Secure Cloud Solutions Open Government Forum Abu Dhabi 28-30 April 2014 Karl Chambers CISSP PMP...
-
Upload
barnard-newton -
Category
Documents
-
view
215 -
download
2
Transcript of Secure Cloud Solutions Open Government Forum Abu Dhabi 28-30 April 2014 Karl Chambers CISSP PMP...
Secure Cloud SolutionsOpen Government Forum
Abu Dhabi28-30 April 2014
Karl Chambers CISSP PMPPresident/CEO
Diligent eSecurity International
The e-Government Challenge
Securely delivering high-quality digital government information and services utilizing cloud IT solutions: • Anywhere• Anytime• On any device
Three Key Principles to a Secure Cloud Solution
• Design and Build it Securely• Operate it Securely• Always Encrypted Data
Design and Build it Securely Using• Cloud Risk Management Framework
(CRMF)• Federal Risk and Authorization
Management Program (FedRAMP)
Design and Build it Securely Using
• Cloud Risk Management Framework (CRMF)Step 1:Categorize the Cloud SolutionStep 2: Identify Security Controls to Protect the Cloud SolutionStep 3: Implement the Selected Security Controls in the Cloud Security ArchitectureStep 4: Assess the Security Controls of the Cloud Solution using the FedRAMP processStep 5: Authorize the use of the Cloud SolutionStep 6: Monitor the Cloud Solution Continually
Three Key Principles to a Secure Cloud Solution
• Design and Build it Securely
•Operate it Securely• Always Encrypted Data
Operate it Securely Using Automated Continuous Security Monitoring • Automated Continuous Security Monitoring is a risk
management approach to Cybersecurity that:• Maintains a picture of an organization’s security posture• Provides continuous visibility into information assets• Leverages use of automated data feeds and data
analytics• Monitors effectiveness of security controls• Enable prioritization of remedies.
Automated Continuous Security Monitoring (ACSM) Case Study – US Department of State• ACSM Tool: Analytics and Continuous monitoring Engine (ACE) solution from Virtustream• ACE receives and analyzes continuous inputs from:
• Asset Management• Vulnerability Scanners• Patch Management• Event Management• Incident Management• Malware Detection• Configuration Management• Network Management • License Management • Information Management• Software Management
• ACE provides continuous risk updates to management dashboard.
Three Key Principles to a Secure Cloud Solution
• Design and Build it Securely• Operate it Securely
•Always Encrypted Data
QuestionsKarl Chambers PMP CISSP
President/CEODiligent eSecurity International, Inc.
1954 Airport RoadSuite 233
Atlanta, Ga [email protected]
01-678-591-7764