SlideShare a Scribd company logo

Scalable cloud governance, risk management and compliance

Download as PPTX, PDF
Peter HJ van Eijk
Peter HJ van Eijk

Cloud consumers are primarily worried about security. If you are a cloud provider, or cloud broker, learn how to get improve your trustworthiness to your customers efficiently and scalable, by integrating governance, risk management and compliance.

TechnologyBusinessEconomy & Finance
1 of 9
Scalable compliance in the eyes of the customer A brief roadmap for cloud providers and cloud brokers Peter HJ van Eijk & Michiel Steltman We help IT businesses to quickly become successful cloud providers
Trust is the number one obstacle for cloud users The key factor for overcoming the present inhibitors will be to gain *cloud+ users’ trust on security and compliance (Deloitte 2009) Cloud providers’ commercial tactics Why these tactics don’t work References and “Branding” Cloud consumers want proof, if only because regulations and accountability force them to Price erosion Leads to a ‘race to the bottom’ React on customer inquiry Reacting takes time and effort One-off and customer specific audits Not repeatable, not scalable
The business case for repeatable and ‘continuous audit’ Cloud Consumers want to base their provider selection on a priori verifiable compliance Can the provider afford to have a separate audit for every proposal or customer? The cloud consumer itself has to deal with a more frequent audit obligations Demonstrating compliance has to be repeatable and scalable Successful cloud providers enable the consumers’ GRC processes 3
The future of Cloud Governance, Risk management and Compliance • Collaborative effort between provider and consumer • Continuous audit • As automated as possible • Integrated GRC: risk management in the widest sense of the word drives governance – Compliance is a collateral benefit – Maturity level of organization rises 4
How does professional risk management work? • Risk based: professional risk management prioritizes the most important risks – No superfluous or useless measures and controls • Professional risk management incorporates audit and compliance obligations – Anchor in operational process, instead of running a troublesome project for each audit • Professional risk management is repeatable and scalable – Champagne? Really? Did you expect the audit to be a one time effort? 5
Integrated governance, risk management and compliance: the big picture High level risk, scope and value assessment Assets and value proposition at risk Legal and compliance obligations Risk mitigation plan Security and control testing and review Execution in operation Continuous reports Pick framework 6
Example risks Threat Consequence/Risk Control/measure Disk full Denial of service (to customer) Measure/monitor (implying a defined Incident response) Server saturated Denial of service (to customer) Measure/monitor (implying a defined Incident response) No audit report available Loss of prospective customer Perform regular audits Compliance: lack of a ‘control’ Loss of compliance Implement control Capacity shortage for SLA Denial of service (to customer) Set up capacity planning Monitoring system fails Loss of visibility Make monitoring system redundant No DR (disaster recovery) planned Loss of compliance Adapt architecture No Auditing, Monitoring and Alerting Loss of visibility Set up LMR system All private cloud vulnerabilities as per industry best practice … … … 7
CCM (Cloud Control Matrix), CAIQ (Consensus Assessments Initiative Questionnaire), Cloud Audit and CTP (Cloud Trust Protocol) are products maintained by CSA (Cloud Security Alliance) Cloud compliance in real-time GRC stack component Example element CCM CO-02: Independent reviews and assessments shall be performed at least annually […] CAIQ CO-02.3: Do you conduct regular application penetration tests of your cloud infrastructure as prescribed by industry best practices and guidance? Cloud Audit http://mycloudprovider.com /cloudaudit/org/cloudsecurityalliance/guidance/CO-02 CTP "It is 11 pm, do you know in which geography your virtual machines are running?" 8
Want to know more? Do you want to know more about effective and efficient risk management and compliance in de cloud? Join our webinar “Cloud Computing under control” “Control the risks in your cloud proposition and transform them into benefits for customers” Register at: www.CloudComputingUnderControl.com If you liked this roadmap, please forward it to a colleague or friend!

