White Paper: Cloud Security. Cloud Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "White Paper: Cloud Security. Cloud Security"

Transcription

1 White Paper: Cloud Security Cloud Security

2

3 Introduction Due to the increase in available bandwidth and technological advances in the area of virtualisation, and the desire of IT managers to provide dynamically changing levels of service in the most cost effective way, the idea of cloud computing is something that is (has) become popular again. The concept is not a completely new one, in fact the historians will tell you that IBM were offering cloud based services (processing power for hire) back in the 1950s. However, as outlined above, and coupled with the unprecedented level of inter connectivity between organisations and people and their data, the advantages of cloud based computing have come to the fore. It is not without risk however. The idea of putting your key business data out in the cloud is something that puts a chill down many a c-level executive or business owner s back. Questions that come to mind immediately are very basic but also important to get answers to How secure is this data? Who will be able to have access to it? What if it s not available when I need it? Where is that data actually stored? What happens to my data if I need to change cloud providers? Etc. There are many questions that realistically need to be answered before you take the plunge, but by putting some thought into it and making decisions based on rational assessment process, should enable you to take advantage of the benefits offered by the cloud in a way that makes sense to you and is acceptable from a risk perspective. The aim of this article is to provide you with some of the tools you need to make an informed decision before you feel happy putting your data and business processes into the hands of a faceless stranger! Firstly it is important to put some definitions around information security and the cloud. Confidentiality, Integrity and Availability It is well documented that information security is all about maintaining the Confidentiality, Integrity and Availability (or CIA for short) of information. To have a compromise in any of these areas is to have a data security incident. There are many examples of data security breaches in the world today both at home and abroad. It is not uncommon to turn on the news and hear about the company that has left all of their clients sensitive financial details on a stolen laptop or to hear about a new virus or worm that is costing industry millions of Euros per day while it is out in the wild. These examples represent information security compromises and, interestingly enough, the types of controls available to prevent (or dramatically reduce the impact of) such incidents are readily available. It is important to realise that the various controls related to protecting information security in general are not fundamentally any different for protecting information that resides in the cloud. As such the basic tools that can be used to protect your information fall into three categories of controls as follows Administrative Controls (policies, procedures, standards, baselines, guidelines, contracts, user awareness etc) Technical Controls (firewalls, encryption, anti-virus, authentication, resilience, redundancy etc) Physical Controls (secure operating environments, security guards, CCTV, doors, locks, cages, fire suppression etc). Cloud Security Page 1

4 Your information security management program, if it is a healthy one, should be made up of any number of the above type of controls so that the high priority security issues have been addressed. To answer the questions of which controls are applicable to your environment, it is best to perform an assessment of the various risks that you are faced with, and to select the controls that help to minimise the risks that you have identified to an acceptable level. Conducting a risk assessment is one of the fundamental building blocks of implementing a systematic information security management program. Threats and Risks Given that we are looking at putting our data in the cloud, we are likely faced with a different set of risks than would usually be found within a normal IT environment. The table below lists some of the threats and risks pertinent to the cloud Top Cloud Security Risks ( ref. European Network and Information Security Agency Loss of Governance Lock-in (lack of data portability between cloud providers) Isolation Failure (compromises in shared platform security). Compliance Risks Management Interface Data Protection Insecure or incomplete data deletion Malicious Insider Top Cloud Threats (ref: The Cloud Security Alliance, Abuse and Nefarious Use of Cloud Computing Insecure Application Programming Interfaces Malicious Insiders Shared Technology Vulnerabilities Data Loss / Leakage Account, Service and Traffic Hijacking Unknown Risk Profile Cloud Deployment and Delivery To put some of these risks and threats into context, let us first put some definition around what we mean by the cloud. There are some key distinctions between the types of services available from the cloud and it is important to differentiate between the deployment and delivery models associated with each. It is generally accepted that cloud services are defined by the SPI model i.e. software-as-a-service (SAAS), platform-as-a-service (PAAS) and infrastructure-as-a-service (IAAS). For example, Google Apps could be considered as SAAS service, Microsoft s Azure Platform which allows application developers to design and deploy cloud ready applications would be considered a PAAS offering and any number of hosting partners can provide IAAS services, typically deployed on elastic platforms that allow for rapid scalability in terms of processing power, storage and bandwidth for example. Cloud Security Page 2

