Download - A CISO's Perspective on Cloud Compliance
A CISO’s Perspective on Cloud Compliance
Everything for the CISO to understand
J. Hybinette, CISM, CISSP, NSA-IEM, NSA-IAM, ISSAP, ISSMP
1
2
HOUSEKEEPING
• This webinar is being recorded and an on-demand
version will be available at the same URL at the
conclusion of the webinar
• Please submit questions via the button on the upper left
of the viewer
• If we don’t get to your question during the webinar,
we will follow up with you via email
• Download related resources via the “Attachments”
button above the viewer
• On Twitter? Join the conversation: #CISOcloud,
#HOSTINGspeaks and @HOSTINGdotcom
What is Cloud Computing?
• The origin of the term
cloud computing is
unclear.
• Cloud computing is the
delivery of computing as
a service rather than a
product, whereby shared
resources, software, and
information are provided
to computers and other
devices as a utility over a
network.
• I cannot afford being compliant
• I am too busy to become compliant
• I don’t know how to become compliant
• Breaches only happens to larger organizations
• The cloud is insecure
5
Compliance Misconceptions
• Where are My IT Assets
• What needs to be moved
• How Valuable are My Assets
• What do I need to Protect my
assets
• Who is Managing the Security
Program
• The change in IT workload
• Track the changing landscape
• Aligning your SLA
• Security is your priority
• SOC 1,2,3
• Service Organization Control Reports
• PCI
• Payment Card Industry Compliance
• GLBA
• Financial Institutions Gramm Leach & Bailey Act
• HIPAA
• Healthcare Services Compliance.
Almost 1/3 of the people looking for information
about HIPAA, spells it as “HIPPA”; make sure
everyone is on the right page.
It Makes Sense
• Cloud computing definitely makes
sense if your own security is weak,
missing features, or below average.
• Ultimately, if
• the cloud provider’s security people are “better”
than yours (and leveraged at least as efficiently),
• the web-services interfaces don’t introduce too
many new vulnerabilities, and
• the cloud provider aims at least as high as you
do, at security goals,
then cloud computing has better
security.
• World class security architecture team• Unique secure compliant security cloud
solutions offered nowhere else• Industry leader providing compliant
environments• Security you can depend on• Serious about HIPAA