200 likes | 321 Views
Cloud Security: Critical Threats and Global Initiatives. Jim Reavis, Executive Director July, 2010. What is Cloud Computing?. Compute as a utility: third major era of computing Mainframe PC Client/Server Cloud computing: On demand model for allocation and consumption of computing
E N D
Cloud Security: Critical Threats and Global Initiatives • Jim Reavis, Executive Director • July, 2010
What is Cloud Computing? Compute as a utility: third major era of computing Mainframe PC Client/Server Cloud computing: On demand model for allocation and consumption of computing Cloud enabled by Moore’s Law: Costs of compute & storage approaching zero Hyperconnectivity: Robust bandwidth from dotcom investments Service Oriented Architecture (SOA) Scale: Major providers create massive IT capabilities
How will Cloud Computing play out? Much investment in private clouds for 3-5 years Rise of mobile clouds Eventual 80/20 rule favoring public clouds Cloud assurance ecosystem being built Virtual private clouds compromise between public and private Long legacy of hybrid clouds Disruption to markets, IT, security best practices Challenges public policy and critical infrastructure
About the Cloud Security Alliance Global, not-for-profit organization 10,000+ individual members Fast growing – chapters, translations, alliances Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, etc We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
CSA Research ProjectsGo to www.cloudsecurityalliance.org/Research.html for Research dashboard and Working Group signup
Released Research CSA Guidance for Critical areas of Focus Popular best practices V2.1 CSA Cloud Controls Matrix Security controls framework mapped to existing regulations and standards Top Threats Released 2x annually Identity & Access Management “Dom12” paper Supporting Trusted Cloud Initiative
Research & Initiatives in Progress Certificate of Cloud Security Knowledge (CCSK) Individual competency testing and certificate Trusted Cloud Initiative Interoperable IAM, reference models, cert criteria CSA Cloud Controls Matrix V2 Controls refinement, automation, increased mappings Consensus Assessments Initiative Common question sets to measure providers’ security capabilities
Research Initiatives being Scoped CloudCERT Best practices research for emergency response in Cloud Standardized processes Hosted Community Cloud Security Metrics Library of recommended measurements & surveys Cloud Security Use Cases Document real world lessons learned
Third Party Initiative Participation CloudAudit Common Assurance Maturity Model (CAMM) ENISA eGovernment Cloud-Standards.org NIST
Schedule CSA Summit at BlackHat, July 28-29, Las Vegas CSA Congress, Nov 16-17, Orlando CSA Summit at RSA 2011 (tentative), SF Participating in most major events Several chapter launch events Other Summits as research requires