Cloud Best Practice
- TYPE: Combined Session DATE: Thursday, May 16, 2013 TIME: 15:00-16:00 LOCATION: AUDITORIUM
Will your Cloud fail the next audit? Do you have a handle on your risk strategy for the Cloud? Is this level of maturity only suited for Enterprises? Can a smaller businesses do this effectively? This session will outline how to build a scalable Cloud risk strategy based on ISO 27005 and CSA Guidance. This talk will set the tone and enable delegates to come home and fast track a Cloud risk strategy.
Cloud Security is only valuable if you have a robust process to identify risk. Managing risk for consuming Cloud is often overlooked. Many organizations feel that only the largest Enterprises can afford to understand and assess the potential or future risks. Instead of security, they focus on the perceived outcome of utilizing the Cloud- the supposed silver lining.In this session, we will describe how to fast track a Cloud risk strategy. Discussing how we built an effective toolkit based on trusted industry tools: ISO/IEC 27005, The Cloud Security Alliance (CSA) Guidance and CCM.
We will bring two true-to-life examples with case studies showing how this was done at a $34B enterprise and then scaled to an e-commerce SMB. We will explain how CSA and ISO 27005 set the tone for our Cloud risk assessment strategy. We will rationalize how these were complemented by external attestations such as SOC1/2/3, penetration and vulnerability testing. We will expand on areas of concern between SMBs and Enterprises.
We will discuss how one gets started by providing a checklist driven road-map to fast-track a Cloud risk strategy. We will start with identifying assets and their overall value to your organization. We will jump into the deep-end on asset classification and explore the particular importance of understanding implementation models and mapping out your data-flow. We will identify how this feeds into a holistic questionnaire to establish a baseline. We will educate delegates on how to assess responses through real-world examples that illustrate how to poke holes.
The presentation details how insecure RLB´s IT systems and infrastructure once were; the server infrastructure was held in a local government building with open public access, the building was classified by the British security services as being a terrorist target and there were periods where we couldn´t enter the building safely in case of an emergency because the building is often used for filming TV series (I walked past Robert Vaughan from "The Magnificent Seven" once!) and for holding outdoor pop concerts.
- Registration fee:
- Contact person:
Mr. Levent Kara
+49 211 23707710
- May 14 - 17, 2013 Munich/Germany