SlideShare une entreprise Scribd logo
1  sur  20
Télécharger pour lire hors ligne
Building Trust in the Cloud

        A Journey Through Certification to the CIF Code of
        Practice

                             Peter Groucutt
                             Member, Cloud Industry Forum

                             DATABARRACKS




www.cloudindustryforum.org
Who are Databarracks?


    Databarracks (MSP)
       IaaS
       BaaS
       DRaaS

    • Managed Service Provider for ten years

    • What qualifies me to talk to you about trust?




www.cloudindustryforum.org
Why are we talking about TRUST?


     Databarracks began life providing Managed Backup
      Services
            Our Journey through backup is similar to where we are today with
             Infrastructure as a Service

            People liked the concept and the business drivers

            People were worried about Data Security and Privacy

            They did not trust the technology nor the providers of it

            Young industry / New technology




www.cloudindustryforum.org
What is Trust?




   “Trust is the positive experience of
   many over time. It is a concept which
   is built in retrospect.”  (my opinion)




www.cloudindustryforum.org
Where are we now?


     According to our latest Backup and Cloud Survey which
      questioned 500 business IT managers in the UK


           39% of companies use online backup

           Up from 23% in 2008




www.cloudindustryforum.org
Who trusts us now?




www.cloudindustryforum.org
How does this compare to cloud today?


     Companies want to use the cloud
     They don’t want technology for technology’s sake
     Hardware doesn’t add value to the business only application
     Companies want users to access the information they need
      to perform the function of the business as quickly as
      possible
     Managing physical infrastructure does not add value.




www.cloudindustryforum.org
What are the drivers?
                  20%




                  10%




                    0%
                             Operational Cost   Flexibility of   Scalability
                                 Saving           service




www.cloudindustryforum.org
What are the concerns?

        100%

          80%

          60%

          40%

          20%

            0%
                    Data Security Data Privacy   Dependency Fear of Loss of Confidence in
                                                  on Internet  Control       Providers




www.cloudindustryforum.org
What do the concerns tell us?


                     They are issues of TRUST not technology




www.cloudindustryforum.org
Can certification build trust?


     Certification can build confidence and confidence can build
      trust

     78% of respondents said they would see value in working
      with an organisation that was publically certified




www.cloudindustryforum.org
Types of certification?


     Management
           ISO9001 / ISO27001 / ISO2000
     Prescriptive
           PCI-DSS / IL3 etc
     Industry
           CIF Code of Practice (CoP)




www.cloudindustryforum.org
Management certifications

          •             Customer complaints and support frameworks

          •             Identification of risks of service delivery

          •             Policies covering all elements of business operation

          •             Continuous review and improvement

          •             Third party audit




www.cloudindustryforum.org
Prescriptive certifications


          • Capacity planning
          • Prescriptive configuration of systems
                        (firewalls, switches and platforms etc)


          •    Shielding of storage areas
          •    Log harvesting and analysis
          •    Strict, audited access controls
          •    Regular penetration testing




www.cloudindustryforum.org
Industry certifications

          •             Tailored and specific to the service provided

          •             Brings together the relevant elements other certs

          •             Understands the specific issues

          •             Industry governed




www.cloudindustryforum.org
CIF Code of Practice?

                                     Three Pillars

          •             Transparency

          •             Capability

          •             Accountability




www.cloudindustryforum.org
What did it take to certify?


          •             Two months total working part time
                        • Quality Manager
                        • Security Manager
                        • External ISO Consultant


          •             Two weeks dedicated

          •             Lots of common ground between ISO and CoP




www.cloudindustryforum.org
Why did Databarracks certify?

          • Be part of the conversation

          • Customers confidence in core values of the company

          • Looking beyond price




www.cloudindustryforum.org
Would we recommend it?




                             YES!
          Shaping the industry to revolve around the core principles
          set out by CIF will build confidence and TRUST.

