Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Size: px
Start display at page:

Download "Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101"

Transcription

1 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance

2 Presenters John Montoro President & CEO of RealTime Accounting Solutions, a cloud-based provider of accounting, payroll and financial reporting services 34 years as an auditor and consultant to local governments in Virginia Ted Brown Manager at Network Alliance, provider of cloud IT infrastructure and software support services 10 years experience developing and implementing innovative IT solutions to a diverse client base

3 Agenda Cloud Service Models Security Controls Your responsibilities and questions you need to ask Enterprise risk management and the cloud Cloud user experience

4 Presentation Goals Gain an overview of cloud services models and their pros and cons Review the basics of cloud security Obtain an understanding of ERM risks and responses Understand your responsibilities as a cloud user

5 Who is in the cloud? What is in the cloud? This is my cloud

6 Harnessing the Power of the Cloud Journal of Accountancy Article, April 2014 Technology continues to transform the accounting profession. Cloud computing and mobile devices have untethered CPAs from their desks and desktops, allowing them to do work and access data on a virtually anytime, anywhere basis. Technology continues to break down geographic and market barriers, creating unprecedented opportunities for CPA firms and for CPAs in business and government.

7 Harnessing the Power of the Cloud Journal of Accountancy Article, April 2014 The internet also brings danger. Security breaches such as those at Target and Nieman Marcus show how cybercriminals are ready to exploit weaknesses to gain access to confidential financial information. CPAs leveraging the web for their organizations need to be aware of the security concerns and protect themselves and their clients and companies data.

8 Cloud Service Models SaaS (Software as a service) SaaS is a cloud model where an application is hosted through a company, which typical resides at a datacenter, and allows a pay-per use model across the internet. Designed for end users, and is most common use of the cloud SaaS examples are: Salesforce, GoToMeeting, Google Apps, Office 365 Benefits of SaaS SaaS provider maintains and updates their product or products Ease of use with teams outside organization Mobile access is typically inherent in the system Use software where demand spikes (tax deadlines) with out having to pay for full license. Cons of SaaS Data of the application is not permitted to be hosted externally by legislation or other regulations.

9 Cloud Service Models PaaS (Platform as a service) A computing platform that typically include operating system, programming language, database and web server. Designed to create applications and typically used by developers PaaS examples: Heroku, OpenShift, force.com Benefits of PaaS No capital cost of building own solution PaaS provider maintains all underlying layers of hardware and software. Focus on work flow management Ease of development where external parties need to interact Cons of PaaS Applications requires specific hardware and software Program Language lock in User is responsible for managing the application and the data

10 Cloud Service Models IaaS (Infrastructure as a service) Computer infrastructure such as virtual /physical servers, storage, and networking are provided on a monthly subscription. Designed for virtualization of servers and desktops Examples: Rackspace, Amazon EC2, Windows Azure Benefits of IaaS No capital cost of building own solution (OP x vs Cap X) Service Provider owns the hardware and is responsible for housing, running and maintaining their infrastructure. Allows for dynamic Scaling Cons of IaaS Regulatory compliance of outsourcing data storage Good to know Users are responsible for patching, securing and maintaining servers they have subscribed to.

11 Cloud Service Models SaaS + IaaS =? (IT Outsourcing Model) Virtual desktop environment where virtual /physical servers, storage, and networking software and support are provided and maintained on a monthly basis. Basically an outsourced IT department Examples: Network Alliance, Proxios, others Benefits of IT Outsourcing model Service Provider owns the hardware and is responsible for housing, running and maintaining their infrastructure. Service provider installs and maintains all software applications Significantly reduces or eliminates the need for in house IT staff Cons of IT Outsourcing model Cost effectiveness is dependent on size of organization and extent of computer use

12 Network Security What security is in place today?

13 Top 20 Critical Security Controls

14 History of Critical Security Controls Critical Security Controls were created to improve risk posture against real-world threats.

15 Basics in Network Security Physical Security of Servers Physical Security of Data on Computers Firewall Intrusion Protection System AntiVirus Protection Up-to-date Operating System and AntiVirus

16 Does the Cloud provide better security for your data?

17 Who is Responsible for Cloud Security? Cloud security falls on both the provider and the end user Responsibility is different for each cloud computing models SaaS Responsibility of security the platform and infrastructure falls on the provider IaaS Shared responsibilities. User is required to secure provisioned services Provider is required to secure underlying hardware and datacenter IT Outsource - Responsibility of security the platform and infrastructure falls on the provider Identify the security gaps - know what you are buying, understand the contract and terms, and when in doubt - ask

18 6 Questions to ask 1. What is the encryption strategy? 2. How do you isolate data from other customers? 3. How is user access monitored? 4. What is the backup and disaster strategy? 5. What boundary defenses are in place? 6. What is the drive wiping policy?

