David Gerendas, Group Product Manager, McAfee. Cloud Computing is here and here to stay. Like it or not. But how does a cloud computing consumer know if the system is safe to store and process vital business and personal data? How do cloud service providers build the necessary trust, manage risk, and protect vital data in cloud systems?
Cryptography plays a vital role in building a trust system. FIPS 140-2 or standards based validated cryptography is an important building block. Third-party accreditation also plays a significant role in establishing and validating security and privacy baselines for service organizations and cloud service providers. Taken together, cloud computing systems can be built to minimize risk and improve security and privacy controls, while building a credible trusted computing platform.
In this session, we will explore various cloud computing service organization certifications (i.e. FedRAMP, ISO 27001, SOC) and how they establish and validate security controls in cloud computing services. We will also explore how cryptography can be employed throughout the cloud stack to enforce strong security, manage risk, and ultimately build verifiable and credible trust in a cloud computing system.