https://www.yokogawa.com/us/technical-library/resources/application-notes/scada-cloud-computing/
Key Security Criteria when selecting a Public CSP
OpSec
• SoD• Security in Development
Process• Security in Operations
Process• Well defined DR/BC
policy/process• Configuration
management process• Patch management
process
Security Framework
• Well defined security policies
• Well defined DR/BC policy
Contractual
• Well defined contractual language (security/privacy)
• Reviewable audits• Right to audit
CSA Tools to help
• The Cloud Controls Matrix• List of controls that maps to ISO 27001/27002, ISACA COBIT, PCI, NIST,
Jericho Forum and NERC CIP.• Consensus Assessment Initiative
• Starter questionnaire.• CloudAudit
• For automated assessment, audit, assertion, and assurance• Trusted Cloud Initiative
• IAM reference architecture• And more! > https://cloudsecurityalliance.org/research/
• Join CSA, Mumbai Chapter – It’s FREE
About the Cloud Security Alliance• Global, not-for-profit organization• Building security best practices for
next generation IT• Research and Educational
Programs• Cloud Provider Certification – CSA
STAR• User Certification - CCSK• The globally authoritative source
for Trust in the Cloud
“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
CSA Fast Facts• Founded in 2009 • Headquarters in Seattle (Bellingham),
Singapore, Edinburgh UK• 74,000+ Individual members• 300+ Corporate members• 75+ Chapters
• Over 30 research projects in 25 working groups• Strategic partnerships with governments,
research institutions, professional associations and industry
• CSA Research is FREE!
• Cloud Controls Matrix WG• Quantum Safe Security WG• Big Data Working Group• Security as a Service WG• Containers & Microservices WG• Open API WG• Mobile Application Security Testing
WG• Health Information Management WG
Active Working Groups
• Consensus Assessment Initiative• IoT Working Group• SDP Working Group• Mobile Working Group• Cloud Data Governance WG• Security Guidance V.4 WG• Financial Services Working Group• Incident Management & Forensics WG• Cyber Incident Sharing Center
Active Working Groups (contd.)
More questions? Contact: [email protected]