Recommended

KPI dashboard for an Insurance company
KPI dashboard for an Insurance companyKPI dashboard for an Insurance company
KPI dashboard for an Insurance companyStrategybeach
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMSDelaney
 
Final Presentation
Final PresentationFinal Presentation
Final PresentationJustin McKenzie
 
Kaseya Connect 2011 Policy Management
Kaseya Connect 2011 Policy ManagementKaseya Connect 2011 Policy Management
Kaseya Connect 2011 Policy ManagementKaseya
 
Hernan Huwyler Corporate Compliance During the Coronavirus Pandemic
Hernan Huwyler Corporate Compliance During the Coronavirus PandemicHernan Huwyler Corporate Compliance During the Coronavirus Pandemic
Hernan Huwyler Corporate Compliance During the Coronavirus PandemicHernan Huwyler, MBA CPA
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard Jim Robins
 
Corporate Treasury – Rising to the Cloud
Corporate Treasury – Rising to the CloudCorporate Treasury – Rising to the Cloud
Corporate Treasury – Rising to the CloudFIS
 
Managing Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisManaging Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisHernan Huwyler, MBA CPA
 

Recommended

KPI dashboard for an Insurance company
KPI dashboard for an Insurance companyKPI dashboard for an Insurance company
KPI dashboard for an Insurance companyStrategybeach
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMSDelaney
 
Final Presentation
Final PresentationFinal Presentation
Final PresentationJustin McKenzie
 
Kaseya Connect 2011 Policy Management
Kaseya Connect 2011 Policy ManagementKaseya Connect 2011 Policy Management
Kaseya Connect 2011 Policy ManagementKaseya
 
Hernan Huwyler Corporate Compliance During the Coronavirus Pandemic
Hernan Huwyler Corporate Compliance During the Coronavirus PandemicHernan Huwyler Corporate Compliance During the Coronavirus Pandemic
Hernan Huwyler Corporate Compliance During the Coronavirus PandemicHernan Huwyler, MBA CPA
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard Jim Robins
 
Corporate Treasury – Rising to the Cloud
Corporate Treasury – Rising to the CloudCorporate Treasury – Rising to the Cloud
Corporate Treasury – Rising to the CloudFIS
 
Managing Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisManaging Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisHernan Huwyler, MBA CPA
 
Introduction To The ECM3 Maturity Model
Introduction To The ECM3 Maturity ModelIntroduction To The ECM3 Maturity Model
Introduction To The ECM3 Maturity ModelReal Story Group
 
Allgress High Level Presentation
Allgress High Level PresentationAllgress High Level Presentation
Allgress High Level Presentatione9128
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCorporater
 
KPIs is for the balanced scorecard strategy
KPIs is for the balanced scorecard strategyKPIs is for the balanced scorecard strategy
KPIs is for the balanced scorecard strategySudipta Banerjee
 
Financial Modeling
Financial ModelingFinancial Modeling
Financial ModelingAbhishek Ranjan
 
Graham Brierton’s Presentation at eComm 2009
Graham Brierton’s Presentation at eComm 2009Graham Brierton’s Presentation at eComm 2009
Graham Brierton’s Presentation at eComm 2009eCommConf
 
Building supply chain resilience
Building supply chain resilienceBuilding supply chain resilience
Building supply chain resilienceIrinaEne6
 
Vendor management strategy
Vendor management strategyVendor management strategy
Vendor management strategyWGroup
 
GP for Regulatory Management Product Sheet
GP for Regulatory Management Product SheetGP for Regulatory Management Product Sheet
GP for Regulatory Management Product SheetMarco Villacorta Olano
 
Integrated assurance in the Environment Agency, 17 May 2016
Integrated assurance in the Environment Agency, 17 May 2016Integrated assurance in the Environment Agency, 17 May 2016
Integrated assurance in the Environment Agency, 17 May 2016Association for Project Management
 
Audit Practice at CipherTechs
Audit Practice at CipherTechsAudit Practice at CipherTechs
Audit Practice at CipherTechsMordecai Kraushar
 
Digital Supply Chain
Digital Supply Chain Digital Supply Chain
Digital Supply Chain Guennoun Wajih
 
Cloud security
Cloud securityCloud security
Cloud securityBrian Honan
 
PDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A Publish
PDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A PublishPDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A Publish
PDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A PublishGerard Pearce
 
Advanced churn management solution for insurers.
Advanced churn management solution for insurers.Advanced churn management solution for insurers.
Advanced churn management solution for insurers.Mindtree Ltd.
 
SafeNet EMS Showcase: Today's Evolving Licensing Landscape
SafeNet EMS Showcase: Today's Evolving Licensing LandscapeSafeNet EMS Showcase: Today's Evolving Licensing Landscape
SafeNet EMS Showcase: Today's Evolving Licensing Landscapeguestab2d72b
 
SafeNet EMS Showcase: Ingredients for an Evolution
SafeNet EMS Showcase: Ingredients for an EvolutionSafeNet EMS Showcase: Ingredients for an Evolution
SafeNet EMS Showcase: Ingredients for an Evolutionguestab2d72b
 
What the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to KnowWhat the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to KnowChris Mullins
 