5 Key attributes / characteristics for each model are as follows: SAAS: Is a delivered solution, not that extensible or customisable by the customer, tends to have a high level of security built in (provider tends to bear the burden of security) PAAS: More extensible and customisable, allows developers to build their own apps, more extensible than SAAS and this extends to security controls which would offer customisation of controls. IAAS: Few application like features, huge extensibility and customisation offered extends to security. Customer more likely to have to manage their own security. It is also useful to consider the way in which your cloud is deployed. There are three main deployment models currently accepted as standard and these are: Public Cloud - your cloud based services are provided on a shared platform, the same platform is shared with others; Private Cloud - a dedicated infrastructure maintained and operated solely for your organisation by the cloud service provider; Hybrid Cloud - a combination of both public and private cloud delivery models. Obviously, the whole area of cloud based services is rapidly evolving, so the above concepts are not cast in stone but do provide a baseline to use when comparing service delivery mechanisms. So, when we are looking at the security issues related to the cloud, the first job at hand is really to define what is meant by the cloud. Is it (for example) a new business application being rolled out to your corporate sales force using a SAAS platform over a Public cloud delivery mechanism or; are you replacing your in-house managed web servers to a CSP (cloud service provider) who can handle the annual spikes in bandwidth and processing that occur at the same point every year, with their IAAS model, where you only pay for what you use. When we ascertain what the risks are, we can use an appropriate set of controls to manage these risks. Let us remember that when we are evaluating risks to information security, what we are looking at are risks related to compromises of information Confidentiality, Integrity and Availability. Cloud Security Page 3

6 Risk Mitigation Example If we take the example of SAAS where perhaps our sales team keep information related to key accounts in the cloud, it is reasonable to assume that, at some point, there may me some data loss or leakage from the cloud service provider. A simple example may be where deletion or alteration of records without a backup of the original content has occurred (probably one of the most common issues to plague computer users ever since computing began, never mind the cloud!). What about where unauthorised access occurs to data in the cloud, thereby resulting in a breach of data confidentiality or integrity. How can we use some of the established types of controls to help mitigate these issues Administrative Controls: Cloud Service Provider Contracts. o o We could contractually oblige our Service Provider to ensure that they provide adequate data backup and retention strategies. We could demand that they wipe persistent media before it is released in to the pool (thereby reducing the risk of inadvertent data leakage ) Policy and Awareness o We could enforce a strict access control policy and; o Ensure that our workforce are sufficiently aware of our polices (by providing awareness training) Technical Controls: Authentication o Encryption o o Implement Strong Access Control / Authentication Mechanisms Encrypt and protect the integrity of data in transit and at rest Implement strong encryption key generation, storage and management and destruction practises. The above list of controls are not exhaustive, but illustrate that there are intersections between the controls used to mitigate risks within a normal IT environment and that of a cloud based one. Cloud Security Page 4

