Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

VOGSY security roadmap

Authored by CumulusTrust - bringing clarity in the security jungle
by

Your Prezis

on 18 May 2018

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of VOGSY security roadmap

legacy
Disrupt
mobile first cloud only
get rid of legacy
Google-up
integrate & collaborate
Assets
3D Background
VOGSY
Growth Strategy
& security requirements - a journey
Benchmark
stack
Certification
POINTS
OF
INTEREST
Best practices observed in the public cloud marketplace

What information security certifications and assurance-products are typically deployed and how are these communicated?


If you like this - or any other Prezi template - in your own company colors we are happy to help!
Just send us an email at;
info@prezzip.com
COMPANY
LOGO
INF
O
COMPANY
VOGSY
VOGSY security roadmap
heads-up april 13, 2016
Very Old Guys
Staying Young
Viable
Opportunities
for Generating
Secure(d) Yield
stages
Growth
1 go-to-market PoC
2 growth (partners)
3 scale-out
Cloud Maturity
Customer
1 SMEs in Google ecosystem
2 larger SMEs - cloud explorers
3 enterprises - cloud beginners
Security Maturity
Customer
1-3 Preventative
3-4 Organized or Directed
4-5 Proactive or Continuous
Let the journey begin
1 go-to-market PoC
2 growth (partners)
3 scale-out
1 SMEs in Google ecosystem
Interface 1
All good things come in threes *)
Growth stages
Cloud maturity levels
Security maturity levels
*) KISS principles applied
Security stack - interface 1
Security-by-design coding
Trusted partners selected
Owned reseller/partner acts as best-in-class
CMMI Level 2/3 - Managed/Defined
Security best practices applied
Agility is key when establishing standards
Transparency-as-a-Service applied
Interface 2
2 larger SMEs - cloud explorers
Security stack - interface 2
Regular code reviews
Push for owned APIs and PaaS development
Formalized Trusted Vogsy Partner program
CMMI Level 3/4 - Defined/Managed
Certified and audited security processes
Transparency-as-a-Service applied
3 enterprises - cloud beginners
Security stack - interface 3
Bounty program in place
Separation of PaaS/SaaS layers facilitated
Functional Vogsy App Store ;-)
Tiered Trusted Vogsy Partner program
CMMI Level 4/5 - Managed/Optimizing
Certified and audited security processes
Certified privacy processes
Right-to-audit for regulated enterprises
Continuous monitoring in place
Transparency-as-a-Service realtime/online
Interface 3
Google certification & assurance stack:
ISO27001 certification
ISO27018 certification
SOC2/SOC3 assurance reports
no CSA STAR certification (member only)
Communication strategy:
online Trust Center
data protection whitepaper(s)
SOC3 assurance available
AWS certification & assurance stack:
ISO27001 certification
ISO27017/18 certification
SOC1/ISAE3402 assurance report
SOC2/SOC3 assurance reports
CSA STAR Level 1
Communication strategy:
online Trust Center
data protection whitepaper(s)
SOC3 assurance available
CSA CAIQ disclosed
Office365 certification & assurance stack:
ISO27001 certification
ISO27018 certification
SOC1/SSAE16 assurance report
SOC2/SOC3 assurance reports
CSA STAR CCM disclosed
Communication strategy:
online Trust Center
data protection whitepaper(s)
SOC3 assurance available (Azure)
Business demand
as determined by
Customer Security
Maturity
Legal compliance
(on an international
level)
Riskmanagement
Business vantage points
Interface 1
1 Establish service delivery chain
2 Perform riskassessment
3 Establish compliance requirements
4 Fit T&Cs and contract framework
5 Fit control framework & embed
6 Establish agile PDCA-cycle
7 Match proper certification level

Interface 2
1 Adapt service delivery chain
2 Update riskassessment
3 Update compliance requirements
4 Build partner requirements best practice
5 Adapt/create T&Cs and contract framework
6 Cascade if applicable
7 Adapt control framework & embed
8 Adapt certification level
Business demand
as determined by
Customer Security
Maturity
Legal compliance
(on an international
level)
Riskmanagement
Possible first deliverable: CSA Star L1
Initiate SOC2/3 assurance report
SOC2/3 assurance reports
ISO27001 certification
(optional CSA L2)
Business demand
as determined by
Customer Security
Maturity
Legal compliance
(on an international
level)
Riskmanagement
Interface 3
1 Run PDCA-cycle and adapt
2 Continual improvement
3 Build continuous monitoring ability
4 Establish proactive reporting TaaS
5 Have privacy processes certified

SOC2/3 assurance reports
ISO27001 certification
ISO27018 certification
(optional CSA L3 CTP)
Implementation principles
1 Stay AGILE

2 ENABLE SCALABILITY with the business

3 KISS
Business vantage points
Business vantage points
The partner perspective:
SOC2 assurancereport
TRUSTe Privacy Seal
Concise T&Cs
Policies disclosed online
Full transcript