          Good for customers and good for service providers.




www.cloudindustryforum.org
Questions?

                info@cloudindustryforum.org

                www.cloudindustryforum.org



www.cloudindustryforum.org

Contenu connexe

Tendances

Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control  (SOC 2) Compliance - KloudlearnService Organizational Control  (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnKloudLearn
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit   la transformación digital y el nuevo rol del cisoCsa summit   la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeVishwas Manral
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways IISPEastMids
 
IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SVVishwas Manral
 

Tendances (20)

Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabia
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control  (SOC 2) Compliance - KloudlearnService Organizational Control  (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA Australia
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit   la transformación digital y el nuevo rol del cisoCsa summit   la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways
 
IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SV
 

Similaire à Building Trust in the Cloud

Building trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationBuilding trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationDavid Terrar
 
Automated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft AzureAutomated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft Azure2nd Watch
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Cloud Standards Customer Council
 
Cloud Industry Forum - Cloud Adoption & Trends
Cloud Industry Forum - Cloud Adoption & TrendsCloud Industry Forum - Cloud Adoption & Trends
Cloud Industry Forum - Cloud Adoption & TrendsVuzion
 
Cloud computing
Cloud computingCloud computing
Cloud computingRazib M
 
How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...Amazon Web Services
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudVISI
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterPatrick Sklodowski
 
SIEM Vendor Neutrality
SIEM Vendor NeutralitySIEM Vendor Neutrality
SIEM Vendor NeutralityVandana Verma
 
Cloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestCloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestAvere Systems
 
VMware IT Academy Program
VMware IT Academy Program VMware IT Academy Program
VMware IT Academy Program EMC
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudMicro Focus
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Jason Mashak
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Cloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackCloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackLaurenWendler
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...Amazon Web Services
 
Transformation of IT Spending
Transformation of IT SpendingTransformation of IT Spending
Transformation of IT SpendingKokLeong Ong
 

Similaire à Building Trust in the Cloud (20)

Building trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationBuilding trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certification
 
Automated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft AzureAutomated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft Azure
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
Cloud Industry Forum - Cloud Adoption & Trends
Cloud Industry Forum - Cloud Adoption & TrendsCloud Industry Forum - Cloud Adoption & Trends
Cloud Industry Forum - Cloud Adoption & Trends
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data Center
 
SIEM Vendor Neutrality
SIEM Vendor NeutralitySIEM Vendor Neutrality
SIEM Vendor Neutrality
 
Cloud Computing Gets Put to the Test
Cloud Computing Gets Put to the TestCloud Computing Gets Put to the Test
Cloud Computing Gets Put to the Test
 
Cloud Managed Services: Best Practices
Cloud Managed Services: Best PracticesCloud Managed Services: Best Practices
Cloud Managed Services: Best Practices
 
VMware IT Academy Program
VMware IT Academy Program VMware IT Academy Program
VMware IT Academy Program
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Cloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackCloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover Track
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
 
Transformation of IT Spending
Transformation of IT SpendingTransformation of IT Spending
Transformation of IT Spending
 

Plus de Databarracks

How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanDatabarracks
 
Lessons from 100+ ransomware recoveries
Lessons from 100+ ransomware recoveriesLessons from 100+ ransomware recoveries
Lessons from 100+ ransomware recoveriesDatabarracks
 
How to write an IT Disaster Recovery Plan
How to write an IT Disaster Recovery PlanHow to write an IT Disaster Recovery Plan
How to write an IT Disaster Recovery PlanDatabarracks
 
Cyber Incident Response Plan
Cyber Incident Response PlanCyber Incident Response Plan
Cyber Incident Response PlanDatabarracks
 
Who's responsible for what in a crisis
Who's responsible for what in a crisisWho's responsible for what in a crisis
Who's responsible for what in a crisisDatabarracks
 
How to communicate in a crisis
How to communicate in a crisisHow to communicate in a crisis
How to communicate in a crisisDatabarracks
 
How to protect backups from ransomware
How to protect backups from ransomwareHow to protect backups from ransomware
How to protect backups from ransomwareDatabarracks
 
Requirements for cyber insurance
Requirements for cyber insuranceRequirements for cyber insurance
Requirements for cyber insuranceDatabarracks
 
How to make your supply chain resilient
How to make your supply chain resilientHow to make your supply chain resilient
How to make your supply chain resilientDatabarracks
 
How to recover from ransomware lessons from real recoveries
How to recover from ransomware   lessons from real recoveriesHow to recover from ransomware   lessons from real recoveries
How to recover from ransomware lessons from real recoveriesDatabarracks
 
How to decommission a data centre
How to decommission a data centreHow to decommission a data centre
How to decommission a data centreDatabarracks
 
Zerto in azure technical deep dive
Zerto in azure   technical deep diveZerto in azure   technical deep dive
Zerto in azure technical deep diveDatabarracks
 
How to know when combined backup and replication is for you
How to know when combined backup and replication is for youHow to know when combined backup and replication is for you
How to know when combined backup and replication is for youDatabarracks
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanDatabarracks
 
Introducing rubrik a new approach to data protection
Introducing rubrik   a new approach to data protectionIntroducing rubrik   a new approach to data protection
Introducing rubrik a new approach to data protectionDatabarracks
 
How to invoke Disaster Recovery
How to invoke Disaster RecoveryHow to invoke Disaster Recovery
How to invoke Disaster RecoveryDatabarracks
 
How to setup disaster recovery
How to setup disaster recoveryHow to setup disaster recovery
How to setup disaster recoveryDatabarracks
 
DRaaS to Azure with Zerto
DRaaS to Azure with ZertoDRaaS to Azure with Zerto
DRaaS to Azure with ZertoDatabarracks
 
The Databarracks Continuity Toolshed: Free tools for better recoveries
The Databarracks Continuity Toolshed: Free tools for better recoveriesThe Databarracks Continuity Toolshed: Free tools for better recoveries
The Databarracks Continuity Toolshed: Free tools for better recoveriesDatabarracks
 
Webinar how to write a business continuity plan
Webinar how to write a business continuity planWebinar how to write a business continuity plan
Webinar how to write a business continuity planDatabarracks
 

Plus de Databarracks (20)

How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response Plan
 
Lessons from 100+ ransomware recoveries
Lessons from 100+ ransomware recoveriesLessons from 100+ ransomware recoveries
Lessons from 100+ ransomware recoveries
 
How to write an IT Disaster Recovery Plan
How to write an IT Disaster Recovery PlanHow to write an IT Disaster Recovery Plan
How to write an IT Disaster Recovery Plan
 
Cyber Incident Response Plan
Cyber Incident Response PlanCyber Incident Response Plan
Cyber Incident Response Plan
 
Who's responsible for what in a crisis
Who's responsible for what in a crisisWho's responsible for what in a crisis
Who's responsible for what in a crisis
 
How to communicate in a crisis
How to communicate in a crisisHow to communicate in a crisis
How to communicate in a crisis
 
How to protect backups from ransomware
How to protect backups from ransomwareHow to protect backups from ransomware
How to protect backups from ransomware
 
Requirements for cyber insurance
Requirements for cyber insuranceRequirements for cyber insurance
Requirements for cyber insurance
 
How to make your supply chain resilient
How to make your supply chain resilientHow to make your supply chain resilient
How to make your supply chain resilient
 
How to recover from ransomware lessons from real recoveries
How to recover from ransomware   lessons from real recoveriesHow to recover from ransomware   lessons from real recoveries
How to recover from ransomware lessons from real recoveries
 
How to decommission a data centre
How to decommission a data centreHow to decommission a data centre
How to decommission a data centre
 
Zerto in azure technical deep dive
Zerto in azure   technical deep diveZerto in azure   technical deep dive
Zerto in azure technical deep dive
 
How to know when combined backup and replication is for you
How to know when combined backup and replication is for youHow to know when combined backup and replication is for you
How to know when combined backup and replication is for you
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response Plan
 
Introducing rubrik a new approach to data protection
Introducing rubrik   a new approach to data protectionIntroducing rubrik   a new approach to data protection
Introducing rubrik a new approach to data protection
 
How to invoke Disaster Recovery
How to invoke Disaster RecoveryHow to invoke Disaster Recovery
How to invoke Disaster Recovery
 
How to setup disaster recovery
How to setup disaster recoveryHow to setup disaster recovery
How to setup disaster recovery
 
DRaaS to Azure with Zerto
DRaaS to Azure with ZertoDRaaS to Azure with Zerto
DRaaS to Azure with Zerto
 
