cloudexpo 2015newyork: turning the corner on cloud data security governance
TRANSCRIPT
Turning the Corner on Cloud Data Governance
Evelyn de Souza Data Privacy and Compliance Leader, Cisco Systems Chair Cloud Security Alliance Data Governance Group June, 2015
AGENDA
Why Cloud Data Governance
Data Types
Data Governance Models
Business-consumable Data Protection
Your Call to Action
Cloud Data Governance Challenges
1.Data Protection (65%)
2. Security Management (42%)
3. Compliance (53%) 4. Data Governance (73%)
Is data safely protected while in motion, in use or stored in the cloud How is the availability of data in the cloud assured?
How are assurance levels effectively managed by the cloud provider Can I get a snapshot of the cloud provider’s security capabilities at any given time?
Can the cloud provider demonstrate that regulatory controls are implemented effectively and sustainably?
Who owns/accesses/edits/modifies my data in the cloud? Data does not equal a one-size fits all model How do you measure policy
Based upon informal survey with CISOs and InfoSec leaders from Dimension Data, Kloud, CSA Enterprise Council (43 InfoSec leaders worldwide from SP and Enterprise) and FSISAC Banking Leaders – NEED to set up User Focus Groups to hone in by segment and industry
Data Governance Milestones
KPIs and tools for measurements in
place
Sporadic data issues
communication
Standardized data definitions and rules
in place
Processes defined by individual technology functions
Standardized process per organization/
Processes are centralized, controlled and measured
Undefined data management
policies
Ad hoc processes / per data
management
AD HOC MANAGED DEFINED PROACTIVE OPTIMIZING Value driven
Quantitative management of
data
Real-time analysis and resolution
Continuous process improvements
– way of life
• Build an Executive Data Governance Board
• Join the CSA Cloud Data Governance Working Group on LinkedIn or Join our Mailing List athttps://lists.cloudsecurityalliance.org/mailman/listinfo/datagovernance
• Contribute your own data governance model and share with us at http://clouddataprotection.org/cert/
• Continue the conversation – Twitter @e_desouza or email: [email protected]
Your Call to Action