The document discusses security compliance for cloud providers from a customer's perspective. It outlines some of the top cloud security threats in 2018, such as data breaches, account hijacking, and Spectre and Meltdown vulnerabilities. It also discusses the importance of cloud security assessments and compliance with key regulations for cloud providers. Control and compliance strategies are important areas to consider when evaluating a cloud provider's security.
6. Data breaches.
Insufficient identity, credential,
and access management.
Insecure interfaces and application
programming interfaces (APIs).
System vulnerabilities.
Account hijacking.
Malicious insiders
Top cloud security threats for 2018
Advanced persistent threats (APTs)
Data loss
Insufficient due diligence
Abuse and nefarious use of cloud services
Denial of service (DoS)
Shared technology vulnerabilities
Bonus cloud threat for 2018: Spectre and
Meltdown
8. Control area - compliance strategy
Cloud assessment questionnaire
Cloud assessment from customer`s perspective
Most important regulations to comply
Cloud security assessment
9. Which control area comes to mind first, when
talking about compliance strategy?
10. Which control area comes to mind first, when
talking about compliance strategy?
13. Trustworthy foundation
BUILT ON MICROSOFT EXPERIENCE AND INNOVATION
20+ Data
Centers
Trustworthy
Computing
Initiative
Security
Development
LifecycleGlobal
Data Center
Services
Malware
Protection
Center
Microsoft Security
Response Center
Windows
Update
1st
Microsoft
Data
Center
Active
Directory
SOC 1
CSA Cloud
Controls Matrix
PCI DSS
Level 1
FedRAMP/
FISMAUK G-Cloud
Level 2
ISO/IEC
27001:2005
HIPAA/
HITECH
Digital
Crimes
Unit
SOC 2
E.U. Data
Protection
Directive
Operations
Security
Assurance