7 Data Classification A key question to answer when considering the issues related to cloud based security is, what is the kind of data that you intend to put up in the cloud? When determining the kind of data that is in the cloud, what we really mean is, is how sensitive is this data and how critical is this data, what is this data actually worth. By answering these questions we are in-effect classifying the data. Data Classification is the cornerstone of ensuring that an appropriate amount of security is utilised to protect information assets. The key word here is appropriate ; this means not too much and not too little security. For example, you wouldn t spend a million Euros on a state of the art safe (think Tom Cruise, Mission Impossible) to protect something that is worth a few hundred Euros; conversely you wouldn t spend only a hundred Euros insuring that priceless diamond necklace. When Data Classification is performed it helps us to define several key characteristics that drive the security controls necessary. When considering the sensitivity of the data, this helps to determine the requirements necessary for ensuring the confidentiality of the data. We can ask questions such as who should have access to the data? If it is publically accessible data (like a bus timetable or TV listings for example) then the data may be classified as a public and not in the slightest bit confidential, and therefore not require any significant level of data security controls. On the other hand, the data could be the earnings report for the quarter and considered to be highly confidential (particularly if you are a publically quoted company) up until the day it is released to the stock market. In this case, the data may need additional levels of security, such as data encryption and strict access control measures in place. By using these two examples, of classifying the data s sensitivity, we can see that different controls and therefore different levels of security are required. However, in this case we can justify the cost of the controls implemented by performing a data classification process. In the same way that sensitivity is classified, it also pays to establish the criticality of the information. This can help to drive requirements in the key security (and cloud) area of availability. Questions to be asked here could be.is this data we are using considered to be highly critical to our operations? If so, then we need to ensure that this data is available for % of the time (this comes as at a cost) or is the data less critical, perhaps it is only needed a few times a month (for example when you are doing the monthly payroll). Payroll information is a good example, this is something that could be considered to be confidential but not that critical i.e. we could put more emphasis on ensuring that it remains confidential (perhaps by encrypting it and maintaining a strict access control policy) than on making sure that it is available 99% of the time. When considering the data that we want to put out in the cloud, we should perform a data classification exercise and determine if the type of cloud service is inherently capable of providing the necessary level of security required. Will the security controls in place be adequate to ensure that the sensitivity of the data is maintained and will the necessary controls be in place to ensure that we can access the data when we need it? Let s assume that we have performed our data classification process and established that the data to be processed is highly sensitive. Our cloud service provider is offering us a service that is based on a Shared SAAS platform. We have little or no control over the security of the service and to make matters worse, our Cloud Security Page 5

8 data is being hosted on a public platform. The risk averse amongst us, may argue that something as common as human error (maybe an administrator inadvertently give access to your data to a competitor) may be enough (if it were to occur) to have a significant impact on your business that it does not warrant the perceived cost savings benefits of putting that information in the cloud (at least for the type of service initially offered). Maybe another type of service is required; perhaps an SAAS service provided on a Private Cloud would adequately address the risk. Alternatively, maybe we should just hire the Infrastructure from the CSP and manage the application ourselves. We can customise the necessary controls to our hearts content; thereby ensuring adequate levels of security are available to address our perceived risks. The downside (assuming you see it like that) is that there is a higher cost associated with managing this security level. Conclusion It looks like the cloud is here to stay, the benefit are too compelling to ignore. Key issues that will continue to effect information security concerns are lack of cloud standards, the perceived loss of control of data, questions over the physical location of data, questions related to availability of service, questions related to the trustworthiness of the cloud service providers etc, indeed this could be a very long list. A comprehensive and systematic approach to information security management is required and this should underpinned by regular assessment and testing. It is important for organisations who are considering taking the plunge to perform a risk assessment and to perform a data classification process. These concepts will not be new to anyone who is currently implementing information security practises in line with accepted best practise methodologies such as ISO27001/2, CoBIT, PCI DSS etc. The type of information security controls that exist today that help organisations manage risk can readily be adopted and ported to cloud based computing systems. Cloud Security Page 6

9

10 About Espion Espion are Corporate Information specialists. We work with organisations across all industries and business functions to provide advice and assistance relating to the holistic compliance, protection and management requirements of their most valuable asset information. This allows our clients to focus on their core business and ultimately achieve greater success. Espion Headquaters Corrig Court, Corrig Road, Sandyford Industrial Estate, Dublin 18, Ireland +353 (01)

D. L. Corbet & Assoc., LLC

D. L. Corbet & Assoc., LLC Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cloud Security:Threats & Mitgations

Cloud Security:Threats & Mitgations Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges Agenda Overview of Information Security Management Information

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

FACING SECURITY CHALLENGES

FACING SECURITY CHALLENGES 24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays

More information

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material

More information

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com The Magazine for IT Security May 2010 sör alex / photocase.com free digital version made in Germany issue 3 Luiz Fotolia.com Clouds or storm clouds? Cloud Computing Security by Javier Moreno Molinero Gradually,

