Cloud Security Alliance
advertisement
Valmiki Mukherjee, CISSP, CRISC Director, Security Solutions, Mycroft Vice Chair of Board, CSA North Texas Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Introduction, Background and Definitions Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution About the CSA About CSA North Texas Mycroft • Global, not-for-profit, 501(c)6 organization • Over 31,000 individual members, 120 corporate members, 60 chapters • Building best practices and a trusted cloud ecosystem • Agile philosophy, rapid development of applied research • Certification • CCSK (individual) • CSA STAR (provider) • Approved Regional Chapter for Cloud Security Alliance • Founded in February 2012 • Registered as a not-forprofit 501(c)6 organization • Currently enrolling Individual and Corporate memberships • Serves as the GRC CoE • Poised to be one of the largest regional chapters for CSA • Join CSA NT at • Global Security Solution firm HQ’s in STL and NY • 20+ years in industry • One of the largest IAM practices in the world • Leading Solution provider of Security as a Service • Leading Mobile Security and Device Management product in West Europe • Leading IAM Service provider for several Fortune 100 Cos http://www.meetup.com/CSANTX/ Goal of CSA • To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution CSA Definition • Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services). NIST Definition • NIST defines cloud computing by describing five essential characteristics, three cloud service models, and four cloud deployment models. • Essential Characteristics: • Broad Network Access • Rapid Elasticity • Measured Service • On-Demand Self Service • Deployment Models • Public • Private • Hybrid • Community Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution CSA Cloud Reference Model IaaS (Compute & storage) is the foundation PaaS (Rapid application dev) adds middleware to IaaS SaaS represents complete applications on top of PaaS Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Multi Tenancy • Multi-tenancy in its simplest form implies use of same resources or application by multiple consumers that may belong to same organization or different organization. • The impact of multi-tenancy is visibility of residual data or trace of operations by other user or tenant.Multi-tenancy in cloud service models implies a need for policy-driven enforcement, segmentation, isolation, governance, service levels, and chargeback/billing models for different consumer constituencies. Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution • Infrastructure as a Service (IaaS), delivers computer infrastructure (typically a platform virtualization environment) as a service, along with raw storage and networking. Rather than purchasing servers, software, data-center space, or network equipment, clients instead buy those resources as a fully outsourced service. • Software as a service (SaaS), Sometimes referred to as "on-demand software," is a software delivery model in which software and its associated data are hosted centrally (typically in the (Internet) cloud) and are typically accessed by users using a thin client, normally using a web browser over the Internet. • Platform as a service (PaaS), is the delivery of a computing platform and solution stack as a service. PaaS offerings facilitate deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities. This provides all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet. Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Jericho Cloud Cube Model Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.cloudsecurityalliance.org Risks • Lack of transparency, • Limited audit ability • Regulatory violation • No risk transference for data • Infrastructure misuse / break in Data Location & Mobility • Government access • Differences in data protection between regions • Cost of keeping data hosting in EU • Audit data is legally owned by CSP and not client. • Cases of CSP refusing to ‘hand over audit logs’. Security at multiple layers • Virtual image provided by IaaS provide • Platform stack provided by PaaS provider • IaaS, PaaS issues + application security Cloud lock in Resilience & Availability • Lack of standards • Lack of interoperability • Limited service portability • Incompatible management processes • Latency sensitive applications • Enforcement of SLA obligations • Insufficient capabilities to cater for critical data Multi-tenancy • Security of shared resources • Process isolation • Data segregation ‘Data sharding ‘ (fragmentation across images) • Identity & Access Management Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Data Commingling • In-cloud segregation of data: difficult • Accidental seizure of customer data during forensic investigations Cloud Service and Data Security Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Data risks Physical to virtual mapping • CSP’s do not allow clients to classify data. • CSP’s cannot offer different levels of security based upon data sensitivity. • No DLP – data leakage protection services offered. • Crypto doesn’t like virtual • Current algorithms set to • optimise resource pooling • Can’t always use specialised HW • Encryption key management. Isolation • Hypervisor-VM and inter-VM isolation • Robust at system level (modulo kernel bugs) • Issues at management plane • Memory hijacking Copyright © 2012 Cloud Security Alliance VM Security • Guest OS needs security protection • at massive scale • resilient VM life-cycle • secure, scalable, dynamic Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Reliance on VM vendor security • Issues with guest OS Security • Can VMWare, Microsoft be trusted to • implement kernel security correctly ?