Download - Collaborative Contingency in the Cloud
![Page 1: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/1.jpg)
Collaborative Contingency in the Cloud
Glen Roberts, CISSP
![Page 2: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/2.jpg)
About the Presenter
* Glen Roberts, CISSP * IT Infrastructure Manager at UFCU * President at Cloud Security Alliance, Austin Chapter
![Page 3: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/3.jpg)
* Cloud Computing Overview * Cloud Benefits and Risks * Myths and Reality of the Cloud * Community Clouds * What a CUSO Model Offers * CUSO Model Benefits * Case Study: 2nd Node * Foundational Issues * Abbreviated Risk Framework * Addressing Common Security Concerns
Agenda
![Page 4: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/4.jpg)
Cloud Computing Definition
A model for enabling ubiquitous, convenient, on-‐demand network access to a shared pool of configurable computing resources (NIST: September, 2011)
![Page 5: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/5.jpg)
Cloud Computing Model
!
![Page 6: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/6.jpg)
What are some of the benefits cloud computing can offer credit unions?
Interactive Slide
![Page 7: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/7.jpg)
1. Faster implementation, ready to use, automation 2. Access anywhere, on any device 3. Reduced cost, pay for use 4. Scalability, right-‐sized, flex up and down 5. Collective benefits, GRC alignment, new functionality 6. Improved productivity, shift focus to further innovate 7. Integrated security and patching 8. Leverage vendor expertise, economy of scale 9. High performance, reliability, uptime 10. Environment-‐friendly, computing efficiency
Top 10 Cloud Benefits
![Page 8: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/8.jpg)
What risks might cloud computing expose a credit union to?
Interactive Slide
![Page 9: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/9.jpg)
1. Data loss, alteration, disclosure 2. Unable to prove security of provider or solution 3. Provider insider threat, insecure APIs, hypervisor flaws 4. Multi-‐tenancy trust issues 5. Account hijacking 6. Regulatory problems, lack of forensics support 7. Blurred responsibilities 8. Internet/external network dependency 9. Poor support, scalability issues 10. Complexity, hidden costs
Top 10 Cloud Risks
![Page 10: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/10.jpg)
* The cloud is just a fad * The cloud is less secure * The cloud is not compliant * Moving to the cloud is too challenging * Moving to the cloud is too costly
Myths and Reality of the Cloud
![Page 11: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/11.jpg)
* Shared by several organizations * Supports a community with common interests * Business purpose * Standardization * GRC requirements: GLBA, NCUA
* Many of the benefits of public cloud with less risk * Better cost savings than private cloud or traditional infrastructure
Community Clouds
![Page 12: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/12.jpg)
* Trust * Transparency * Dependable SLAs * Clear roles & responsibilities * Shared improvements * Data sharing
What a CUSO Model Offers
![Page 13: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/13.jpg)
* Do more with less * Reduce maintenance & operations costs * Sharing of assets * Share the expense of implementations * Free up staff to innovate for members
CUSO Model Benefits
![Page 14: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/14.jpg)
* Cloud service brokerage * Cooperatively select vendors * Improved bargaining power as a collective * Shared cost of vendor solutions * Leverage shared integration with vendors
More CUSO Model Benefits
![Page 15: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/15.jpg)
Case Study: 2nd Node
* Formed by UFCU and AFCU in 2009 * CUSO * Second data center * Business Continuity/Disaster Recovery
![Page 16: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/16.jpg)
2nd Node: Facility
* Facility * SAS 70 Type II Facility * Working on SSAE 16 Type II * Generator, UPS, HVAC * Environmental security
![Page 17: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/17.jpg)
2nd Node: Infrastructure
* Utility pricing per cabinet: * Telecom * Internet connectivity – 100 mbps
* SAN * Separate LUNS, partitions * EqualLogic, Compellent
* IDS/IPS * Individual consoles/customer * 2nd Node as the oracle
![Page 18: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/18.jpg)
2nd Node: Cloud Services
* Private clouds * SAN replication * System backups * Silver Peak network concentrators * Hosted failover (Symitar)
![Page 19: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/19.jpg)
Foundational Issues
* Many have tried and failed * Control issues vs. cooperation * Visibility of operations * Differing visions * Undefined SLAs * Security concerns
![Page 20: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/20.jpg)
* Security * Not necessarily more or less secure * Enormous potential to be more secure * Collaborate to implement controls * Standards gaps * Traditional standards still apply * NIST and CSA are helping accelerate catch-‐up
Addressing Common Security Concerns
![Page 21: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/21.jpg)
* What data needs to be protected? * Common options: * Encryption of data * Tokenization * Sanitization, anonymization * Object security * Hashing
Data Protection
![Page 22: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/22.jpg)
* Identify potential assets to be moved to a community cloud * Infrastructure * Data * Applications * Functions/Processes
Abbreviated Risk Framework: Identify Assets
![Page 23: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/23.jpg)
* Assess DAD risks of moving assets to community cloud * What is the impact if the provider accesses the asset or if data goes public? * What is the impact if processes are manipulated or fail to function?
Abbreviated Risk Framework: Community Cloud Risks
![Page 24: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/24.jpg)
* Location * Identification of other tenants * Degree of control * Who manages assets and how * Security and compliance controls
Abbreviated Risk Framework: Community Cloud Requirements
![Page 25: Collaborative Contingency in the Cloud](https://reader034.vdocument.in/reader034/viewer/2022051818/549a176ab47959794d8b58c7/html5/thumbnails/25.jpg)
* Providers * Partners * Solutions
Abbreviated Risk Framework: Community Cloud Evaluation