Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Cloud Security Alliance, 2015 Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems.

Published byRosaline Kelley Modified over 8 years ago

Similar presentations

Presentation on theme: "© Cloud Security Alliance, 2015 Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems."— Presentation transcript:

1 © Cloud Security Alliance, 2015 Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems

2 Agenda © Cloud Security Alliance, 2015  Charter /Members  What is Data Governance  Data Governance Models (Under Development)  Cloud Data Protection Model  Activities  Get Involved

3 Propose a data governance framework to ensure the, availability, integrity and overall security and privacy of data in different cloud models. This framework would feed into the GRC stack with tie ins across the CAIQ, CCM and STAR Develop thought leadership materials to promote CSA’s leadership in the the area of data governance in the cloud Please review our Data Governance Workgroup Charter Documenthttps://docs.google.com/a/cloudse curityalliance.org/document/d/1FhllAR4KnwP GCXwZEi4xtezzLQF9LHISlfElzJMTk30/edithttps://docs.google.com/a/cloudse curityalliance.org/document/d/1FhllAR4KnwP GCXwZEi4xtezzLQF9LHISlfElzJMTk30/edit © Cloud Security Alliance, 2014. Charter

4 Fostering collaboration across: Key industry leaders from different verticals Academia Industry analyst associations Vendor subject matter experts Do join our discussion on LinkedIn: CSA Cloud Data Governance Working Group CSA Cloud Data Governance Working Group © Cloud Security Alliance, 2014. Membership

5 Cloud Data Governance Challenges 1.Data Protection (65%) 2. Security Management (42%) 3. Compliance (53%)4. Data Governance (73%) Is data safely protected while in motion, in use or stored in the cloud How is the availability of data in the cloud assured? How are assurance levels effectively managed by the cloud provider Can I get a snapshot of the cloud provider’s security management capabilities at any point Can the cloud provider demonstrate that regulatory controls are implemented effectively and sustainably? Who owns/accesses/edits/m odifies my data in the cloud? Data does not equal a one-size fits all model How do you measure policy enforcement? How do you enforce policy? Based upon informal survey with CISOs and InfoSec leaders from Dimension Data, Kloud, CSA Enterprise Council (43 InfoSec leaders worldwide from SP and Enterprise) and FSISAC Banking Leaders – NEED to set up User Focus Groups to hone in by segment and industry Over-emphasis on technology controls often leads to underlying weaknesses in processes

6 Cloud Deployment Model Risks Private Community Public SaaS Public IaaS Least risk due to single ownership. Enterprise control over legal regulatory needs Greatest risk due to least amount of control for consuming organization. Risk dependent on provider. Shared legal/regulatory needs Moderate risk due to multi- tenancy – however, common regulatory/legal needs High risk amount of risk. Shared model and shared regulatory/legal needs

7 Canonical Question Set Guidance V3 Data Life Cycle Create …StoreUse Phase 1 Categories Data DiscoveryLocation of Data Q1.1 WhoV Q1.2 ….VV QWhatV …VVV Where … When …

8 Aligning Governance Models to Security Frameworks Plan/Ob serve Do/Orien t Check/D ecide Act Four Inter-related Domains of COBIT Operational and support-oriented processes Compliance and security IT goals Compliance and risk business goals Source: ISACA Achievements cascade Drives Plan-Do-Check-Act Observe-Orient-Decide-Act

9 Example of Governance Framework Tied to CSA Cloud Controls Matrix 3 phases to govern are Plan (Plan and Organize) Do (Acquire and Implement, Deliver and Support) Check, Act (Monitor and Evaluate) Planning ProcessesFunctional ProcessesEvaluation Processes 3. Business Continuity Management1. Application & Interface Security2. Audit Assurance & Compliance 5. Data Security and Information Lifecycle Management 6. Datacenter security4. Change Control Management 8. Governance and Risk Management 7. Encryption and Key Management14. Security Incident Management 12. Interoperability and Portability9. Human Resources 15. Supply Chain Management10. Identity and Access Management 11. Infrastructure and Virtualization Security 13. Mobile Security 16. Threat and Vulnerability Management

10 Example of Governance Framework tied for CCM Data and Lifecycle Management Domain

11 PAGE 11 Data Governance Milestones KPIs and tools for measurements in place Sporadic data issues communication Standardized data definitions and rules in place Processes defined by individual technology functions Standardized process per organization/ Processes are centralized, controlled and measured Undefined data management policies Ad hoc processes / per data management Value of Security Risk Management AD HOC MANAGEDDEFINEDPROACTIVEOPTIMIZING Value driven Quantitative management of data Real-time analysis and resolution Continuous process improvements – way of life Stages

12 1 Exploring Toolsets for Cloud Data Governance Steps 1 2 2 3 3 4 4 http://clouddataprotection.org/cert/

13 Contribute LinkedIn Group Consider joining us on LinkedIn: CSA Cloud Data Governance Working Group CSA Cloud Data Governance Working Group Mailing List Our mailing list is hosted on the Cloud Security Alliance listserv: https://lists.cloudsecurityalliance.org/mailman/listinfo/datagover nance https://lists.cloudsecurityalliance.org/mailman/listinfo/datagover nance

14 References & Links Geospatial datalifecycle http://www.fgdc.gov/policyandplanning/a-16/stages- of-geospatial-data-lifecycle-a16.pdf http://www.fgdc.gov/policyandplanning/a-16/stages- of-geospatial-data-lifecycle-a16.pdf CCAQIS https://cloudsecurityalliance.org/research/cdg/

15 ? ? ? ? © Cloud Security Alliance, 2015

16

Download ppt "© Cloud Security Alliance, 2015 Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems."

Similar presentations

Microsoft Operations Framework (MOF) 4.0

Microsoft Operations Framework (MOF) 4.0
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,

Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,
Www.cloudsecurityalliance.org Copyright © 2014 Cloud Security Alliance Security Certification for Cloud Services : The CSA STAR Certification Daniele Catteddu,

Copyright © 2014 Cloud Security Alliance Security Certification for Cloud Services : The CSA STAR Certification Daniele Catteddu,
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Cloud Computing in Large Scale Projects George Bourmas Sales Consulting Manager Database & Options.

Cloud Computing in Large Scale Projects George Bourmas Sales Consulting Manager Database & Options.

Similar presentations

Ads by Google