enabling cloud security · • upskilling on effective cloud-based systems management . ... • crm...
TRANSCRIPT
#CLOUDSEC
The c
loud landscape
Source: https://steveblank.files.wordpress.com/2011/02/bessemercloudscape.jpg
#CLOUDSEC
Clo
ud
op
po
rtun
itie
s Flexibility
On-demand Services
Rapid Deployment
Automation Scalability
Availability
Lower TCO
#CLOUDSEC
C
lou
d c
halle
nges
Talent & Expertise
Security
Managing Multiple Services
Compliance Cost
Management
Governance and Control
Integration
#CLOUDSEC
Th
e c
lassic
co
ntr
acts
Requirements
Evaluations
Selection
Deployment Adoption
Optimisation
Renewal
#CLOUDSEC
Standalone services
SLA based services
model
Business workflow
integration
Legacy infrastructure
integration
Data protection and
management
Source: https://www.simple-talk.com/iwritefor/articlefiles/cloud/2011/11/cloud-service-model.png
#CLOUDSEC
Organisational implications • Clarity around scope and the primary motivation of moving to the cloud
• Changes to governance models and decision making
• Knowledge of cloud architecture, virtualization, multiple technology
platforms
• Challenge of standardised processes supporting seamless integration across multiple systems
• Changing skillset from technology management to vendor management
• Upskilling on effective cloud-based systems management
#CLOUDSEC
Controls and Questions
295 Supporting Questions
133 Control Areas
16 Control
Domains
• Model for enabling active governance
• Enables cloud architecture discussions for business outputs
• Moves cloud decisions from audit assessment to a risk based outcomes
#CLOUDSEC
Three cloud projects
• IaaS contracts • PaaS contracts • SaaS Contracts
• Finance • HR Services • Collaboration • CRM • Business Intelligence
Global Bank Healthcare Provider Government Department
Complete Set
295 Questions
133 Areas
16 Domains
295 Questions
133 Areas
16 Domains
• IaaS contracts • PaaS contracts • SaaS Contracts
• Finance • HR Services • Collaboration • Document Mgmt. • CRM
• GovCloud • SaaS Contracts
• Document Mgmt. • Collaboration • CRM
#CLOUDSEC
T
he T
we
lve
Data
Breaches
Access Management
Account Hijacking
System Vulnerabilities
Insufficient Due Diligence
Insecure Interface
Malicious Insider
Advanced Persistent
Threat
Tech Vulnerabilities
Data Loss
Services Abuse
Denial of Service