16th Deloitte - Cyber Risk Considerations for Cloud Computing · 2019-04-23 · Leveraging these...

Cyber Risk Considerations for Cloud ComputingAccelerating Business Growth with CyberApril 2019

© 2019 Deloitte & Touche (M.E.). 2

Agenda

1- Cloud Fundamentals

2- Cloud Trends

3- Cloud Cyber Risks

4- Case Study

5- Conclusion

Endnotes

Q&A


1- Cloud Fundamentals


“Simply put, cloud computing is the delivery of computing services – servers, storage, databases, networking, software, analytics and more – over the Internet (“the cloud”). Companies offering these computing services are called cloud providers and typically charge for cloud computing services based on usage, similar to how you’re billed for gas or electricity at home1.”

“Cloud computing is the on-demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the internet with pay-as-you-go pricing2.”

“In cloud computing, the capital investment in building and maintaining data centers is replaced by consuming IT resources as an elastic, utility-like service from a cloud “provider” (including storage, computing, networking, data processing and analytics, application development, machine learning, and even fully managed services). Whereas in the past cloud computing was considered the province of startups and aggressively visionary enterprise users, today, it is part of the enterprisecomputing mainstream across every industry, for organizations of any type and size3.”

What is Cloud Computing?


Different Deployment Models & Service Offerings

Cloud computing and services are typically based on the ownership of the infrastructure (and to whom services are offered) and based on the general architecture visible to users (e.g., are generic computing instances provided, are they providing a platform for applications, or are they providing complete application software solutions as a service).

Public Hybrid Private

Off-premisesor external

On-premisesor internal

Integrated public & private

service

Infrastructure shared by a

group

Community

Application Middleware and Mgmt

Application Host and Run

Applications

Facilities / Monitoring / Support

Networking

Servers / Storage

Virtualization

Services

Operating System

Software-as-a-Service (SaaS)

Platform-as-a-Service (PaaS)

Infrastructure-as-a-Service (IaaS)

• Functional Applications hosted by a provider on a cloud infrastructure• Delivered as a subscription service

• Providers deliver not only infrastructure but also middleware (databases, messaging engines and so on) and solution stacks for application build, development and deploy

• Delivery of computing infrastructure(network, storage and compute resources, usually with some virtualization technology) delivered as a service


Key Characteristics of a Cloud Platform

Dynamic

On-Demand Provisioning. The ability to add capability and capacity as rapidly as business requires

Scalable

React quickly to increased business demand, acquisitions, or new business models without large CapEx expenditures and increased long run-off periods

Multi-Business

Cloud computing delivers shared capacity across business lines, reducing duplicate environments

Self-Service

Creating environments, enhancing capabilities, adding capacity with less labor and reduced lead times

Flexible Pricing

Recapture capacity and spend for use in other areas as business demands fluctuates

Digital-Based Architecture

Cloud architectures are based on virtualized environments defined by their use not by hardware


Primary Drivers for Cloud Adoption

Gain greater flexibility on architecture and sourcing, scale up and down as needed, maximize efficiency, accelerate time to value, reduce time to start up and complete projects

Increased Business Agility

Shift focus from asset ownership to servicesTap into private sector innovationEncourages entrepreneurial cultureBetter linked to emerging technologies

Innovation

Use of “pay-as-you-go” model instead purchase/leaseMove IT costs from CAPEX to OPEX

Reduce IT Capital Spending

As routine processes are automated through Cloud, resources can be re-positioned to higher value-add activities

Reallocation Of Resources


The Cloud Marketplace is Rapidly Evolving

Cloud services are now tailored to specific internal business functions. Leveraging these services allows the customer to focus on inexpensive, efficient alternatives.

SaaS PaaS

CRM Marketing Demand Generation

Human Resources Finance & Accounting Content Management

Enterprise Social Media Marketing Analytics Retail & E-Commerce Collaboration Business Intelligence

Vertical

Information Technology

IaaS

IaaS ProvidersPaaS Providers

Cloud Service Providers (CSPs)


2 – Cloud Trends


Cloud Services Forecast

0

25

50

75

100

125

150

175

200

225

20162017

20182019

2020

48 59 71 85 100

9 1114

1721

3244

56

70

86

Worldwide Public Cloud services Revenue Forecast (billions of U.S. Dollars) 5

Infrastructure-as-a-Service (IaaS)Platform-as-a-Service (PaaS)Software-as-a-Service (SaaS)

89

114

141

207

172

0%

5%

10%

15%

20%

25%

30%

IaaSPaaS

SaaSTotakMarket

Compound Annual Growth Rate By Cloud Service Category(2016 – 2020)4

23.31%

18.24%

15.65%

13.38%


Concerns on the Rise

According to Cloud Security Report 6 issued in 2018 by Cybersecurity Insiders; adoption for public cloud computing continues to surge, though security concerns areshowing no signs of abating.

