Cloud Compliance 101: No PhD Required
Cloud Compliance 101: No PhD Required Driving Data Governance and Compliance in a Cloudy World
InsertP. Dean Your Ocampo, Name CISSP Insert Your Director of Cloud Title & Compliance Solutions I J Insert June t21 21, Date D 2011 t
Data Mandates Extend to The Cloud. Period.
Externally Mandated • • •
Internally Mandated • • • •
Governmental, regional, industry trade groups Defines penalties and best-practices Increasingly force uncomfortable public disclosures Core intellectual Property Safe harbor risk mitigation Insider abuse concerns Crusader abuse (wikileaks)
Overlapping Mandates • • •
Globalization of business International nature of Internet Nearly a guarantee
2
Cloud Security Challenges User ID and Access: Secure Authentication, Authorization, Logging Data Co-Mingling: Multi-tenant data mixing, leakage, ownership Application pp Vulnerabilities: Exposed p vulnerabilities and response p Insecure Application APIs: Application injection and tampering Data Leakage: Isolating data Platform Vulnerabilities: Exposed vulnerabilities and response Insecure Platform APIs: Instance manipulation and tampering Data Location/ Residency: Geographic regulatory requirements Hypervisor Vulnerabilities: Virtualization vulnerabilities Data Retention: Secure deletion of data Application & Service Hijacking: Malicious application usage Privileged Users: Super-user abuse Service Outage: Availability Malicious Insider: Reconnaissance, manipulation, tampering Logging & Forensics: Incident response, liability limitation Perimeter/ Network Security: Secure isolation and access Physical Security: Direct tampering and theft
Fundamental Trust & Liability Issues • Data exposure in multi-tenant environments • Separation S ti off d duties ti ffrom cloud l d provider insiders • Transfer of liability by cloud providers to data owners Fundamental New Cloud Risks • New hypervisor technologies and architectures • Redefine trust and attestation in cloud environments Regulatory Uncertainty in the Cloud g likely y to require q • Regulations strong controls in the cloud
Cloud Projects Hit Obsticles IT Security is stopping projects. Compliance/Audit has tons of questions. Cloud growth IS being limited. All the birds are dead.
IT Security Group: The cloud isn’t secure. I don’t trust Providers. I don’t t tP id d ’t know k how to secure that thing!
Compliance Audit Group: Show me your security. Prove compliance in Clouds. Convince me!
4
So where do we go from here??? Focus on First Principles • Spirit and intent of regulations • Thoughtful data handling • Framework used by Security and Compliance professionals
Know Your Role in Ownership • Control what you own • Drive assurance in what you don’t
Focus on the “New” Cloud Issues • These are where regulations will focus • Will be around the new area we discussed before: • Trust T t and d Ownership O hi • Hypervisors • Disclosure and Visibility
5
Driving Clarity in Shared Responsibility IaaS draws a clean and clear line of demarcation
Application Engine
Your Responsibility
Middleware
Abstraction Layer & Hypervisor
IaaS Responsibility
Hardware & Networking
In nfrastruc cture as a Serv a vice
Virtualization APIs
Platform s a Servic ce as
Data Engine & Platform APIs
Sofftware e as a Service
Application Presentation & APIs
Power & HVAC
Architecture
Security
Service 6
Focusing on the Right Issues Using g the uniqueness q of IaaS to focus compliance p efforts Pen-test, Web scanning, etc. Scan & Report Authentication/Authorization
MFA, IAM integration, entitlement management
Vulnerability Management
Code review/scan, newlists, developer ed., QA, etc.
App/DB/File Data Protection
App/DB/File Encryption, DAM/FAM, Process, etc.
Patch Management Telemetry & Reporting Instance Authentication/ Authorization Instance Isolation Hypervisor Vulnerability Management Network Security
Some controls remain the same
Patch process, newslists, patch management Isolation and Control Area • Centered around demarcation and the associated trust boundary
Some new controls may be needed
SAS 70/ ISO 27001 Some will be attested by IaaS
Physical Security
7
Limit use of <sensitive data>
X
Big issue in SaaS, in your control for the most part in IaaS and PaaS
U secure d Use development l t practices ti
X
I Issue in i SaaS S S and d PaaS P S
X
Issues in all cases. Issues of user identification, authorization rights, privileged cloud user
X
Most likely already addressed, but customer to cloud intracloud communication can be an issue cloud,
X
Huge issue in data sitting in the cloud, across all platforms.
