Collaborative Contingency

in the Cloud

CISSP

You Are Only Successful With Pas4sureexam Testing Engine In Your IT

Certification – Pass4sureexam.co the IT certification training provider offers

thousands of Certification Exams, such as Microsoft, Cisco, CompTIA, Oracle,

IBM, Sun, VMware, Google and other vendors.

About the Presenter

Fast, helpful support 24x7.

Agenda

*  Cloud Computing Overview *  Cloud Benefits and Risks *  Myths and Reality of the Cloud *  Community Clouds *  What a CUSO Model Offers *  CUSO Model Benefits *  Case Study: 2nd Node *  Foundational Issues *  Abbreviated Risk Framework *  Addressing Common Security Concerns

Cloud Computing Definition

A model for enabling ubiquitous, convenient, on-demand network

access to a shared pool of configurable computing resources

(NIST: September, 2011)

Cloud Computing Model

Interactive Slide

What are some of the benefits

cloud computing can offer credit unions?

Top 10 Cloud Benefits

1.  Faster implementation, ready to use, automation 2.  Access anywhere, on any device 3.  Reduced cost, pay for use 4.  Scalability, right-sized, flex up and down 5.  Collective benefits, GRC alignment, new functionality 6.  Improved productivity, shift focus to further innovate 7.  Integrated security and patching 8.  Leverage vendor expertise, economy of scale 9.  High performance, reliability, uptime 10.  Environment-friendly, computing efficiency

Interactive Slide

What risks might cloud computing

expose a credit union to?

Top 10 Cloud Risks

1.  Data loss, alteration, disclosure 2.  Unable to prove security of provider or solution 3.  Provider insider threat, insecure APIs, hypervisor flaws 4.  Multi-tenancy trust issues 5.  Account hijacking 6.  Regulatory problems, lack of forensics support 7.  Blurred responsibilities 8.  Internet/external network dependency 9.  Poor support, scalability issues 10.  Complexity, hidden costs

Myths and Reality of the Cloud

*  The cloud is just a fad *  The cloud is less secure *  The cloud is not compliant *  Moving to the cloud is too challenging *  Moving to the cloud is too costly

Community Clouds

*  Shared by several organizations *  Supports a community with common interests *  Business purpose

*  Standardization *  GRC requirements: GLBA, NCUA *  Many of the benefits of public cloud with less risk

*  Better cost savings than private cloud or traditional infrastructure

What a CUSO Model Offers

*  Trust *  Transparency *  Dependable SLAs *  Clear roles & responsibilities *  Shared improvements *  Data sharing

CUSO Model Benefits

*  Do more with less *  Reduce maintenance & operations costs *  Sharing of assets *  Share the expense of implementations *  Free up staff to innovate for members

More CUSO Model Benefits

*  Cloud service brokerage *  Cooperatively select vendors *  Improved bargaining power as a collective *  Shared cost of vendor solutions *  Leverage shared integration with vendors

Case Study: 2nd Node

*  Formed by UFCU and AFCU

in 2009 *  CUSO *  Second data center *  Business Continuity/Disaster Recovery

2nd Node: Facility

*  Facility *  SAS 70 Type II Facility *  Working on SSAE 16 Type II *  Generator, UPS, HVAC *  Environmental security

2nd Node: Infrastructure

*  Utility pricing per cabinet: *  Telecom

*  Internet connectivity - 100 mbps *  SAN

*  Separate LUNS, partitions *  EqualLogic, Compellent *  IDS/IPS

*  Individual consoles/customer *  2nd Node as the oracle

2nd Node: Cloud Services

*  Private clouds *  SAN replication *  System backups *  Silver Peak network

concentrators *  Hosted failover (Symitar)

Foundational Issues

*  Many have tried and failed *  Control issues vs. cooperation *  Visibility of operations *  Differing visions *  Undefined SLAs *  Security concerns

Addressing Common Security

Concerns

*  Security *  Not necessarily more or less secure

*  Enormous potential to be more secure *  Collaborate to implement controls *  Standards gaps

*  Traditional standards still apply *  NIST and CSA are helping accelerate catch-up

Data Protection

*  What data needs to be protected? *  Common options: *  Encryption of data

*  Tokenization *  Sanitization, anonymization *  Object security *  Hashing

Abbreviated Risk Framework: Identify Assets

*  Identify potential assets to be moved to a community

cloud *  Infrastructure

*  Data *  Applications *  Functions/Processes

Abbreviated Risk Framework: Community Cloud Risks

*  Assess DAD risks of moving assets to community

cloud *  What is the impact if the provider accesses the asset or if data goes public? *  What is the impact if processes are manipulated or fail to function?

Abbreviated Risk Framework: Community Cloud Requirements

*  Location *  Identification of other tenants *  Degree of control *  Who manages assets and how *  Security and compliance controls

Abbreviated Risk Framework: Community Cloud Evaluation

*  Providers *  Partners *  Solutions

Pass4sure.co is a leading provider of IT certification and

exams preparation materials, including labs imitations,

guides, samples, Q&A, explanations, audio and video

materials, case studies, etc.

Practice CISSP exam questions with answers.

Instant CISSP download.

Updated frequently - free updates for 120 days

24/7 customer support.

Real CISSP exam environment simulation.

Experience of more than 6 years

The Astounding Pass Rate of 99.3%

71589 completely satisfied clients

Pass CISSP Exam in First Attempt

Thanks!

http://www.pass4sureexam.co/CISSP.html