Gain Comfort In Losing Control To The Cloud presented at SOURCE Boston 2010

by Randy Barr,

Tags: Security Cloud

Summary : Cloud solutions are entering mainstream with vendors of all sizes flocking to build and dliver services in the cloud due to the economic and technical advantages of this model gained at all levels. This new paradigm, however, requires a new thinking in security, auditing and compliance. Cloud Providers are required to protect their customer data due to regulatory and customer requirements. Implementing those controls required by customers can lead towards a competitive advantage, which both providers and users of the cloud benefit from.
Every company has their own practice in evaluating the security posture of a cloud provider. In each case, there are opportunities for a cloud provider to share information that will eventually reduce the scope or eliminate the requirement for an onsite review. The goal is to work with the provider to be more transparent about their security practice and develop a relationship that would allow the SaaS provider to act as an extension to the customer's security team.
This talk focuses on the following areas:
* Definitions of cloud architectures, characteristics and service delivery models
* Understanding key components of cloud infrastructures
* Differences in cloud architectures from those of traditional IT infrastructures
* Risks and controls within unique to cloud environments
Benefit of cloud certifications such the SysTrust Seal, SAS-70 Type II
* Incorporating the ISO-17799 Control Objectives, DIACAP / FISMA reviews and others in cloud environments
* Preparing for an onsite review