Www.cloud-security.org.uk Copyright © 2012 Cloud Security Alliance – UK & Ireland Liberty Hall,...
-
Upload
rosaline-small -
Category
Documents
-
view
218 -
download
4
Transcript of Www.cloud-security.org.uk Copyright © 2012 Cloud Security Alliance – UK & Ireland Liberty Hall,...
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
Liberty Hall, Dublin March 30th 2012
LIR Annual Seminar
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
Brian HonanCSA - UK & Ireland Chapter
Is the future secure?
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
Cloud Security Alliance• Global, not-for-profit organization• Over 23,000 individual members, 100 corporate
members, 50 chapters• Building best practices and a trusted cloud
ecosystem• Agile philosophy, rapid development of applied
research• GRC: Balance compliance with risk management• Reference models: build using existing standards• Identity: a key foundation of a functioning cloud economy• Champion interoperability• Enable innovation• Advocacy of prudent public policy
“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud
Computing to help secure all other forms of computing.”
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
UK & Ireland chapter
• Over 2,000 individual members
• Focused on Information Risk Management
“To provide the guidance and tools required to allow business and home users of cloud services to manage risks to their information in order to embrace the opportunities afforded by the
interconnected information society of the 21st century.”
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
…from the Knights Templar to Jeremy Clarkson, onto James May and beyond!
We’re going on a journey…
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
What is it to be secure?
“the state of being free from danger or threat”
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
• The original ‘trust authority’
• Conveyed money around the middle east during the crusades
• Founders of modern banking systems…
• …which are based on trust
Why the Knights Templar?…
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
• Money isn’t real
• You trust the bank to pay you – based on a promise!
Trust in modern banking…
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
• The bank teller model worked for centuries
• Until the 1990’s
• When trust moved…
…is it misplaced?
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
• Web 2.0 creates new challenges…
• …for which we create new controls
• Which surely enhance security?
• Enter our second guest…
Are we keeping up?
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
• Published bank details after HMRC breach in 2008
• Direct debit setup to make charitable contribution
“The bank cannot find out who did this because of the Data
Protection Act and they cannot stop it from happening
again”Jeremy Clarkson
Remember Jeremy Clarkson?…
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
What does this prove?
• That the boundaries have moved
• Security no longer exists as we understand it
• That technology can’t be controlled using traditional thinking
• That we need to evolve our thinkingTime for our third guest…
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
• Understanding your assets allows tangible benefit
• Defined frameworks are required
• Requires constant re-evaluation to achieve goals
Enter James May!
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
So what about the future?
• You’re here, now!
• The line between consumerisation and business is dissolving rapidly
• Technology and adoption evolves faster than ever before
• Risks are not to be feared, but managed
• Compliance will not help you!
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
So where do we start?• Ask questions about your business• Determine the information assets
being used• Don’t assume control context• Determine the information risks you
need managing• Determine responsibility for operating
controls• Ensure metrics measure desired
control performance
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland
Want to know more?
Have your say and be heard in the Cloud discussion
• Joining us is free
• Join at www.cloud-security.org.uk
• Email me on [email protected]
• Follow us on twitter: @CSAUKEire