More organizations than ever are deploying virtualization technologies and some are taking this to the next level by building private cloud infrastructure. Many are also leveraging hybrid and public cloud models to save money and gain efficiency in platform and application hosting, or by using Software-as-a-Service tools. But leveraging virtualization and cloud capabilities has a number of security and compliance ramifications. Many security teams are finding that cloud service providers do not have comparable security controls in place or that the providers aren't able or willing to share audit data with them. Contract requirements may not be taking security and compliance into account either, and there are a lot of risk management questions going unanswered.
At the SANS Cloud/Virtualization Security Summit, you can get some of those questions answered, in many cases directly from customers who have worked to solve the problems already. We'll be tackling questions like these:
How can we properly segment assets and data in a multitenant environment?
What types of audit requirements should we be requesting from cloud providers, and in what format?
Do the new SSAE 16 SOC 2 and SOC 3 reports provide adequate coverage of cloud provider controls?
How can we leverage well-known guidelines like those from the Cloud Security Alliance for my organization's cloud initiatives?
How can we protect our virtual machines and data with encryption when moving to the cloud?
What Identity and Access Management (IAM) standards should we be paying attention to with private and public cloud models?
What contractual requirements are critical to understand and include when drafting cloud contracts?
What types of security solutions are available and actually work within virtualized environments?
What types of monitoring and configuration controls can we implement and maintain in cloud environments?
1150 Magic Way, Anaheim, CA, 92802