SlideShare une entreprise Scribd logo

David Slater G-Cloud Meet Up

Télécharger en tant que PPTX, PDF
WeAreEsynergy
WeAreEsynergy

Presentation from David Slater at our G-Cloud Meet Up

TechnologieBusiness
1  sur  10
David Slater, CLAS Consultant
Security in G-Cloud Services at Restricted dd-mm-yyyy
Introduction • Achieving Restricted (IL3) accreditation of service is not easy • Presentation covers experiences gained from achieving accreditation of Restricted (IL3) services for Atos • Not an exhaustive list – just the highlights | Identity, Security and Risk Management from Atos Consulting
Before You Start … • Review your solution against: • • • • CESG Architectural Patters CESG Good Practice Guides IS Standards Check that your ISO 27001 Certification is: • • • Current Suitably scoped UKAS Certified (recognized) CESG like compliancy matrices against the relevant GPG’s Read the PSN Code | Identity, Security and Risk Management from Atos Consulting
Key Security Controls • Make sure applications: • • • Address the OWASP Top Ten Think about limiting concurrent logins Think about defense in depth • Input Validation • Parameterized Stored Procedures • Output Validation • Manage Out-of-Bands • Separate Interface • Not via the Internet • Lock everything down against Industry Guides (Centre for Internet Security) • Use CPA approved or Common Criteria Approved products | Identity, Security and Risk Management from Atos Consulting
Support • Keep it in the UK at Restricted (IL3) • Use secure protocols • SSH • HTTPS • Use dedicated support terminals • CESG approved encryption across insecure networks • Issue with approved products • Support from the office – not via Internet/Remote Access • Cleared staff • Another issue 6 | Identity, Security and Risk Management from Atos Consulting
Consider hosting in a pre-accredited Service A number of accredited ‘hosting’ environments: • • • • • Atos Skyscape Lockheed Martin SCC • Not all the same, each has its strengths and weaknesses • Look at what you get against your needs: • Internet Connection • PSN Connection • Support Connections • Monitoring • Patching • Disaster Recovery • Protective Monitoring 7 | Identity, Security and Risk Management from Atos Consulting
Things that catch you out …. • Staff Clearances • Cabinet Office will clear small number • SC for privileged users • Key Material for CAPS products • No easy route to gain • No real alternative • Penetration Tests • Recent – many month old test is no good • Single vulnerability allowing inter-network connection • CESG Design Review 8 | Identity, Security and Risk Management from Atos Consulting
The PGA is …. • Risk adverse • Well briefed • Has a lot of backup • Aligned with CESG Guidance 9 | Identity, Security and Risk Management from Atos Consulting
Thank You 10 | Identity, Security and Risk Management from Atos Consulting

Recommandé

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
Vladimir Jirasek
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
Vladimir Jirasek
 
Alert Logic - Corporate Overview
Alert Logic - Corporate OverviewAlert Logic - Corporate Overview
Alert Logic - Corporate Overview
bmiller144
 
How to Rightsize Your Citrix Investment
How to Rightsize Your Citrix InvestmentHow to Rightsize Your Citrix Investment
How to Rightsize Your Citrix Investment
Zivaro Inc
 
21.06.2017 - KYOS Breakfast Event
21.06.2017 - KYOS Breakfast Event 21.06.2017 - KYOS Breakfast Event
21.06.2017 - KYOS Breakfast Event
Kyos
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa
 
Conquest Security Capabilities
Conquest Security CapabilitiesConquest Security Capabilities
Conquest Security Capabilities
Conquest Security, Inc.
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa
 

Recommandé

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
Vladimir Jirasek
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
Vladimir Jirasek
 
Alert Logic - Corporate Overview
Alert Logic - Corporate OverviewAlert Logic - Corporate Overview
Alert Logic - Corporate Overview
bmiller144
 
How to Rightsize Your Citrix Investment
How to Rightsize Your Citrix InvestmentHow to Rightsize Your Citrix Investment
How to Rightsize Your Citrix Investment
Zivaro Inc
 
21.06.2017 - KYOS Breakfast Event
21.06.2017 - KYOS Breakfast Event 21.06.2017 - KYOS Breakfast Event
21.06.2017 - KYOS Breakfast Event
Kyos
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa
 
Conquest Security Capabilities
Conquest Security CapabilitiesConquest Security Capabilities
Conquest Security Capabilities
Conquest Security, Inc.
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
centralohioissa
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Discover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & ManagementDiscover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & Management
Webindia Internet Services (Chennai) Pvt. Ltd.
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Skybox Security
 
NEWSentinel_services15
NEWSentinel_services15NEWSentinel_services15
NEWSentinel_services15
Bilha Diaz
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
Revital Lapidot
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
AlgoSec
 
