Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Security

Gareth Rushgrove
May 16, 2014
Technology
0
340

Cloud Security

A talk about the cloud security, mainly looking at guidance and work within the Uk Government. Presents the Cloud Security Principles.

Gareth Rushgrove

May 16, 2014
Tweet

More Decks by Gareth Rushgrove

See All by Gareth Rushgrove
GTM vs Open Source
garethr
0
750
Software Build of Materials For Cloud Native applications
garethr
1
350
Evolving vulnerabilities in CycloneDX
garethr
0
330
Configuration security is a developer problem
garethr
2
2k
Patterns for secure container base image management
garethr
1
2k
Testing configuration with Open Policy Agent
garethr
0
510
Building a Docker Image Packaging Pipeline Using GitHub Actions
garethr
5
2.4k
The perils of configuration security
garethr
1
190
Shifting Terraform security left
garethr
3
1.7k

Other Decks in Technology

See All in Technology
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
180
アジャイルでの品質の進化 Agile in Motion vol.1/20241118 Hiroyuki Sato
shift_evolve
0
150
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
190
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
スクラム成熟度セルフチェックツールを作って得た学びとその活用法
coincheck_recruit
1
140
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
110
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
3
210

Featured

See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
Typedesign – Prime Four
hannesfritz
40
2.4k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Building Adaptive Systems
keathley
38
2.3k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Docker and Python
trallard
40
3.1k
Happy Clients
brianwarren
98
6.7k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Six Lessons from altMBA
skipperchong
27
3.5k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k

Transcript

  1. GDS UK Government Cloud Security! Gareth Rushgrove Principles and practice

  2. GDS Gareth Rushgrove Gareth Rushgrove! Technical Architect! Government Digital Service!

    @garethr

  3. The context (Why now) GDS Gareth Rushgrove

  4. GDS Gareth Rushgrove Cloud First

  5. GDS Gareth Rushgrove

  6. GDS Gareth Rushgrove Public sector organisations should consider and fully

    evaluate potential cloud solutions first

  7. GDS Gareth Rushgrove This approach is mandated to central government

    and strongly recommended to the wider public sector

  8. Where are we with cloud security? (the background) GDS Gareth

    Rushgrove

  9. GDS Gareth Rushgrove New Cloud Security Guidance

  10. GDS Gareth Rushgrove From CESG

  11. GDS Gareth Rushgrove Published on GOV.UK

  12. GDS Gareth Rushgrove

  13. What (A practical framework) GDS Gareth Rushgrove

  14. GDS Gareth Rushgrove

  15. GDS Gareth Rushgrove 14 principles

  16. GDS Gareth Rushgrove 1 Data in transit protection

  17. GDS Gareth Rushgrove 2 Asset protection and resilience

  18. GDS Gareth Rushgrove 3 Separation between consumers

  19. GDS Gareth Rushgrove 4 Governance

  20. GDS Gareth Rushgrove 5 Operational security

  21. GDS Gareth Rushgrove 6 Personnel security

  22. GDS Gareth Rushgrove 7 Secure development

  23. GDS Gareth Rushgrove 8 Supply chain security

  24. GDS Gareth Rushgrove 9 Secure consumer management

  25. GDS Gareth Rushgrove 10 Identity and authentication

  26. GDS Gareth Rushgrove 11 External interface protection

  27. GDS Gareth Rushgrove 12 Secure service administration

  28. GDS Gareth Rushgrove 13 Audit information provision to consumers

  29. GDS Gareth Rushgrove 14 Secure use of the service by

    the consumers

  30. How (Guidance and examples) GDS Gareth Rushgrove

  31. GDS Gareth Rushgrove

  32. GDS Gareth Rushgrove A description of the principle - what

    it is and why it is important

  33. GDS Gareth Rushgrove A number of implementation objectives - how

    the principle should be satisfied

  34. GDS Gareth Rushgrove A number of approaches that can be

    taken to meet the implementation objectives

  35. GDS Gareth Rushgrove References to ISO/IEC 27001 and CSA CCM

    v3.0

  36. GDS Gareth Rushgrove

  37. GDS Gareth Rushgrove

  38. GDS Gareth Rushgrove Which security principles are relevant?

  39. A note about G-Cloud (Buying cloud services) GDS Gareth Rushgrove

  40. GDS Gareth Rushgrove Future versions of the G-Cloud store will

    contain information based around the security principles

  41. GDS Gareth Rushgrove G-Cloud service are to be split into

    OFFICIAL (connected to the internet) and OFFICIAL (connected to the PSN)

  42. Worth reading (and not just for security folk) GDS Gareth

    Rushgrove

  43. GDS Gareth Rushgrove www.gov.uk/government/collections/cloud-security-guidance

  44. GDS Gareth Rushgrove

  45. GDS Gareth Rushgrove

  46. Questions? (And thanks for listening) GDS Gareth Rushgrove

  47. GDS Gareth Rushgrove Gareth Rushgrove! Technical Architect! Government Digital Service!

    @garethr