SAP grc
SAP grc SAP grc
SAP grc smadhu29
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossCloudSecurityAllianceAustralia
 
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCloudSecurityAllianceAustralia
 

More Related Content

What's hot

Introduction To The ECM3 Maturity Model
Introduction To The ECM3 Maturity ModelIntroduction To The ECM3 Maturity Model
Introduction To The ECM3 Maturity ModelReal Story Group
 
Allgress High Level Presentation
Allgress High Level PresentationAllgress High Level Presentation
Allgress High Level Presentatione9128
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCorporater
 
KPIs is for the balanced scorecard strategy
KPIs is for the balanced scorecard strategyKPIs is for the balanced scorecard strategy
KPIs is for the balanced scorecard strategySudipta Banerjee
 
Graham Brierton’s Presentation at eComm 2009
Graham Brierton’s Presentation at eComm 2009Graham Brierton’s Presentation at eComm 2009
Graham Brierton’s Presentation at eComm 2009eCommConf
 
Building supply chain resilience
Building supply chain resilienceBuilding supply chain resilience
Building supply chain resilienceIrinaEne6
 
Vendor management strategy
Vendor management strategyVendor management strategy
Vendor management strategyWGroup
 
GP for Regulatory Management Product Sheet
GP for Regulatory Management Product SheetGP for Regulatory Management Product Sheet
GP for Regulatory Management Product SheetMarco Villacorta Olano
 
Audit Practice at CipherTechs
Audit Practice at CipherTechsAudit Practice at CipherTechs
Audit Practice at CipherTechsMordecai Kraushar
 
PDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A Publish
PDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A PublishPDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A Publish
PDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A PublishGerard Pearce
 
Advanced churn management solution for insurers.
Advanced churn management solution for insurers.Advanced churn management solution for insurers.
Advanced churn management solution for insurers.Mindtree Ltd.
 

What's hot (15)

Introduction To The ECM3 Maturity Model
Introduction To The ECM3 Maturity ModelIntroduction To The ECM3 Maturity Model
Introduction To The ECM3 Maturity Model
 
Allgress High Level Presentation
Allgress High Level PresentationAllgress High Level Presentation
Allgress High Level Presentation
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate Compliance
 
KPIs is for the balanced scorecard strategy
KPIs is for the balanced scorecard strategyKPIs is for the balanced scorecard strategy
KPIs is for the balanced scorecard strategy
 
Financial Modeling
Financial ModelingFinancial Modeling
Financial Modeling
 
Graham Brierton’s Presentation at eComm 2009
Graham Brierton’s Presentation at eComm 2009Graham Brierton’s Presentation at eComm 2009
Graham Brierton’s Presentation at eComm 2009
 
Building supply chain resilience
Building supply chain resilienceBuilding supply chain resilience
Building supply chain resilience
 
Vendor management strategy
Vendor management strategyVendor management strategy
Vendor management strategy
 
GP for Regulatory Management Product Sheet
GP for Regulatory Management Product SheetGP for Regulatory Management Product Sheet
GP for Regulatory Management Product Sheet
 
Integrated assurance in the Environment Agency, 17 May 2016
Integrated assurance in the Environment Agency, 17 May 2016Integrated assurance in the Environment Agency, 17 May 2016
Integrated assurance in the Environment Agency, 17 May 2016
 
Audit Practice at CipherTechs
Audit Practice at CipherTechsAudit Practice at CipherTechs
Audit Practice at CipherTechs
 
Digital Supply Chain
Digital Supply Chain Digital Supply Chain
Digital Supply Chain
 
Cloud security
Cloud securityCloud security
Cloud security
 
PDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A Publish
PDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A PublishPDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A Publish
PDA-FDA Joint Regulatory Conference - Supply Chain Case Study Rev A Publish
 
Advanced churn management solution for insurers.
Advanced churn management solution for insurers.Advanced churn management solution for insurers.
Advanced churn management solution for insurers.
 