Control access to <sensitive data> Encrypt <sensitive data> in transit
X
Hyperv visor
Issues
Principle
Trust/O Ownership
Disclo osure/Visibility
First Principles Meets Cloud Challenges
X
X
Optional <sensitive data> encrypt at rest
X
Keep <sensitive data> confidential
X
X
X
Main issue is guaranteeing the “trust” in data when you don don’tt “trust” trust the cloud.
Keep the integrity of <sensitive data>
X
X
X
Main issue is guaranteeing the “trust” in data when you don’t “trust” the cloud.
X
Fundemenal issue of cloud employee and cloud administrator access. Extends to both physical and logical security security. Invokes separation of duties issues around all controls.
X
Can you prove it to your auditor.
Enforce separation of duties of <sensitive data> access and administration Report and audit your controls for
X
X
8
Emergence of Encryption as a Unifying Cloud Securityy Control
Encryption is a fundamental technology gy for realizing g cloud security • • •
Isolate data in multi-tenant environments Recognized universally by analysts and experts and underlying control for cloud data Sets a high-water markk for S hi h f demonstrating d i regulatory compliance adherence for data
Moves from Data Center tactic to Cloud strategic solution • •
Physical controls, underlying trust in processes, and isolation mitigated some use of encryption Mitigating trust factors that don’t exist in the cloud.
Learning from History: PCI 3.4 How section 3.4 evolved and the impact p for IaaS PCI 1.0: 2004 • Encryption Data (Section 3.4) • IT: Huge issues in data discovery
PCI 1.1: 2006 • Key Management clarifications, Compensating Controls • IT: Needed time to comply comply, begin using compensating controls
PCI 1.2: 2008 • More Key Management clarifications • IT: Better use of encryption, encryption issues with Key Management compliance compliance, compensating controls in use
PCI 2.0: 2011 • Clarifications on virtualization Some organizations have achieved PCI compliance using compensating controls for the data protection. Compensating controls assume physical ownership and isolation as risk mitigation strategy strategy. IaaS will drive re re-thinking thinking of risk mitigation without physical control. 10
PCI DSS Virtualization Guidelines Information Supplement pp issued June 14, 2011
Clarifies the brief coverage of virtualization in PCI DSS 2 2.0 0 Overview of critical issues of consideration Sets overall stance and assumptions on hypervisors and deployments Views and advise on isolation, zoning, and segmentation Recommendations for best practices
11
PCI DSS Virtualization Guidelines: Section 3 Best p practices on encryption yp and key y management g
12
Navigating Data Protection in IaaS Aligning g g PCI 3.4 in IaaS 1. Use Instance & Storage Encryption • • •
Isolation data in multi-tenant clouds R d Reduce overallll exposed d ffootprint, t i t minimize i i i surface f area off lleaks k Enforce separation of duties requirements
2. Re-Examine System Data Encryption • • •
Eliminate reliance on compensating controls Use data encryption to manage data lifecycle risks Take advantage in advances in system encryption when architecting IaaS based applications
3. Use Customer-owned Key Management Strategically • • •
Definitive proof of ownership and control to auditors Adhere to proper key storage requirements (Section 3.5/6) Use standards like NIST 800 800-57 57 and OASIS KMIP
4. Remember Cloud Elasticity •
All of the above must be done in a way that preserves your dynamic provisioning and elasticity models
13
Upside Benefits of IaaS Encryption Solving g other IaaS related g goals and objectives j “Lawful Order” to Cloud Provider for Data Issue: Cloud provider may turn over your data when another member of the cloud is under d criminal i i l iinvestigation. ti ti Y Your d data t iis now viewable i bl tto llaw enforcement. f t Resolution: Encrypted data unviewable by law enforcement. Law enforcement would have to work through legal channels, under which you have guaranteed rights, to get you to turn over decryption keys.
Destruction of Cloud Data Issue: Is data in the cloud ever destroyed? Are you sure? Resolution: Encryption makes data unusable in the cloud. “Key shredding” virtually makes encrypted cloud data unrecoverable
Physical Location Issues of Cloud Data Issue: Is cloud data now in new physical locations requiring new regulatory insight, or violates existing regulatory law? Resolution: Encrypted data can be moved anywhere in the cloud cloud, but controlled decryption with proper key release policy can define what localities may use data.
