Cloud Risk Assessment
- TYPE: Combined Session DATE: Wednesday, May 06, 2015 TIME: 15:30-16:30 LOCATION: AUDITORIUM
The modern reality is that even the most technology conservative companies are thinking to shift some of their valuable assets to the cloud. However, since anyone with a credit card can purchase cloud services with a single click, the governance and control of organisations are frequently being circumvented. This can create various challenges for organisations that wish to adopt the cloud securely and reliably.
This session will lead you through various approaches on how to assess and mitigate risks for onboarding cloud solutions.
- understanding of information risks related to cloud usage.
- understanding of the concept of dynamic selection of controls, based on data profile, to mitigate cloud risks.
- application of the proposed framework in daily practice (e.g. by turning it into a software tool that allows quick and easy control selection for employees responsible)
This talk will propose a data-driven selection of organisational, technical, contractual and assurance requirements, so secure usage of cloud solutions within the enterprise can be guaranteed. The importance of data oriented control selection will be outlined and key control domains will be introduced.
Cloud ecosystems are dynamic and flexible enablers for innovative business models. Some business models, especially for the European cloud market, however, still face challenges in security, privacy, and trust.
A common approach among cloud providers addressing these challenges is proving one's reliability and trustworthyness by audit certificates. Basically, audit certificates are based on national and/or international as well as business and/or governmental compliance rules. The most prominent certifications in cloud computing are the "Open Certification Framework (OCF)" of Cloud Security Alliance, EuroCloud's "Star Audit", and "Certified Cloud Service" provided by TÜV Rheinland as well as more general certifications following ISO 27001, BSI Grundschutz, ENISA, and NIST.
This session will discuss the state of the art of auditing and certifying cloud ecosystems and how current certification catalogues and schemes have to be enhanced to meet future requirements - requirements such as dynamic certification, on-demand-audits, and automatic monitoring and evaluations.
When moving to the use of cloud services it is most important to take a risk based approach. However the process involved is often manual and time consuming; a tool is needed to enable a more rapid and consistent assessment of the risks involved. This session describes why a risk based approach to the use of cloud services is needed. It introduces the KuppingerCole Cloud Rapid Risk Assessment Tool developed by KuppingerCole to help organizations assess the risks around their use of cloud services together in a rapid and repeatable manner.
- Registration fee:
- Contact person:
Mr. Levent Kara
+49 211 23707710
- May 05 - 08, 2015 Munich, Germany