www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Monthly Chapter CallThursday, August 23rd, 2012

Phil Agcaoili, CSA Atlanta Chapter

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Agenda

Panel: Cloud, Consumerization, BYOD/Mobility, and virtualization

CSA Chapter Update (Phil Agcaoili)

Open forum

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Panel

Moderator: Russell Eubanks, Cox Communications

Panelists:Esther Lee, Silverpop

John Sapp, McKesson

Phil Agcaoili, Cox Communications

Mike Rothman, Securosis

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

UPDATE

New CSA Chapters in Development

CSA, Northeast OhioCSA, South Florida

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

UPDATE

Welcome new Corporate Members

Singapore Infocomm Technology Federation (SITF) Security and Governance Chapter (SGC)GemaltoYammerCovisintIntermedia

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Open Certification Framework

CSA partnership with BSI (British Standards Institution)

Ensures alignment with international standards and based upon a comprehensive certification process

Industry initiative that offers cloud providers a trusted global certification scheme.

Flexible three-stage scheme will be created in line with the CSA’s industry-leading security guidance and control objectives.

Supports an independent third-party assessment, as well as attestation statements developed within the public accounting community

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Open Certification FrameworkStructured in three levels, each one of them will provide an

incremental level of trust and transparency to the operations of cloud service providers and a higher level of assurance to the cloud consumer.

The initial level is CSA STAR Self Assessment: Cloud providers can submit reports to the CSA STAR Registry to indicate their compliance with CSA best practices. This is available immediately.

The second level, CSA STAR CERTIFICATION, is a third-party independent assessment: this certification leverages the requirements of the ISO/IEC 27001:2005 management systems standard together with the CSA Cloud Controls Matrix (CCM). These assessments will be conducted by approved certification bodies only. Availability is expected in H1 2013.

The STAR Certification will be enhanced in the future by continuous monitoring-based certification: this third level is currently under development.

The development of the STAR CERTIFICATION (third-party independent assessment) will be driven jointly by CSA and BSI. Based upon the ‘Plan, Do, Check, Act’ (PDCA) approach and the specified set of criteria as outlined in the Cloud Controls Matrix (CCM), this service enables the assessor to numerically score a company’s performance against the CCM, allowing senior management to measure improvement year over year.

Further details can be found at: http://cloudsecurityalliance.org/research/ocf/

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

2012

Events

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Events

September 25-26, 2012Amsterdam, NetherlandsFor more information visit:

http://www.cloudsecuritycongress.com/

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Events

CSA Congress USA Workshops November 7,8, 9Venue: Hilton Disney World ResortTo register and for more information visit: https://misti.com/cloud

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Early 2012

Chapter Tools

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Website Usability Survey

The Cloud Security Alliance invites you to participate in its website usability survey, a short questionnaire about your experience with the CSA site.

https://cloudsecurityalliance.org/about/website-survey/

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Chapter Support Survey

https://www.surveymonkey.com/s/5CSF2CR

Help us increase support to ChaptersChapter statusChallengesGoals

Contact hdeem@candescomarketing.com

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Basecamp

The CSA Projects will begin migrating to the "new" Basecamp found at the following URL:

https://launchpad.37signals.com/ 

This site will give you access to all of your CSA projects on the new Basecamp and the pre-existing projects found in the renamed "Basecamp Classic".  The 37Signals Launchpad will help you navigate to both Basecamp sites if you are participating in multiple CSA Working Groups.

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

http://cloudsecurityalliance.org/research/

Research

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA SLA Research Group

Looking for CSA Chapters world-wide participation Regional representation Effective SLAs and their Management is a key factor in

the successful adoption of the Cloud Contact aalva@cloudsecurityalliance.org

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Mobile

Initiative 1 - Top Mobile Threats Working Draft Peer Review (June 29th) Survey (June 29th)

Initiative 6 - Mobile Device Management Mobile Device Management Key Components Peer Review (July 5th)

www.cloudsecurityalliance.org/mobile

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Top Threats

Identify Threats unique to, or magnified by Cloud Development of V2.1 Top Threats Submission and Reviewhttps://cloudsecurityalliance.org/research/top-threats/#_submit For more information on the Top Threats Working

Grouphttps://cloudsecurityalliance.org/topthreats/

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Big Data Working Group

https://cloudsecurityalliance.org/research/big-data/Initiatives Data Analytics for Security Privacy Preserving/Enhancing Technologies Big Data-Scale Crypto Cloud Infrastructures’ Attack Surface Analysis and

Reduction Policy and Governance Big Data Framework

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Telecom Working Group

5 Telecom Initiatives Telecom and the GRC Stack ISO 27017 Interviews to CSP’s – NEED carrier CSP’sContact: tmacaulay@2keys.ca for more details SIEM Compliance Monitoring Cloud Forensics and Legalhttps://cloudsecurityalliance.org/research/telecom/

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Cloud Controls Matrix

New Working Group Co-chairs Introducing Sean Cordero, Evelyn de Souza, Thomas

Kenyon CCM 1.3 peer review released in July More updates scheduled in 2012 (AICPA, NIST, and

more) CCM 2.0 release 2013 CSA Interact coming soon

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Trusted Cloud Initiative

CSA, Trusted Cloud Initiative Interactive Site

https://research.cloudsecurityalliance.org/tci/

TCI Roadmap for Q2

Architecture Maintenance Site – on CSA Interact soon

Architecture Feedback Forum

Interactive Site: Phase II - Heatmapping

Interactive Site: Phase III – Input/Output Questionnaire

Get Involved

https://cloudsecurityalliance.org/research/tci/#_get-involved

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

HIM Working Group

Health Initiatives

HIPAA and HiTech Best Practices

https://cloudsecurityalliance.org/research/him/

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

SecaaS Working Group

Implementation Guidance for Categories

LAST CALL FOR WRITERS

Implementation and Considerations of:

Email Security

Peer Reviews coming in July

contact vhahn@cloudsecurityalliance.org

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CDG Project

Cloud Data Governance Initiatives – COMING SOON

Key Concerns of Cloud Data Stakeholders

Data Lifecycle Model and Taxonomy

Emerging Technologies

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Online

Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing

http://www.linkedin.com/groups?gid=1864210https://cloudsecurityalliance.org/get-involved/

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Online

Do you have an idea for a research project on a cloud security topic? If so, please take the time to describe your concept. Ideas are monitored by the CSA research team, who will review your proposal and respond to you with feedback.

https://cloudsecurityalliance.org/research/, the Submit Ideas tab

Submit Your Research Ideas

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA Online

The Cloud Security Alliance is a community non-profit which is driven by its members. Have a white paper or information on a cloud security product you want to contribute?

https://cloudsecurityalliance.org/education/white-papers-and-educational-material/

Contribute to the CSA library

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Open Questions

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Contact

JR Santos, CSA Global Research Directorlsantos@cloudsecurityalliance.org

Daniele Catteddu, Managing Director EMEAdcatteddu@cloudsecurityalliance.org

Aloysius Cheang, Managing Director APACacheang@cloudsecurityalliance.org

John Yeoh, CSA Global Research Analystjyeoh@cloudsecurityalliance.org

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

ContactHelp Us Secure Cloud Computing

www.cloudsecurityalliance.org

info@cloudsecurityalliance.org

LinkedIn: www.linkedin.com/groups?gid=1864210

Twitter: @cloudsa

Thank you!

Phil Agcaoili

@hacksec

www.linkedin.com/in/philA

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Thank You