Is Governance Really Possible in a Cloud World?

Post on 24-Jan-2016

37 views 0 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

Is Governance Really Possible in a Cloud World?. Ken Smith CISSP CISA CCSK Senior Security Solutions Architect. Agenda. GRC today Problems created by cloud Managing governance Levels of control ( Iaas , PaaS , SaaS ) Compliance in the cloud. More Bad Security Stock Images!. - PowerPoint PPT Presentation

transcript

© Copyright 2012 – All Rights Reserved.

Is Governance Really Possible in a Cloud World?

Ken Smith CISSP CISA CCSKSenior Security Solutions Architect

Agenda

GRC todayProblems created by cloudManaging governanceLevels of control (Iaas, PaaS,

SaaS)Compliance in the cloud

More Bad Security Stock Images!

Current State of GRC

Enterprises lead in adoption Tools in place Staff to manage program Management support

Midsized orgs dabbling Some tools Limited staff Mixed management support

Current State of GRC (cont’d)

Most small organizations [This section intentionally blank]

GRC Problems Created By CloudExisting tools may no longer

workSome visibility is taken awaySome access is taken

awayWarm & fuzzy knowing

that data is in your own data center taken away

Existing contract language that you know & love will likely need to be reworked

What Do We Do?

A. Grant cloud solutions an exemption from our governance program & assume the provider will take care of everything

B. Don't adopt cloud because we can't manage GRC

C. Adapt existing governance programs to account for cloud-based solutions

Source: Cloud Security Alliance Security Guidance

Cloud Security Integration

Managing Governance In The Cloud

It's going to take some upfront work

Much heavier dependence on trusting that the cloud provider is doing the right thing

Much heavier dependence on service level agreements & contract language

Lawyers!

Managing Governance In The Cloud

Audits will be more complex

Compliance assessments will be “interesting”

Compensating controls are key

Varying Responsibility

PaaS• More dependent on

provider• Less control• Providers technology

IaaS• Less dependent on provider• You have more control• More of your own technology

Compliance In The Cloud“Out of the box”

Meet your policies & governance requirements? Very unlikely today

Meet PCI DSS or HIPAA requirements? No

Is This Possible?

Compensating controls Technology: encryption, tokenization,

data masking, segmentation Adapting your governance program Contract language Lawyers!

Great Reading & Resources

Cloud Security Alliance (CSA) www.cloudsecurityalliance.org Security Guidance for Critical Areas of Focus in Cloud

Computing

The CSA Mission Statement:To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

http://www.cloudsecurityalliance.org/

Great Reading & Resources (cont’d)

European Network and Information Security Agency (ENISA) www.enisa.europa.eu Benefits, risks and recommendations for information

security

http://www.enisa.europa.eu/

© Copyright 2012 – All Rights Reserved.

Thank You

Ken Smith, CISSP, CISA, CCSKSenior Security Solutions Architectksmith@greenpages.com@ken5m1th

mailto:ksmith@greenpages.com

Top related

Global Internet Governance Is it possible?
Documents
Do Investors Really Value Corporate Governance? Evidence from the Hong Kong Market
Documents
E Governance: A Successful Implementation of Government … · 2015-09-26 · implementation of e-governance for achieving good governance and the possible barriers in the implementation
Documents
‘What [really] is Clincial Governance - acslm.ie · Integrated Corporate and Clinical Governance “The main lesson I take ... –4Ps patient, professional, processes, patterns
Documents
Is a 100% Zero Waste Future Really Possible?
Environment
Risk Governance of Biobank Deliberation of Glocalizational Risk Governance ~ How is social trust of Biobank possible? ~ Chou Kuei-Tien National Taiwan.
Documents
Is time travel really possible?
Science
UN PROJECT OFFICE ON GOVERNANCE (UNPOG) AND ITS POSSIBLE CONTRIBUTION TO ICTD-ASP
Government & Nonprofit
Sustainability in fashion. Is it really possible?
Documents
Change is possible. No, really, we did it
Technology
Does Corporate Governance Really Matter?d1c25a6gwz7q5e.cloudfront.net/papers/1281.pdfDoes Corporate Governance Really Matter? 1. Introduction Corporate governance generally refers
Documents
Mission Possible: Strong Governance Structures for the ... · MISSION POSSIBLE: STRONG GOVERNANCE STRUCTURES FOR THE INTEGRATION OF JUSTICE INFORMATION SYSTEMS. 3 Acknowledgments
Documents
“making things possible” - endesa.com€¦ · 2011 Annual Corporate Governance Report “making things possible...” 2011 Annual Corporate Governance Report (Spanish Securities
Documents
Governance Agreement change possible
Documents
How a Resurrection Really Feels: Untangling and ... a Resurrection Really Feels: Untangling and Revitalising Decentred, Decoupled and Disjointed Governance in a Welsh Context Dion
Documents
An ALA Washington Office Webinar Make a Difference for Libraries in D.C. (Really, it's Possible)
Documents
Global Internet Governance Is it possible? .
Documents
Are Miracles Really Possible?
Documents
PAGE 12 THE KILLER CHIPS REALLY? POSSIBLE · 2018-10-11 · ANYTHING IS POSSIBLE PAGE 51 EMAIL MARKETING IS DEAD—REALLY? PAGE 44 THINKING OUTSIDE OF THE BOX SEE 18 THE KILLER CHIPS
Documents
Usable Help: Is it really possible?
Design

Copyright © 2018 DOCUMENTS