achieving assurance and compliance in the cloud digital government cyber security conference cheryl...
TRANSCRIPT
Achieving Assurance and Compliance in the Cloud
Digital Government Cyber Security Conference
Cheryl Wilner, CEOBethesda Advanced Solutions
Ronald Regan Building, Washington DCMay 31 2012
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Securing Government Data
Government Agencies largest concern with moving to the cloud is Security….
...and regardless of any signed contract or SLA, at the end of the day the buck stops with you!
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Cloud ComputingSecurity: Largest Barrier to Adoption
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
What is Different about Cloud Security?
SERVICE OWNER SaaS PaaS IaaS
Data Joint Tenant Tenant
Application Joint Joint Tenant
Compute Provider Joint Tenant
Storage Provider Provider Joint
Network Provider Provider Joint
Physical Provider Provider Provider
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Hacking is More Efficient in a Cloud
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Government Agencies
What are you going to do with 20+ years of “stuff”?
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Thank you to COL Chris Miller, CIO/G-6 ADCCP Army Data Center Consolidation
Programfor providing his slides.
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
The Cloud Security Alliance• CSA is a Global, not-for-profit organization• Over 31,000 individual members, 120 corporate members,
and 60 chapters • Building best practices and a trusted cloud ecosystem• Agile philosophy, rapid development of applied
research• GRC: Balance compliance with risk management• Reference models: build using existing standards• Identity: a key foundation of a functioning cloud
economy• Champion interoperability
MISSION - “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.csadc.us
CSA Metro DC Chapter
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Guidance ResearchPopular best practices for securing cloud computing
Flagship research project
V2.1 released 12/2009
V3 research underway, targeting Q3 2011 release
wiki.cloudsecurityalliance.org/guidance
Op
era
tin
g in
th
e
Clo
ud
Govern
ing
the C
lou
d
Guidance > 100k downloads: cloudsecurityalliance.org/guidance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Summary
• Create a Plan
• You will need help as this is not a walk in the park
• You have more “stuff” than you think
• Security is the highest priority concern
• This is not as easy as it looks and it will take longer than you think
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Contact
Cheryl Wilner, CEO
Bethesda Advanced Solutions (BAS)
301-502-1919
www.bethesdasolutions.com