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Week 1 Assignment. William Slater. CYBR 615 Cybersecurity Governance and Compliance. Bellevue University

Week 1 Assignment. William Slater. CYBR 615 Cybersecurity Governance and Compliance. Bellevue University The Roles of the Internal Audit Team in Cloud Computing 1 Week 1 Assignment William Slater CYBR 615 Cybersecurity Governance and Compliance Bellevue University The Roles of the Internal Audit Team in Cloud

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

Cloud Computing Toolkit

Cloud Computing Toolkit DEPARTMENT OF INFORMATION STUDIES, ABERYSTWYTH UNIVERSITY Cloud Computing Toolkit Guidance for outsourcing information storage to the cloud Nicole Convery 26/08/2010 Toolkit to guide information professionals

More information

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members

More information

Cloud, Community and Collaboration Airline benefits of using the Amadeus community cloud

Cloud, Community and Collaboration Airline benefits of using the Amadeus community cloud Cloud, Community and Collaboration Airline benefits of using the Amadeus community cloud Index Index... 2 Overview... 3 What is cloud computing?... 3 The benefit to businesses... 4 The downsides of public

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

T H E E D U C A T I O N C L O U D. Freedom... a true Cloud based solution for education!

T H E E D U C A T I O N C L O U D. Freedom... a true Cloud based solution for education! T H E E D U C A T I O N C L O U D Freedom... a true Cloud based solution for education! Contents T H E E D U C A T I O N C L O U D What is Freedom? 04 Freedom... a Cloud based solution for education! High

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Cloud Computing Jenn CruverKibi, CPA July 27, 2016

Cloud Computing Jenn CruverKibi, CPA July 27, 2016 Pursuing the Profession While Promoting the Public Good Cloud Computing Jenn CruverKibi, CPA July 27, 2016 2016 Annual Non-Profit Seminar What we will cover 1 What we will cover: What is cloud computing?

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Customer Engagement & The Cloud

Customer Engagement & The Cloud Customer Engagement & The Cloud Silverbear Membership Customer Engagement & The Cloud There has been a lot of talk and hype recently surrounding this new phenomenon called the Cloud". A lot of senior business

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

MAXIMUM PROTECTION, MINIMUM DOWNTIME

MAXIMUM PROTECTION, MINIMUM DOWNTIME MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is

More information

Is it Time to Trust the Cloud? Unpacking the Notorious Nine

Is it Time to Trust the Cloud? Unpacking the Notorious Nine Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Cloud Security: An Independent Assessent

Cloud Security: An Independent Assessent Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned

More information

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Security in the Cloud: Visibility & Control of your Cloud Service Providers Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Electronic Records Storage Options and Overview

Electronic Records Storage Options and Overview Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for

More information

Cloud Storage: Where Does It Fit Into Tomorrow s IT?

Cloud Storage: Where Does It Fit Into Tomorrow s IT? Cloud Storage: Where Does It Fit Into Tomorrow s IT? Vincent Franceschini CTO Distributed Data Storage Solutions Hitachi Data Systems Corporation Vincent.Franceschini@hds.com Constant, increasing reliance

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,

More information

next generation privilege identity management

next generation privilege identity management next generation privilege identity management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep up pace with

More information

Security Officer s Checklist in a Sourcing Deal

Security Officer s Checklist in a Sourcing Deal Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.

More information

Why SAAS makes sense: The benefits of Cloud Computing for Email Archiving

Why SAAS makes sense: The benefits of Cloud Computing for Email Archiving Why SAAS makes sense: The benefits of Cloud Computing for Email Archiving Confidentiality This document contains confidential material that is proprietary to Gradian Systems Ltd. The material, ideas, and

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Click. Schedule. Relax.

