Download presentation
Presentation is loading. Please wait.
Published byMelanie Knight Modified over 8 years ago
1
Cloud Compliance Considerations March 24, 2015 | Jason Smith, CISSP
2
About Me … Jason Smith, CISSP IT Security and Compliance Consultant Internetwork Engineering Dutch Oven Cobbler maker
3
What is this “Cloud” that you speak of? http://www.contrib.andrew.cmu.edu/~aishah/CC.html
4
Cloud Benefits $$$$$ http://www.outsidethebeltway.com/
5
Cloud Risks $$$$$$
7
What is the new “Normal”? Your network has changed! Has your regulatory scope changed? Who has responsibility for the network? Does your documentation reflect the “new normal”? How about access control?
8
Mitigate Early! Reference your last audit or assessment and work with the solution provider or a 3 rd party specialist to understand what if anything may have changed or will change. Perform a risk assessment against the Pre-Build documents from the solution provider. Plan for a Penetration Test Will the provider have access to the data or the systems? What are their processes and procedures? Do you now have web facing servers?
9
Trust, but verify. Risk and Vulnerability assessment. Do a Vulnerability Assessment Do a Risk Assessment Discuss the patching and mitigation responsibilities with your cloud provider. Penetration Testing Required for PCI and some other regulations Should be conducted at least annually Liability and Legality
10
Time to get some help Consider engaging a 3 rd party consultant to assist with compliance and security concerns. Budget for 3 rd party professional services in the transition project Know what you need: Assessments Routine Process development Road Map
11
Questions? Jason Smith, CISSP IT Security and Compliance Consultant Internetwork Engineering jsmith@ineteng.com
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.