19 End user Responsibilities Your data is your data and you are liable Understand the cloud model you are using Ask many questions and talk to references Understand insurance coverage for cloud stored data Have a backup plan End point Security Any device you use should be secured Malware Detection on end points Office should still have firewall and boundary defenses

20 End User Responsibilities Password enforcement Typically the weakest link in security chain Recommend Change every 45 days String of text 8 or more characters Combination of numbers, symbols, upper and lower case letters If possible deploy dual factor authentication into the cloud

21 The Cloud According to COSO Research commissioned by COSO Published in 2012

22 COSO: The Opportunities Cost savings: paying for what you use Speed of deployment Scalability and better alignment of technology resources Decreased effort in managing technology Environmental benefits

23 COSO: The Risks Disruptive force: by facilitating change and innovation Residing in same risk ecosystem as the CSP and other tenants Lack of transparency Reliability and performance Vendor lock-n and lack of application portability or interoperability Security and compliance concerns High-value cyber attack targets Risk of data leakage IT organizational changes Cloud service provider viability

24 COSO: Recommended Risk Responses Risk Unauthorized cloud activity Response Cloud policies and controls Lack of transparency Assessments of the CSP control environment Security, compliance data leakage and data jurisdiction Transparency and relinquishing direct control Data classification policies and processes Management oversight and operations monitoring controls

25 COSO: Recommended Risk Responses Risk Reliability, performance, high-value cyber attack target Noncompliance with regulations Response Incident management Monitoring of the external environment Vendor lock-in Preparation of an exit strategy Noncompliance with disclosure requirements New disclosures in financial reporting

26 Is your Cloud Provider HIPAA Ready? Source: IT Business Edge Article Policies People Access controls Encrypted data in transit Encrypted data at rest Monitoring Breach notification Disaster recovery Data location Experience and organization-wide awareness Security program that meet the specific policies and procedures required by HIPAA Dedicated person on-site Controls that include electronic identification and limit physical on-site data access For healthcare data, drives must be encrypted and accounted for, including backups Daily operational procedures that log and monitor looking for suspicious activities An incident response process Address the recovery or continuation of technology infrastructure Know where your cloud is! Should be stored in the US Provider with a proven track record.

27 User Perspective the Virtual Desktop Environment RealTime Accounting s IT structure No servers on site All employees work in a virtual desktop environment A paperless office (well, almost) Multiple ways to connect to the internet Provider owns server equipment, installs software and updates Provides customer support We manage password access

28 User Perspective the Virtual Desktop Environment RealTime Accounting s IT structure more complex Document manager is a SaaS and separately managed Payroll software syncs to on site server maintained by our payroll partner Several access points to software applications Several ways to transfer data to and from our clients Drop box Hot folder

29 User Perspective: Documents stored in the Cloud - Can you throw away the paper? Security clearly an issue Some considerations with document management Versioning Chain of evidence Ability to redact

30 Questions? Contact information John Montoro Ted Brown

On Premise Vs Cloud: Selection Approach & Implementation Strategies

On Premise Vs Cloud: Selection Approach & Implementation Strategies On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Cloud Computing Risk and Rewards

Cloud Computing Risk and Rewards Cloud Computing Risk and Rewards John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society Convergence 2013 May 8, 2013 John

More information

2 0 1 4 F G F O A A N N U A L C O N F E R E N C E

2 0 1 4 F G F O A A N N U A L C O N F E R E N C E I T G OV E R NANCE 2 0 1 4 F G F O A A N N U A L C O N F E R E N C E RAJ PATEL Plante Moran 248.223.3428 raj.patel@plantemoran.com This presentation will discuss current threats faced by public institutions,

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

1 The intersection of IAM and the cloud

1 The intersection of IAM and the cloud 1 The intersection of IAM and the cloud Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Theory, practice, pros and cons with a focus on enterprise deployments of IAM and cloud

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word

More information

IIABSC 2015 - Spring Conference

IIABSC 2015 - Spring Conference IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber

More information

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

HARNESSING THE POWER OF THE CLOUD

HARNESSING THE POWER OF THE CLOUD HARNESSING THE POWER OF THE CLOUD Demystifying Cloud Computing Everyone is talking about the cloud nowadays. What does it really means? Indeed, cloud computing is the current stage in the Internet evolution.