14
Limit use of <sensitive data>
X
Big issue in SaaS, in your control for the most part p in IaaS and PaaS
Use secure development practices
X
Issue in SaaS and PaaS
Control access to <sensitive data> E Encrypt t <sensitive < iti data> d t > in i ttransit it
Hypervis sor
Issues
Principle
Trust/Ow wnership
Disclosu ure/Visibility
How Encryption Solves Main Pain Points
Issues in all cases. Issues of user identification, Encryption X XenablesXauthentication and authorization layer. authorization rights, privileged cloud user
X
Most likely already addressed addressed, but customer to cloud, intracloud communication can be an issue
Optional <sensitive data> encrypt at rest
Encryption directly addresses requirements. Showsall Huge many issue inregulator data sitting in the cloud, across X X high standard of care. platforms.
Keep <sensitive data> confidential
Encryption fundamentallyMain isolates data from other tenants in a issueyour is guaranteeing the “trust” trust in data X X X you from don’t unauthorized “trust” the cloud. share cloud environment,when shields data breach.
Keep the integrity of <sensitive data>
Main issue is guaranteeing the “trust” in data Encryption X Xinherently X provides for integrity controls.
Enforce separation of duties of <sensitive data> access and administration
Fundemenal issue of cloud employee andlayer cloud Encryption can add additional authentication and authorization administrator access. access E Extends tends to both physical ph sical for Customer owned encryption definitively X users and X administrators. X and logical security. Invokes separation of duties shows separation from cloud.
Report and audit your controls for
Encryption Key ownership is tangible to data ownership. Can you proveproof it to your auditor. X Encrypt/Decrypt actions become easy log and audit proofs.
when you don’t “trust” the cloud.
issues around all controls.
15
SafeNet Offering – on AWS SafeNet ProtectV™ and Data Secure, server- and storage-based encryption, and application/database encryption, customers can now protect complianceimpacted data stored and used in cloud environments. ProtectV™Instance enables organizations to encrypt and secure the entire contents of virtual servers, protecting these assets from theft or exposure. p ProtectV™Volume enables enterprises to secure entire virtual volumes in the cloud containing their data such as files or folders. Data Secure with ProtectApp and ProtectDB enables enterprises to encrypt and prove control over data in applications hosted in the cloud. Delivers: • Data Isolation • Separation of Duties
• Cloud Compliance • Pre-Launch Authentication • Multi-tenant Protection 16
SafeNet ProtectV in Amazon AWS Protected Customer AMI
SafeNet ProtectV: • Encrypted Volume • Pre-Launch Authentication • Policy + Key Management
Amazon EC2
Amazon EBS
• Protected EBS Volumes
17
SafeNet ProtectV in Amazon AWS! #1 Select SafeNet AMIs • EC2 and VPC • 4 Public Images • Windows 2003/2008,, 32/64 bit • Linux April/May • (enable SSL Port 443 access)
#2 Set Encryption Options • RDP Local Management Console • Encrypt Local Instance • Encrypt Attached Storage Volumes • Set Encryption Level (AES 256) • Set Secure Pre-Launch Authentication
Amazon EC2 (& VPC)
Amazon EBS
#3 Pre-Launch Authentication • Standard St d d SSL W Web bB Browser S Session i • Secures at Pre-Boot Level • Authenticate Instance for Launch 18
ProtectV and Scaling in Large Environments ProtectV and ProtectV Manager g Centralized g Management
Cloud APIs • Authentication Automation • Activation/ Snapshot
SafeNet ProtectV Manager • Provides centralized management • Supports either customer premise or cloud deployments • Manages and coordinates ProtectV Security • Fully meshed encrypted volumes (enables transparent access) •Open APIs to cloud management, customer provisioning, reporting
SafeNet KeySecure (on Premise) •Centralizes key management for persistence and flexibility y g p y • Secure key creation and storage • Key discovery • Snapshot re‐keying • Key archiving and shredding
19
SafeNet Trusted Cloud Fabric Maintaining g Trust and Control in Virtualized Environments
Thank You! Resources: • • • •
www.safenet-inc.com/cloudsecurity Practitioner’s Guide to Cloud Security White Papers and Solutions Guides More information on ProtectV
SafeNet Blog • • • •
data-protection.safenet-inc.com “N “New PCI Virtualization Vi t li ti G Guidelines” id li ” “IaaS a Shared Responsibility” “Cloud PCI: Your Favorite Section”
Dean P. Ocampo, CISSP SafeNet Director of Cloud & Compliance Solutions [email protected] 22
InsertP. Dean Your Ocampo, Name CISSP Insert Your Director of Cloud Title & Compliance Solutions I J Insert June t21 21, Date D 2011 t
Data Mandates Extend to The Cloud. Period.
