SlideShare une entreprise Scribd logo

The Cloud & I, The CISO challenges with Cloud Computing

Moshe Ferber
Moshe Ferber

The Cloud is a challenge for the Security professional, but also creates opportunities. In this presentation we will overview the different cloud challenges according to each market sector.

Technologie
1  sur  44
The Cloud & I, CISO challenges with the cloud Moshe Ferber CCSK, CCSP When the winds of change blow, some people build walls and others build windmills. - Chinese Proverb
About myself  Information security professional for over 20 years  Founder, partner and investor at various cyber initiatives and startups  Popular industry speaker & lecturer (DefCon, BlackHat, Infosec and more)  Founding committee member for ISC2 CCSP certification.  CCSK Certification lecturer for the Cloud Security Alliance.  Member of the board at Macshava Tova – Narrowing societal gaps  Chairman of the Board, Cloud Security Alliance, Israeli Chapter
So, what is cloud?
Cloud Computing What the CEO think about it?
Cloud Computing How the CFO see it?
Cloud Computing How the End-User feel regarding it?
Cloud Computing And how the CISO Feels about it?
Everyday Examples “Moving to cloud will expose our data to foreign government” “I got a virtualized servers, so I already in the cloud” “I don’t trust the vendors” “What about compliance?” “Our regulator forbid us from moving to the cloud” “Cloud lacks the visibility we need” “We use hosting, so we are already in the cloud.” “We will loose control over our assets” “And What about the NSA…?” “Cloud services are not mature enough”
AgilityAgility What do you say… And how the CISO understand it
ScalabilityScalability What do you say… And how the CISO understand it
ComplianceCompliance What do you say… And how the CISO understand it
ManageabilityManageability What do you say… And how the CISO understand it
ReliabilityReliability What do you say… And how the CISO understand it
Multi tenancyMulti tenancy What do you say… And how the CISO understand it
And of course, you can not avoid the big question… Who is more secured? Cloud or on premise?
Can we define what is more secure? > <=
Can we define which cloud service? Cloud provider A Cloud provider B
Does it really matter?
Cloud Services are very different in nature SaaS PaaS IaaS Private Hybrid Public
The shared responsibility model Physical Security Network & Data Center Security Hypervisors Security Virtual Machines & OS security Data layer & development platform Application Identity Management DATA Audit & Monitoring IaaS PaaS SaaS Consumer responsibility Provider responsibility
So, bottom line, is cloud security improving?
Providers are doing more to increase trust
Improvement with security standards & compliance
Security automation is improving, specially in IaaS/PaaS
Monitoring & auditing are improving
Legal eco-system is getting complicated Technical complexity Legal complexity
Configuration is still open by default, very easy to make mistakes Legal complexity
Increased chances for cloud provider lock-in Legal complexity
Government snooping is increasing Legal complexity
Cloud Focused (Heavy use) Cloud Adopters (running apps in the cloud) Cloud Curious (First projects) Cloud Avoider (Private Cloud adapters) National Infrastructure Cloud challenges varies depending on the market sector Startups Energy SMB Hi Tech Government Health Military Telecom providers Homeland & Military industries Utility Retail Banks Financial Services Industry
The Challenge: Private cloud still got the same attack vectors! Cloud Attack Vectors Provider Administration Management Console Multi tenancy & Virtualization Automation & API Chain of supply Side Channel Attack Insecure Instances Cloud Avoiders Cloud Curious Cloud Adopters Cloud Focused
The Challenge: Build your Cloud strategy Cloud Curious Cloud Avoiders Cloud Adopters Cloud Focused
The challenge: Understand the share responsibility model Cloud Curious Cloud Avoiders Cloud Adopters Cloud Focused
The Challenge: Evaluating the providers Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
Copyright © 2015 Cloud Security Alliance Industry Standards used by Major Cloud Providers ISO/IEC 27018:2014 Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
The Challenge: Look for those abundant applications that can benefit from cloud computing Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused Public Cloud Integrity Availability On premise Confidentiality
Telecom Providers The Challenge: Building cloud services Transparency Certifications Security operations Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
The Challenge: managing multiple cloud applications Governance Encryption Identity management Availability Cloud Focused Cloud Avoiders Cloud Curious Cloud Adopters DLP
Startups The Challenge: Integrating security into your software lifecycle & operations Monitoring Static & Dynamic Analysis Multi Tenancy DEVOPS Cloud Focused Cloud Avoiders Cloud Curious Cloud Adopters
To wrap Things Up… Join CSA Israel Facebook & LinkedIn Forums in order to stay updated regarding latest technologies and community meetups. Don’t let security hold you down
To wrap Things Up… Join CSA Israel Facebook & LinkedIn Forums in order to stay updated regarding latest technologies and community meetups. Use the right tools
To wrap Things Up… Perform responsible cloud adoption!
KEEP IN TOUCH Cloud Security Course Schedule can be find at: http://www.onlinecloudsec.com/course-schedule
Questions?

