• Home

  • Documents

  • Cloud Security poster - Print this poster on A3 format and use it as a checklist
1

Click here to load reader

Cloud Security poster - Print this poster on A3 format and use it as a checklist

  • Upload
    mike-c

  • View
    2.092

  • Download
    1

Embed Size (px)

DESCRIPTION

KPMG's cloud security poster - print it on A3 format or bigger and use it as a handy checklist

Citation preview

Page 1: Cloud Security poster - Print this poster on A3 format and use it as a checklist

Business challenges

in the cloud

Security&

Privacy

Governance

Operations

Finance&

Tax

Vendors

Assurance

Customer organisation

Third party (cloud) vendor

Cloud service provider

Data centre

Mobile useOnline identities

Cloud services ecosystem• Arethereanythirdpartyvendorsinvolvedwhichcould

potentiallyimpactthelevelofsecurity?• Whatlevelofassurancedothirdpartiesoffertheprimarycloud

serviceproviderconcerningsecurityandprivacy?• Whatsecuritymeasuresaretakenbetweenvariouscloud

platforms?• Whatdegreeoftransparencyisoffered?• Whatisthereputation/track-recordofthecloudservice

providerswithintheecosystemconcerningsecurityandprivacy?

• Howistheentirecloudecosystemgovernedbythecustomer?

External data processing and storage• Howdoestheproviderisolateandsegregatecustomer’sdata?• Whatmeasuresaretakentosecurethedatainrestandin

transit?• Whattypeofencryptionissupportedandwhomanagesthe

encryptionkeys?• Whatmeasuresaretakentoensuretheavailabilityofdata?• Whatjurisdictionappliestotheproviderandthecustomer’s

data;doesthisconflictwithlocallawsanddirectives?• Whatdatadeletion/destructionpoliciesarefollowed?• Howarethecloudservicesbeensecuredphysically?

Outsourced control• Howdoestheproviderisolateandsegregatethecustomer’s

ITservices?• What(real-time)monitoringandloggingfunctionalitiesareinplace?• Howissecurityembeddedintheprovider’sorganisation

(securedevelopment,securitytesting,securitymonitoring)?• Whataretheprovider’ssecurityincidentresponsemechanisms?• Towhatstandardshastheservicebeencertified

(e.g.ISO27001)?• Howdoestheprovidersupportforensicanalysisby

independentresearchers?• Arecloudservicesby-passinginternalsecuritycontrols?

Identity & Access Management• Whatidentitystores(directories/repositories)areinuse;

whatpartiesaremanagingtheseidentitystores?• Howdoesthecustomerorganisationmaintainsinglesign-on?• Isstrong(multifactor)authenticationprovidedinthecloud;

whichprotocolsaresupported?• HowcantheinternalIAMbeintegratedwithmultiplecloud

services;canuseraccountsandpermissionsbe(de)provisionedproperly?

• Whohasaccesstothecustomer’sdata;whatmitigationsareinplacetopreventmisusebysystemadministrators?

Proliferation of mobile devices• Whatmobiledevicesareusedtoaccessandprocessbusiness

data?• Whatisthedegreeofcontrolofthesedevices(BYODto

enterpriseowneddevices)?• Whatsecuritymechanismsareinplaceincaseoftheft/loss?• Whatsecuritymechanismsareappliedtothe(mobile)

network(s)?• Arebusinessusersadequatelyeducated/informedonthe

secureuseofmobiledevicesincludingtheuseofmobileapps?• Howistheaccesstobusinessapplicationsfromuncontrolled

end-pointssecured?

Regulatory pressure

• Dataprivacydirective• Basel• Solvency• SOx• PCIDSS

Licence to operate• Which(local,international)laws,rulesanddirectives

applytothecustomerorganisation?• WhichITservicesareinscopeofregulatorycompliance;

whatistheroleofinformationsecurity?• Whatdataissubjecttoprivacylawsandrules?• Whatlevelof(public)disclosureofincidentsisrequired

bylaw?• Whatisthecurrentlevelofcompliance?• Whatistheimpactofoutsourcingtoexternalproviders

inparticularwithregardtopubliccloudcomputing?

Readiness for the cloud• Whatisthecriticalityofthebusinessdata(intellectual

property,privacysensitivedata)?• Whatcontrolsaredefinedandhowarethesecontrols

implemented?• Whataretheorganisation’spoliciesregardingoutsourcing

ingeneralandpubliccloudcomputinginparticular?• Whatservicesare/willbemovedtothecloud?• IstheITdepartmentincontrolofpurchasingcloud

servicesbythebusiness?• Doesthecostofsecurityandprivacyjustifyamoveto

thecloud?