Externally Mandated • • •
Internally Mandated • • • •
Governmental, regional, industry trade groups Defines penalties and best-practices Increasingly force uncomfortable public disclosures Core intellectual Property Safe harbor risk mitigation Insider abuse concerns Crusader abuse (wikileaks)
Overlapping Mandates • • •
Globalization of business International nature of Internet Nearly a guarantee
2
Cloud Security Challenges User ID and Access: Secure Authentication, Authorization, Logging Data Co-Mingling: Multi-tenant data mixing, leakage, ownership Application pp Vulnerabilities: Exposed p vulnerabilities and response p Insecure Application APIs: Application injection and tampering Data Leakage: Isolating data Platform Vulnerabilities: Exposed vulnerabilities and response Insecure Platform APIs: Instance manipulation and tampering Data Location/ Residency: Geographic regulatory requirements Hypervisor Vulnerabilities: Virtualization vulnerabilities Data Retention: Secure deletion of data Application & Service Hijacking: Malicious application usage Privileged Users: Super-user abuse Service Outage: Availability Malicious Insider: Reconnaissance, manipulation, tampering Logging & Forensics: Incident response, liability limitation Perimeter/ Network Security: Secure isolation and access Physical Security: Direct tampering and theft
Fundamental Trust & Liability Issues • Data exposure in multi-tenant environments • Separation S ti off d duties ti ffrom cloud l d provider insiders • Transfer of liability by cloud providers to data owners Fundamental New Cloud Risks • New hypervisor technologies and architectures • Redefine trust and attestation in cloud environments Regulatory Uncertainty in the Cloud g likely y to require q • Regulations strong controls in the cloud
Cloud Projects Hit Obsticles IT Security is stopping projects. Compliance/Audit has tons of questions. Cloud growth IS being limited. All the birds are dead.
IT Security Group: The cloud isn’t secure. I don’t trust Providers. I don’t t tP id d ’t know k how to secure that thing!
Compliance Audit Group: Show me your security. Prove compliance in Clouds. Convince me!
4
So where do we go from here??? Focus on First Principles • Spirit and intent of regulations • Thoughtful data handling • Framework used by Security and Compliance professionals
Know Your Role in Ownership • Control what you own • Drive assurance in what you don’t
Focus on the “New” Cloud Issues • These are where regulations will focus • Will be around the new area we discussed before: • Trust T t and d Ownership O hi • Hypervisors • Disclosure and Visibility
5
Driving Clarity in Shared Responsibility IaaS draws a clean and clear line of demarcation
Application Engine
Your Responsibility
Middleware
Abstraction Layer & Hypervisor
IaaS Responsibility
Hardware & Networking
In nfrastruc cture as a Serv a vice
Virtualization APIs
Platform s a Servic ce as
Data Engine & Platform APIs
Sofftware e as a Service
Application Presentation & APIs
Power & HVAC
Architecture
Security
Service 6
Focusing on the Right Issues Using g the uniqueness q of IaaS to focus compliance p efforts Pen-test, Web scanning, etc. Scan & Report Authentication/Authorization
MFA, IAM integration, entitlement management
Vulnerability Management
Code review/scan, newlists, developer ed., QA, etc.
App/DB/File Data Protection
App/DB/File Encryption, DAM/FAM, Process, etc.
Patch Management Telemetry & Reporting Instance Authentication/ Authorization Instance Isolation Hypervisor Vulnerability Management Network Security
Some controls remain the same
Patch process, newslists, patch management Isolation and Control Area • Centered around demarcation and the associated trust boundary
Some new controls may be needed
SAS 70/ ISO 27001 Some will be attested by IaaS
Physical Security
7
Limit use of <sensitive data>
X
Big issue in SaaS, in your control for the most part in IaaS and PaaS
U secure d Use development l t practices ti
X
I Issue in i SaaS S S and d PaaS P S
X
Issues in all cases. Issues of user identification, authorization rights, privileged cloud user
X
Most likely already addressed, but customer to cloud intracloud communication can be an issue cloud,
X
Huge issue in data sitting in the cloud, across all platforms.
