Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Security: Critical Threats and Global Initiatives Jim Reavis, Executive Director July, 2010.

Published byKristian Richardson Modified over 8 years ago

Similar presentations

Presentation on theme: "Cloud Security: Critical Threats and Global Initiatives Jim Reavis, Executive Director July, 2010."— Presentation transcript:

1 Cloud Security: Critical Threats and Global Initiatives Jim Reavis, Executive Director July, 2010

2 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance What is Cloud Computing? Compute as a utility: third major era of computing Mainframe PC Client/Server Cloud computing: On demand model for allocation and consumption of computing Cloud enabled by Moore’s Law: Costs of compute & storage approaching zero Hyperconnectivity: Robust bandwidth from dotcom investments Service Oriented Architecture (SOA) Scale: Major providers create massive IT capabilities

3 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Top Threats to Cloud Computing

4 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Shared Technology Vulnerabilities

5 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Data Loss / Data Leakage

6 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Malicious Insiders

7 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Interception or Hijacking of Traffic

8 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Insecure APIs

9 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Nefarious Use of Service

10 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Unknown Risk Profile

11 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance How will Cloud Computing play out? Much investment in private clouds for 3-5 years Rise of mobile clouds Eventual 80/20 rule favoring public clouds Cloud assurance ecosystem being built Virtual private clouds compromise between public and private Long legacy of hybrid clouds Disruption to markets, IT, security best practices Challenges public policy and critical infrastructure

12 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance About the Cloud Security Alliance Global, not-for-profit organization 10,000+ individual members Fast growing – chapters, translations, alliances Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, etc We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”

13 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance CSA Research Projects Go to www.cloudsecurityalliance.org/Research.html for Research dashboard and Working Group signup www.cloudsecurityalliance.org/Research.html

14 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Released Research CSA Guidance for Critical areas of Focus Popular best practices V2.1 CSA Cloud Controls Matrix Security controls framework mapped to existing regulations and standards Top Threats Released 2x annually Identity & Access Management “Dom12” paper Supporting Trusted Cloud Initiative

15 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Research & Initiatives in Progress Certificate of Cloud Security Knowledge (CCSK) Individual competency testing and certificate Trusted Cloud Initiative Interoperable IAM, reference models, cert criteria CSA Cloud Controls Matrix V2 Controls refinement, automation, increased mappings Consensus Assessments Initiative Common question sets to measure providers’ security capabilities

16 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Research Initiatives being Scoped CloudCERT Best practices research for emergency response in Cloud Standardized processes Hosted Community Cloud Security Metrics Library of recommended measurements & surveys Cloud Security Use Cases Document real world lessons learned

17 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Third Party Initiative Participation CloudAudit Common Assurance Maturity Model (CAMM) ENISA eGovernment Cloud-Standards.org NIST

18 www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance Schedule CSA Summit at BlackHat, July 28-29, Las Vegas CSA Congress, Nov 16-17, Orlando CSA Summit at RSA 2011 (tentative), SF Participating in most major events Several chapter launch events Other Summits as research requires

19 www.cloudsecurityalliance.org Thank you!

Download ppt "Cloud Security: Critical Threats and Global Initiatives Jim Reavis, Executive Director July, 2010."

Similar presentations

© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.

© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.
Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.

Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.
ITU-T Focus Group Cloud Computing

ITU-T Focus Group Cloud Computing
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Cloud Security Alliance Research & Roadmap June 2012

Cloud Security Alliance Research & Roadmap June 2012
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,

Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,
Www.cloudsecurityalliance.org Copyright © 2014 Cloud Security Alliance Security Certification for Cloud Services : The CSA STAR Certification Daniele Catteddu,

Copyright © 2014 Cloud Security Alliance Security Certification for Cloud Services : The CSA STAR Certification Daniele Catteddu,
Www.cloudsecurityalliance.org Copyright © 2013 Cloud Security Alliance CSA Speed Talk: “STAR &CCSK – An Update on Provider and User Certification”

Copyright © 2013 Cloud Security Alliance CSA Speed Talk: “STAR &CCSK – An Update on Provider and User Certification”
Cloud Security Challenges Today and Tomorrow NameTitle February 2011.

Cloud Security Challenges Today and Tomorrow NameTitle February 2011.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Keynote.

Copyright © 2011 Cloud Security Alliance Keynote.
Www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Conference Announcements.

Copyright © 2012 Cloud Security Alliance Conference Announcements.
Achieving Assurance and Compliance in the Cloud Digital Government Cyber Security Conference Cheryl Wilner, CEO Bethesda Advanced Solutions Ronald Regan.

Achieving Assurance and Compliance in the Cloud Digital Government Cyber Security Conference Cheryl Wilner, CEO Bethesda Advanced Solutions Ronald Regan.
Www.cloud-security.org.uk Copyright © 2012 Cloud Security Alliance – UK & Ireland Liberty Hall, Dublin March 30th 2012.

Copyright © 2012 Cloud Security Alliance – UK & Ireland Liberty Hall, Dublin March 30th 2012.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Achieving Security Assurance and Compliance in the Cloud Jim Reavis Executive Director.

Achieving Security Assurance and Compliance in the Cloud Jim Reavis Executive Director.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Similar presentations

Ads by Google