Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Slides:



Advertisements
Similar presentations
© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.
Advertisements

Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.
Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.
1 Cloud Security in the Federal Sector: FedRAMP (Federal Risk and Authorization Management Program) © Grant Thornton LLP. All rights reserved. Orus Dearman,
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Cloud Computing NSAA Tallahassee September 2010 Brian Rue
Cloud Security Challenges Today and Tomorrow NameTitle February 2011.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Federal Cloud Computing Initiative Matthew Goodrich November 5, 2010 GSA Confidential and Proprietary – Not for Distribution Section 508 Coordinator Conference.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security,
Cloud Usability Framework
Wally Kowal, President and Founder Canadian Cloud Computing Inc.
M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Does "The Cloud" Fit Into Your Organization? Tom Horan Meridian IT Inc. VP, Strategic Markets (847)
Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.
Achieving Security Assurance and Compliance in the Cloud Jim Reavis Executive Director.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Discussion on LI for Mobile Clouds
Plan Introduction What is Cloud Computing?
CLOUD COMPUTING. IAAS / PAAS / SAAS LAYERS. Olena Matokhina Development and Consulting Team Lead 2 ABOUT PRESENTER.
NIST Information Technology Laboratory Cloud Computing Program NIST Cloud Computing Program Current Activities Robert Bohn OASIS – International Cloud.
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
Security Framework For Cloud Computing -Sharath Reddy Gajjala.
Effectively and Securely Using the Cloud Computing Paradigm.
1 © 2009 Cisco Systems, Inc. All rights reserved.Cisco PublicC Cloud Computing: What’s on the Horizon Daniel Bogda Channel SE.
Clouds on IT horizon Faculty of Maritime Studies University of Rijeka Sanja Mohorovičić INFuture 2009, Zagreb, 5 November 2009.
Cloud Security Alliance
+ System Center 2012 SP1 – What’s The Cloud Got To Do With it?
MIGRATING INTO A CLOUD P. Sai Kiran. 2 Cloud Computing Definition “It is a techno-business disruptive model of using distributed large-scale data centers.
Cloud Enabled Healthcare Presented by: Ron Parker and Stanley Ratajczak Emerging Technology Group Canada Health Infoway Inc. May 28, 2013Copyright © 2013.
Moving to the Cloud HHS Directions in Cloud Computing Mary Forbes, Chief Enterprise Architect Scott Cory, Capital Planning and Investment Control Officer.
Cloud Security Challenges Today and Tomorrow Aloysius Cheang Asia Pacific Strategy Advisor April 2011.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Cloud Security Alliance Research & Roadmap Jim Reavis Executive Director August 2011.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.
Computer Science and Engineering 1 Cloud ComputingSecurity.
Achieving Security Assurance and Compliance in the Cloud Jim Reavis Executive Director.
Cloud Security Alliance Research & Roadmap
M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
Cloud Security Alliance Overview and Organizational Plans Jim Reavis, Co-founder & Executive Director August 5, 2009.
Assessment and Authorization for Cloud Computing Dr. Sarbari Gupta ext 12 Third Workshop on Cyber Security & Global.
2009 Federal IT Summit Cloud Computing Breakout October 28, 2009.
1 NETE4631 Course Wrap-up and Benefits, Challenges, Risks Lecture Notes #15.
Cloud Security: Critical Threats and Global Initiatives Jim Reavis, Executive Director July, 2010.
Cloud computing Cloud Computing1. NIST: Five essential characteristics On-demand self-service Computing capabilities, disks are demanded over the network.
CLOUD COMPUTING RICH SANGPROM. What is cloud computing? “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a.
Optimize the Business with Microsoft Datacenter Services 2.0
CLOUD COMPUTING WHAT IS CLOUD COMPUTING?  Cloud Computing, also known as ‘on-demand computing’, is a kind of Internet-based computing,
ISA 201 Intermediate Information Systems Acquisition.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
1 Views of Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair March 25, © Ravi Sandhu.
CS 6027 Advanced Networking FINAL PROJECT ​. Cloud Computing KRANTHI ​ CHENNUPATI PRANEETHA VARIGONDA ​ SANGEETHA LAXMAN ​ VARUN ​ DENDUKURI.
 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”
Chapter 6: Securing the Cloud
Understanding The Cloud
Avenues International Inc.
Developing a Baseline On Cloud Security Jim Reavis, Executive Director
3 Cloud Computing.
Achieving Security Assurance and Compliance in the Cloud
Cloud Computing: Concepts
Computer Science and Engineering
Windows Azure Hybrid Architectures and Patterns
IT Management Services Infrastructure Services
Presentation transcript:

Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security

A Combat Support Agency Unclassified 9/5/ :31 PM 2 Purpose & Agenda Purpose Provide information about the current state of industry understanding and activities related to securing cloud computing, as a foundation for today’s collaboration 1. Defining Cloud 2. Reference Model 3. Architecture 4. FedRAMP 5. Cloud Guidance 6. Relating to Tracks

A Combat Support Agency Unclassified What is Cloud Computing? Compute as a utility: third major era of computing – Mainframe – PC Client/Server – Cloud computing: On demand model for allocation and consumption of computing Cloud enabled by – Moore’s Law: Costs of compute & storage approaching zero – Hyperconnectivity: Robust bandwidth from dotcom investments – Service Oriented Architecture (SOA) – Scale: Major providers create massive IT capabilities

A Combat Support Agency Unclassified Broad Private/Public View Ecosystem Definitions/Onotology/Taxonomy Architecture Compliance Threat research & modeling Domains of Concern

A Combat Support Agency Unclassified NIST: Defining Cloud Characteristics – On demand provisioning – Elasticity – Multi-tenancy – Measured service Delivery Models – Infrastructure as a Service (IaaS): basic O/S & storage – Platform as a Service (PaaS): IaaS + rapid dev – Software as a Service (SaaS): complete application Deployment Modes – Public – Private – Hybrid – Community

A Combat Support Agency Unclassified CSA Cloud Reference Model From CSA Architectural WG 10 Layer reference model view of Cloud Computing Encourages cumulative view of SaaS/PaaS/IaaS delivery

A Combat Support Agency Unclassified S-P-I context IaaS Infrastructure as a Service You build security in You “RFP” security in PaaS Platform as a Service SaaS Software as a Service

A Combat Support Agency Unclassified Architectural Depictions From Open Security Architecture Actor-centric view of cloud architecture

A Combat Support Agency Unclassified Architectural Depictions Service-centric architectural model from CSA

A Combat Support Agency Unclassified Federal Risk & Authorization Management Program (FedRAMP) A government-wide initiative to provide joint authorization services –FedRAMP PMO in GSA –Unified government-wide risk management –Agencies would leverage FedRAMP authorizations (when applicable) Agencies retain their responsibility and authority to ensure use of systems that meet their security needs FedRAMP would provide an optional service to agencies

A Combat Support Agency Unclassified Duplicative risk management efforts Incompatible requirements Potential for inconsistent application and interpretation of Federal security requirements AgencyA&AVendor BEFORE AgencyA&AVendor FedRAMP Unified Risk management and associated cost savings Inter-Agency vetted and compatible requirements using a shared cloud service Effective and consistent assessment of cloud services AFTER Federal Risk & Authorization Management Program (FedRAMP)

A Combat Support Agency Unclassified FedRAMP Authorization Request Process Cloud BPAGovernment Cloud Systems Services must be intended for use by multiple agencies Agency Sponsorship Primary Agency Sponsorship Primary Agency Contract Secondary Agency Sponsorship Cloud Services through FCCI BPAs There are 3 ways a Cloud Service can be proposed for FedRAMP Authorization: 312

A Combat Support Agency Unclassified CSA Guidance Research Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 13 Domains of concern in 3 main groupings 13 Domains of concern in 3 main groupings – Architecture – Governance – Operations

A Combat Support Agency Unclassified Track 1 - Cloud Security Policy and Guidance Consensus issues identified from industry research – Auditing capabilities – Rogue insiders – 3 rd party management – Transparency – Data governance: leakage, persistence, destruction, commingling – Understand risk profile & align key risk indicators – Translating legacy controls – Lock-in

A Combat Support Agency Unclassified Track 2 - Cloud Security Architecture and Technology Consensus issues identified from industry research – Lack of purpose-built multi-tenant technology – Federating hybrid clouds – Duplicating granular defense in depth – Hardware exploits: CPU, DMA, Bus, I/O – Hardening virtualization – Segregation of encryption and key mgt – Developing layers of abstractions, SOA principles – Vulnerability scanning – Software development lifecycle impact – Threat modeling

A Combat Support Agency Unclassified Track 3 – Secure Cloud Operations Consensus issues identified from industry research – Forensics – Patch management – Malware – Logging – Monitoring & visibility – Account, service, traffic hijacking – Suboptimal resource sharing & time slicing – Compartmentalization of operational activities

A Combat Support Agency Unclassified Thank You! Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.