It Infrastructure Security - 24x7 Security Monitoring
It Infrastructure Security - 24x7 Security MonitoringIt Infrastructure Security - 24x7 Security Monitoring
It Infrastructure Security - 24x7 Security Monitoring
Webindia Internet Services
 
The Compliancy Group : The Guard, a HIPAA Compliance Solution
The Compliancy Group : The Guard, a HIPAA Compliance SolutionThe Compliancy Group : The Guard, a HIPAA Compliance Solution
The Compliancy Group : The Guard, a HIPAA Compliance Solution
Compliancy Group
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero Trust
Ivan Dwyer
 
collateral_datasheet_sungard
collateral_datasheet_sungardcollateral_datasheet_sungard
collateral_datasheet_sungard
Cheryl Goldberg
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero Trust
Ivan Dwyer
 
Bitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use CasesBitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use Cases
Bitglass
 
Bengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, PolenBengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, Polen
Cybercom Group
 
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
Outpost24
 
Moving Security to the Left
Moving Security to the LeftMoving Security to the Left
Moving Security to the Left
Javier Godinez
 
Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
Patrick Sklodowski
 
Steve Cliff G-Cloud UK Meet Up
Steve Cliff G-Cloud UK Meet UpSteve Cliff G-Cloud UK Meet Up
Steve Cliff G-Cloud UK Meet Up
WeAreEsynergy
 
Development platforms for startups by shawn gosh at guru program spring 2014
Development platforms for startups by shawn gosh at guru program spring 2014Development platforms for startups by shawn gosh at guru program spring 2014
Development platforms for startups by shawn gosh at guru program spring 2014
TechMeetups
 

Contenu connexe

Tendances

Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
centralohioissa
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Skybox Security
 
NEWSentinel_services15
NEWSentinel_services15NEWSentinel_services15
NEWSentinel_services15
Bilha Diaz
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
AlgoSec
 
collateral_datasheet_sungard
collateral_datasheet_sungardcollateral_datasheet_sungard
collateral_datasheet_sungard
Cheryl Goldberg
 
Bengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, PolenBengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, Polen
Cybercom Group
 

Tendances (20)

Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
 
Discover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & ManagementDiscover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & Management
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
 
NEWSentinel_services15
NEWSentinel_services15NEWSentinel_services15
NEWSentinel_services15
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
It Infrastructure Security - 24x7 Security Monitoring
It Infrastructure Security - 24x7 Security MonitoringIt Infrastructure Security - 24x7 Security Monitoring
It Infrastructure Security - 24x7 Security Monitoring
 
The Compliancy Group : The Guard, a HIPAA Compliance Solution
The Compliancy Group : The Guard, a HIPAA Compliance SolutionThe Compliancy Group : The Guard, a HIPAA Compliance Solution
The Compliancy Group : The Guard, a HIPAA Compliance Solution
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero Trust
 
collateral_datasheet_sungard
collateral_datasheet_sungardcollateral_datasheet_sungard
collateral_datasheet_sungard
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero Trust
 
Bitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use CasesBitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use Cases
 
Bengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, PolenBengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, Polen
 
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
 
Moving Security to the Left
Moving Security to the LeftMoving Security to the Left
Moving Security to the Left
 
Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
 

En vedette

IBM SmartCloud and ISVs September 2013 (Softlayer)
IBM SmartCloud and ISVs September 2013 (Softlayer)IBM SmartCloud and ISVs September 2013 (Softlayer)
IBM SmartCloud and ISVs September 2013 (Softlayer)
Simon Baker
 
node.js on Google Compute Engine
node.js on Google Compute Enginenode.js on Google Compute Engine
node.js on Google Compute Engine
Arun Nagarajan
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
Meghna Verma
 

En vedette (12)

Steve Cliff G-Cloud UK Meet Up
Steve Cliff G-Cloud UK Meet UpSteve Cliff G-Cloud UK Meet Up
Steve Cliff G-Cloud UK Meet Up
 
Development platforms for startups by shawn gosh at guru program spring 2014
Development platforms for startups by shawn gosh at guru program spring 2014Development platforms for startups by shawn gosh at guru program spring 2014
Development platforms for startups by shawn gosh at guru program spring 2014
 
Fast forward SETsquared IP network
Fast forward SETsquared IP network Fast forward SETsquared IP network
Fast forward SETsquared IP network
 
IBM SmartCloud and ISVs September 2013 (Softlayer)
IBM SmartCloud and ISVs September 2013 (Softlayer)IBM SmartCloud and ISVs September 2013 (Softlayer)
IBM SmartCloud and ISVs September 2013 (Softlayer)
 
How to increase the business value of your IT team
How to increase the business value of your IT teamHow to increase the business value of your IT team
How to increase the business value of your IT team
 
Netflix in the cloud 2011
Netflix in the cloud 2011Netflix in the cloud 2011
Netflix in the cloud 2011
 
node.js on Google Compute Engine
node.js on Google Compute Enginenode.js on Google Compute Engine
node.js on Google Compute Engine
 
