1 / 19

Cloud Security: Critical Threats and Global Initiatives

Cloud Security: Critical Threats and Global Initiatives. Jim Reavis, Executive Director July, 2010. What is Cloud Computing?. Compute as a utility: third major era of computing Mainframe PC Client/Server Cloud computing: On demand model for allocation and consumption of computing

starbuck
Download Presentation

Cloud Security: Critical Threats and Global Initiatives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Security: Critical Threats and Global Initiatives • Jim Reavis, Executive Director • July, 2010

  2. What is Cloud Computing? Compute as a utility: third major era of computing Mainframe PC Client/Server Cloud computing: On demand model for allocation and consumption of computing Cloud enabled by Moore’s Law: Costs of compute & storage approaching zero Hyperconnectivity: Robust bandwidth from dotcom investments Service Oriented Architecture (SOA) Scale: Major providers create massive IT capabilities

  3. Top Threats to Cloud Computing

  4. Shared Technology Vulnerabilities

  5. Data Loss / Data Leakage

  6. Malicious Insiders

  7. Interception or Hijacking of Traffic

  8. Insecure APIs

  9. Nefarious Use of Service

  10. Unknown Risk Profile

  11. How will Cloud Computing play out? Much investment in private clouds for 3-5 years Rise of mobile clouds Eventual 80/20 rule favoring public clouds Cloud assurance ecosystem being built Virtual private clouds compromise between public and private Long legacy of hybrid clouds Disruption to markets, IT, security best practices Challenges public policy and critical infrastructure

  12. About the Cloud Security Alliance Global, not-for-profit organization 10,000+ individual members Fast growing – chapters, translations, alliances Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, etc We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”

  13. CSA Research ProjectsGo to www.cloudsecurityalliance.org/Research.html for Research dashboard and Working Group signup

  14. Released Research CSA Guidance for Critical areas of Focus Popular best practices V2.1 CSA Cloud Controls Matrix Security controls framework mapped to existing regulations and standards Top Threats Released 2x annually Identity & Access Management “Dom12” paper Supporting Trusted Cloud Initiative

  15. Research & Initiatives in Progress Certificate of Cloud Security Knowledge (CCSK) Individual competency testing and certificate Trusted Cloud Initiative Interoperable IAM, reference models, cert criteria CSA Cloud Controls Matrix V2 Controls refinement, automation, increased mappings Consensus Assessments Initiative Common question sets to measure providers’ security capabilities

  16. Research Initiatives being Scoped CloudCERT Best practices research for emergency response in Cloud Standardized processes Hosted Community Cloud Security Metrics Library of recommended measurements & surveys Cloud Security Use Cases Document real world lessons learned

  17. Third Party Initiative Participation CloudAudit Common Assurance Maturity Model (CAMM) ENISA eGovernment Cloud-Standards.org NIST

  18. Schedule CSA Summit at BlackHat, July 28-29, Las Vegas CSA Congress, Nov 16-17, Orlando CSA Summit at RSA 2011 (tentative), SF Participating in most major events Several chapter launch events Other Summits as research requires

  19. Thank you!

More Related