Assessing the Security of the Cloud What Should
Author : calandra-battersby | Published Date : 2025-05-28
Description: Assessing the Security of the Cloud What Should you ask your vendors Steve Deitrick VP Global Information Security John Heimann VP Global Product Security Jari Peters VP Security Risk Management and Regulatory Compliance October 25
Presentation Embed Code
Download Presentation
Download
Presentation The PPT/PDF document
"Assessing the Security of the Cloud What Should" is the property of its rightful owner.
Permission is granted to download and print the materials on this website for personal, non-commercial use only,
and to display it on your personal computer provided you do not modify the materials and that you retain all
copyright notices contained in the materials. By downloading content from our website, you accept the terms of
this agreement.
Transcript:Assessing the Security of the Cloud What Should:
Assessing the Security of the Cloud What Should you ask your vendors? Steve Deitrick, VP, Global Information Security John Heimann, VP, Global Product Security Jari Peters, VP, Security, Risk Management and Regulatory Compliance October 25, 2018 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. 3 Session Objective Give you tips and techniques on how to assess the security of your cloud vendors: What do you need to consider when moving to the cloud? What goes into securing a cloud? How do you ask about it? How should IaaS/PaaS/SaaS/DaaS offerings affect your security expectations? 4 Panelist Introductions Steve Deitrick Vice President, Global Information Security (GIS) John Heimann Vice President, Global Product Security (GPS) Security Program Management (SPM) Jari Peters Vice President, Security, Risk Management and Regulatory Compliance, Global Business Units 5 Why are you considering the cloud? Cost Flexibility Scalability Security Professional management/patching/operations 6 Specific requirements: Security and Compliance Requirements Regulatory, Industry and Corporate Security Requirements – Example GLBA, GDPR, SOC1/2, HIPAA, PCI DSS, ISO 27001 Attestations/Audits/Certifications Available Direct Audit of Cloud – If Supported Scanning/Penetration Testing – If Supported Monitoring – Preventative and Detective Security Incident Response – Monitoring, Logging, Response and Notification Operational Requirements SLA– Availability, Backups, DR Secure Integrations Between Cloud(s) and On-Premise Systems Level of Access you need to the Cloud Configuration/Change/Release Management Vulnerability Management/Security Fixes Access Control for Admins and End Users Data Retention, Deletion and Portability Backup and DR Testing 7 What does it take to securely deliver cloud services? Operational security – who has access to your data and how is protected? Independent validations - Pentesting 8 The obvious things: What does it take to securely deliver cloud services? Supply chain – components developed in-house? (and reliance on open source and third party components) Architecture – multitenancy? Development assurance – building security in vs. bolting it on? The not-so obvious things: 9 Why does Oracle have a unique perspective? Oracle is a cloud service provider IaaS, PaaS, SaaS, DaaS Oracle is in a unique position for