Control access to <sensitive data> Encrypt <sensitive data> in transit
X
Hyperv visor
Issues
Principle
Trust/O Ownership
Disclo osure/Visibility
First Principles Meets Cloud Challenges
X
X
Optional <sensitive data> encrypt at rest
X
Keep <sensitive data> confidential
X
X
X
Main issue is guaranteeing the “trust” in data when you don don’tt “trust” trust the cloud.
Keep the integrity of <sensitive data>
X
X
X
Main issue is guaranteeing the “trust” in data when you don’t “trust” the cloud.
X
Fundemenal issue of cloud employee and cloud administrator access. Extends to both physical and logical security security. Invokes separation of duties issues around all controls.
X
Can you prove it to your auditor.
Enforce separation of duties of <sensitive data> access and administration Report and audit your controls for
X
X
8
Emergence of Encryption as a Unifying Cloud Securityy Control
Encryption is a fundamental technology gy for realizing g cloud security • • •
Isolate data in multi-tenant environments Recognized universally by analysts and experts and underlying control for cloud data Sets a high-water markk for S hi h f demonstrating d i regulatory compliance adherence for data
Moves from Data Center tactic to Cloud strategic solution • •
Physical controls, underlying trust in processes, and isolation mitigated some use of encryption Mitigating trust factors that don’t exist in the cloud.
Learning from History: PCI 3.4 How section 3.4 evolved and the impact p for IaaS PCI 1.0: 2004 • Encryption Data (Section 3.4) • IT: Huge issues in data discovery
PCI 1.1: 2006 • Key Management clarifications, Compensating Controls • IT: Needed time to comply comply, begin using compensating controls
PCI 1.2: 2008 • More Key Management clarifications • IT: Better use of encryption, encryption issues with Key Management compliance compliance, compensating controls in use
PCI 2.0: 2011 • Clarifications on virtualization Some organizations have achieved PCI compliance using compensating controls for the data protection. Compensating controls assume physical ownership and isolation as risk mitigation strategy strategy. IaaS will drive re re-thinking thinking of risk mitigation without physical control. 10
PCI DSS Virtualization Guidelines Information Supplement pp issued June 14, 2011
Clarifies the brief coverage of virtualization in PCI DSS 2 2.0 0 Overview of critical issues of consideration Sets overall stance and assumptions on hypervisors and deployments Views and advise on isolation, zoning, and segmentation Recommendations for best practices
11
PCI DSS Virtualization Guidelines: Section 3 Best p practices on encryption yp and key y management g
12
Navigating Data Protection in IaaS Aligning g g PCI 3.4 in IaaS 1. Use Instance & Storage Encryption • • •
Isolation data in multi-tenant clouds R d Reduce overallll exposed d ffootprint, t i t minimize i i i surface f area off lleaks k Enforce separation of duties requirements
2. Re-Examine System Data Encryption • • •
Eliminate reliance on compensating controls Use data encryption to manage data lifecycle risks Take advantage in advances in system encryption when architecting IaaS based applications
3. Use Customer-owned Key Management Strategically • • •
Definitive proof of ownership and control to auditors Adhere to proper key storage requirements (Section 3.5/6) Use standards like NIST 800 800-57 57 and OASIS KMIP
4. Remember Cloud Elasticity •
All of the above must be done in a way that preserves your dynamic provisioning and elasticity models
13
Upside Benefits of IaaS Encryption Solving g other IaaS related g goals and objectives j “Lawful Order” to Cloud Provider for Data Issue: Cloud provider may turn over your data when another member of the cloud is under d criminal i i l iinvestigation. ti ti Y Your d data t iis now viewable i bl tto llaw enforcement. f t Resolution: Encrypted data unviewable by law enforcement. Law enforcement would have to work through legal channels, under which you have guaranteed rights, to get you to turn over decryption keys.
Destruction of Cloud Data Issue: Is data in the cloud ever destroyed? Are you sure? Resolution: Encryption makes data unusable in the cloud. “Key shredding” virtually makes encrypted cloud data unrecoverable
Physical Location Issues of Cloud Data Issue: Is cloud data now in new physical locations requiring new regulatory insight, or violates existing regulatory law? Resolution: Encrypted data can be moved anywhere in the cloud cloud, but controlled decryption with proper key release policy can define what localities may use data.
