Csa dlp
0 likes462 views
This document provides an overview of DLP in the cloud according to the Cloud Security Alliance (CSA). It discusses the CSA, what cloud computing is, the CSA GRC stack which includes tools and best practices for governance, risk and compliance. It also mentions the Consensus Assessment Initiative Questionnaire, control matrix, and other GRC initiatives. Finally, it outlines the CS-DLP roadmap to assess the current situation, define a target, use the CSA GRC stack, and test and adopt cloud services for DLP.
Csa dlp
- 1. DLP i/t Cloud Rob Kloots, CSA representative March 2011
- 2. Agenda About the Cloud Security Alliance What is cloud computing? CSA GRC Consensus Assessment Initiative Questionnaire Control Matrix Industry GRC activities in the cloud CS-DLP roadmap Q&A
- 3. About the Cloud Security Alliance Global, not-for-profit organization Over 17,000 individual members, 90 corporate members Building best practices and a trusted cloud ecosystem Agile philosophy, rapid development of applied research GRC: Balance compliance with risk management Reference models: build using existing standards
- 4. What is Cloud Computing? Compute as a utility: third major era of computing Aligning IT costs with business needs and revenue Accelerate innovation Not one cloud 3 Delivery Models 4 Deployment Modes Thousands of providers Several unique cloud solutions for any given business problem
- 5. CSA GRC (Governance Risk Compliance) Stack Suite of tools, best practices Provider Assertions and enabling technology For cloud providers, enterprises, solution providers and audit/compliance CCM: Controls Framework Private & Public CAI: Assessment Questionnaire Clouds CloudAudit: Continuous Controls Monitoring Automation Control Requirements www.cloudsecurityalliance.org/grcstack
- 6. Consensus Assessment Initiative Questionnaire (CAIQ) 148 Questions to ask cloud providers
- 8. Additional relevant GRC tools & initiatives Jericho Forum BITS Shared Assessments ISF CAMM Risk Ontology for Basel III ISACA Cloud Computing Mgt Audit/Assurance Program NIST, SANS, ... in all these initiatives & organizations CSA participates
- 9. CS-DLP Roadmap Assess Current situation Define Target situation Use CSA GRC Stack Organise, Test and Adapt GRC Process including Monitoring & Audit Test run & adopt Cloud Services ...