Cot 2012 Panic in The Cloud

June1,2011
JustinDrain jdrain@computer.org
June6,2012 RaisingSecurityIQ
<PresenterName>
Disclaimer
Theviewsandopinionsexpressedduringthisconferencearethoseof thespeakersanddonotnecessarilyreflecttheviewsandopinions heldbytheInformationSystemsSecurityAssociation(ISSA),the SiliconValleyISSA,theSanFranciscoISSAortheSanFranciscoBay AreaInfraGardMembersAlliance(IMA). NeitherISSA,InfraGard,nor anyofitschapterswarrantstheaccuracy,timelinessorcompleteness oftheinformationpresented. Nothinginthisconferenceshouldbe construedasprofessionalorlegaladviceorascreatingaprofessional customerorattorneyclientrelationship. Ifprofessional,legal,or otherexpertassistanceisrequired,theservicesofacompetent professionalshouldbesought. TheseviewsandopinionsarealsodonotreflectthoseofFremont Bancorp.
<PresenterName>
June1,2011
Introductions
JustinDrain,CISM,CRISC,CISSP
DataSecurityManager FremontBank
SecurityExperience:banking,aerospace,federal government,medical
<PresenterName>
Agenda
CloudByAnyOtherName CloudUp! Uh,Why?(WhyNot?) UncomfortableDiscovery HandlingtheTruth Recovery WinningtheWarNextTime Recap&TakeAWays
<PresenterName>
June1,2011
Cloud ByAnyOtherName
Buzzwords SaaS (softwareasaservice) PaaS (platformasaservice) IaaS (infrastructureasaservice)
<PresenterName>
Cloud ByAnyOtherName WhoDoesWhat

SaaS providersSalesforce.com,Sage Platform providersGoogleApps,iCloud Infrastructure providerslikeAmazonEC2,
GoGrid Virtualization technologyproviders VMware,Xen
<PresenterName>
June1,2011
CloudServiceModels
PrivateCloud
o CompanyOwnedOrLeased o InSomeCases OnSite
PublicCloud
o LargeScaleInfrastructureforPublicSale
CommunityCloud
o SharedInfrastructureCommunity
HybridCloud
o ComposedOfMultipleClouds
<PresenterName>
CloudAdvantages
WhatDoYouGet?
FinancialCostSavings ImprovedComputingAndNetwork
Performance ScalabilityOfServices/Operations(PayAs YouGo) SimplificationOfITSolutions

<PresenterName>
June1,2011
Toahammer, everything lookslikea nail
DontBe
TheNail
Enable,NotBlock
<PresenterName>
CloudUp! Uh,Why?/WhyNot?
RiskofnotCloudingUp WhyBiggerIsBetter WhyBiggerIsNotAlwaysBetter NotPerformance Risk
<PresenterName>
10
June1,2011
UncomfortableDiscovery (orDude,WheresOurData?)
StopMeIfYouveHeardThisOne
RequestonanidleThursday CousinJoeysoft Staging VendorManagement? UnfamiliarBreachnotice?
<PresenterName>
11
HandlingtheTruth
FiveStagesofIncidentDiscovery
1.Denial 2.Anger 3.Bargaining 4.Depression 5.Acceptance
<PresenterName>
12
June1,2011
VirtualProblems RealAnswers
Acceptance
June1,2011
<PresenterName>
13
Recovery BandAids&Bullets
WhatCan/ShouldBeDone(asidefrom
prayer) Assess Stabilize DoingWhatItTakesToMakeItRight WhoAreYouGoingToCall? Compliancevs.Fauxpliance LegallyDefensible

<PresenterName>
14
June1,2011
WinningTheWarNextTime
WeDontKnowWhatWeDontKnow.
BePrepared(orRemembertheBasics) SecuritySLA VisibilityIntoProviders Systems; SharedReachLiability

3Rs(Reporting,Response,Reading) 3rdPartyAnd4thPartyAgreements Costs
<PresenterName>
15
PlayingThe
FearCard WeArentthe OnesYou Needto Convince

<PresenterName>
16
June1,2011
WheresMyLawyer? RiskAssessmentIn/From/ToTheCloud? IncidentResponse? Encryption,Duh! SecurityBypassed(BeIntheRoom still)
<PresenterName>
17
RecapandTakeaways
BePrepared 3Rs(WhatsYOURPolicy?) DontBetheNail
FearISanOptionSometimes
DontForgetTheBasics
<PresenterName>
18
June1,2011
FinalThought
The state of mind which enables a man to
do work of this kind is akin to that of the religious worshiper or the lover; the daily effort comes from no deliberate intention or program, but straight from the heart.
-Albert Einstein
Physical Society address, 1918
<PresenterName>
19
Thank You! Questions? JustinDrain jdrain@computer.org

Disclaimer Theviewsandopinionsexpressedduringthisconferencearethoseofthespeakersanddonotnecessarilyreflecttheviewsand opinionsheldbytheInformationSystemsSecurityAssociation(ISSA),theSiliconValleyISSA,theSanFranciscoISSAortheSan FranciscoBayAreaInfraGardMembersAlliance(IMA). NeitherISSA,InfraGard,noranyofitschapterswarrantstheaccuracy, timelinessorcompletenessoftheinformationpresented. Nothinginthisconferenceshouldbeconstruedasprofessionalorlegal adviceorascreatingaprofessionalcustomerorattorneyclientrelationship. Ifprofessional,legal,orotherexpertassistanceis required,theservicesofacompetentprofessionalshouldbesought.
<PresenterName>
20
10

Cot 2012 Panic in The Cloud

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Cot 2012 Panic in The Cloud

Enviado por

Direitos autorais:

Formatos disponíveis

June1,2011

Cloud ByAnyOtherName WhoDoesWhat

GoGrid Virtualization technologyproviders VMware,Xen

Performance ScalabilityOfServices/Operations(PayAs YouGo) SimplificationOfITSolutions

Toahammer, everything lookslikea nail

prayer) Assess Stabilize DoingWhatItTakesToMakeItRight WhoAreYouGoingToCall? Compliancevs.Fauxpliance LegallyDefensible

BePrepared(orRemembertheBasics) SecuritySLA VisibilityIntoProviders Systems; SharedReachLiability

FearCard WeArentthe OnesYou Needto Convince

Thank You! Questions? JustinDrain jdrain@computer.org

Você também pode gostar