SlideShare une entreprise Scribd logo

The Perfect Storm

Ramsés Gallego
Ramsés Gallego

The Perfect Storm: Threats and Risks in the Cloud

TechnologieBusiness
1  sur  19
The Perfect Storm: Threats and Risks in the Cloud Ramsés Gallego CISM, CGEIT, CISSP SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt , Chief Strategy Officer - Entel Security & Risk Management rgallego@entel.es
Confidence Resilience Data Segregation Compliance Right to Audit User Access Identity Dispute Recovery resolution Virtualization Isolation Forensics Data Location Trust Maturity Models Privacy Web 2.0 Surety Architectures Emerging Traceability Evidence Web Services Metrics gathering Competitive Advantage Workflow Incident handling
What is Cloud? The biggest evolution in technology that can have an impact similar to the birth of the Internet Number 1 on the list of ‘10 strategic technologies’ of all the analysts ‘Unless you’ve been under a rock recently, you’ve probably heard Cloud Computing as the next revolution in IT’ - CFO Magazine
What is Cloud? A pay-as-you-go model for using applications, development platforms and/or IT infrastructure 7
8
Corporate mandates Manage risk Manage cost Improve service Align IT investments • Compliance • IT Portfolio Management • Optimize resources • Service Availability • Asset protection • Value Management • Automate processes • Service Management • Continuity Management • Process Management Optimal value providing Manage operational and Better CAPEX and effective and efficient Align investments with business risk OPEX management services corporate objectives 9
The same principles... different context
11
Some numbers Security Management Monitoring Availability Cloud Adoption 60 59% 9% 12% 45 30 27% 79% 15 17% Security concerns Manageability Cost Priorities 7% Sources: IBM survey 2010, Ponemon Institute, CA Technologies, ISACA, ENISA, CSA
Business-driven
Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster Recovery Operating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization
Key Cloud Security problems From CSA Top Threats Research Trust: Lack of Provider transparency. Impacts Governance, Risk & Compliance Data: Leakage, Loss or Storage in unfriendly geography Insecure Cloud software Malicious use of Cloud services Account/Service Hijacking Malicious Insiders Cloud-specific attacks
Security is paramount
Useful resources
10 questions to ask to the Cloud 1. How is identity and access managed in the Cloud? 2. Where will my data be geographically located? 3. How securely is my data handled? 4. How is access by privileged users controlled? 5. How is data protected against privileged user abuse? 6. What levels of isolation are supported? 7. How is my data protected in virtual environments? 8. How are the systems protected against Internet threats? 9. How are activities monitored and logged? 10. What kind of information security certification do you have?
THANK YOU Ramsés Gallego CISM, CGEIT, CISSP SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt , Chief Strategy Officer - Entel Security & Risk Management rgallego@entel.es

Recommandé

IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACARamsés Gallego
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programRamsés Gallego
 
Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systemsRamsés Gallego
 
Dataplex Company Overview
Dataplex Company OverviewDataplex Company Overview
Dataplex Company Overviewdataplex systems limited
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011IBM Sverige
 

Recommandé

IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACARamsés Gallego
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programRamsés Gallego
 
Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systemsRamsés Gallego
 
Dataplex Company Overview
Dataplex Company OverviewDataplex Company Overview
Dataplex Company Overviewdataplex systems limited
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011IBM Sverige
 
NJVC Brochure
NJVC BrochureNJVC Brochure
NJVC BrochureSpencer Nelson
 
Sw keynote
Sw keynoteSw keynote
Sw keynotegueste69f645
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingSam Garforth
 
Mms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server InfrastructureMms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server Infrastructureguestd9aa5
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRCNorman Mayes
 
Accelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelAccelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelOpen Data Center Alliance
 
Exterro Fusion Enterprise Suite Product Overview
Exterro Fusion Enterprise Suite Product OverviewExterro Fusion Enterprise Suite Product Overview
Exterro Fusion Enterprise Suite Product OverviewExterro
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesDemystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesBhavesh Bhagat, CGEIT, CISM (LION)
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate PresentationParth Agrawal
 
Day 3 p3 - xs and ec
Day 3 p3 - xs and ecDay 3 p3 - xs and ec
Day 3 p3 - xs and ecLilian Schaffer
 
Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11Hellenic Professionals Informatics Society
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Briefmageeb
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Energy Network marcus evans
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:HyTrust
 
Kascade corporate profile
Kascade corporate profileKascade corporate profile
Kascade corporate profileMukund Ananda
 
Ca partner day - qualità servizi - roma 1 di 2
Ca partner day - qualità servizi - roma 1 di 2Ca partner day - qualità servizi - roma 1 di 2
Ca partner day - qualità servizi - roma 1 di 2CA Technologies Italia
 
Fix nix Pitch
Fix nix PitchFix nix Pitch
Fix nix PitchAshok Dandu
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011IBM Sverige
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Enterprise
 
