security in the cloud - making it a safe prospect
DESCRIPTION
A talk delivered by Chris Ulliott, Technical Director at GCHQ, at Cloud Control: Implementing cloud computing 2014, hosted by Civil Service World and Eduserv.TRANSCRIPT
© Crown Copyright. All rights reserved.
Chris Ulliott
Cloud Security
Technical Director andChief IA Architect, CESG
this is
not new© Crown Copyright. All rights reserved.
understand yourrequirements
© Crown Copyright. All rights reserved.
value your
data© Crown Copyright. All rights reserved.
principles14
© Crown Copyright. All rights reserved.
data in transitresilience
separation
governanceoperational
personnel
devsupply chain
management
ID&Ainterface protection
administration
audit
user responsibilities
© Crown Copyright. All rights reserved.
understand theservice offering
© Crown Copyright. All rights reserved.
(I/P/S)aaS
© Crown Copyright. All rights reserved.
public
community
private
or
© Crown Copyright. All rights reserved.
data intransitprotection
© Crown Copyright. All rights reserved.
assetprotection& resilience
© Crown Copyright. All rights reserved.
separationbetweencustomers
© Crown Copyright. All rights reserved.
governance
© Crown Copyright. All rights reserved.
operationalsecurity
© Crown Copyright. All rights reserved.
personnelsecurity
© Crown Copyright. All rights reserved.
securedevelopment
© Crown Copyright. All rights reserved.
supply chainsecurity
© Crown Copyright. All rights reserved.
secureconsumermanagement
© Crown Copyright. All rights reserved.
ID&A
© Crown Copyright. All rights reserved.
externalinterfaceprotection
© Crown Copyright. All rights reserved.
secureserviceadmin.
© Crown Copyright. All rights reserved.
auditinformationprovision tocustomers
© Crown Copyright. All rights reserved.
secure useby theconsumer
© Crown Copyright. All rights reserved.
getassurance
© Crown Copyright. All rights reserved.
assertion
© Crown Copyright. All rights reserved.
contractual
© Crown Copyright. All rights reserved.
independentvalidation ortesting
© Crown Copyright. All rights reserved.
assurancein the
design© Crown Copyright. All rights reserved.
assuredcomponents
© Crown Copyright. All rights reserved.
alternative
mitigations
© Crown Copyright. All rights reserved.
? accept the residual
risk© Crown Copyright. All rights reserved.
get the details at:https://www.gov.uk
/government/collections
/cloud-security-guidance
© Crown Copyright. All rights reserved.
?Questions
© Crown Copyright. All rights reserved.