Upload
phila-agcaoili
View
104
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Cloud Security Alliance Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
Citation preview
www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Cloud Security Alliance Research & Roadmap
RSA Conference 2013 Announcements
Q1’2013 CSA Atlanta ChapterPhil Agcaoili
CSA Founding Member
Co-Founder/Co-Author, Cloud Controls Matrix
Co-Founder/Steering Committee, GRC Stack
Co-Founder, Security, Trust and Assurance Registry (STAR)
www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
About the Cloud Security AllianceGlobal, not-for-profit organisation
Over 40,000 individual membersMore than 160 corporate membersOver 60 chaptersBuilding best practices and a trusted cloud ecosystemAgile philosophy, rapid development of applied research
GRC: Balance compliance with risk managementReference models: build using existing standardsIdentity: a key foundation of a functioning cloud economyChampion interoperabilityEnable innovationAdvocacy of prudent public policy
“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.org
About the Cloud Security Alliance
Developed first comprehensive best practices for secure cloud computing, Security Guidance for Critical Areas of Focus for Cloud Computing (updated October 2011)First and only user certification for cloud security, the CCSK (Certificate of Cloud Security Knowledge, September 2010)Tools for managing Governance, Risk and Compliance in the Cloud Registry of cloud provider security practices, the CSA STAR (Security, Trust & Assurance Registry, Q4 2011)First and only multi-tenant security controls framework adapted for cloud (CSA CCM)Industry leading security practices, education and tools developed by 20+ working groupsSelection of CSA venue by US White House to announce the US Federal Cloud Strategy in 2011Leadership in developing new security standards addressing cloud computingTrusted advisor to governments and Global 2000 firms around the world
“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud
Computing to help secure all other forms of computing.”
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
http://cloudsecurityalliance.org/chapters/
GLOBAL CHAPTERS
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Chapters Around the World
60 chapters and growing
Every continent except Antarctica
Translating guidance
Adapting research to local needs
Creating their own research projects
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
2012
Chapter Tools
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Chapter Website
https://chapters.cloudsecurityalliance.org/[chapter-name]/
Get your WordPress based chapter site on CSAEvents, news, past events, site mapAdd your logoAdd your Twitter feed
Contact [email protected]
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Chapter Logo
Get your Chapter logoContact [email protected]
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Basecamp
The CSA Projects will begin migrating to the "new" Basecamp found at the following URL:
https://launchpad.37signals.com/
This site will give you access to all of your CSA projects on the new Basecamp and the pre-existing projects found in the renamed "Basecamp Classic". The 37Signals Launchpad will help you navigate to both Basecamp sites if you are participating in multiple CSA Working Groups.
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
http://cloudsecurityalliance.org/research/
RESEARCH
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Click icon to add picture
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Research PortfolioOur research includes fundamental projects needed to define and implement trust within the future of information technology
CSA continues to be aggressive in producing critical research, education and tools
22 Active Work Groups and 10 in the pipeline
Copyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Global Research Footprint
Global resource and research coverage through our corporate membership, affiliate members, chapters and
Connected to great minds: Research contributors represent some of the top minds in information security and cloud computing
Copyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research HighlightsSecurity Guidance for Critical Areas of Cloud Computing
Popular best practices for securing cloud computing
Flagship research project
V 3.0 Released (November 2011)
In alignment with international standards
Impact to the Industry
Developed first comprehensive best practices for secure cloud computing, Security Guidance for Critical Areas of Focus for Cloud Computing (updated October 2011)
> 300k downloads: cloudsecurityalliance.org/guidance
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research Highlights
GRC Stack
Family of 4 research projects
Cloud Controls Matrix (CCM)
Consensus Assessments Initiative (CAI)
Cloud Audit
Cloud Trust Protocol (CTP)
Control Requirements
Provider Assertions
Private, Community
& Public Clouds
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research HighlightsControls derived from guidance
Mapped to familiar frameworks: ISO 27001, COBIT, PCI, HIPAA, FISMA, FedRAMP, etc.
Rated as applicable to S-P-I
Customer vs. Provider role
Help bridge the “cloud gap” for IT & IT auditors
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research HighlightsResearch tools and processes to perform shared assessments of cloud providers
Integrated with Controls Matrix
Version 1 CAI Questionnaire released Oct 2010, approximately 140 provider questions to identify presence of security controls or practices
Use to assess cloud providers today, procurement negotiation, contract inclusion, quantify SLAs
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research HighlightsOpen standard and API to automate provider audit assertions
Change audit from data gathering to data analysis
Necessary to provide audit & assurance at the scale demanded by cloud providers
Uses Cloud Controls Matrix as controls namespace
Use to instrument cloud for continuous controls monitoring
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research HighlightsDeveloped by CSC, transferred to CSA
Open standard and API to verify control assertions
“Question and Answer” asynchronous protocol, leverages SCAP (Secure Content Automation Protocol)
Integrates with Cloud Audit
Now we have all the components for continuous controls monitoring
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research Highlights
CSA STAR (Security, Trust and Assurance Registry)
Public Registry of Cloud Provider self assessments
Based on Consensus Assessments Initiative Questionnaire
Provider may substitute documented Cloud Controls Matrix compliance
Voluntary industry action promoting transparency
Free market competition to provide quality assessments
Provider may elect to provide assessments from third parties
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Q&A session on implementing the CSA CCM and CAIQScott Poggi, Cox Enterprises IT Security Engineering
Michael Brady, Cox Enterprises Corporate Security
James Edgar, Cox Communications Information Security
How did using the CAIQ simplify cloud adoption? CCM?
What was it like before?
What were some challenges in utilizing CAIQ and CCM?
Do you have suggestions to make it better?
What teams needed to be involved to help you?
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research Highlights
Security as a ServiceResearch for gaining greater understanding for how to deliver security solutions via cloud models.
Information Security Industry Re-invented
Identify Ten Categories within SecaaS
Implementation Guidance for each SecaaS Category
Align with international standards and other CSA research
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research Highlights
MobileSecuring application stores and other public entities deploying software to mobile devices
Analysis of mobile security capabilities and features of key mobile operating systems
Cloud-based management, provisioning, policy, and data management of mobile devices to achieve security objectives
Guidelines for the mobile device security framework and mobile cloud architectures
Solutions for resolving multiple usage roles related to BYOD, e.g. personal and business use of a common device
Best practices for secure mobile application development
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research HighlightsBig Data
Identifying scalable techniques for data-centric security and privacy problems
Lead to crystallization of best practices for security and privacy in big data
Help industry and government on adoption of best practices
Establish liaisons with other organizations in order to coordinate the development of big data security and privacy standards
Accelerate the adoption of novel research aimed to address security and privacy issues
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research Highlights
Cloud Data Governance
Cloud Data Governance Maturity Survey of current Cloud Provider practices in the market (e.g. backup, encryption, secure deletion, etc.)
Structure based on Domain 5: Information Lifecycle Management
Re-define Data Life Cycle Model
Identify Key Concerns for Stakeholders
Data Governance in Emerging Technologies in the Cloud
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research Highlights
Telecom Working Group
Industry a key stakeholder in future of cloud
CSA’s liaison to ITU-T
5 Telecom Initiatives
Telecom and the GRC Stack
ISO 27017 Interviews to CSP’s
SIEM
Compliance Monitoring
Cloud Forensics and Legal
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
CloudCERT
Consensus research for emergency response in Cloud
Enhance community’s ability to respond to incidents
Standardized processes
Supplemental best practices for CERTs
Hosted Community of Cloud CERTs
Research Highlights
www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research HighlightsHealth Information Management (NEW)
Provide direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications and storage) to their clients, and foster cloud awareness within all aspects of healthcare and related industries
2 Health Initiatives
HIPAA and HiTech Best Practices
Healthcare Recommendations Guidance to V.3
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research HighlightsPrivacy Level Agreement (PLA)
PLA = SLA for privacy.
In the PLA (typically an attachment to the Service Agreement) the cloud service provider (CSP) clearly declares the level of privacy and data protection that it undertakes to maintain with respect to the relevant data processing.
Provide cloud customers with a tool to assess a CSP’s commitment to address personal data protection.
Offer contractual protection against possible economical damages due to lack of compliance or commitment of the CSP privacy and data protection regulation.
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.org
CSA SLA Research Group
Looking for CSA Chapters world-wide participation Regional representation Effective SLAs and their Management is a key factor in
the successful adoption of the Cloud
www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research Highlights
ISACA/CSA Cloud Security Maturity Project
The Cloud Security Alliance (CSA) and ISACA announced the availability of a new survey on cloud market maturity
This is the first collaborative project between the two organizations
A report based off of the survey results will be published
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Research Highlights
Top ThreatsProvide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies
V.2 of Top Threats Report released in October 2012
www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Regional Research (EMEA)
CSA has been awarded 4 FP7 Projects
Helix Nebula - The HELIX NEBULA Project is a preliminary step towards a European cloud‐based scientific e‐ infrastructure: HELIX NEBULA – the Science Cloud.
Cumulus - The overall aim of the project is to develop a framework for hybrid, incremental and multi-layer certification for all services in cloud computing stacks, including infrastructure (IaaS), platform (PaaS) and software services (SaaS
Cirrus – Cirrus pretends to bring together different stakeholders (industry, research, service providers, end-users, standardization bodies…) and perform an analysis of implications for overall E2E (end-to-end) Cloud Security with the special attention to issues of assurance and trustworthiness.
A4 Cloud - This project aims to clarify regulatory expectations with regard to cloud and also provide mechanisms that enable provision of accountable services in the cloud.
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Research IdeasMost of our Research Projects are ideas from professionals like you
Do you have an idea for a research project on a cloud security topic?
If so, please take the time to describe your concept by filling out the our online form. This form is monitored by the CSA research team, who will review your proposal and respond to you with feedback.
Copyright © 2012 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA Library
The Cloud Security Alliance is a community non-profit which is driven by its members. Have a white paper or information on a cloud security product you want to contribute?
https://cloudsecurityalliance.org/education/white-papers-and-educational-material/
Contribute to the CSA library
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
How do you get involved?
Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing
http://www.linkedin.com/groups?gid=1864210https://cloudsecurityalliance.org/get-involved/
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
http://cloudsecurityalliance.org/media-center/press-releases/
RSA Conference 2013 Announcements
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Released a draft of the latest version of the Cloud Control Matrix, CCM v3.0
Realigns the CCM control domains to achieve tighter integration with the CSA’s “Security Guidance for Critical Areas of Focus in Cloud Computing version 3”
Introduced three new control domains
Mobile Security
Supply Change Management, Transparency and Accountability
Interoperability & Portability
Available for peer review through the CSA Interact website with the peer review period closing March 31, 2013, and final release of CCM v3.0 on April 17, 2013
CSA Seeks Input For Open Peer Review: CCM v3.0
https://interact.cloudsecurityalliance.org/index.php/ccm/v3_group_1
https://interact.cloudsecurityalliance.org/index.php/ccm/v3_group_2
https://interact.cloudsecurityalliance.org/index.php/ccm/v3_group_3
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
CSA Big Data Working Group released an initial report--The Top 10 Big Data Security and Privacy Challenges at CSA Congress 2012
2013 RSA announcement expanded this to Top Ten Big Data Security and Privacy Challenges report
The 35-page report outlines the unique challenges presented by Big Data
The Top 10 Big Data Security and Privacy Challenges have been enumerated as follows:
1. Secure computations in distributed programming frameworks
2. Security best practices for non-relational data stores
3. Secure data storage and transactions logs
4. End-point input validation/filtering
5. Real-time security monitoring
6. Scalable and composable privacy-preserving data mining and analytics
7. Cryptographically enforced data centric security
8. Granular access control
9. Granular audits
10. Data provenance
The goal of outlining these challenges is to raise awareness among security practitioners and researchers
To review the report and provide comments, please visit https://interact.cloudsecurityalliance.org/index.php/bigdata/top_ten_big_data_2013 .
CSA Seeks Input For Open Peer Review: Expanded Top Ten Big Data Security and Privacy Challenges Report
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Released a position paper on the American Institute of CPAs’ reporting framework
Educating members and providing guidance on selecting the most appropriate reporting option
Latest step in CSA’s previously announced Open Certification Framework and STAR Attestation initiatives
AICPA’s reporting framework, known as Service Organization Control Reports, consists of three major document types
The first – the SOC 1 report – deals with controls over financial reporting
The SOC 2 report focuses on controls that bear on a service provider’s security, processing integrity and operating availability, as well as the confidentiality and privacy of data moving through its systems.
A third report, SOC 3, is a compressed version of the SOC 2 and is designed for public distribution.
Highlights that for most cloud providers, a SOC 2 Type 2 attestation examination conducted in accordance with AICPA standard AT Section 101 (AT 101) utilizing the CSA Cloud Controls Matrix (CCM) as additional suitable criteria is likely to meet the assurance and reporting needs of the majority of users of cloud services
The Cloud Controls Matrix is designed to be used in conjunction with existing standards, and this is one such example where the combination provides a comprehensive view that should suit most users reporting needs
Position paper also offers guidance to members on the following:
When a SOC 1 report is necessary,
When a SOC 2 report is called for, and
When both engagement types may be required
The full position paper can be found at https://cloudsecurityalliance.org/research/collaborate/#_aicpa
CSA Continues Campaign To Improve Transparency And Assurance In The Cloud Market With Position Paper On AICPA Reporting Framework
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
The CSA PLA Working Group formed in 2012 to help transpose the Art. 29 WP and EU National Data Protection Regulators’ recommendations on Cloud Computing into an easy to use outline that CSPs can use to disclose personal data handling practices
The Cloud Security Alliance (CSA) Privacy Level Agreement (PLA) Working Group released the Privacy Level Agreement (PLA) Outline for Cloud Service Providers providing services in the European Union
The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers
Once a PLA outline is completed by a CSP, it will provide current and potential customers with a new tool to assess that CSP’s disclosure of its practices.