91% Organizations are concerned about Cloud Security

62%

55%

50%

47%

39%

33%

30%

26%

22%

Misconfiguration

Unauthorized access

Insecure interfaces /APIs

Hijacking attacks

External sharing of data

Foreign state sponsored attacks

Malicious insiders

Malware / Ransomware

Denial of Service attacks

Biggest Threats According to Responders

Extremely concerned

22%

Very concerned

38%

Moderately concerned

31%

Slightly concerned

7%

Not at all concerned

2%

30%

20%29%

4%

17%

49% Higher risk of security breaches compared to on premise

Security Risks Compared to Traditional IT Environments

About the Same

SignificantlyHigher

SomewhatHigher

Not Sure

Lower risk of security breaches


Security Related Statistics

67%of Cloud services do not specify that thecustomer owns the data in their termsof service.

89%of Cloud services do not supportencryption of data at rest.

40%of Cloud services replicate data ingeographically dispersed data centers.

Cloud-based security services will worth around $9 Billion in 2020

60% of enterprises that implement appropriate cloud visibility and control tools

will experience one-third fewer security failures.

Through 2020, 95% of cloud security failures will be the customer's fault.

Sources:7-10


3 – Cloud Cyber Risks


Key Risk Indicators

Cloud Service GovernanceHow will systems in the cloud

be governed?

Infrastructure SecurityWhat security practices are

required to secure our systems and networks?

Application SecurityWhat standards do we need to

securely integrate new systems and secure

application development?

Identity & Access Mgmt.How to integrate with user

access management systems?

Data GovernanceWhat is governance process

around determination of sensitive data?

Data ClassificationHow will the project discover, track, and secure classified

data?

Data PrivacyHow will the project adhere to applicable data privacy laws

and regulations?

Access ControlsWhat design principles and

standards are required? What is currently in place?

Security MonitoringHow will the project integrate technology and processes to

monitor security events?

Security ResilienceHow will security incidents be

managed for newly implemented systems?

Cloud MigrationCloud migration plans and

drivers, architecture.

Threat GovernanceWhat is governance process around threat management?

Key Risk Indicators| Challenges to address when moving to cloud


Cloud Security Risks Overview

Cloud Security Risks

Governance, Risk

Management & Compliance

Delivery Strategy &

Architecture

Identity & Access

Management

Infrastructure Security

Data Management

Business Resiliency & Availability

Business & IT

Operations

Vendor Management

• Inadequate oversight• Inability to demonstrate compliance with regulatory requirements• Lack of independent assessment of cloud solution• Changing compliance landscape for regulations and standards• Unclear governance roles and responsibilities for cloud providers and subscribers

• Lack of vendor monitoring• Failure to plan for cloud portability and interoperability• Unclear security requirements in contract• Lack of comprehensive contractual agreements with cloud

providers and subscribers roles and responsibilities• Unclear roles during incidents and investigations• Unclear legal liability insurance coverage

• Lack of tracking of virtual assets• Poorly defined roles and responsibilities of cloud

participants• Delayed data breach notification• Inadequate IT skills to manage cloud-based technologies• Inadequate records management, retention and disposal

policies• Underestimating operational or financial commitment to

existing hardware or software• Lack of understanding of overall technical requirements

until late in project

• Inability to verify cloud infrastructure resilience• Interruption of cloud services due to subcontractor failure• Operational disruption• Increased complexity of data replication or backup to other clouds or back in-house