The Databarracks Continuity Toolshed: Free tools for better recoveries
The Databarracks Continuity Toolshed: Free tools for better recoveriesThe Databarracks Continuity Toolshed: Free tools for better recoveries
The Databarracks Continuity Toolshed: Free tools for better recoveries
 
Webinar how to write a business continuity plan
Webinar how to write a business continuity planWebinar how to write a business continuity plan
Webinar how to write a business continuity plan
 

Dernier

KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 

Dernier (20)

KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 

Building Trust in the Cloud

  • 1. Building Trust in the Cloud A Journey Through Certification to the CIF Code of Practice Peter Groucutt Member, Cloud Industry Forum DATABARRACKS www.cloudindustryforum.org
  • 2. Who are Databarracks?  Databarracks (MSP)  IaaS  BaaS  DRaaS • Managed Service Provider for ten years • What qualifies me to talk to you about trust? www.cloudindustryforum.org
  • 3. Why are we talking about TRUST?  Databarracks began life providing Managed Backup Services  Our Journey through backup is similar to where we are today with Infrastructure as a Service  People liked the concept and the business drivers  People were worried about Data Security and Privacy  They did not trust the technology nor the providers of it  Young industry / New technology www.cloudindustryforum.org
  • 4. What is Trust? “Trust is the positive experience of many over time. It is a concept which is built in retrospect.” (my opinion) www.cloudindustryforum.org
  • 5. Where are we now?  According to our latest Backup and Cloud Survey which questioned 500 business IT managers in the UK  39% of companies use online backup  Up from 23% in 2008 www.cloudindustryforum.org
  • 6. Who trusts us now? www.cloudindustryforum.org
  • 7. How does this compare to cloud today?  Companies want to use the cloud  They don’t want technology for technology’s sake  Hardware doesn’t add value to the business only application  Companies want users to access the information they need to perform the function of the business as quickly as possible  Managing physical infrastructure does not add value. www.cloudindustryforum.org
  • 8. What are the drivers? 20% 10% 0% Operational Cost Flexibility of Scalability Saving service www.cloudindustryforum.org
  • 9. What are the concerns? 100% 80% 60% 40% 20% 0% Data Security Data Privacy Dependency Fear of Loss of Confidence in on Internet Control Providers www.cloudindustryforum.org
  • 10. What do the concerns tell us? They are issues of TRUST not technology www.cloudindustryforum.org
  • 11. Can certification build trust?  Certification can build confidence and confidence can build trust  78% of respondents said they would see value in working with an organisation that was publically certified www.cloudindustryforum.org
  • 12. Types of certification?  Management  ISO9001 / ISO27001 / ISO2000  Prescriptive  PCI-DSS / IL3 etc  Industry  CIF Code of Practice (CoP) www.cloudindustryforum.org
  • 13. Management certifications • Customer complaints and support frameworks • Identification of risks of service delivery • Policies covering all elements of business operation • Continuous review and improvement • Third party audit www.cloudindustryforum.org
  • 14. Prescriptive certifications • Capacity planning • Prescriptive configuration of systems (firewalls, switches and platforms etc) • Shielding of storage areas • Log harvesting and analysis • Strict, audited access controls • Regular penetration testing www.cloudindustryforum.org
  • 15. Industry certifications • Tailored and specific to the service provided • Brings together the relevant elements other certs • Understands the specific issues • Industry governed www.cloudindustryforum.org
  • 16. CIF Code of Practice? Three Pillars • Transparency • Capability • Accountability www.cloudindustryforum.org
  • 17. What did it take to certify? • Two months total working part time • Quality Manager • Security Manager • External ISO Consultant • Two weeks dedicated • Lots of common ground between ISO and CoP www.cloudindustryforum.org
  • 18. Why did Databarracks certify? • Be part of the conversation • Customers confidence in core values of the company • Looking beyond price www.cloudindustryforum.org
  • 19. Would we recommend it? YES! Shaping the industry to revolve around the core principles set out by CIF will build confidence and TRUST. Good for customers and good for service providers. www.cloudindustryforum.org
  • 20. Questions? info@cloudindustryforum.org www.cloudindustryforum.org www.cloudindustryforum.org