Transcript Design and Build it Securely Using

Secure Cloud Solutions
Open Government Forum
Abu Dhabi
28-30 April 2014
Karl Chambers CISSP PMP
President/CEO
Diligent eSecurity International
The e-Government Challenge
Securely delivering high-quality digital
government information and services
utilizing cloud IT solutions:
• Anywhere
• Anytime
• On any device
Three Key Principles to a Secure Cloud Solution
• Design and Build it Securely
• Operate it Securely
• Always Encrypted Data
Design and Build it Securely Using
• Cloud Risk Management Framework
(CRMF)
• Federal Risk and Authorization
Management Program (FedRAMP)
Design and Build it Securely Using
• Cloud Risk Management Framework (CRMF)
Step 1:Categorize the Cloud Solution
Step 2: Identify Security Controls to Protect the
Cloud Solution
Step 3: Implement the Selected Security Controls
in the Cloud Security Architecture
Step 4: Assess the Security Controls of the Cloud
Solution using the FedRAMP process
Step 5: Authorize the use of the Cloud Solution
Step 6: Monitor the Cloud Solution Continually
Design and Build it Securely Using
• Federal Risk and Authorization
Management Program (FedRAMP)
Three Key Principles to a Secure Cloud Solution
• Design and Build it Securely
• Operate it Securely
• Always Encrypted Data
Operate it Securely Using Automated
Continuous Security Monitoring
• Automated Continuous Security Monitoring is a risk
management approach to Cybersecurity that:
• Maintains a picture of an organization’s security posture
• Provides continuous visibility into information assets
• Leverages use of automated data feeds and data
analytics
• Monitors effectiveness of security controls
• Enable prioritization of remedies.
Automated Continuous Security
Monitoring (ACSM) Case Study –
US Department of State
• ACSM Tool: Analytics and Continuous monitoring Engine (ACE) solution from
Virtustream
• ACE receives and analyzes continuous inputs from:
•
•
•
•
•
•
•
•
•
•
•
Asset Management
Vulnerability Scanners
Patch Management
Event Management
Incident Management
Malware Detection
Configuration Management
Network Management
License Management
Information Management
Software Management
• ACE provides continuous risk updates to management dashboard.
Three Key Principles to a Secure Cloud Solution
• Design and Build it Securely
• Operate it Securely
• Always Encrypted Data
Always Encrypted Data
• In transit between systems and locations
• Stored in the cloud
Questions
Karl Chambers PMP CISSP
President/CEO
Diligent eSecurity International, Inc.
1954 Airport Road
Suite 233
Atlanta, Ga 30341
[email protected]
01-678-591-7764