Cyber arms race• Whatisthecurrentthreatlandscape;howisthisbeing

monitored?• Whattypesofthreatsareapplicable;whataretheattack

trends?• Whichdata/servicesarepronetoattacks?• Whatarethecurrent/near-futurevulnerabilities?• Whataretheweaknesseswithinthesupplychain?• Hastherelevantuse-casesbeenidentifiedincludingidentity

theftandsocialengineering?• Doestheexistingmeasurestakerelevantthreatsintoaccount?• Whatin-depthexpertiseisrequiredwithregardtothecloud?

Threats

• Organisedcybercrime• Onlineespionage• Internalcomputerfraud• Hactivism• State-backedcyberattacks

Key contacts

JohnHermans|PartnerT:+31651366389E:[email protected]

MikeChung|SeniorManagerT:+31614559916E:[email protected]

Areas of importance and key questions

Orchestrating the Cloud: Security & Privacy

Network

PowerPoint poster a3 in vector graphics

PowerPoint poster a3 in vector graphics

Design
2586 A3 Poster v10 - Institute of Biomedical Science...Title 2586 A3 Poster v10.indd Created Date 20190305171356Z

2586 A3 Poster v10 - Institute of Biomedical Science...Title 2586 A3 Poster v10.indd Created Date 20190305171356Z

Documents
Clinidirect home delivery a3 poster

Clinidirect home delivery a3 poster

Documents
Poster Navidad 2008 A3

Poster Navidad 2008 A3

Documents
A3 poster for film Festival

A3 poster for film Festival

Documents
Dangerous Times Festival A3 poster

Dangerous Times Festival A3 poster

Documents
A3 poster 30.1.15

A3 poster 30.1.15

Documents
CHAS A3 Poster English

CHAS A3 Poster English

Documents
Offer poster a3 aw

Offer poster a3 aw

Documents
A3 Poster Finalpdf

A3 Poster Finalpdf

Documents
StatusNo Poster - Style 1 - A3

StatusNo Poster - Style 1 - A3

Documents
A3 Poster - The invisible disability

A3 Poster - The invisible disability

Documents
Poster A3 - Briggs · Title: Poster A3 Created Date: 4/21/2008 1:41:25 PM

Poster A3 - Briggs · Title: Poster A3 Created Date: 4/21/2008 1:41:25 PM

Documents
A3 Poster 27.2.15

A3 Poster 27.2.15

Documents
music night poster a3 - tpomps.edu.hk

music night poster a3 - tpomps.edu.hk

Documents
Lean/Agile Depth Assessment Checklist A3

Lean/Agile Depth Assessment Checklist A3

Technology
PBD Poster Design en A3

PBD Poster Design en A3

Documents
Rob Burrow A3 Indies Poster

Rob Burrow A3 Indies Poster

Documents
Cubs100 A3 poster

Cubs100 A3 poster

Documents
A3 Poster - Supporting our Diggers

A3 Poster - Supporting our Diggers

Documents
Galileocomputing Poster Check Point a3

Galileocomputing Poster Check Point a3

Documents
A3 Poster New Design · Title: A3 Poster New Design.indd Created Date: 8/3/2016 2:12:34 PM

A3 Poster New Design · Title: A3 Poster New Design.indd Created Date: 8/3/2016 2:12:34 PM

Documents
Poster a3 print

Poster a3 print

Documents
Elements poster A3 UPDATED

Elements poster A3 UPDATED

Documents
28019 Poster A3 Access to justice Poster A3 Access t… · Title: 28019 Poster A3 Access to justice.indd Created Date: 2/17/2015 11:12:06 AM

28019 Poster A3 Access to justice Poster A3 Access t… · Title: 28019 Poster A3 Access to justice.indd Created Date: 2/17/2015 11:12:06 AM

Documents
Osvaldo Tchissola A3 PDF Poster

Osvaldo Tchissola A3 PDF Poster

Documents
Additional Tasks Poster A3 col - EMSSA · Title: Additional Tasks Poster A3 col.indd Created Date: 20121026044643Z

Additional Tasks Poster A3 col - EMSSA · Title: Additional Tasks Poster A3 col.indd Created Date: 20121026044643Z

Documents
A3 - Poster - RECSAM

A3 - Poster - RECSAM

Documents
Utilitas A3 poster - DomaCom

Utilitas A3 poster - DomaCom

Documents
Poster A3 PLANET last · Poster A3 PLANET_last.psd Author: Alessandro Created Date: 1/21/2019 6:11:37 PM

Poster A3 PLANET last · Poster A3 PLANET_last.psd Author: Alessandro Created Date: 1/21/2019 6:11:37 PM

Documents