• Lack of coherent cloud strategy and roadmap• Cloud strategy does not align with business needs/technology maturity• Lack of configurability and customization of cloud architecture• Unacceptable performance degradation due to increased network or system

latency

• Security vulnerabilities introduced by cloud content and ecosystem partners

• Poor security practices by customer• Compromise of cloud management interfaces due to

targeted attacks• Lack of defense against attacks originating from within the

environment• Inability to independently test security• Inadequate facilities to capture and store application logs• Inadequate cloud security controls or uncertified

environment

• Unauthorized access to data storage • Inability to monitor data integrity inside cloud storage• Lack of clear ownership of cloud-generated data• Non-compliance with data privacy laws due to cross-jurisdictional data

transfer

• Inadequate due diligence prior to assignment of broad cloud management privileges

• Failure to implement access controls for cloud management interfaces

• Inability to restrict access or implement segregation of duties for cloud provider staff


Deployment ModelsRisks Specific to Different Models & Offerings

• Cloud subscriber’s IT team may not have as much experience and expertise in cloud security

• The lack of fine-tuned strategies to secure various layers of the cloud stack may make private cloud vulnerable for security breaches

• The lack of scalability may affect application performance and user experience• The lack of expertise in building the private clouds with precise capabilities

Private Cloud

• Once the data goes to the cloud, cloud subscriber loses control of ability to enforce IT security policies and to ensure cloud provider is meeting data compliance guidelines

• After the contract ends, the cloud subscriber is challenged in ensuring data is securely erased or returned

• Multi-tenant environment exposes tenants to greater risk of data breach• Sharing of network bandwidth may impact the user experience

• Hybrid cloud’s highly complex IT architecture design makes it difficult for cloud subscriber to support continuous data transfers & maintain governance of data transfers

• Potential lack of accountability and coordination over data flows and ownership

• The disaster recovery strategy may vary for different cloud providers. Cloud subscriber’s IT team will need to coordinate efforts to ensure business continuity at the time of cloud failure

• Lack of coordinated authentication, identity management may result in security weakness

• Community cloud contains similar risks to public cloud

• Cloud subscribers need to understand how the model works and the arrangement on supporting the cloud, such as maintenance, operation and other infrastructure costs

Public Cloud

Community CloudHybrid Cloud


Service OfferingsRisks Specific to Different Models & Offerings

• Cloud subscriber has no control over how cloud provider’s systems process the data

• Cloud subscriber has little control over cloud provider’s availability and upgrade schedules

• Data encryption technology does not protect subscribers from phishing or malware attacks

SaaSDelivers software over the Internet

• Cloud subscriber has limited visibility to the “black box” and limited control over how the virtual machines process the data

• Improperly configured security environment may impose data security risks • If cloud subscribers are granted administrator roles or shell access, hackers may

gain unauthorized access to change configurations or access data

• Cloud subscribers have no control over virtual environment’s location• Lose control of critical data and information to the service provider• Similar to other models, there are always risks of cyberattacks and security

breaches

PaaSDelivers computing platform over the Internet

IaaSDeliver infrastructure and virtual environment over the Internet


Cloud Security Responsibility Matrix

While cloud providers’ security is often a focus, managing cyber risk is a shared responsibility between the enterprise and the cloud provider.

Security of the cloud is the cloud provider’s responsibility

Security in the cloud is the subscriber’s responsibility

Private Cloud(Self Hosted)

Private Cloud(Co-Located)

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

Security Governance, Risk & Compliance (GRC)

Data Security

Application Security

Platform Security

Infrastructure Security

Physical Security

Managing cloud cyber

risk is a shared

responsibility


Cloud Integration Presents Common Challenges

On Premise Users

Unsanctioned Cloud

SaaS

New Cloud Services:Custom & SaaS

IaaS

?

7

3

1

6

Unmanaged users, bring your own devices (BYOD) and systems

Data outside of the perimeter

Hybrid cloud architecture is a new attack surface

Direct access to cloud applications from public networks

Lack of activity visibility outside the traditional perimeter

Events outside of the enterprise impact operations

Reliance on ungoverned providers

1

2

3

4

5

6

7

Traditional Enterprise

• Applications • Databases • Infrastructure

Enterprise Networks and Legacy Data Centers

PublicInternet5

BYOD and Remote Users

2

Cloud Infrastructure

Apps, services and data in cloud

4


Essential Cloud Security Capabilities

CloudResilience

Cloud Vigilance Application Security

Network & Infrastructure

Security

Cloud Provider Cyber Risk Governance

Identity and Context

On Premise Users

Unsanctioned Cloud

SaaS


IaaS

?

