22
Trust Modeling for Cloud Services North Texas ISSA April 24, 2015

Trust Modeling for Cloud Services

Tags:

Embed Size (px)

Citation preview

  1. 1. Trust Modeling for Cloud Services North Texas ISSA April 24, 2015
  2. 2. Cloud services means services made available to users on demand via the Internet from a cloud computing provider's servers as opposed to being provided from a company's own on-premises servers. Wikipedia
  3. 3. And that does not mean that your services are necessarily where you think they are.
  4. 4. Concept of Trust Trust is based on a business relationship Necessary precursor to interaction Assurance is required to establish and maintain positive trust Different levels of assurance required based on level of risk to the business
  5. 5. Entity B Entity CEntity A Transitive Trust Who is the Relying (Trusting) entity and who is the Claimant (Trusted) entity?
  6. 6. Buying a house Buying a hotdog What type of due diligence (i.e. assurance) would you do for each transaction? Why is the level of assurance different?
  7. 7. How sensitive is the information I am sharing? How critical is the relationship to my organization? How am I assuring the relationship? Where should I focus my energy?
  8. 8. Components of Risk Assetsvalue? (qualitative or quantitative) ThreatsWho are the threat agents and what is the likelihood of the threat? Business ImpactWhat is the impact to the asset if threat is realized? VulnerabilitiesAre we exposed and where? Control EffectivenessHow mature and effective are our controls?
  9. 9. Business Context
  10. 10. Base (Business Impact) RiskRisk Heat Map Source: Sherwood, John; Clark, Andrew; Lynas, David. Enterprise Security Architecture: A Business Driven Approach.
  11. 11. D1. Global Heath D2. Regional Health
  12. 12. 12 D1. Global Heath D2. Regional Health For profit business Patient Care Clinical research Facilities Management Community Outreach etc.
  13. 13. D1. Global Heath D2. Regional Health HIPPA HITECH FISMA Etc
  14. 14. For profit business Application hosting Applications as a service Payment Processing Data Management Etc.
  15. 15. PCI-DSS ISO 2700x NIST HIPPA FFIEC GLBA Etc.
  16. 16. Lower cost? Higher processing capacity? Expertise? SLAs? Liability?
  17. 17. Risk? Accountability? Control Enforcement? Disclosure? Liability?
  18. 18. Base (Business Impact) RiskRisk Heat Map Source: Sherwood, John; Clark, Andrew; Lynas, David. Enterprise Security Architecture: A Business Driven Approach.
  19. 19. 1.Specify any regulatory or industry security standards you expect the vendor to follow. 2.Specify who is responsible to make sure the service is protected with the right security controls. 3.Specify how the controls will be validated and any remedies if they are not. 4.Specify what happens in the event of a security breach. Contracts and Service Level Agreements Source: Four Security Issues All Business Contracts Should Address Shawn Tuma March 4, 2015 http://blog.norsecorp.com/2015/03/04/four-security-issues-all-business-contracts-should-address
  20. 20. Concept of Trust Trust is based on a business relationship Necessary precursor to interaction Assurance is required to establish and maintain positive trust Different levels of assurance required based on level of risk to the business
  21. 21. Patrick M. Hayes Managing Director Seccuris Inc. [email protected] linkedin.com/in/phbalance

Authorization and Trust in the Cloud

Authorization and Trust in the Cloud

Documents
Trust in the Cloud

Trust in the Cloud

Technology
Cloud Parameterization for Climate Modeling

Cloud Parameterization for Climate Modeling

Documents
Cloud based cad modeling

Cloud based cad modeling

Engineering
Global Cloud-system Resolving Modeling

Global Cloud-system Resolving Modeling

Documents
Can you trust the cloud provider?

Can you trust the cloud provider?

Internet
InfoSecurity 2014 - Cloud Trust

InfoSecurity 2014 - Cloud Trust

Technology
Monte Carlo modeling in cloud - mc-modeling-sdk

Monte Carlo modeling in cloud - mc-modeling-sdk

Technology
Cloud Threat Modeling

Cloud Threat Modeling

Documents
2014 2nd me cloud conference trust in the cloud v01

2014 2nd me cloud conference trust in the cloud v01

Data & Analytics
Cloud trust

Cloud trust

Education
Modeling Dispositional and Initial learned Trust in

Modeling Dispositional and Initial learned Trust in

Documents
eHealth ….. How to trust a cloud?

eHealth ….. How to trust a cloud?

Healthcare
TruSDN: Bootstrapping Trust in Cloud Network …soda.swedishict.se › 6037 › 1 › Bootstrapping-trust-in-SDN.pdfBootstrapping Trust in Cloud Network Infrastructure 3 2.1 Software

TruSDN: Bootstrapping Trust in Cloud Network …soda.swedishict.se › 6037 › 1 › Bootstrapping-trust-in-SDN.pdfBootstrapping Trust in Cloud Network Infrastructure 3 2.1 Software

Documents
Do You Trust the Cloud? Modeling Cloud Technology Adoption ... · makers and end-users have increasingly raised concerns about online privacy in the cloud environment (Yao, Rice,

Do You Trust the Cloud? Modeling Cloud Technology Adoption ... · makers and end-users have increasingly raised concerns about online privacy in the cloud environment (Yao, Rice,

Documents
Trust in cloud technology and business performance · in the context of rapid cloud adoption. ... comes to benchmarking their organisations ... Trust in cloud technology and business

Trust in cloud technology and business performance · in the context of rapid cloud adoption. ... comes to benchmarking their organisations ... Trust in cloud technology and business

Documents
Trust and Cloud Computing, removing the need to trust your cloud provider

Trust and Cloud Computing, removing the need to trust your cloud provider

Technology
Cloud security - Who do you trust?

Cloud security - Who do you trust?

Technology
Introduction Cloud characteristics Security and Privacy aspects Principal parties in the cloud Trust in the cloud 1. Trust-based privacy protection 2.Subjective

Introduction Cloud characteristics Security and Privacy aspects Principal parties in the cloud Trust in the cloud 1. Trust-based privacy protection 2.Subjective

Documents
Can You Trust Cloud Security In Public Cloud?

Can You Trust Cloud Security In Public Cloud?

Data & Analytics
A Real-Time Cloud Modeling, Rendering, and … et al / A Real-Time Cloud Modeling, Rendering, and Animation System 2. Previous Work Approaches to cloud modeling may be classified

A Real-Time Cloud Modeling, Rendering, and … et al / A Real-Time Cloud Modeling, Rendering, and Animation System 2. Previous Work Approaches to cloud modeling may be classified

Documents
NRL POST Stratocumulus Cloud Modeling Efforts

NRL POST Stratocumulus Cloud Modeling Efforts

Documents
Cloud Computing Modeling

Cloud Computing Modeling

Documents
Cloud-Based Analytic Element Groundwater Modeling

Cloud-Based Analytic Element Groundwater Modeling

Documents
Cloud Security: Trust and Transformation

Cloud Security: Trust and Transformation

Technology
Generative Design applied to Cloud Modeling

Generative Design applied to Cloud Modeling

Documents
Building Trust in the Cloud

Building Trust in the Cloud

Technology
Digital Trust In The Cloud

Digital Trust In The Cloud

Technology
Depot: Cloud Storage with minimal Trust

Depot: Cloud Storage with minimal Trust

Documents
Threat Modeling for Cloud Infrastructures

Threat Modeling for Cloud Infrastructures

Documents