14
Limit use of <sensitive data>
X
Big issue in SaaS, in your control for the most part p in IaaS and PaaS
Use secure development practices
X
Issue in SaaS and PaaS
Control access to <sensitive data> E Encrypt t <sensitive < iti data> d t > in i ttransit it
Hypervis sor
Issues
Principle
Trust/Ow wnership
Disclosu ure/Visibility
How Encryption Solves Main Pain Points
Issues in all cases. Issues of user identification, Encryption X XenablesXauthentication and authorization layer. authorization rights, privileged cloud user
X
Most likely already addressed addressed, but customer to cloud, intracloud communication can be an issue
Optional <sensitive data> encrypt at rest
Encryption directly addresses requirements. Showsall Huge many issue inregulator data sitting in the cloud, across X X high standard of care. platforms.
Keep <sensitive data> confidential
Encryption fundamentallyMain isolates data from other tenants in a issueyour is guaranteeing the “trust” trust in data X X X you from don’t unauthorized “trust” the cloud. share cloud environment,when shields data breach.
Keep the integrity of <sensitive data>
Main issue is guaranteeing the “trust” in data Encryption X Xinherently X provides for integrity controls.
Enforce separation of duties of <sensitive data> access and administration
Fundemenal issue of cloud employee andlayer cloud Encryption can add additional authentication and authorization administrator access. access E Extends tends to both physical ph sical for Customer owned encryption definitively X users and X administrators. X and logical security. Invokes separation of duties shows separation from cloud.
Report and audit your controls for
Encryption Key ownership is tangible to data ownership. Can you proveproof it to your auditor. X Encrypt/Decrypt actions become easy log and audit proofs.
when you don’t “trust” the cloud.
issues around all controls.
15
SafeNet Offering – on AWS SafeNet ProtectV™ and Data Secure, server- and storage-based encryption, and application/database encryption, customers can now protect complianceimpacted data stored and used in cloud environments. ProtectV™Instance enables organizations to encrypt and secure the entire contents of virtual servers, protecting these assets from theft or exposure. p ProtectV™Volume enables enterprises to secure entire virtual volumes in the cloud containing their data such as files or folders. Data Secure with ProtectApp and ProtectDB enables enterprises to encrypt and prove control over data in applications hosted in the cloud. Delivers: • Data Isolation • Separation of Duties
• Cloud Compliance • Pre-Launch Authentication • Multi-tenant Protection 16
SafeNet ProtectV in Amazon AWS Protected Customer AMI
SafeNet ProtectV: • Encrypted Volume • Pre-Launch Authentication • Policy + Key Management
Amazon EC2
Amazon EBS
• Protected EBS Volumes
17
SafeNet ProtectV in Amazon AWS! #1 Select SafeNet AMIs • EC2 and VPC • 4 Public Images • Windows 2003/2008,, 32/64 bit • Linux April/May • (enable SSL Port 443 access)
#2 Set Encryption Options • RDP Local Management Console • Encrypt Local Instance • Encrypt Attached Storage Volumes • Set Encryption Level (AES 256) • Set Secure Pre-Launch Authentication
Amazon EC2 (& VPC)
Amazon EBS
#3 Pre-Launch Authentication • Standard St d d SSL W Web bB Browser S Session i • Secures at Pre-Boot Level • Authenticate Instance for Launch 18
ProtectV and Scaling in Large Environments ProtectV and ProtectV Manager g Centralized g Management
Cloud APIs • Authentication Automation • Activation/ Snapshot
SafeNet ProtectV Manager • Provides centralized management • Supports either customer premise or cloud deployments • Manages and coordinates ProtectV Security • Fully meshed encrypted volumes (enables transparent access) •Open APIs to cloud management, customer provisioning, reporting
SafeNet KeySecure (on Premise) •Centralizes key management for persistence and flexibility y g p y • Secure key creation and storage • Key discovery • Snapshot re‐keying • Key archiving and shredding
19
SafeNet Trusted Cloud Fabric Maintaining g Trust and Control in Virtualized Environments
Thank You! Resources: • • • •
www.safenet-inc.com/cloudsecurity Practitioner’s Guide to Cloud Security White Papers and Solutions Guides More information on ProtectV
SafeNet Blog • • • •
data-protection.safenet-inc.com “N “New PCI Virtualization Vi t li ti G Guidelines” id li ” “IaaS a Shared Responsibility” “Cloud PCI: Your Favorite Section”
Dean P. Ocampo, CISSP SafeNet Director of Cloud & Compliance Solutions [email protected] 22