7

3

1

6

Cloud Data Protection

4

ID & contextual awareness in the cloud

Data protection and privacy in the cloud

Network and infrastructure security in the cloud

Secure all cloud applications

Vigilance and monitoring of risks in the cloud

Resilience and incident response in the cloud

Govern risk and compliance of cloud services

1

2

3

4

5

6

7




PublicInternet5


2




Key Considerations#01 – Identity & Access Management

Employee identity context

Integration with enterprise directories

Customer and partner identity context

Enterprise SSO + strong authentication MFA

User provisioning, role-based access controls (RBAC)

Privileged account management, mobile device app & data management

1

2

3

4

5

6

On Premise Users




Customers & Partners

BYOD

Cloud IAMIdentity and Context

3 4

2 5 6

1 4

755 6

Unsanctioned Cloud

SaaS


IaaS

?




Key Considerations#02 – Data Protection

Identify data assets in the cloud

Revisit data classification and implement tagging

On-premise or in the cloud security tools:

• Data Loss Prevention (DLP)

• Key Management Service (KMS)

• Hardware Security Module (HSM)

Data residency issues

Encryption, tokenization, and masking

1

2

3

4

5

On Premise Users




SaaS

New Cloud ServicesCustom & SaaS

Unsanctioned Cloud

? IaaS



Data Discovery, Classification, and

Asset Management

Data Governance, Data Protection & Privacy Policies

Key Management

DLP


1

2

3

3

5

5

4


Key Considerations#03 – Network & Infrastructure Security

Access Defense:• Secure access for enterprise users, customers, and

partners• Securing ingress/egress between CSPs, and traditional

enterprise

Internal Network Protection & Visibility• Segmentation, Micro-segmentation (Subnets,

Security Groups, NACLs, etc.)• Web Application Firewall (WAF)• Intrusion Detection and Prevention

Operating System & Server Protection• Operating system integrity, performance, and

endpoint protection• Host configuration and management• Vulnerability scanning

Software Defined Infrastructure• Compliance scanning before deployment• Integrity and version management• Backup and access controls for continuous integration

and deployment (CI/CD) automation components

1

2

3

4

On Premise Users




Operating System & Server

Protection

AccessDefense

Internal Network

Protection & Visibility

Software Defined Infrastructure

Hybrid Cloud

SaaS


Unsanctioned Cloud

? IaaS




Key Considerations#04 – Application Security

Adapt DevSecOps with guardrails and compliance validations

Application architecture assessments

Secure coding, standard application logging, error handling

Integrate security controls into continuous integration & deployment (CI/CD)

Protect source code and configurations

Vulnerability management

• Code scanning (SAST) including automation scripts

• Application testing (DAST)

2

3

On Premise Users




SaaS


Unsanctioned Cloud

? IaaS



Monitoring & Vulnerability

Scanning

CI/CD Security Policies

Security Guardrails

Configuration Management & Change Control

Vulnerability Management

1

4

5

6

1

2

3

4

5

6


Key Considerations#05 – Vigilance

Achieving comprehensive visibility of cloud assets down to the guest-level

• Keeping up with elastic environments with proprietary IaaS and PaaS technology

• Use on premise Security Information and Event Monitoring (SIEM) or build new one in the cloud?

• Do I have defined use cases?

• Where do my capabilities reside?

• How mature are my operations?

1

SaaS


Unsanctioned Cloud

? IaaS




On Premise Users




Security Orchestration

Security Analytics

Services Integration

Log Correlation Log Collection

Log Correlation Log Collection

Security Correlation & Visualization

1


Key Considerations#06 – Resilience & Incident Response

Incident detection logging andtracking

Categorization and prioritization

Communication, containment and escalation

Investigation and diagnosis

Initial diagnosis

Resolution and recovery

IR Lifecycle

Incident detection logging and tracking• Perform the analysis for understanding what incident types are possible for AWS cloud integration.

Categorization and prioritization• Understand and agree on the definition of events of interest vs. security incidents by AWS and what

events/incidents the cloud-service provider reports to the organization and in which way.