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Practical and ethical considerations on the use of cloud computing in accounting

Practical and ethical considerations on the use of cloud computing in accounting Practical and ethical considerations on the use of cloud computing in accounting ABSTRACT Katherine Kinkela Iona College Cloud Computing promises cost cutting efficiencies to businesses and specifically

More information

Agenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree

Agenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree Cyber Security: Potential Threats Impacting Organizations January 10, 2015 Scott Petree Agenda 2 Data Security Trends Root Causes of Cyber Attacks How Can We Fix This? Secure Infrastructure User Awareness

More information

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4 TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6 TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4 Cloud services (Data Centre) and related Functional requirement Cloud services as a Control

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 1 Cloud Computing In the Industry Introduction to Cloud Computing The term cloud computing is simply the use of computing

More information

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP 2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Quick guide: Using the Cloud to support your business

Quick guide: Using the Cloud to support your business Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

Electronic Records Storage Options and Overview

Electronic Records Storage Options and Overview Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for

More information

Cloud Computing: Risks and Auditing

Cloud Computing: Risks and Auditing IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG

More information

COMMUNICATIONS ALLIANCE LTD

COMMUNICATIONS ALLIANCE LTD COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized

More information

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Cloud Security for Federal Agencies

Cloud Security for Federal Agencies Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

Securing The Cloud With Confidence. Opinion Piece

Securing The Cloud With Confidence. Opinion Piece Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires

More information

Solution Brief for ISO 27002: 2013 Audit Standard ISO 27002. Publication Date: Feb 6, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Solution Brief for ISO 27002: 2013 Audit Standard ISO 27002. Publication Date: Feb 6, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Solution Brief for ISO 27002: 2013 Audit Standard Publication Date: Feb 6, 2015 8815 Centre Park Drive, Columbia MD 21045 ISO 27002 About delivers business critical software and services that transform

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Data In The Cloud: Who Owns It, and How Do You Get it Back?

Data In The Cloud: Who Owns It, and How Do You Get it Back? Data In The Cloud: Who Owns It, and How Do You Get it Back? Presented by Dave Millier, Soban Bhatti, and Oleg Sotnikov 2013 Sentry Metrics Inc. Agenda Reasons for Cloud Adoption How Did My Data Get There?

More information

Leveraging the Cloud for Your Business

Leveraging the Cloud for Your Business Leveraging the Cloud for Your Business by CornerStone Telephone Company 2 Third Street Troy, NY 12180 As consumers, we enjoy the benefits of cloud services from companies like Amazon, Google, Apple and

More information

Private vs. Public Cloud Solutions

Private vs. Public Cloud Solutions Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper

More information

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization

More information

Study concluded that success rate for penetration from outside threats higher in corporate data centers

Study concluded that success rate for penetration from outside threats higher in corporate data centers Auditing in the cloud Ownership of data Historically, with the company Company responsible to secure data Firewall, infrastructure hardening, database security Auditing Performed on site by inspecting

More information

Hedge Funds & the Cloud: The Pros, Cons and Considerations

Hedge Funds & the Cloud: The Pros, Cons and Considerations Hedge Funds & the Cloud: The Pros, Cons and Considerations By Mary Beth Hamilton, Director of Marketing, Eze Castle Integration The increased use of cloud-based services is undeniable. Analyst firm Forrester

More information

EAaaS Cloud Security Best Practices

EAaaS Cloud Security Best Practices EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages Ivan Zapevalov 2 Outline What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages 3 What is cloud computing? 4 What is cloud computing? Cloud computing is the

More information

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors Bringing the Cloud into Focus A Whitepaper by CMIT Solutions and Cadence Management Advisors Table Of Contents Introduction: What is The Cloud?.............................. 1 The Cloud Benefits.......................................

More information

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile

More information

Oracle ERP & The Cloud. Presented by Adriaan Kruger

Oracle ERP & The Cloud. Presented by Adriaan Kruger Oracle ERP & The Cloud Presented by Adriaan Kruger ? What is the Cloud? What options are there in the Cloud for JD Edwards / E-Business Suite Customers? What is the Cloud? Different Layers IaaS (Infrastructure

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Cloud Security: The Grand Challenge

Cloud Security: The Grand Challenge Dr. Paul Ashley IBM Software Group pashley@au1.ibm.com Cloud Security: The Grand Challenge Outline Cloud computing: the pros, the cons, the blind spots Security in the cloud - what are the risks now and

More information

Information Technology General Controls And Best Practices

Information Technology General Controls And Best Practices Paul M. Perry, FHFMA, CITP, CPA Alabama CyberNow Conference April 5, 2016 Information Technology General Controls And Best Practices 1. IT General Controls - Why? 2. IT General Control Objectives 3. Documentation

