- Cloud Security Alliance

Download Report

Transcript - Cloud Security Alliance 

Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
Much focus on securing data and systems in the
cloud.
What about providing security services FROM the
cloud?
That is Security as a Service (SecaaS)!
Provisioning elastic, scalable security solutions
and services to both cloud based and traditional
on premises systems in pure cloud or hybrid
models.
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
One of the many CSA branches of research
Bringing together an international group of users, potential
users, vendors and brokers of SecaaS solution.
Research SecaaS – balanced and vendor neutral
Define types / categories of service
Produce architectural and implementation guidance
Continue research – category and guidance updates, more
detailed architectures etc..
Find us here;
https://cloudsecurityalliance.org/research/secaas/
Copyright
© 2012
Cloud
Security
Alliance
Copyright
© 2013
Cloud
Security
Alliance
www.cloudsecurityalliance.org
Co-Chairs
Kevin Fielder, Canada Life
Cameron Smith, Pertino
Subcommittee leadership
IAM Leads – Ulrich Lang, Valmiki Mukherjee
DLP Leads – Wendy Cohen, Atul Shah
Web Security Leads – Aradhna Chetal, Kapil Raina
Email Security Lead – Mark Hahn
Security Assessments Leads – John Hearton, Wolfgang Kandek
Intrusion Management Lead – Tim Owen
SIEM Lead – Jens Laundrup
Encryption Lead – Vadim Saratovtsev, Geoff Webb,
BCDR Lead – Kevin Fielder
Network Security Lead – Ken Owens
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
Born early 2011
Agreed structure and leadership
Agreed 1st deliverable
Defined categories (very high level)
Split into categories with leads for each
Created white paper ‘Defined Categories of Service 2011’
Breath!
Early 2012 agreed on guidance as next output and unified format
October 2012 – Produced guidance documents for all categories
Breath again!
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
SecaaS Implementation Guidance
Ten category documents
Requirements addressed
Implementations considerations and concerns
Implementation architecture and guidance
References and useful links
All guidance papers can be downloaded from the CSA website;
https://cloudsecurityalliance.org/research/secaas/#_downloads
Copyright
© 2012
Cloud
Security
Alliance
Copyright
© 2013
Cloud
Security
Alliance
www.cloudsecurityalliance.org
Implementation Guidance v2.0
Template Review
Content Review
Development of New Categories
Broader Guidance Architectures
Improve integration with wide CSA research
Incident Management and Forensics Working Group
Service Level Agreements Working Group
Copyright
© 2012
Cloud
Security
Alliance
Copyright
© 2013
Cloud
Security
Alliance
www.cloudsecurityalliance.org
Defined Categories of Service (DCS) v2.0 - 2013
Review of 10 current categories of security as a service;
Category 1: Identity and Access Management
Category 2: Data Loss Prevention
Category 3: Web Security
Category 4: Email Security
Category 5: Security Assessments
Category 6: Intrusion Management
Category 7: Security Information and Event Management (SIEM)
Category 8: Encryption
Category 9: Business Continuity and Disaster Recovery
Category 10: Network Security
The white paper can be downloaded from the CSA website;
https://cloudsecurityalliance.org/research/secaas/#_downloads
Copyright
© 2012
Cloud
Security
Alliance
Copyright
© 2013
Cloud
Security
Alliance
www.cloudsecurityalliance.org
Template Review
Description
Class, Core Functionalities, Optional Features
Services
Includes, Related Services, Related Technologies
and Standards, Service Model, CSA Domains
Threats Addressed/Benefits
Challenges
Reference
Examples, References
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
Continuous Monitoring as a Service
Other additional categories to consider?
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
Update existing documents
v1.1 / v2 rolling releases
Review categories, guidance template, content
Links to other research
Carriers, SLA, Forensics …
Combined Guidance
Broader overarching architecture examples
Role-specific Guidance
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
New Monthly Call Format – Education + Communication
Increase use of Base Camp for ongoing communication
‘CSA Cloud Bytes’ series
propose ideas here: https://cloudsecurityalliance.org/research/cloudbytes/#_proposals
Identify the Next Big Thing …
Update categories, revise guidance
Link to other areas of research
Increase depth of guidance for role-specific points of view
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
“Educational webinar series for CSA working groups”
https://cloudsecurityalliance.org/research/cloud-bytes/
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
CSA Cloud Bytes: SecaaS Implementation Series
Introduction to the SecaaS Category
Implementation Guidance
Working Group process
How to improve, how to get involved
Copyright
© 2012
Cloud
Security
Alliance
Copyright
© 2013
Cloud
Security
Alliance
www.cloudsecurityalliance.org
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
Big thank you to all
contributors!
Category Leads
Group members
Technical writers
CSA support
Now is a great time to
volunteer – Get involved!
Help define the next steps and future of the group here:
https://cloudsecurityalliance.org/research/secaas/#_get-involved
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org
For more info about
CSA Cloud Bytes: SecaaS Implementation Series
https://cloudsecurityalliance.org/secaas/
[email protected] (through 10/29/2012)
Help Us Secure Cloud Computing
www.cloudsecurityalliance.org
[email protected]
LinkedIn: www.linkedin.com/groups?gid=1864210
Twitter: @cloudsa, @CSAResearchGuy
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.org