Recommandé

Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseThe Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseMoshe Ferber
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.Moshe Ferber
 

Recommandé

Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseThe Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseMoshe Ferber
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.Moshe Ferber
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationPvrtechnologies Nellore
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)أحلام انصارى
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedPorticor - The Cloud Security Experts
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidancedrewz lin
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceGeorge Fares
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceAberla
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Cloud Computing Certification
Cloud Computing CertificationCloud Computing Certification
Cloud Computing CertificationVskills
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 

Contenu connexe

Tendances

Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationPvrtechnologies Nellore
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidancedrewz lin
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceGeorge Fares
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceAberla
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 

Tendances (20)

Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud Environment
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption Explained
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
 
Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidance
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a Service
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 

En vedette

Cloud Computing Certification
Cloud Computing CertificationCloud Computing Certification
Cloud Computing CertificationVskills
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...PRISMACLOUD Project
 
Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingPECB
 
Cloud computing
Cloud computingCloud computing
Cloud computingArar Fahem
 
Key Challenges In CLOUD COMPUTING
Key Challenges In CLOUD COMPUTINGKey Challenges In CLOUD COMPUTING
Key Challenges In CLOUD COMPUTINGAtul Chounde
 
Slides cloud computing
Slides cloud computingSlides cloud computing
Slides cloud computingHaslina
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple pptAgarwaljay
 
The NEW Way to Win Friends & Influence People (social media in events)
The NEW Way to Win Friends & Influence People (social media in events)The NEW Way to Win Friends & Influence People (social media in events)
The NEW Way to Win Friends & Influence People (social media in events)Lara McCulloch-Carter
 
Introduction of Cloud computing
Introduction of Cloud computingIntroduction of Cloud computing
Introduction of Cloud computingRkrishna Mishra
 

En vedette (12)

Cloud Computing Certification
Cloud Computing CertificationCloud Computing Certification
Cloud Computing Certification
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Security Trainingen 2015
Security Trainingen 2015Security Trainingen 2015
Security Trainingen 2015
 
cloud computing
cloud computing cloud computing
cloud computing
 
Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...
 
Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud Computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Key Challenges In CLOUD COMPUTING
Key Challenges In CLOUD COMPUTINGKey Challenges In CLOUD COMPUTING
Key Challenges In CLOUD COMPUTING
 
Slides cloud computing
Slides cloud computingSlides cloud computing
Slides cloud computing
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple ppt
 
The NEW Way to Win Friends & Influence People (social media in events)
The NEW Way to Win Friends & Influence People (social media in events)The NEW Way to Win Friends & Influence People (social media in events)
The NEW Way to Win Friends & Influence People (social media in events)
 
Introduction of Cloud computing
Introduction of Cloud computingIntroduction of Cloud computing
Introduction of Cloud computing
 

Similaire à The Cloud & I, The CISO challenges with Cloud Computing

Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial servicesMoshe Ferber
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxlior mazor
 
Predicting The Future: Security and Compliance in the Cloud Age
Predicting The Future: Security and Compliance in the Cloud AgePredicting The Future: Security and Compliance in the Cloud Age
Predicting The Future: Security and Compliance in the Cloud AgeAlert Logic
 
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013STO STRATEGY
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013STO STRATEGY
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 
Agenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraAgenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraZeleno d.o.o.
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud ComputingJoseph Williams
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013STO STRATEGY
 
Cloud service brokerage explained
Cloud service brokerage explainedCloud service brokerage explained
Cloud service brokerage explainedOleksandr Varlamov
 