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

Lecture 02a Cloud Computing I

Lecture 02a Cloud Computing I Mobile Cloud Computing Lecture 02a Cloud Computing I 吳 秀 陽 Shiow-yang Wu What is Cloud Computing? Computing with cloud? Mobile Cloud Computing Cloud Computing I 2 Note 1 What is Cloud Computing? Walking

More information

Security Threat Risk Assessment: the final key piece of the PIA puzzle

Security Threat Risk Assessment: the final key piece of the PIA puzzle Security Threat Risk Assessment: the final key piece of the PIA puzzle Curtis Kore, Information Security Analyst Angela Swan, Director, Information Security Agenda Introduction Current issues The value

More information

How To Protect Yourself From A Hacker Attack

How To Protect Yourself From A Hacker Attack Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

CloudCheck Compliance Certification Program

CloudCheck Compliance Certification Program CloudCheck Compliance Certification Program Ensure Your Cloud Computing Environment is Secure with CloudCheck Certification Organizations today are increasingly relying on a combination of private and/or

More information

The Elephant in the Room: What s the Buzz Around Cloud Computing?

The Elephant in the Room: What s the Buzz Around Cloud Computing? The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton

More information

Research Paper Available online at: www.ijarcsse.com A COMPARATIVE STUDY OF CLOUD COMPUTING SERVICE PROVIDERS

Research Paper Available online at: www.ijarcsse.com A COMPARATIVE STUDY OF CLOUD COMPUTING SERVICE PROVIDERS Volume 2, Issue 2, February 2012 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: A COMPARATIVE STUDY OF CLOUD

More information

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

Cloud Assurance: Ensuring Security and Compliance for your IT Environment Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware

More information

Security and Managed Services

Security and Managed Services iconnect Cloud Archive System Overview Security and Managed Services iconnect Cloud Archive (formerly known as Merge Honeycomb ) iconnect Cloud Archive offers cloud-based storage for medical images. Images

More information

HIPAA/HITECH Compliance Using VMware vcloud Air

HIPAA/HITECH Compliance Using VMware vcloud Air Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the

More information

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, 2012. What Cloud Computing is and How it Works

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, 2012. What Cloud Computing is and How it Works Cloud Computing TODAY S TOPICS What Cloud Computing is and How it Works Security & Privacy Issues Investigative Challenges WHAT IS CLOUD COMPUTING? Cloud computing refers to software or processes offered

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

CLOUD COMPUTING SECURITY ISSUES

CLOUD COMPUTING SECURITY ISSUES CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights

More information

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Wikipedia defines cloud computing as Internet-based computing, whereby shared

More information

Executive s Guide to Cloud Access Security Brokers

Executive s Guide to Cloud Access Security Brokers Executive s Guide to Cloud Access Security Brokers Contents Executive s Guide to Cloud Access Security Brokers Contributor: Amy Newman 2 2 Why You Need a Cloud Access Security Broker 5 You Can t Achieve

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:

More information

University of Pittsburgh Security Assessment Questionnaire (v1.5)

University of Pittsburgh Security Assessment Questionnaire (v1.5) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided

More information

How To Protect Your Cloud Computing Resources From Attack

How To Protect Your Cloud Computing Resources From Attack Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

EXIN Cloud Computing Foundation

EXIN Cloud Computing Foundation Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

Addressing Cloud Computing Security Considerations

Addressing Cloud Computing Security Considerations Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft

More information

Compliance and the Cloud: What You Can and What You Can t Outsource

Compliance and the Cloud: What You Can and What You Can t Outsource Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

Adopting Cloud Computing with a RISK Mitigation Strategy

Adopting Cloud Computing with a RISK Mitigation Strategy Adopting Cloud Computing with a RISK Mitigation Strategy TS Yu, OGCIO 21 March 2013 1. Introduction 2. Security Challenges Agenda 3. Risk Mitigation Strategy Before start using When using 4. Policy & Guidelines

More information

CLOUD COMPUTING An Overview

CLOUD COMPUTING An Overview CLOUD COMPUTING An Overview Abstract Resource sharing in a pure plug and play model that dramatically simplifies infrastructure planning is the promise of cloud computing. The two key advantages of this

More information

Case Studies: Protecting Sensitive Data in

Case Studies: Protecting Sensitive Data in Case Studies: Protecting Sensitive Data in C.J. Radford Vice President, Cloud September 18, 2014 Contact: @cjrad; cradford@vormetric.com Agenda Data Security Challenges Top Considerations for Data Centric

More information

Information Security @ Blue Valley Schools FEBRUARY 2015

Information Security @ Blue Valley Schools FEBRUARY 2015 Information Security @ Blue Valley Schools FEBRUARY 2015 Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that

More information

Cybersecurity Health Check At A Glance

Cybersecurity Health Check At A Glance This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information