IBM Software Day 2013. Unleash business innovation with the next generation o...
IBM Software Day 2013. Unleash business innovation with the next generation o...IBM Software Day 2013. Unleash business innovation with the next generation o...
IBM Software Day 2013. Unleash business innovation with the next generation o...IBM (Middle East and Africa)
 

Contenu connexe

Tendances

Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingSam Garforth
 
Mms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server InfrastructureMms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server Infrastructureguestd9aa5
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRCNorman Mayes
 
Accelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelAccelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelOpen Data Center Alliance
 
Exterro Fusion Enterprise Suite Product Overview
Exterro Fusion Enterprise Suite Product OverviewExterro Fusion Enterprise Suite Product Overview
Exterro Fusion Enterprise Suite Product OverviewExterro
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesDemystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesBhavesh Bhagat, CGEIT, CISM (LION)
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate PresentationParth Agrawal
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Briefmageeb
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Energy Network marcus evans
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:HyTrust
 
Kascade corporate profile
Kascade corporate profileKascade corporate profile
Kascade corporate profileMukund Ananda
 
Ca partner day - qualità servizi - roma 1 di 2
Ca partner day - qualità servizi - roma 1 di 2Ca partner day - qualità servizi - roma 1 di 2
Ca partner day - qualità servizi - roma 1 di 2CA Technologies Italia
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011IBM Sverige
 

Tendances (19)

NJVC Brochure
NJVC BrochureNJVC Brochure
NJVC Brochure
 
Sw keynote
Sw keynoteSw keynote
Sw keynote
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud Computing
 
Mms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server InfrastructureMms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server Infrastructure
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRC
 
Accelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelAccelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, Intel
 
Exterro Fusion Enterprise Suite Product Overview
Exterro Fusion Enterprise Suite Product OverviewExterro Fusion Enterprise Suite Product Overview
Exterro Fusion Enterprise Suite Product Overview
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesDemystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate Presentation
 
Day 3 p3 - xs and ec
Day 3 p3 - xs and ecDay 3 p3 - xs and ec
Day 3 p3 - xs and ec
 
Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Brief
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
 
Kascade corporate profile
Kascade corporate profileKascade corporate profile
Kascade corporate profile
 
Ca partner day - qualità servizi - roma 1 di 2
Ca partner day - qualità servizi - roma 1 di 2Ca partner day - qualità servizi - roma 1 di 2
Ca partner day - qualità servizi - roma 1 di 2
 
Fix nix Pitch
Fix nix PitchFix nix Pitch
Fix nix Pitch
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
 

Similaire à The Perfect Storm

Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Enterprise
 
IBM Software Day 2013. Unleash business innovation with the next generation o...
IBM Software Day 2013. Unleash business innovation with the next generation o...IBM Software Day 2013. Unleash business innovation with the next generation o...
IBM Software Day 2013. Unleash business innovation with the next generation o...IBM (Middle East and Africa)
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Service Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextService Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextMicrosoft Norge AS
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 
Service Availability and Performance Management - PCTY 2011
Service Availability and Performance Management - PCTY 2011Service Availability and Performance Management - PCTY 2011
Service Availability and Performance Management - PCTY 2011IBM Sverige
 
PCTY 2012 keynote præsentation
PCTY 2012 keynote præsentationPCTY 2012 keynote præsentation
PCTY 2012 keynote præsentationIBM Danmark
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)sonnysonare
 
Day 2 p1 - operate simply
Day 2 p1 - operate simplyDay 2 p1 - operate simply
Day 2 p1 - operate simplyLilian Schaffer
 
Day 2 p1 - operate simply
Day 2 p1 - operate simplyDay 2 p1 - operate simply
Day 2 p1 - operate simplyLilian Schaffer
 
Plan for success: Getting to grips with the strategic planning issues of clou...
Plan for success: Getting to grips with the strategic planning issues of clou...Plan for success: Getting to grips with the strategic planning issues of clou...
Plan for success: Getting to grips with the strategic planning issues of clou...Capgemini
 
Cloud Computing in Indonesia
Cloud Computing in IndonesiaCloud Computing in Indonesia
Cloud Computing in IndonesiaHeru Sutadi
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
 
IBM Social Business Development for CXOs
IBM Social Business Development for CXOsIBM Social Business Development for CXOs
IBM Social Business Development for CXOsFriedel Jonker
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalSOA Symposium
 

Similaire à The Perfect Storm (20)

Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
 
IBM Software Day 2013. Unleash business innovation with the next generation o...
IBM Software Day 2013. Unleash business innovation with the next generation o...IBM Software Day 2013. Unleash business innovation with the next generation o...
IBM Software Day 2013. Unleash business innovation with the next generation o...
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Service Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextService Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustext
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Service Availability and Performance Management - PCTY 2011
Service Availability and Performance Management - PCTY 2011Service Availability and Performance Management - PCTY 2011
Service Availability and Performance Management - PCTY 2011
 