Slides for the day-long Lean Analytics workshop at the 2014 Lean Startup conf...
Slides for the day-long Lean Analytics workshop at the 2014 Lean Startup conf...Slides for the day-long Lean Analytics workshop at the 2014 Lean Startup conf...
Slides for the day-long Lean Analytics workshop at the 2014 Lean Startup conf...
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
 
NIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureNIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference Architecture
 
Defining Services for a Service Catalog
Defining Services for a Service CatalogDefining Services for a Service Catalog
Defining Services for a Service Catalog
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
 

Similaire à David Slater G-Cloud Meet Up

(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
Amazon Web Services
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
Precisely
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
RightScale
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Cloud Standards Customer Council
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
a3virani
 
7 Secrets to Becoming a Citrix Hero
7 Secrets to Becoming a Citrix Hero7 Secrets to Becoming a Citrix Hero
7 Secrets to Becoming a Citrix Hero
eG Innovations
 

Similaire à David Slater G-Cloud Meet Up (20)

When Your CISO Says No - Security & Compliance in Office 365
When Your CISO Says No - Security & Compliance in Office 365When Your CISO Says No - Security & Compliance in Office 365
When Your CISO Says No - Security & Compliance in Office 365
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
Open Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation SecurityOpen Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation Security
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
 
Implementing Legal within Tech. What are the Cyber Security issues?
Implementing Legal within Tech. What are the Cyber Security issues?Implementing Legal within Tech. What are the Cyber Security issues?
Implementing Legal within Tech. What are the Cyber Security issues?
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
 
JDA: Building an Open Source Center of Excellence
JDA: Building an Open Source Center of ExcellenceJDA: Building an Open Source Center of Excellence
JDA: Building an Open Source Center of Excellence
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWS
 
AWS Meetup CGN 11/2021
AWS Meetup CGN 11/2021AWS Meetup CGN 11/2021
AWS Meetup CGN 11/2021
 
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineCompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE Outline
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the Cloud
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
7 Secrets to Becoming a Citrix Hero
7 Secrets to Becoming a Citrix Hero7 Secrets to Becoming a Citrix Hero
7 Secrets to Becoming a Citrix Hero
 

Dernier

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Dernier (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

David Slater G-Cloud Meet Up

  • 1. David Slater, CLAS Consultant
  • 2. Security in G-Cloud Services at Restricted dd-mm-yyyy
  • 3. Introduction • Achieving Restricted (IL3) accreditation of service is not easy • Presentation covers experiences gained from achieving accreditation of Restricted (IL3) services for Atos • Not an exhaustive list – just the highlights | Identity, Security and Risk Management from Atos Consulting
  • 4. Before You Start … • Review your solution against: • • • • CESG Architectural Patters CESG Good Practice Guides IS Standards Check that your ISO 27001 Certification is: • • • Current Suitably scoped UKAS Certified (recognized) CESG like compliancy matrices against the relevant GPG’s Read the PSN Code | Identity, Security and Risk Management from Atos Consulting
  • 5. Key Security Controls • Make sure applications: • • • Address the OWASP Top Ten Think about limiting concurrent logins Think about defense in depth • Input Validation • Parameterized Stored Procedures • Output Validation • Manage Out-of-Bands • Separate Interface • Not via the Internet • Lock everything down against Industry Guides (Centre for Internet Security) • Use CPA approved or Common Criteria Approved products | Identity, Security and Risk Management from Atos Consulting
  • 6. Support • Keep it in the UK at Restricted (IL3) • Use secure protocols • SSH • HTTPS • Use dedicated support terminals • CESG approved encryption across insecure networks • Issue with approved products • Support from the office – not via Internet/Remote Access • Cleared staff • Another issue 6 | Identity, Security and Risk Management from Atos Consulting
  • 7. Consider hosting in a pre-accredited Service A number of accredited ‘hosting’ environments: • • • • • Atos Skyscape Lockheed Martin SCC • Not all the same, each has its strengths and weaknesses • Look at what you get against your needs: • Internet Connection • PSN Connection • Support Connections • Monitoring • Patching • Disaster Recovery • Protective Monitoring 7 | Identity, Security and Risk Management from Atos Consulting
  • 8. Things that catch you out …. • Staff Clearances • Cabinet Office will clear small number • SC for privileged users • Key Material for CAPS products • No easy route to gain • No real alternative • Penetration Tests • Recent – many month old test is no good • Single vulnerability allowing inter-network connection • CESG Design Review 8 | Identity, Security and Risk Management from Atos Consulting
  • 9. The PGA is …. • Risk adverse • Well briefed • Has a lot of backup • Aligned with CESG Guidance 9 | Identity, Security and Risk Management from Atos Consulting
  • 10. Thank You 10 | Identity, Security and Risk Management from Atos Consulting