… www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.cloudsecurityalliance.org CSA Research Initiatives, Workgroups Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Family of 4 research projects Cloud Controls Matrix Consensus Assessments Initiative Cloud Audit Cloud Trust Protocol Tools for governance, risk and compliance management Control Requirements Copyright © 2012 Cloud Security Alliance Private, Community & Public Clouds Provider Assertions www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Cloud Control Matrix • Controls derived from guidance • Mapped to familiar frameworks: ISO 27001, COBIT, PCI, HIPAA, FISMA, FedRAMP • Rated as applicable to S-P-I • Customer vs. Provider role • Help bridge the “cloud gap” for IT & IT auditors Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Common Assessment Initiative • Research tools and processes to perform shared assessments of cloud providers • Integrated with Controls Matrix • Version 1 CAI Questionnaire released Oct 2010, approximately 140 provider questions to identify presence of security controls or practices • Use to assess cloud providers today, procurement negotiation, contract inclusion, quantify SLAs Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Cloud Audit • Open standard and API to automate provider audit assertions • Change audit from data gathering to data analysis • Necessary to provide audit & assurance at the scale demanded by cloud providers • Uses Cloud Controls Matrix as controls namespace • Use to instrument cloud for continuous controls monitoring Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution CTP • The CloudTrust Protocol (CTP) is the mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers. TCI • Secure, interoperable identity in the cloud. CDG • Responsible for understanding the top requirements and needs of different stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders. Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution CSA STAR • CSA STAR (Security, Trust and Assurance Registry) • Public Registry of Cloud Provider self assessments • Based on Consensus Assessments Initiative Questionnaire • Provider may substitute documented Cloud Controls Matrix compliance • Voluntary industry action promoting transparency • Free market competition to provide quality assessments • Provider may elect to provide assessments from third parties Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Trusted Cloud Initiative • Comprehensive Cloud Security Reference Architecture • Secure & interoperable Identity in the cloud • Getting SaaS, PaaS to be “Relying Parties” for corporate directories • Scalable federation • Outline responsibilities for Identity Providers • Assemble reference architectures with existing standards • www.cloudsecurityalliance.org/trustedcloud.html Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution TCI Reference Architecture Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution SRM • Security and Risk Management is the passwords, firewalls, and encryption that protect computer system and data. • It is the processes that define policies and audit systems wrt. these policies Description • Provide the core components of an organizations Information Security program. Service Capablities • • • • • • Identity and Access Management Privilege Management Infrastructure Governance, Risk Management, and Compliance Policies and Standards Threat and Vulnerability Management Infrastructure and Data Protection Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution ITOS • Focus on the IT Department including, Help Desk, Support teams, Planning & Process surrounding IT Description • ITOS outlines all the necessary services IT organizations will have in order to support its business needs. Provides standards and Best Practices based on PM BOK, CMMi, ISO/IEC 27002, COBIT, ITIL v3 Services Capabilities • • • • • • • • IT Operation Service Delivery Service Support Incident Management Problem Management Knowledge Management Change Management Release Management Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution BOSS • Encompasses all the critical corporate support functions such as HR, Compliance, Legal. This also includes monitoring of corporate resources for signs of abuse or fraud Description • BOSS was designed based on the best practices and reference frameworks with proven success of aligning the business and transforming the IS function as a business enabler Service Capability • • • • • • • Compliance Data Governance Operational Risk Management HR Security Security Monitoring Services Legal Services Internal Investigation Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Presentation Services • This is where the end-user interacts with an IT Solution. Security requirements depend on the type of solution: B2C, B2B etc. • Service Capability • Presentation Modality (Social Media, Collaboration, Email, B2B/B2C/B2E Portals) • Presentation Platform (Desktop, Laptop, Mobile Devices etc.) Application Services • These are the Rules and processes behind the user interface that manipulate the data and perform transactions for the user. • Service Capabilities • Development Process • Security Knowledge • Programming Interfaces • Integration Middleware • Connectivity and Delivery • Abstraction Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Information Services • Refers to the storage