A presentation on Cloud Security, presented by Jim Reavis, Executive Director of the Cloud Security Alliance, whose mission is "to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing."

1. www.cloudsecurityalliance.org
Cloud Computing Security

2. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

3. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

4. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Forrester forecasts that the global market for cloud
computing will grow from $40.7 billion in 2011 to more
than $241 billion in 2020
Copyright © 2013 Cloud Security Alliance
1 Million new
mobile
phones a day!

5. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Our IT System
Enabling Big Data
Managing Mobile
Devices
The Glue for the
Internet of Things
Accelerating
innovation
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Copyright © 2013 Cloud Security Alliance

6. www.cloudsecurityalliance.org

7. www.cloudsecurityalliance.org

8. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Copyright © 2013 Cloud Security Alliance

9. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

10. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Trust Innovation
Mobile Clouds
SaaS Encryption
Identity Mgt – Strong Auth everywhere
Reinvent every industry with Cloud/Mobile/Social/Big Data
Copyright © 2013 Cloud Security Alliance

11. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
State Sponsored Cyberattacks?
Organized Crime?
Legal Jurisdiction & Data Sovereignty?
Global Security Standards?
Privacy Protection for Citizens?
Transparency & Visibility from Cloud Providers?
Copyright © 2013 Cloud Security Alliance

12. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Shift the balance of power to consumers of IT
Enable innovation to solve difficult problems of
humanity
Give the individual the tools to control their digital
destiny
Do this by creating confidence, trust and
transparency in IT systems
Security is not overhead, it is the enabler
Copyright © 2013 Cloud Security Alliance

13. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

14. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Industry standard catalog of cloud
security issues and best practices
Widespread adoption
Translated into 6 languages
14 domains

15. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
GRC Stack
Family of 4 research projects
Cloud Controls Matrix (CCM)
Consensus Assessments Initiative
(CAI)
Cloud Audit
Cloud Trust Protocol (CTP)
Impact to the Industry
Developed tools for governance,
risk and compliance management
in the cloud
Technical pilots
Provider certification through
STAR program
Control
Requirements
Provider
Assertions

16. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

17. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
OPEN CERTIFICATION FRAMEWORK
CONTINUOUS
ATTESTATION | CERTIFICATION
SELF ASSESSMENT
TRANSPERANCY
ASSURANCE

18. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Certificate of Cloud Security
Knowledge (CCSK)
Benchmark of cloud security
competency
Online web-based examination
www.cloudsecurityalliance.org/certifyme
Enterprise members get 8 test tokens,
contact ccsk-
admin@cloudsecurityalliance.org to
receive (must provide email addresses
of employees taking test)

19. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Security as a Service
Research for gaining greater understanding
for how to deliver security solutions via
cloud models.
Information Security Industry Re-invented
Identify Ten Categories within SecaaS
Implementation Guidance for each SecaaS
Category
Align with international standards and other CSA
research
Industry Impact
Defined 10 Categories of Service and
Developed Domain 14 of CSA Guidance
V.3

20. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Mobile
Securing application stores and other public entities
deploying software to mobile devices
Analysis of mobile security capabilities and features
of key mobile operating systems
Cloud-based management, provisioning, policy, and
data management of mobile devices to achieve
security objectives
Guidelines for the mobile device security framework
and mobile cloud architectures
Solutions for resolving multiple usage roles related to
BYOD, e.g. personal and business use of a common
device
Best practices for secure mobile application
development

21. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Big Data
Identifying scalable techniques for
data-centric security and privacy
problems
Lead to crystallization of best practices
for security and privacy in big data
Help industry and government on
adoption of best practices
Establish liaisons with other
organizations in order to coordinate the
development of big data security and
privacy standards
Accelerate the adoption of novel
research aimed to address security
and privacy issues

22. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Our research includes
fundamental projects needed
to define and implement trust
within the future of
information technology
CSA continues to be
aggressive in producing
critical research, education
and tools
Copyright © 2013 Cloud Security Alliance

23. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

24. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

25. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

26. www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Jim Reavis
jreavis@cloudsecurityalliance.org
Copyright © 2013 Cloud Security Alliance

27. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance