Welcome to the CISO Executive Network!

Please log in using the form to the right.
If you do not having a username and password, please take a moment to fill out our contact form to be considered for registration.

User login

Welcome, Guest

Log In Register

NY Cloud Security 2011

CISO Executive Network Cloud Security Breakfast Roundtable

Thursday, June 23, 2011

8:00 am - 12:00 noon

ReedSmith

Speakers

Adam Snukl  ReedSmith

Keith Haughey  Ping Identity

Harold Moss  IBM

Kurt Johnson  Courion

Mike Mettenheimer  Oracle

Member Discussion Leader

Robert Duran  Time, Inc.

New York Member Robert Duran Discusses Cloud Security

Rob Duran sees a number of security issues when he thinks of cloud computing.

“I’d break my concerns into three categories,” says Rob, Information Security & Privacy Officer and VP, Information Risk Management with Time, Inc. Those categories are:

1) Deprovisioning users on external platforms

2) Potential impact on ediscovery and compliance activities.

3) Staff using what he calls Consumer cloud services. “These are the free or nearly free services that are hard to control and easy to use with quick benefits to the employee. Dropbox or any of the file transfer tools, Basecamp, Google Apps, for example,” he explains.

Rob says his company uses cloud services at the IaaS, PaaS, and SaaS layers. “We're doing the typical things you'd expect like CRM,” he adds.

Based on his three categories of concern, these are the steps Rob is taking to mitigate the risks in the cloud. “We are establishing federation services to assist in deprovisioning, and we're trying to educate staff on potential risks and trying to identify what the possible impact might be.”

His advice for other CISCO Executive Network members on how to best tackle cloud security issues?

Start with the CSA guidelines and ask yourself the following questions, he says.

1. How would we be harmed if the asset became widely public and widely distributed?

2. How would we be harmed if an employee of our cloud provider accessed

the asset?

3. How would we be harmed if the process or function were manipulated by an outsider?

4. How would we be harmed if the process or function failed to provide expected results?

5. How would we be harmed if the information/data were unexpectedly changed?

6. How would we be harmed if the asset were unavailable for a period of

time?

Rob Duran is Information Security & Privacy Officer and VP, Information Risk Management with Time Inc.

 

 

 



AttachmentSize
NY CLOUD SECURITY MAIN 2011.pdf7.42 MB
NY CLOUD SECURITY SPONSORS 2011.pdf19.77 MB
Robert Duran Cloudy Day.pdf527.43 KB
REED SMITH NY CLOUD 2011.pdf610.74 KB
redp4614.pdf879.44 KB
Groups: