SecaaS overview webinar – recording available

For anyone interested there is a recording of the webinar session available from the Credant website here;

https://credantevents.webex.com/credantevents/lsr.php?AT=pb&SP=EC&rID=4463592&rKey=a659de63f39288e9

 

It’s a little dry as it was mostly me presenting, but there is an overview of cloud and Security as a Service.

Happy viewing and feel free to ask any questions!

If you want to get involved in the work we are doing around Security as a Service check out;

https://cloudsecurityalliance.org/research/working-groups/secaas/

K

SecaaS overview webinar with Credant

For anyone who would like an overview of;

– What the ‘Cloud’ is

– Who the Cloud Security Alliance is and their mission

– What Security as a Service (SecaaS) is

– The work of the SecaaS working group so far and what is coming up

I am presenting a Webinar in association with Credant tomorrow (10/11/2011) at 1pm Central US time / 7pm UK time.

To register for this event please follow this link;

https://credantevents.webex.com/credantevents/onstage/g.php?t=a&d=668393321

This should be an interesting event, and there will be a Q&A session included should there be anything you want to know about Security as a Service, the CSA or Credant that we don’t cover in the pitch.

For those not familiar with them Credant are one of the leaders in Data Protection.  From their website they describe themselves as;

Your Trusted Data Protection Experts

We help you protect critical corporate data by mitigating the risk of data breaches and managing the complexity of securing data with a single, management framework. Our Data Protection Platform comprehensively addresses the unique security challenges of your enterprise organization’s data to ensure you’re compliant.

Our comprehensive Data Protection Platform helps you control, manage and protect data holistically at your enterprise organization from endpoints to servers, to storage, to applications and in the cloud.

For further details or to contact them Credant can be found here;

http://www.credant.com/

For reference I am in no way affiliated with Credant and the opinions expressed both here and in tomorrows presentation are 100% my own.

If you have data to be protected I would recommend checking Credants solutions out.

K

 

 

 

Cloud Security Alliance Security as a Service white paper press release

Can be found here;

https://cloudsecurityalliance.org/csa-news/csa-issues-first-secaas-white-paper/

 

I know I have mentioned this work already, but this is the official press release from the Cloud Security Alliance for the Security as a Service Categories of Service 2011 white paper.

Exciting for me as I actually wrote much of the release as well as my roles contributing to the paper and managing the groups work as one of the co-chairs.  Big thanks to Zenobia at Zag Communications for bringing the press release together.

K

 

Security as a Service – Defined Categories of Service 2011 white paper published!

The first officially published work from the recently formed Cloud Security Aliance – Security as a Service (SecaaS) working group has been published.  This is a great first step as we have identified the key categories of service that can / will make up security as a service.

This document can be found here;

https://cloudsecurityalliance.org/wp-content/uploads/2011/09/SecaaS_V1_0.pdf

I’m personally very proud of this work as I am the co-chair for the Security as a Service working group which has meant bringing together input from multiple streams of expersts working from many global locations and different time zones.  I have also had to arbitrate any disagreements around content and ensure all experts who wanted to participate were able to provide their input.

In addition to the coordinating the various inputs and running steering meetings I also provided input into various categories where extra detail was required and also wrote most of one category that wasn’t picked up by the various experts who volunteered to help.

Our next steps are to to be finalised but they are likely to include;

– Finalising the version of the document that will be put forward towards an ISO standard

– Working on getting SecaaS added as the 14th domain of the official Cloud Security Alliance guidance

– Creating implementation guidance and examples for those looking to implement various SecaaS solutions

Watch this space and / or check in on the Cloud Security Alliance web site for progress updates.

K

Security as a Service – Category and Threat Definitions

We are currently in phase one of producing the Security as a Service guidance documentation;

–          Agreeing and documenting categories of service and their definitions

–          Agreeing and documenting categories of threats and their definitions

So far the top five categories of service are;

    1. IAM
    2. DLP
    3. Secure Web Gateway
    4. Vulnerability Assessments
    5. Pen Testing
    6. Intrusion Detection
    7. Encryption
    8. Log Management

With several further categories in the mix.  We will be looking to consolidate the above categories and the others identified into sensible easy to understand groupings.   For example it is likely that ‘vulnerability assessment’ and ‘pen testing’ will be a single category.

The top categories of threat identified are currently;

    1. Data Loss Leakage
    2. Traffic Hijacking
    3. Unauthorized Access
    4. Denial of Service
    5. Application Vulnerabilities

With about forty further ideas being assessed in the same way as for categories of service.

Should you have any ideas please do let me know either by posting a comment on this blog or by mailing me on LinkedIn, any assistance is greatly welcomed!

K

 

Cloud Security as a Service RSA conference presentation

An overview of the Cloud Security as a Service (SecaaS) working group goals, outputs and proposed timeline was presented at the RSA conference on the 14th of February.  His has been recorded for prosperity and uploaded to YouTube.  The presentation can be found here;

http://www.youtube.com/watch?v=fzejQuSR_xU

This gives a great update on one of the things I’ll be working on during the next few months.  Check the video out, fell free to ask me any questions you have, and of course if interested get involved and provide feedback via the surveys mentioned in the presentation.

K

Cloud Security Alliance – Security as a Service

For those interested in cloud security options, I am currently on the steering committee for the Security as a Service (SecaaS) working group.  In this instance I mean how cloud computing can be used to secure everything, including cloud and non cloud based IT, rather than how to secure cloud computing (paraphrased from Jim Reavis).

If you are not familiar with the Cloud Security Alliance I suggest you check out their site, it is a great resource for all things cloud security related and can be found here;

http://www.cloudsecurityalliance.org/

The purpose of the specific SecaaS working group is to;

 – Identify consensus definitions of what security as a Service means

 – Categorise the different types of Security as a Service

 – Provide guidance to organisations on reasonable implementation practices

The site specific to the SecaaS work can be found here;

http://www.cloudsecurityalliance.org/secaas.html

Proposed timelines for the work we produce are for;

 – Categories of service to be defined by late April.

 – Draft SecaaS Guidance, mid-May.

 – SME Guide, mid-July.

 – Final Draft SecaaS Guidance, mid-September.

This should be a great piece of work so I will keep you updated with our progress.

K