Initial diagnosis• The organization must understand the AWS support model incident analysis, particularly the nature (content

and format) of data that CSP will supply for analysis purposes and the level of interaction with the CSPincident response team. In particular, it must be evaluated whether the available data for incident analysissatisfies legal requirements on forensic investigations that may be relevant to your organization.

Communication, containment, and escalation• Understand what is necessary to implement containment related to the cloud integration. The

organization must carefully analyze the potential containment cases, and negotiate mutually agreeable processes for containment decision and execution. Determine and establish proper communication paths (escalation, hand-off, etc.) with CSP that can be consistently followed in the event of an incident.

Investigate and diagnosis• The organization must evaluate the AWS support model in forensic analysis and incident recovery such as

access/roll-back to snapshots of virtual environments, virtual-machine introspection, etc.

Resolution and recovery• Post Recovery “Lessons Learned" activities involves sharing detailed incident reports with AWS and related

organizations, in addition to your internal IR team.

Key Focus Areas


Key Considerations#07 – Cloud Governance

Governance & oversight

Define organizational structure, committees,

and roles & responsibilities for managing cloud

security

Policies & standards

Update expectations for the management

of cloud security including CSP as a responsible party

Risk metrics & dashboardNew reports

identifying risks and performance across information security

domains; communicated to multiple levels of

management

Management processes

Enhance processes to manage

information security risk factoring

considerations (e.g.automation and

agile)

Tools & technology

Confirm feasibility of tools and technology that support cloud risk management and integration across cloud risk

domains


4 – Case Study


The Cloud Compromise

One of your organization’s internal departments frequently uses outside cloud storage to store large amounts of data, some of which may be considered sensitive. You haverecently learned that the cloud storage provider that is being used has been publicly compromised and large amounts of data have been exposed. All user passwords and datastored in the cloud provider’s infrastructure may have been compromised.

What is your response?

Discussion Questions

• Does your organization have current polices that consider 3rd party cloud storage?

• Should your organization still be held accountable for the data breach?

• What actions and procedures would be different if this was a data breach on your own local area network?

• What should management do?

• What, if anything, do you tell your constituents?

o How/when would you notify them?


5 – Conclusion


Building a Sustainable Cloud Cyber Risk Governance Program

Despite the benefits that adoption of Cloud services can offer (cost effectiveness, reliability, or flexibility), organizations need to be aware of the associated risks and work on mitigating, or reducing them to an acceptable level commensurate with the overall risk appetite of the organization.

Strategy Foundation & discovery Readiness Onboarding Improvement

• U Understanding the business strategy and growth objectives to align cloud adoption capabilities and priorities.

• Building a holistic cloud governance and risk management framework for consistency and efficiency

• Leveraging business view (top-down) and technology aided (bottom-up) discovery techniques to profile cloud use, including shadow IT, and risk landscape.

• Assessing cloud risks, capabilities and controls across the enterprise and determining a cloud governance program strategy and roadmap for ongoing program operations, risk assessment, remediation and certification.

• Operationalization of the cloud governance framework across the enterprise through onboarding of business units, products and functions

• Continuous management and improvement of the cloud governance program through assessment, monitoring, tool deployment, extension of program, etc.


The Path for Enhancing Cyber Risk Management

Design security capabilities

Build a baseline reference security architecture and repeatable design patterns with a prioritized implementation plan.

Establish controls & responsibilities specific for the cloud to address governance and technology gaps that will support risk reduction efforts.

Establish governance and technology

Assess cloud security risk

Baseline security requirements and assess current maturity and capabilities, identify and prioritize gaps and create roadmap for secure cloud as an integrated part of your cloud strategy.

5

3

21

4

Implement security capabilities

Build, test and deploy a robust security architecture with integrated controls. Deploy and document updated processes.

Maintenance and supportDetail a support model, establish a baseline and sustain operation of services.


Industry Tools – CASB Overview

Cloud Access Security Brokers (CASBs) are emerging as a new control point and becoming important for managing cyber risk in the cloud.

A new class of security products (tools and services) that reside between the enterprise and a cloud provider that acts as an extension to enterprise controls across risk management, data privacy & protection, and monitoring for cloud-based services.