Click. Schedule. Relax. Reliability and Security Reliability and Security: Twelve Essential Questions to Ask Online Employee Scheduling Providers about Reliability and Security 2003 ScheduleSource, Inc. All rights reserved. Table

More information

NSTAC Report to the President on Cloud Computing: Cloud Computing Security Controls For NS/EP (Appendix E)

NSTAC Report to the President on Cloud Computing: Cloud Computing Security Controls For NS/EP (Appendix E) THE PRESIDENT S NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY COMMITTEE Cloud Computing Security Controls For NS/EP (Appendix E) May 15, 2012 TABLE OF CONTENTS 1.0 CLOUD SECURITY ALLIANCE (CSA) CLOUD CONTROLS

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

Risks and Challenges

Risks and Challenges Cloud and Mobile Security: Risks and Challenges Chong Sau Wei (CISM) chong@scan associates.net General Manager Managed Security Services SCAN Associates Berhad Seminar e Kerajaan Negeri Pulau Pinang 14

More information

Cloud Computing: Background, Risks and Audit Recommendations

Cloud Computing: Background, Risks and Audit Recommendations Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

CLOUD COMPUTING GUIDELINES FOR LAWYERS

CLOUD COMPUTING GUIDELINES FOR LAWYERS INTRODUCTION Legal practices are increasingly using cloud storage and software systems as an alternative to in-house data storage and IT programmes. The cloud has a number of advantages particularly flexibility

More information

New Risks in the New World of Emerging Technologies

New Risks in the New World of Emerging Technologies New Risks in the New World of Emerging Technologies Victor Chu Client Technical Professional Identity, Security, and Compliance Management Software Group IBM Malaysia Risk it s NOT a four simple letter

More information

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security

More information

Are you prepared for the BYOD (bring your own device) movement?

Are you prepared for the BYOD (bring your own device) movement? Are you prepared for the BYOD (bring your own device) movement? IRIS Service Management Guide www.irisfieldservice.com Are you prepared for the BYOD (bring your own device) movement? The trend towards

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

WHITE PAPER. How to choose and implement your cloud strategy

WHITE PAPER. How to choose and implement your cloud strategy WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.

More information

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything

More information

Data In The Cloud: Who Owns It, and How Do You Get it Back?

Data In The Cloud: Who Owns It, and How Do You Get it Back? Data In The Cloud: Who Owns It, and How Do You Get it Back? Presented by Dave Millier, Soban Bhatti, and Oleg Sotnikov 2013 Sentry Metrics Inc. Agenda Reasons for Cloud Adoption How Did My Data Get There?

More information

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 -------------- w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------

More information

ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies

ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com Analogous

More information

What Is BYOD? Challenges and Opportunities

What Is BYOD? Challenges and Opportunities Wor k s pac es Mobi l i t ysol ut i ons Bl uewi r esol ut i ons www. bl uewi r e. c o. uk What Is BYOD? Challenges and Opportunities What is BYOD How Secure is Your BYOD Environment? Bring your own device

More information

Cloud Computing Risk and Rewards

Cloud Computing Risk and Rewards Cloud Computing Risk and Rewards John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society Convergence 2013 May 8, 2013 John

More information

Cloud Computing and Attacks

Cloud Computing and Attacks Cloud Computing and Attacks Joseph Spring School of Computer Science 7COM1027 - Distributed Systems Security 1 Areas for Discussion Cloud Computing Attacks Firewalls 2 Cloud Computing A Cloud is a large

More information

Addendum Windows Azure Data Processing Agreement Amendment ID M129

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129 Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the

More information

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors Bringing the Cloud into Focus A Whitepaper by CMIT Solutions and Cadence Management Advisors Table Of Contents Introduction: What is The Cloud?.............................. 1 The Cloud Benefits.......................................