Similar to Scalable cloud governance, risk management and compliance

SafeNet EMS Showcase: Today's Evolving Licensing Landscape
SafeNet EMS Showcase: Today's Evolving Licensing LandscapeSafeNet EMS Showcase: Today's Evolving Licensing Landscape
SafeNet EMS Showcase: Today's Evolving Licensing Landscapeguestab2d72b
 
SafeNet EMS Showcase: Ingredients for an Evolution
SafeNet EMS Showcase: Ingredients for an EvolutionSafeNet EMS Showcase: Ingredients for an Evolution
SafeNet EMS Showcase: Ingredients for an Evolutionguestab2d72b
 
What the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to KnowWhat the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to KnowChris Mullins
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating CloudsBMC Software
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Cloud Technology and Its Implication for Quality Services
Cloud Technology and Its Implication for Quality ServicesCloud Technology and Its Implication for Quality Services
Cloud Technology and Its Implication for Quality ServicesSparta Systems
 
Kerim Cakmak, Moshe Cohen -- Continuous Verification and Validation
Kerim Cakmak, Moshe Cohen -- Continuous Verification and Validation Kerim Cakmak, Moshe Cohen -- Continuous Verification and Validation
Kerim Cakmak, Moshe Cohen -- Continuous Verification and Validation Anatoly Levenchuk
 
Ac2017 5. how to reduce v1.0
Ac2017 5. how to reduce v1.0Ac2017 5. how to reduce v1.0
Ac2017 5. how to reduce v1.0Nesma
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Cloud Standards Customer Council
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Safety Net Architectural Strategy
Safety Net Architectural StrategySafety Net Architectural Strategy
Safety Net Architectural StrategyMark Goetsch
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On DemandS299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On DemandKate Haughton
 

Similar to Scalable cloud governance, risk management and compliance (20)

SafeNet EMS Showcase: Today's Evolving Licensing Landscape
SafeNet EMS Showcase: Today's Evolving Licensing LandscapeSafeNet EMS Showcase: Today's Evolving Licensing Landscape
SafeNet EMS Showcase: Today's Evolving Licensing Landscape
 
SafeNet EMS Showcase: Ingredients for an Evolution
SafeNet EMS Showcase: Ingredients for an EvolutionSafeNet EMS Showcase: Ingredients for an Evolution
SafeNet EMS Showcase: Ingredients for an Evolution
 
What the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to KnowWhat the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to Know
 
SAP grc
SAP grc SAP grc
SAP grc
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
 
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating Clouds
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
 
Cloud Technology and Its Implication for Quality Services
Cloud Technology and Its Implication for Quality ServicesCloud Technology and Its Implication for Quality Services
Cloud Technology and Its Implication for Quality Services
 
Kerim Cakmak, Moshe Cohen -- Continuous Verification and Validation
Kerim Cakmak, Moshe Cohen -- Continuous Verification and Validation Kerim Cakmak, Moshe Cohen -- Continuous Verification and Validation
Kerim Cakmak, Moshe Cohen -- Continuous Verification and Validation
 
Ac2017 5. how to reduce v1.0
Ac2017 5. how to reduce v1.0Ac2017 5. how to reduce v1.0
Ac2017 5. how to reduce v1.0
 
Collaborative Quality Management
Collaborative Quality ManagementCollaborative Quality Management
Collaborative Quality Management
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Safety Net Architectural Strategy
Safety Net Architectural StrategySafety Net Architectural Strategy
Safety Net Architectural Strategy
 
Managing Service Providers for Today’s Digital Business
Managing Service Providers for Today’s Digital BusinessManaging Service Providers for Today’s Digital Business
Managing Service Providers for Today’s Digital Business
 
Customer Story: Aire
Customer Story: Aire Customer Story: Aire
Customer Story: Aire
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On DemandS299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
 

More from Peter HJ van Eijk

How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITPeter HJ van Eijk
 
Ccsk brochure online 5 day Q1 2018
Ccsk brochure online 5 day Q1 2018Ccsk brochure online 5 day Q1 2018
Ccsk brochure online 5 day Q1 2018Peter HJ van Eijk
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 
Ohm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshareOhm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slidesharePeter HJ van Eijk
 
Virtualizatie: de 'big picture'
Virtualizatie: de 'big picture'Virtualizatie: de 'big picture'
Virtualizatie: de 'big picture'Peter HJ van Eijk
 
CMG 101 - Understanding performance
CMG 101 - Understanding performanceCMG 101 - Understanding performance
CMG 101 - Understanding performancePeter HJ van Eijk
 
Systematische Aanpak Applicatie Performance
Systematische Aanpak Applicatie PerformanceSystematische Aanpak Applicatie Performance
Systematische Aanpak Applicatie PerformancePeter HJ van Eijk
 
Cloud Encounters: Measuring the computing cloud
Cloud Encounters: Measuring the computing cloudCloud Encounters: Measuring the computing cloud
Cloud Encounters: Measuring the computing cloudPeter HJ van Eijk
 

More from Peter HJ van Eijk (9)

How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
 
Ccsk brochure online 5 day Q1 2018
Ccsk brochure online 5 day Q1 2018Ccsk brochure online 5 day Q1 2018
Ccsk brochure online 5 day Q1 2018
 
