Trusted Cloud Initiative Work Group Session Copyright 2011

  • Slides: 12
Download presentation
Trusted Cloud Initiative Work Group Session Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance.

Trusted Cloud Initiative Work Group Session Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

Architecture Focus Areas Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

Architecture Focus Areas Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

High Level Use Cases Use Case End User to Cloud Enterprise to Cloud to

High Level Use Cases Use Case End User to Cloud Enterprise to Cloud to End User Enterprise to Cloud Description Applications running on the cloud and accessed by end users Applications running in the public cloud and accessed by employees and customers Cloud applications integrated with internal capabilities Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

Principles Define protections that enable trust in the cloud. Develop cross-platform capabilities and patterns

Principles Define protections that enable trust in the cloud. Develop cross-platform capabilities and patterns for proprietary and open-source providers. Will facilitate trusted and efficient access, administration and resiliency to the customer/consumer. Provide direction to secure information that is protected by regulations. The Architecture must facilitate proper and efficient governance, identification, authentication, authorization, administration and auditability. Centralize security policy, maintenance operation and oversight functions. Access to information must be secure yet still easy to obtain. Delegate or Federate access control where appropriate. Must be easy to adopt and consume, supporting the design of security patterns. The Architecture must be elastic, flexible and resilient supporting multi-tenant, multi-landlord platforms The Architecture must address and support multiple levels of protection, including network, operating system, and application security needs. Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

Goals Use the breadth of the Cloud Security Alliance § § § Adjacent initiatives

Goals Use the breadth of the Cloud Security Alliance § § § Adjacent initiatives will be a focus for the TCI mandate Built upon “pillars” from the Cloud Security Alliance Provide an end-to-end security specification for cloud security Use the depth of the Cloud Security Alliance membership § § Members have credibility from the top of the application to the “bare metal” GRC and interoperability Enable a vendor neutral reference architecture specification § All vendor products that enable an end-to-end security platform will be used Provide a exemplary reference set of implementations § § Global examples so that any country can implement the architecture to their requirements Show examples of standards and how they can be implemented across products Open source initiative § Where the TCI supports implementation under its direction the implementation is open source Note: The TCI Reference Architecture is not the same as the Cloud Computing Architectural Framework (Domain 1 of the Security Guidance for Critical Areas of Focus in Cloud Computing V 2. 1) Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

Holistic Approach to Controls. . . Security Framework (ISO-27002) IT Audit Framework (COBIT) S-P-I

Holistic Approach to Controls. . . Security Framework (ISO-27002) IT Audit Framework (COBIT) S-P-I Framework CSA Controls Matrix Legislative Framework (PCI, SOX, Etc. ) Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

… And Architecture Best Practices Business Architecture (SABSA) CSA Controls Matrix IT Reference Architecture

… And Architecture Best Practices Business Architecture (SABSA) CSA Controls Matrix IT Reference Architecture (TOGAF) Service Management Architecture (ITIL) Security Architecture (Jericho) Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

Reference Model Structure Business Operation Support Services Information Technology Operation & Support Presentation Services

Reference Model Structure Business Operation Support Services Information Technology Operation & Support Presentation Services Security and Risk Management Application Services Information Services Infrastructure Services (SABSA) (ITIL) (TOGAF) Copyright © 2011 Cloud Security Alliance (Jericho) www. cloudsecurityalliance. org

Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

Mapping from CCM to TCI Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

Mapping from CCM to TCI Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

How to Use the Architecture Roadmap • Control Mapping • Operational Checklists • Capability

How to Use the Architecture Roadmap • Control Mapping • Operational Checklists • Capability mapping • Strategy alignment • Use Cases (OSA) Assess the opportunity • Security Patterns • Guidelines • Vendor Certification Reuse BOSS ITOS Presentation SRM Application Information CSA Controls Matrix CSA Consensus Assessment Infrastructure Reference Architecture Copyright © 2011 Cloud Security Alliance Security Framework and Patterns www. cloudsecurityalliance. org

Interactive Website Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org

Interactive Website Copyright © 2011 Cloud Security Alliance www. cloudsecurityalliance. org