Cloud Risk Assessment
When moving to the use of cloud service it is most important to take a risk based approach. However the process involved is often manual and time consuming; a tool is needed to enable a more rapid and consistent assessment of the risks involved.
This session describes why a risk based approach is needed. It provides detailed information on the KuppingerCole Cloud Rapid Risk Assessment Tool developed by KuppingerCole to help organizations assess the risks around their use of cloud services together in a rapid and repeatable manner.
After attending this session you will be able to:
- Explain why a risk based approach to the use of cloud services is needed.
- Explain the inherent risks that the KuppingerCole Cloud Rapid Risk Assessment Tool covers.
- Collect the information needed to use the tool.
- Describe the KuppingerCole Cloud Rapid Risk Assessment Tool.
Completion of this workshop qualifies for up to 3 Group Learning based CPEs
Who should attend?
This workshop is intended for the people in an organization that are concerned with procuring and assuring cloud services including:
- IT Governance/Compliance/Audit managers
- IT service managers
- IT risk/security managers
- Procurement and Legal managers
- Line of business managers considering cloud services
Detailed Workshop Program
Introduction to KuppingerCole Cloud Rapid Risk Assessment Tool
Using the KuppingerCole Cloud Rapid Risk Assessment Tool
The KuppingerCole Cloud Rapid Risk Assessment Tool is intended to help organizations assess the risks around their use of cloud services and choose the controls that could mitigate these risks. The tool has a built in database which includes the most important risks in the use of a cloud service, together with their impact and probability. This provides a starting point that makes it easier for organizations to assess risk by building upon what exists rather than starting from scratch.
This tool uses information collected by the user to determine the relative risk of a specific cloud use case and deployment. The specified use case is evaluated through the use of a questionnaire which leads the user through the risks. Each risk can be included or excluded from consideration or given a priority. For the risks that are included the tool considers the assurances that are provided by the CSP and/or actions taken by the customer to mitigate each risk. These assurances are used to modify the impact or the probability of the inherent risk.
This workshop uses real life scenarios to demonstrate the use of the KuppingerCole Cloud Rapid Risk Assessment Tool to understand the risks of using a specific cloud service and to ensure that these risks are managed to meet the organization’s risk appetite while obtaining the required business benefits.
Beyond your On-Premise IT: Privilege Management for Cloud, Virtualization, SDE, OT, and IoT
Privilege Management for now has been primarily focused on the core IT infrastructure running on-premises. This is changing. While supporting the servers, applications, and client systems in your on-premise environment still is a major requirement, there is increasing demand for extended coverage. Managing privileged users in Cloud services on both the tenant and the service provider side is one challenge. Getting a grip at all layers of virtualized environments, from the host over the hypervisor to the guests is another. Managing the software-managed components in the upcoming Software-defined Environments (SDE) also creates new challenges for Privilege Management. OT (Operational Technology) with many types of specific systems that need to become better protected is a both interesting and challenging field for innovation in Privilege Management. And there also will be a need for managing privileged access to things in the IoT, for instance for managing patches and updates – here we are talking about massive scalability.
This not only means that vendors have to drive innovation, but customers need to think about their future strategy for Privilege Management. In this workshop, the specific requirements imposed by these new challenges will be discussed, looking at feature areas such as scalability, support for new (and, in the case of OT, old) protocols and interfaces, etc. Based on this, the workshop will cover whether and how to extend the reach of on-premise, IT focused Privilege Management – or whether different solutions are the better choice.
After attending this workshop you will be able to
- Explain the difference between Simplified SignOn (SSO) and Privileged User Management
- Identify the common cyber security Privileged Password mistakes
- Implement individual audit tracking for shared accounts
- Understand Privileged Password Management in the Cloud and how to build access barriers
Completion of this workshop qualifies for up to 2 Group Learning based CPEs.