Ccsk exam cheat sheet
Ccsk exam cheat sheetCcsk exam cheat sheet
Ccsk exam cheat sheet
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
 
Ohm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshareOhm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshare
 
Virtualizatie: de 'big picture'
Virtualizatie: de 'big picture'Virtualizatie: de 'big picture'
Virtualizatie: de 'big picture'
 
CMG 101 - Understanding performance
CMG 101 - Understanding performanceCMG 101 - Understanding performance
CMG 101 - Understanding performance
 
Systematische Aanpak Applicatie Performance
Systematische Aanpak Applicatie PerformanceSystematische Aanpak Applicatie Performance
Systematische Aanpak Applicatie Performance
 
Cloud Encounters: Measuring the computing cloud
Cloud Encounters: Measuring the computing cloudCloud Encounters: Measuring the computing cloud
Cloud Encounters: Measuring the computing cloud
 

Recently uploaded

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Scalable cloud governance, risk management and compliance

  • 1. Scalable compliance in the eyes of the customer A brief roadmap for cloud providers and cloud brokers Peter HJ van Eijk & Michiel Steltman We help IT businesses to quickly become successful cloud providers
  • 2. Trust is the number one obstacle for cloud users The key factor for overcoming the present inhibitors will be to gain *cloud+ users’ trust on security and compliance (Deloitte 2009) Cloud providers’ commercial tactics Why these tactics don’t work References and “Branding” Cloud consumers want proof, if only because regulations and accountability force them to Price erosion Leads to a ‘race to the bottom’ React on customer inquiry Reacting takes time and effort One-off and customer specific audits Not repeatable, not scalable
  • 3. The business case for repeatable and ‘continuous audit’ Cloud Consumers want to base their provider selection on a priori verifiable compliance Can the provider afford to have a separate audit for every proposal or customer? The cloud consumer itself has to deal with a more frequent audit obligations Demonstrating compliance has to be repeatable and scalable Successful cloud providers enable the consumers’ GRC processes 3
  • 4. The future of Cloud Governance, Risk management and Compliance • Collaborative effort between provider and consumer • Continuous audit • As automated as possible • Integrated GRC: risk management in the widest sense of the word drives governance – Compliance is a collateral benefit – Maturity level of organization rises 4
  • 5. How does professional risk management work? • Risk based: professional risk management prioritizes the most important risks – No superfluous or useless measures and controls • Professional risk management incorporates audit and compliance obligations – Anchor in operational process, instead of running a troublesome project for each audit • Professional risk management is repeatable and scalable – Champagne? Really? Did you expect the audit to be a one time effort? 5
  • 6. Integrated governance, risk management and compliance: the big picture High level risk, scope and value assessment Assets and value proposition at risk Legal and compliance obligations Risk mitigation plan Security and control testing and review Execution in operation Continuous reports Pick framework 6
  • 7. Example risks Threat Consequence/Risk Control/measure Disk full Denial of service (to customer) Measure/monitor (implying a defined Incident response) Server saturated Denial of service (to customer) Measure/monitor (implying a defined Incident response) No audit report available Loss of prospective customer Perform regular audits Compliance: lack of a ‘control’ Loss of compliance Implement control Capacity shortage for SLA Denial of service (to customer) Set up capacity planning Monitoring system fails Loss of visibility Make monitoring system redundant No DR (disaster recovery) planned Loss of compliance Adapt architecture No Auditing, Monitoring and Alerting Loss of visibility Set up LMR system All private cloud vulnerabilities as per industry best practice … … … 7
  • 8. CCM (Cloud Control Matrix), CAIQ (Consensus Assessments Initiative Questionnaire), Cloud Audit and CTP (Cloud Trust Protocol) are products maintained by CSA (Cloud Security Alliance) Cloud compliance in real-time GRC stack component Example element CCM CO-02: Independent reviews and assessments shall be performed at least annually […] CAIQ CO-02.3: Do you conduct regular application penetration tests of your cloud infrastructure as prescribed by industry best practices and guidance? Cloud Audit http://mycloudprovider.com /cloudaudit/org/cloudsecurityalliance/guidance/CO-02 CTP "It is 11 pm, do you know in which geography your virtual machines are running?" 8
  • 9. Want to know more? Do you want to know more about effective and efficient risk management and compliance in de cloud? Join our webinar “Cloud Computing under control” “Control the risks in your cloud proposition and transform them into benefits for customers” Register at: www.CloudComputingUnderControl.com If you liked this roadmap, please forward it to a colleague or friend!