Assessment and Compliance for the Cloud (C11b)
Over the past five years, “Cloud Computing” has revolutionized how organizations do computing. It has driven a transformation from enterprise datacenters filled with servers to enterprise applications hosted in mega-facilities at Amazon, Google, Microsoft, or others. Computing has gone from being a capital-intensive effort to buy and build computer systems and networks, to being a “virtual” activity using remotely accessible resources. While this transition is great, it also means that cybersecurity must be transformed, from focusing on facilities, networks, and computers, to focusing on users, accounts, and applications. Unfortunately, existing compliance frameworks have lagged this transformation, resulting in a gap for the industry as new standards must be developed.
Mr. Williams and Ms. Moran have been heavily involved in advising cloud deployments and transformations at many organizations, and have been immersed in this transformations and the assessment and compliance challenges it fosters. They particularly focus on hardening cloud implementations to withstand attacks from advanced, professional, and nation-state attackers. In this presentation, they will discuss the limitations of the current assessment and compliance frameworks with regard to cloud, the best practices that they look for when they assess cloud cybersecurity, and the elements that they would want to see included within standards for cloud cybersecurity assessment and compliance.