PCTY 2012 keynote præsentation
PCTY 2012 keynote præsentationPCTY 2012 keynote præsentation
PCTY 2012 keynote præsentation
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)
 
Day 2 p1 - operate simply
Day 2 p1 - operate simplyDay 2 p1 - operate simply
Day 2 p1 - operate simply
 
Day 2 p1 - operate simply
Day 2 p1 - operate simplyDay 2 p1 - operate simply
Day 2 p1 - operate simply
 
Plan for success: Getting to grips with the strategic planning issues of clou...
Plan for success: Getting to grips with the strategic planning issues of clou...Plan for success: Getting to grips with the strategic planning issues of clou...
Plan for success: Getting to grips with the strategic planning issues of clou...
 
Cloud Computing in Indonesia
Cloud Computing in IndonesiaCloud Computing in Indonesia
Cloud Computing in Indonesia
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
 
IBM Social Business Development for CXOs
IBM Social Business Development for CXOsIBM Social Business Development for CXOs
IBM Social Business Development for CXOs
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A Operational
 

Plus de Ramsés Gallego

ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011Ramsés Gallego
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelRamsés Gallego
 
Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service ManagementRamsés Gallego
 
Metrics, measures & Myths
Metrics, measures & MythsMetrics, measures & Myths
Metrics, measures & MythsRamsés Gallego
 
DLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoDLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoRamsés Gallego
 
e-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallegoe-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_GallegoRamsés Gallego
 

Plus de Ramsés Gallego (10)

ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
 
Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service Management
 
Metrics, measures & Myths
Metrics, measures & MythsMetrics, measures & Myths
Metrics, measures & Myths
 
Malware mitigation
Malware mitigationMalware mitigation
Malware mitigation
 
DLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoDLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés Gallego
 
e-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallegoe-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallego
 
Entel SSO
Entel SSOEntel SSO
Entel SSO
 
Entel DLP
Entel DLPEntel DLP
Entel DLP
 
Entel S&RM
Entel S&RMEntel S&RM
Entel S&RM
 

Dernier

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Dernier (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

The Perfect Storm

  • 1. The Perfect Storm: Threats and Risks in the Cloud Ramsés Gallego CISM, CGEIT, CISSP SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt , Chief Strategy Officer - Entel Security & Risk Management rgallego@entel.es
  • 2.
  • 3.
  • 4. Confidence Resilience Data Segregation Compliance Right to Audit User Access Identity Dispute Recovery resolution Virtualization Isolation Forensics Data Location Trust Maturity Models Privacy Web 2.0 Surety Architectures Emerging Traceability Evidence Web Services Metrics gathering Competitive Advantage Workflow Incident handling
  • 5.
  • 6. What is Cloud? The biggest evolution in technology that can have an impact similar to the birth of the Internet Number 1 on the list of ‘10 strategic technologies’ of all the analysts ‘Unless you’ve been under a rock recently, you’ve probably heard Cloud Computing as the next revolution in IT’ - CFO Magazine
  • 7. What is Cloud? A pay-as-you-go model for using applications, development platforms and/or IT infrastructure 7
  • 8. 8
  • 9. Corporate mandates Manage risk Manage cost Improve service Align IT investments • Compliance • IT Portfolio Management • Optimize resources • Service Availability • Asset protection • Value Management • Automate processes • Service Management • Continuity Management • Process Management Optimal value providing Manage operational and Better CAPEX and effective and efficient Align investments with business risk OPEX management services corporate objectives 9
  • 10. The same principles... different context
  • 11. 11
  • 12. Some numbers Security Management Monitoring Availability Cloud Adoption 60 59% 9% 12% 45 30 27% 79% 15 17% Security concerns Manageability Cost Priorities 7% Sources: IBM survey 2010, Ponemon Institute, CA Technologies, ISACA, ENISA, CSA
  • 14. Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster Recovery Operating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization
  • 15. Key Cloud Security problems From CSA Top Threats Research Trust: Lack of Provider transparency. Impacts Governance, Risk & Compliance Data: Leakage, Loss or Storage in unfriendly geography Insecure Cloud software Malicious use of Cloud services Account/Service Hijacking Malicious Insiders Cloud-specific attacks
  • 18. 10 questions to ask to the Cloud 1. How is identity and access managed in the Cloud? 2. Where will my data be geographically located? 3. How securely is my data handled? 4. How is access by privileged users controlled? 5. How is data protected against privileged user abuse? 6. What levels of isolation are supported? 7. How is my data protected in virtual environments? 8. How are the systems protected against Internet threats? 9. How are activities monitored and logged? 10. What kind of information security certification do you have?
  • 19. THANK YOU Ramsés Gallego CISM, CGEIT, CISSP SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt , Chief Strategy Officer - Entel Security & Risk Management rgallego@entel.es