This knowledge, in turn, will allow companies to evaluate the extent to which the use of a particular CSP will allow them to achieve compliance with applicable data protection laws, including, in particular, their transparency and accountability obligations, a positive shift for both the customer and provider alike.
Key elements covered in the outline include:Cloud customer internal and external due diligence Categories of personal data that may be uploaded to the service Ways which data should be processed in the cloud Data location, transfer, retention, monitoring and security measures Personal data breach notification Data portability, migration, and transfer back assistance Accountability Law enforcement access Remedies
To learn more, download the PLA Initiative Research Sponsorship Outline.
Cloud Security Alliance Releases First Guidelines for Cloud Service Providers Delivering Services in the European Union
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
The Cloud Security Alliance (CSA) Top Threats Working Group released The Notorious Nine: Cloud Computing Top Threats in 2013
A revised report aimed to provide organizations with up-to-date, expert-informed understanding of cloud security threats in order to make educated risk-management decisions regarding cloud adoption strategies
Report focuses on threats specifically related to the shared, on-demand nature of cloud computing
Serves as an up-to-date threat identification guide that will help cloud users and providers make informed decisions about risk mitigation within a cloud strategy
The Top Threats Working Group used these survey results alongside their expertise to craft the final The Notorious Nine: Cloud Computing Top Threats in 2013.
Identified the following nine critical threats to cloud security:1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. Malicious Insiders 7. Abuse and Nefarious Use 8. Insufficient Due Diligence 9. Shared Technology Issues
Intended to be utilized in conjunction with the best practices guides “Security Guidance for Critical Areas in Cloud Computing V.3” and “Security as a Service Implementation Guidance”
Companies and individuals interested in learning more or joining the group can visit https://cloudsecurityalliance.org/research/top-threats/.
Cloud Security Alliance Warns Providers of ‘The Notorious Nine’ Cloud Computing Top Threats in 2013
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Formation of the Legal Information Center (CLIC), a new online resource.
The launch of the CLIC is part of an ongoing effort on behalf of the CSA to help individuals and organizations better understand and address the various and often complicated legal issues related to cloud computing
The CLIC will be an open resource for cloud computing practitioners, regulators, and legal experts with a mission to provide unbiased information about the applicability of existing laws and also identify laws that are being impacted by technology trends that may require modification
As part of this new initiative, CSA and Box hosted a panel discussion entitled, “US and Foreign Laws Regulating Government Access to Data Held in the Cloud” on Thursday, February 28th
Panel participants included legal and regulatory experts from seven countries
Moderated by Francoise Gilbert, Founder and General Manager of the IT Law Group as well as General Counsel for the CSA.
The panel explored a wide range of issues related to the rule of laws governing access of governments to data held in the cloud
More information on the CLIC: https://cloudsecurityalliance.org/research/clic/
Cloud Security Alliance To Establish New Legal Information Center
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2012 Cloud Security Alliance
Announced the launch of a new global training program called the CSA Master Training Program
HP named as the initial partner of this new program
The CSA Master Training Program is designed to accelerate worldwide access and adoption of the CSA Certificate of Cloud Security Knowledge (CCSK) Certification
With assistance from HP, CSA will invest in the global expansion of CCSK training availability,
A key focus on the Asia Pacific region.
CSA and HP will also work closely to collaborate on a curriculum roadmap through the CCSK Center of Excellence based in Singapore
HP will adapt existing CCSK lab-based training to include HP cloud solutions
HP Education Services will certify any HP CCSK training staff based on HP’s CSA-certified courseware
At the annual CSA Congress in October 2012, the CSA published version 3 of its CCSK
Included two principal updates, including an update to the CCSK Training Materials as well as a new CCSK exam
The CCSK is aligned with the latest release of CSA’s Security Guidance as well as other intellectual property, which comprises the CSA Common Body of Knowledge (CBK)
Cloud Security Alliance Selects HP For New Master Training Partner Program
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Contact
Help Us Secure Cloud Computingwww.cloudsecurityalliance.org
LinkedIn: www.linkedin.com/groups?gid=1864210
Twitter: @cloudsa
//philA//
https://www.linkedin.com/in/philA
@hacksec