Definition

Common problems Typical capabilities

• Understand cloud usage and risk exposure

• Manage risk and compliance

• Protect data and privacy

• Monitor security activity and threats

Technology companiesin the space

• Shadow IT

• Ability to manage and measure risk in the extended enterprise

• Lack of consistent data protection and privacy across cloud providers

• Inadequate visibility in cloud activity

30+ CASB Providers


Internal Audit Role

• Engage business stakeholders in discussions about the risk implications of cloud computing

• Review the current organizational risk framework and data governance program based on cloud risks identified

• Assess organization’s risk mitigation strategies to reduce the risks of cloud computing

• Evaluate and monitor cloud providers from a risk perspective including stability, contract provisions, data storage location and ownership, agreements, audits and ongoing monitoring

• Perform independent review of organization’s control framework against industry-accepted security standards and regulations

Example of Internal Audit Projects

Cloud risk assessment • Perform risk assessment and identify gaps in the areas of data integrity, privacy, recovery, cloud provider management (see next slide for detail example)

Cloud security • Audit organization’s cloud security capability such as vulnerability management, security controls, incident response and threat intelligence

Cloud General Information Technology Controls

• Conduct controls review on cloud operations such as change management, logical access controls, physical security, IT operations and enterprise cloud operational resilience

Cloud migration – control design and implementation

• Assess the risks for cloud migration and evaluate the design and implementation of controls to mitigate the risks

Regulatory requirements and industry standards

• Perform gap assessments against regulatory requirements and industry best practices


Endnotes

1. https://azure.microsoft.com/en-ca/overview/what-is-cloud-computing/

2. https://aws.amazon.com/what-is-cloud-computing/

3. https://cloud.google.com/what-is-cloud-computing/

4. https://www.forbes.com/sites/louiscolumbus/2017/10/18/cloud-computing-market-projected-to-reach-411b-by-2020/#57a5649078f2

5. www.gartner.com/en/newsroom/pressreleases/2017-02-22-gartner-says- worldwidepublic-cloud-services-market-to-grow-18-percent-in-2017

6. https://pages.cloudpassage.com/rs/857-FXQ-213/images/2018-Cloud-Security-Report%20%281%29.pdf

7. Netskope, Inc. June 2017 - Cloud Report

8. Market Guide for Cloud Access Security Brokers (G00274053)

9. Predicts 2017: Cloud Security G00296116 and G00311365

10. Market Trends: Global Demand for Cloud-Based Security Is Growing Through 2020 (G00321941)


Q&A


CPE Collection Code

13557


This presentation has been written in general terms and therefore cannot be relied on to cover specific situations; application of the principles set out will depend upon the particularcircumstances involved. Deloitte & Touche (M.E.) (DME) or its affiliated entities would be pleased to advise readers on how to apply the principles set out in this presentation to their specificcircumstances. DME accepts no duty of care or liability for any loss occasioned to any person acting or refraining from action as a result of any material in this presentation.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities. DTTL (also referred to as “Deloitte Global”) andeach of its member firms are legally separate and independent entities. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more. Deloitte is a leadingglobal provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our network of member firms in more than 150 countries and territories, servesfour out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 280,000 people make an impact that matters at www.deloitte.com.

DME is a licensed member firm of Deloitte Touche Tohmatsu Limited (DTTL) and is a leading professional services firm established in the Middle East region with uninterrupted presence since1926. DME’s presence in the Middle East region is established through its affiliated independent legal entities, which are licensed to operate and to provide services under the applicable lawsand regulations of the relevant country. DME’s affiliates and related entities cannot oblige each other and/or DME, and when providing services, each affiliate and related entity engagesdirectly and independently with its own clients and shall only be liable for its own acts or omissions and not those of any other affiliate.

DME provides audit and assurance, tax, consulting, financial advisory and risk advisory services through 25 offices in 14 countries with more than 3,300 partners, directors and staff. It hasalso received numerous awards in the last few years which include, Middle East Best Continuity and Resilience provider (2016), World Tax Awards (2017), Best Advisory and Consultancy Firm(2016(, the Middle East Training & Development Excellence Award by the Institute of Chartered Accountants in England and Wales (ICAEW), as well as the best CSR integrated organization.

© 2019 Deloitte & Touche (M.E). All rights reserved.

16th Deloitte - Cyber Risk Considerations for Cloud Computing · 2019-04-23 · Leveraging these...

Documents

Transcript of 16th Deloitte - Cyber Risk Considerations for Cloud Computing · 2019-04-23 · Leveraging these...