of data. Includes ETL process, operational data store and data warehouses Service Capabilities • User Directory Services • Security Monitoring and Data Management • Service Delivery Data Management • Service Support Data Management • Data Governance Data Management • Risk Management Data Management • ITOS Data Management • BOSS Data Management Infrastructure Services • Facilities, Hardware, Network and Virtual Environments. Provides basic core capabilities for higher-level capabilities to exist Service Capabilities • • • • • • • • Facility Security Servers and Storage Services Network Services Availability Services Patch Management Equipment Maintenance Virtual Desktop Virtualization: Storage, Server, Network Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Cloud Trust Protocol • Developed by CSC, transferred to CSA • Open standard and API to verify control assertions • “Question and Answer” asynchronous protocol, leverages SCAP (Secure Content Automation Protocol) • Integrates with Cloud Audit • Now we have all the components for continuous controls monitoring Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Government Deliver “continuous ??? monitoring” required by A&A methodologies ??? •FedRAMP •DIACAP •Other C&A standards NIST 800-53, HITRUST CSF, ISO 27001/27002, ISACA COBIT, PCI, HIPAA, SOX, GLBA, STIG, NIST 800-144, SAS 70, … Specs Extensions Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Commercial Continuous monitoring … with a purpose • Common technique and nomenclature to request and receive evidence and affirmation of controls from cloud providers Claims, offers, and the basis for auditing service delivery • Common interface and namespace to automate the Audit, Assertion, Assessment, and Assurance (A6) of cloud environments Pre-audit checklists and questionnaires to inventory controls • Industry-accepted ways to document what security controls exist The recommended foundations for controls • Fundamental security principles in assessing the overall security risk of a cloud provider Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Responding to SAS70, SSAE 16, HIPAA, ITAR, FRCP, HITECH, GLBA, PCI DSS, all elements of CFATS, DIACAP, NIST 800-53, ISO27001, CAG, ENISA, CSA V2.3, … transparency Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution TaaS Enterprise CSC Trusted Community Cloud Cloud Trust Response Manager (CRM) CTP TaaS Dashboard CTP TaaS Private Trusted Cloud CTP CTP CTP Cloud Trust Agent Downstream compliance processing Responding to all elements of transparency Using reclaimed visibility into the cloud to confirm security and create digital trust Copyright © 2012 Cloud Security Alliance CTP •• CTP • www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Authorized TaaS Users ... 1 • What does my cloud computing configuration look like right now? • What audit events have occurred in my cloud configuration? • Who has access to my data now? • Who has had access to my data? • Where are my data and • What vulnerabilities exist in processing being performed? my cloud configuration? CloudTrust Protocol (CTP) Elements of Transparency ... 23 CTP CTP • Private Cloud • Other Public Clouds • CSC Trusted Cloud CTP Transparencyas-a-Service (TaaS) CTP Copyright © 2012 Cloud Security Alliance CTP www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution 6 Types Initiation Policy Introduction Provider assertions Provider notifications Evidence requests • Families • Configuration • Vulnerabilities • Anchoring Anchoring • Audit log • Service Management Only 23 in total in the entire protocol • Elements • Geographic • Platform • Process • Service Statistics Client extensions Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org SecaaS • Research for gaining greater understanding for how to deliver security solutions via cloud models. TWG • Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications. HIM • Provide direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications and storage) to their clients, and foster cloud awareness within all aspects of healthcare and related industries. Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Critical Areas of Focus in Cloud Computing Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Governance and Enterprise Risk Flagship research project Legal and eDiscovery Compliance and Audit Aims at establishing a stable, secure baseline for cloud operations V3 Released on 11/14/2011 Guidance > 100k downloads: Portability and Interoperability Traditional Security, BCM and DR Operating in the Cloud Provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely Information Management and Data Security Governing the Cloud Cloud Architecture Data Center Operations Incident Response, Notification and Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Security as a Service cloudsecurityalliance.org/guidance Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Governance, ERM: Secure the cloud before procurement – contracts, SLAs, architecture Governance, ERM: Know provider’s third parties, BCM/DR, financial viability, employee vetting Legal: Plan for provider termination & return of assets Compliance: Identify data location when possible ILM: Persistence, Protection Portability & Interoperability: SOA “loose coupling” principles Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution BCM/DR: provider redundancy vs. your own DC Ops: provisioning, patching, logging Encryption: encrypt data when possible, segregate key mgt from cloud provider AppSec: Adapt secure software development lifecycle Virtualization: Harden, rollback, port VM images IdM: Federation & standards e.g. SAML, OpenID SecaaS: Security as a Service with all Cloud Components Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Corporate Governance: • The balance of control between stakeholders, directors and managers of an organization providing consistent management, cohesive application of policies, guidance and controls, and enabling effective decision-making Enterprise Risk Management: • Methods and processes (framework) used by organizations to balance decision-making based on identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress to protect and create value for their stakeholders Compliance and Audit Assurance • Awareness and adherence to corporate obligations (e.g., corporate social responsibility, ethics, applicable laws, regulations, contracts, strategies and policies) by assessing the state of compliance, assessing the risks and potential costs of non-compliance against the costs to achieve compliance, and hence prioritize, fund, and initiate any corrective actions deemed necessary Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Create • Creation is the generation of new digital content, or the alteration/updating/modifying of existing content. Store • Storing is the act committing the digital data to some sort of storage repository and typically occurs nearly simultaneously with creation. Use • Data is viewed, processed, or otherwise used in some sort of activity, not including modification. Share • Information is made accessible to others, such as between users, to customers, and to partners. Archive Data Loss Prevention • Data leaves active use and enters long-term storage. • • • • • Destroy • Data is permanently destroyed using physical or digital means (e.g., cryptoshredding) Dedicated appliance/server Virtual appliance Endpoint agent Hypervisor-agent DLP SaaS Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Interoperability • Requirement for the components of a cloud eco-system to work together to achieve their intended result. Portability • Portability defines the ease of ability to which application components are moved and reused elsewhere regardless of provider, platform, OS, infrastructure, location, storage, the format of data, or API’s. Interoperability Considerations Portability Consideration Hardware Service Levels Network Devices Virtualization Different Architectures Frameworks Storage Security Integration Security Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Hypervisor security Virtualization • Virtualization is one of the key elements of Infrastructure as a Service (IaaS) cloud offerings and private clouds, and it is increasingly used in portions of the back-end of Platform as a Service (PaaS) and SaaS (Software as a Service) providers as well. • Virtualization is also, naturally, a key technology for virtual desktops, which are delivered from private or public clouds. Inter-VM attacks and blind spots Performance concerns Operational complexity from VM sprawl Instant-on gaps Virtual machine encryption Data comingling Virtual machine data destruction Virtual machine image tampering In-motion virtual machines Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Areas of Focus in IAM • Identity provisioning/deprovisioning • Authentication • Single/Reduced Sign On • Multiple form and factor • Federation • Identity and Service Provider/Broker • Authorization • Fine/Coarse Grained • User profile management • Role Based Access Control • Support for compliance Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org Mycroft’s Industry Solution for SecaaS Copyright © Cloud 2012 Security Mycroft Alliance Inc. Copyright © 2012 www.mycroftinc.com www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Mycroft’s As-A-Service solutions, value add and IP surround, extend, integrate and manage commercial IAM / GRC and security software to provide policy- and controlscompliant applications throughout the extended enterprise Copyright © Cloud 2012 Security Mycroft Alliance Inc. Copyright © 2012 www.mycroftinc.com www.cloudsecurityalliance.org Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution Mycroft Elastic Accelerated Delivery (MEAD) • • • • • • Managed hosting services on a dedicated grid, shared grid, or on-premise private grid Fully encapsulated security products from manufacturers who know Access to professional services teams Management services Integration, management, and support services Patented IP Heimdall Web Services Portal • • • • • Provides single access point to multiple grids for quick application selection & delivery Leverages self-service model for accurate management & monitoring Features Service Measurement Index compliance to help assess cloud services Includes rapid response capability that converts business requests into technical queries Patented IP Mycroft Services • • • • • • Web SSO Federated SSO Account Provisioning User Self-Service Certification and Attestation Access Control Copyright © Cloud 2012 Security Mycroft Alliance Inc. Copyright © 2012 www.mycroftinc.com www.cloudsecurityalliance.org Copyright © Cloud 2012 Security Mycroft Alliance Inc. Copyright © 2012 Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.mycroftinc.com www.cloudsecurityalliance.org Copyright © Cloud 2012 Security Mycroft Alliance Inc. Copyright © 2012 Cloud Overview Initiatives for Cloud Security Strategic Areas of Focus Industry Solution www.mycroftinc.com www.cloudsecurityalliance.org Copyright © 2012 Cloud Security Alliance www.cloudsecurityalliance.org