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10 Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between

More information

Cloud Computing. Karan Saxena * & Kritika Agarwal**

Cloud Computing. Karan Saxena * & Kritika Agarwal** Page29 Cloud Computing Karan Saxena * & Kritika Agarwal** *Student, Sir M. Visvesvaraya Institute of Technology **Student, Dayananda Sagar College of Engineering ABSTRACT: This document contains basic

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access

More information

Enterprise Global Security in an era of Hybrid Cloud and Smart Mobile

Enterprise Global Security in an era of Hybrid Cloud and Smart Mobile Enterprise Global Security in an era of Hybrid Cloud and Smart Mobile M. Asif Riaz, CISM, CISSP, CEH Agenda Users are demanding access to applications and services from wherever they are, whenever they

More information

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)

More information

Cloud Computing in a Government Context

Cloud Computing in a Government Context Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important

More information

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net Buyer s Guide to Secure Cloud Buyer s Guide to Secure Cloud An executive guide to outsourcing IT infrastructure and data storage using Private Cloud as the foundation. Executives derive much confidence

More information

Introduction to Cloud Computing

Introduction to Cloud Computing 1 Introduction to Cloud Computing CERTIFICATION OBJECTIVES 1.01 Cloud Computing: Common Terms and Definitions 1.02 Cloud Computing and Virtualization 1.03 Early Examples of Cloud Computing 1.04 Cloud Computing

More information

Can security conscious businesses really adopt the Cloud safely?

Can security conscious businesses really adopt the Cloud safely? Can security conscious businesses really adopt the Cloud safely? January 2014 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Executive overview The varied Cloud security landscape How risk assessment

More information

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro Cloud definitions you've been pretending to understand Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro You keep using that word cloud. I do not think it means what you think it

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

CLOUD COMPUTING OVERVIEW

CLOUD COMPUTING OVERVIEW CLOUD COMPUTING OVERVIEW http://www.tutorialspoint.com/cloud_computing/cloud_computing_overview.htm Copyright tutorialspoint.com Cloud Computing provides us a means by which we can access the applications

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there A white paper from Fordway on CLOUD COMPUTING Why private cloud should be your first step on the cloud computing journey - and how to get there PRIVATE CLOUD WHITE PAPER January 2012 www.fordway.com Page

More information

CloudDesk - Security in the Cloud INFORMATION

CloudDesk - Security in the Cloud INFORMATION CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES

More information

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise

More information

Recommendations and Considerations for Companies Migrating to the Cloud

Recommendations and Considerations for Companies Migrating to the Cloud Recommendations and Considerations for Companies Migrating to the Cloud White Paper May 2012 Colocation Connectivity Cloud Communications Introduction As organisations think about moving to the cloud,

More information

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS? What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

More information

A Decision Maker s Guide to Cloud Computing and Managed Hosting

A Decision Maker s Guide to Cloud Computing and Managed Hosting A Decision Maker s Guide to Cloud Computing and Managed Hosting A Rackspace White Paper Autumn 2009 Executive Summary Organisations have never had so much choice about how to buy their hosting. From Dedicated

More information

A Comparison of PaaS clouds with a Detailed Reference to Security and Geoprocessing Services

A Comparison of PaaS clouds with a Detailed Reference to Security and Geoprocessing Services A Comparison of PaaS clouds with a Detailed Reference to Security and Geoprocessing Services Department of Computer Science presented at the 1 st International Workshop on Pervasive Web Mapping, Geoprocessing

More information

"Bring Your Own Device" Brings its Own Challenges

Bring Your Own Device Brings its Own Challenges 6 June 2012 "Bring Your Own Device" Brings its Own Challenges By Susan McLean and Alistair Maughan The consumerisation of IT is the growing trend for information technology to emerge first in the consumer

More information

Secure Hosting Services

<cloud> Secure Hosting Services Global Resources... Local Knowledge Figtree offers the functionality of Figtree Systems Software without the upfront infrastructure investment. It is the preferred deployment solution for organisations

More information

1 The intersection of IAM and the cloud

1 The intersection of IAM and the cloud 1 The intersection of IAM and the cloud Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Theory, practice, pros and cons with a focus on enterprise deployments of IAM and cloud

More information

PDSA Special Report. Is your Company s Security at Risk

PDSA Special Report. Is your Company s Security at Risk PDSA Special Report Introduction There is probably no such thing as a completely secure company. However, if you are not thinking about security in your company, you are running a big risk. We are not

More information