Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Risk Management 2012 October 3© Penelope Gordon 2012 Mary Beth Borgwing, Standish Risk Management Penelope Everall Gordon, 1Plug Corporation John.

Similar presentations


Presentation on theme: "Cloud Risk Management 2012 October 3© Penelope Gordon 2012 Mary Beth Borgwing, Standish Risk Management Penelope Everall Gordon, 1Plug Corporation John."— Presentation transcript:

1 Cloud Risk Management 2012 October 3© Penelope Gordon 2012 Mary Beth Borgwing, Standish Risk Management Penelope Everall Gordon, 1Plug Corporation John Howie, Cloud Security Alliance Virginia “Ginny” Lee, Intel Corporation

2 2 Why Cloud Risk Management?  Cloud Applications to reach $150B by 2013  Data Privacy and Security top risk for 21 st Century  Enterprise needs remediation for loss of investment for stakeholders & partners  Financial risk of data loss & security of intrusion need mitigation beyond SLA’s  SEC and other regulation will require disclosure of loss and description of relevant insurance coverage by Enterprises into 2013 Risk Transfer Solutions and the race to provide them will be the next instantiation of the commerce of Cloud 2012 October 3© Penelope Gordon 2012

3 3  Identify: Look beyond the technology  Assess: Determine costs of mitigating and not mitigating  Balance: Weigh mitigation costs against benefits  Mitigate: Implement risk reduction measures Risk Management Process 2012 October 3© Penelope Gordon 2012

4 4  What’s at risk? Where should we look for risk?  Who’s responsible for identifying risks?  How do the risks differ between private and public cloud? Are some forms of cloud riskier than others?  How do the risks differ between traditional outsourcing / out-tasking and public cloud? Risk Not Just a Tech Issue 2012 October 3© Penelope Gordon 2012

5 5  What is threat and risk assessment?  How do cloud and non-cloud IT risk assessment differ?  Who should assess and how?  What are common mistakes?  How do you convince LoB execs and investors of assessment accuracy? Not All Outages Are Equal 2012 October 3© Penelope Gordon 2012

6 6  What are the most common methods for buyers to mitigate risk? The most promising?  What are the most common methods for vendors and providers to mitigate risk? The most promising?  How do you evaluate the costs of mitigation?  How should you account for your supplier’s mitigation costs? TCO of Security 2012 October 3© Penelope Gordon 2012

7 7  What should you consider in prioritizing risks?  What is “acceptable risk” and how do you sell that to your stakeholders and/or buyers?  How can you create a mutually beneficial transaction between buyer/consumer and vendor/provider? Do You Really Want 5 9s? 2012 October 3© Penelope Gordon 2012

8 8  Who should monitor and report on realized threats and/or mitigation outcomes? What should trigger a report?  What do you need to do to get compensated for a realized threat?  How and when should you refine your risk management strategy? Monitoring Risk Mitigation 2012 October 3© Penelope Gordon 2012

9 9 Contacts Mary Beth Borgwing, Standish Risk Management MaryBeth.Borgwing@StandishCorp.com Katalin Bartfai-Walcott, Intel Corporation katalin.kb.walcott@intel.com Penelope Everall Gordon, 1Plug Corporation pegordon@1plug.com John Howie, Cloud Security Alliance jhowie@cloudsecurityalliance.org Virginia “Ginny” Lee, Intel Corporation virginia.y.lee@intel.com 2012 October 3© Penelope Gordon 2012

10 10 Backup 2012 October 3© Penelope Gordon 2012

11 11  A patchwork of agreements necessary to cover risk Terms of Service, SLAs, etc. Depends on the Service model and type of application  Data location and Global Implications Transferring data internationally has obligations  Cyber Risk Insurance – one size does not fit all Data Breach coverage Legal Risk Mitigation 2012 October 3© Penelope Gordon 2012

12 12 2012 October 3© Penelope Gordon 2012


Download ppt "Cloud Risk Management 2012 October 3© Penelope Gordon 2012 Mary Beth Borgwing, Standish Risk Management Penelope Everall Gordon, 1Plug Corporation John."

Similar presentations


Ads by Google