Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Security

Cloud Security

A talk about the cloud security, mainly looking at guidance and work within the Uk Government. Presents the Cloud Security Principles.

98234c645fe8c935edc0fec0186d28b8?s=128

Gareth Rushgrove

May 16, 2014
Tweet

Transcript

  1. GDS UK Government Cloud Security! Gareth Rushgrove Principles and practice

  2. GDS Gareth Rushgrove Gareth Rushgrove! Technical Architect! Government Digital Service!

    @garethr
  3. The context (Why now) GDS Gareth Rushgrove

  4. GDS Gareth Rushgrove Cloud First

  5. GDS Gareth Rushgrove

  6. GDS Gareth Rushgrove Public sector organisations should consider and fully

    evaluate potential cloud solutions first
  7. GDS Gareth Rushgrove This approach is mandated to central government

    and strongly recommended to the wider public sector
  8. Where are we with cloud security? (the background) GDS Gareth

    Rushgrove
  9. GDS Gareth Rushgrove New Cloud Security Guidance

  10. GDS Gareth Rushgrove From CESG

  11. GDS Gareth Rushgrove Published on GOV.UK

  12. GDS Gareth Rushgrove

  13. What (A practical framework) GDS Gareth Rushgrove

  14. GDS Gareth Rushgrove

  15. GDS Gareth Rushgrove 14 principles

  16. GDS Gareth Rushgrove 1 Data in transit protection

  17. GDS Gareth Rushgrove 2 Asset protection and resilience

  18. GDS Gareth Rushgrove 3 Separation between consumers

  19. GDS Gareth Rushgrove 4 Governance

  20. GDS Gareth Rushgrove 5 Operational security

  21. GDS Gareth Rushgrove 6 Personnel security

  22. GDS Gareth Rushgrove 7 Secure development

  23. GDS Gareth Rushgrove 8 Supply chain security

  24. GDS Gareth Rushgrove 9 Secure consumer management

  25. GDS Gareth Rushgrove 10 Identity and authentication

  26. GDS Gareth Rushgrove 11 External interface protection

  27. GDS Gareth Rushgrove 12 Secure service administration

  28. GDS Gareth Rushgrove 13 Audit information provision to consumers

  29. GDS Gareth Rushgrove 14 Secure use of the service by

    the consumers
  30. How (Guidance and examples) GDS Gareth Rushgrove

  31. GDS Gareth Rushgrove

  32. GDS Gareth Rushgrove A description of the principle - what

    it is and why it is important
  33. GDS Gareth Rushgrove A number of implementation objectives - how

    the principle should be satisfied
  34. GDS Gareth Rushgrove A number of approaches that can be

    taken to meet the implementation objectives
  35. GDS Gareth Rushgrove References to ISO/IEC 27001 and CSA CCM

    v3.0
  36. GDS Gareth Rushgrove

  37. GDS Gareth Rushgrove

  38. GDS Gareth Rushgrove Which security principles are relevant?

  39. A note about G-Cloud (Buying cloud services) GDS Gareth Rushgrove

  40. GDS Gareth Rushgrove Future versions of the G-Cloud store will

    contain information based around the security principles
  41. GDS Gareth Rushgrove G-Cloud service are to be split into

    OFFICIAL (connected to the internet) and OFFICIAL (connected to the PSN)
  42. Worth reading (and not just for security folk) GDS Gareth

    Rushgrove
  43. GDS Gareth Rushgrove www.gov.uk/government/collections/cloud-security-guidance

  44. GDS Gareth Rushgrove

  45. GDS Gareth Rushgrove

  46. Questions? (And thanks for listening) GDS Gareth Rushgrove

  47. GDS Gareth Rushgrove Gareth Rushgrove! Technical Architect! Government Digital Service!

    @garethr