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...Dana Gardner
 
Windsor AWS UG - Introduction
Windsor AWS UG - IntroductionWindsor AWS UG - Introduction
Windsor AWS UG - IntroductionGoran Karmisevic
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013STO STRATEGY
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunalKashyap Kunal
 
The Cloud Is Rockin' and Rollin' In
The Cloud Is Rockin' and Rollin' InThe Cloud Is Rockin' and Rollin' In
The Cloud Is Rockin' and Rollin' InKrishnan Subramanian
 

Similaire à The Cloud & I, The CISO challenges with Cloud Computing (20)

Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial services
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
 
Predicting The Future: Security and Compliance in the Cloud Age
Predicting The Future: Security and Compliance in the Cloud AgePredicting The Future: Security and Compliance in the Cloud Age
Predicting The Future: Security and Compliance in the Cloud Age
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computing
 
Cloud computing for SMBs
Cloud computing for SMBsCloud computing for SMBs
Cloud computing for SMBs
 
Agenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraAgenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembra
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud Computing
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
 
Cloud service brokerage explained
Cloud service brokerage explainedCloud service brokerage explained
Cloud service brokerage explained
 
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
 
Windsor AWS UG - Introduction
Windsor AWS UG - IntroductionWindsor AWS UG - Introduction
Windsor AWS UG - Introduction
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
The Cloud Is Rockin' and Rollin' In
The Cloud Is Rockin' and Rollin' InThe Cloud Is Rockin' and Rollin' In
The Cloud Is Rockin' and Rollin' In
 

Plus de Moshe Ferber

Cloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsCloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsMoshe Ferber
 
Understanding IaaS/PaaS attack vectors.pptx
Understanding IaaS/PaaS attack vectors.pptxUnderstanding IaaS/PaaS attack vectors.pptx
Understanding IaaS/PaaS attack vectors.pptxMoshe Ferber
 
Foundations of cloud security monitoring
Foundations of cloud security monitoringFoundations of cloud security monitoring
Foundations of cloud security monitoringMoshe Ferber
 
Cloud security certifications landscape
Cloud security certifications landscapeCloud security certifications landscape
Cloud security certifications landscapeMoshe Ferber
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
 

Plus de Moshe Ferber (6)

Cloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsCloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threats
 
Understanding IaaS/PaaS attack vectors.pptx
Understanding IaaS/PaaS attack vectors.pptxUnderstanding IaaS/PaaS attack vectors.pptx
Understanding IaaS/PaaS attack vectors.pptx
 
Foundations of cloud security monitoring
Foundations of cloud security monitoringFoundations of cloud security monitoring
Foundations of cloud security monitoring
 
Cloud security certifications landscape
Cloud security certifications landscapeCloud security certifications landscape
Cloud security certifications landscape
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
 

Dernier

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Dernier (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

The Cloud & I, The CISO challenges with Cloud Computing

  • 1. The Cloud & I, CISO challenges with the cloud Moshe Ferber CCSK, CCSP When the winds of change blow, some people build walls and others build windmills. - Chinese Proverb
  • 2. About myself  Information security professional for over 20 years  Founder, partner and investor at various cyber initiatives and startups  Popular industry speaker & lecturer (DefCon, BlackHat, Infosec and more)  Founding committee member for ISC2 CCSP certification.  CCSK Certification lecturer for the Cloud Security Alliance.  Member of the board at Macshava Tova – Narrowing societal gaps  Chairman of the Board, Cloud Security Alliance, Israeli Chapter
  • 3. So, what is cloud?
  • 4. Cloud Computing What the CEO think about it?
  • 6. Cloud Computing How the End-User feel regarding it?
  • 7. Cloud Computing And how the CISO Feels about it?
  • 8. Everyday Examples “Moving to cloud will expose our data to foreign government” “I got a virtualized servers, so I already in the cloud” “I don’t trust the vendors” “What about compliance?” “Our regulator forbid us from moving to the cloud” “Cloud lacks the visibility we need” “We use hosting, so we are already in the cloud.” “We will loose control over our assets” “And What about the NSA…?” “Cloud services are not mature enough”
  • 9. AgilityAgility What do you say… And how the CISO understand it
  • 10. ScalabilityScalability What do you say… And how the CISO understand it
  • 11. ComplianceCompliance What do you say… And how the CISO understand it
  • 12. ManageabilityManageability What do you say… And how the CISO understand it
  • 13. ReliabilityReliability What do you say… And how the CISO understand it
  • 14. Multi tenancyMulti tenancy What do you say… And how the CISO understand it
  • 15. And of course, you can not avoid the big question… Who is more secured? Cloud or on premise?
  • 16. Can we define what is more secure? > <=
  • 17. Can we define which cloud service? Cloud provider A Cloud provider B
  • 18. Does it really matter?
  • 19. Cloud Services are very different in nature SaaS PaaS IaaS Private Hybrid Public
  • 20. The shared responsibility model Physical Security Network & Data Center Security Hypervisors Security Virtual Machines & OS security Data layer & development platform Application Identity Management DATA Audit & Monitoring IaaS PaaS SaaS Consumer responsibility Provider responsibility
  • 21. So, bottom line, is cloud security improving?
  • 22. Providers are doing more to increase trust
  • 23. Improvement with security standards & compliance
  • 24. Security automation is improving, specially in IaaS/PaaS
  • 25. Monitoring & auditing are improving
  • 26. Legal eco-system is getting complicated Technical complexity Legal complexity
  • 27. Configuration is still open by default, very easy to make mistakes Legal complexity
  • 28. Increased chances for cloud provider lock-in Legal complexity
  • 29. Government snooping is increasing Legal complexity
  • 30. Cloud Focused (Heavy use) Cloud Adopters (running apps in the cloud) Cloud Curious (First projects) Cloud Avoider (Private Cloud adapters) National Infrastructure Cloud challenges varies depending on the market sector Startups Energy SMB Hi Tech Government Health Military Telecom providers Homeland & Military industries Utility Retail Banks Financial Services Industry
  • 31. The Challenge: Private cloud still got the same attack vectors! Cloud Attack Vectors Provider Administration Management Console Multi tenancy & Virtualization Automation & API Chain of supply Side Channel Attack Insecure Instances Cloud Avoiders Cloud Curious Cloud Adopters Cloud Focused
  • 32. The Challenge: Build your Cloud strategy Cloud Curious Cloud Avoiders Cloud Adopters Cloud Focused
  • 33. The challenge: Understand the share responsibility model Cloud Curious Cloud Avoiders Cloud Adopters Cloud Focused
  • 34. The Challenge: Evaluating the providers Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
  • 35. Copyright © 2015 Cloud Security Alliance Industry Standards used by Major Cloud Providers ISO/IEC 27018:2014 Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
  • 36. The Challenge: Look for those abundant applications that can benefit from cloud computing Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused Public Cloud Integrity Availability On premise Confidentiality
  • 37. Telecom Providers The Challenge: Building cloud services Transparency Certifications Security operations Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
  • 38. The Challenge: managing multiple cloud applications Governance Encryption Identity management Availability Cloud Focused Cloud Avoiders Cloud Curious Cloud Adopters DLP
  • 39. Startups The Challenge: Integrating security into your software lifecycle & operations Monitoring Static & Dynamic Analysis Multi Tenancy DEVOPS Cloud Focused Cloud Avoiders Cloud Curious Cloud Adopters
  • 40. To wrap Things Up… Join CSA Israel Facebook & LinkedIn Forums in order to stay updated regarding latest technologies and community meetups. Don’t let security hold you down
  • 41. To wrap Things Up… Join CSA Israel Facebook & LinkedIn Forums in order to stay updated regarding latest technologies and community meetups. Use the right tools
  • 42. To wrap Things Up… Perform responsible cloud adoption!
  • 43. KEEP IN TOUCH Cloud Security Course Schedule can be find at: http://www.onlinecloudsec.com/course-schedule

Notes de l'éditeur

  1. The cloud providers AWS and Azure provide a number of compliance certifications. These certifications save time and resources if customers can rely on 3rd party audits by the bodies awarding these certifications (due diligence should be carried out where required). This is not an exhaustive list..There may be more. CCM has been adopted by both Amazon and Microsoft for their IaaS and PaaS services. Microsoft have it for some of their SaaS products such as Office 365 and CRM Dynamics as mentioned earlier. Source https://aws.amazon.com/compliance/ https://azure.microsoft.com/en-us/support/trust-center/compliance/