Cloud Risks - Are we looking in the right direction? May Executive Summary
|
|
- Barry Griffin
- 8 years ago
- Views:
Transcription
1 May 2013 Risks of cloud computing are complex and diverse. With proper identification and management of those risks, cloud computing can be more secure than on premise. Cloud Risks - Are we looking in the right direction? By Reinout Schotman, Abbas Shahim and Ahmed Mitwalli Executive Summary The perceived risks associated with cloud are a major barrier to adoption for enterprises considering cloud computing. But when they consider the risks, most simply look at the security risks within the cloud provider. However, many other, possibly more relevant risks also need to be assessed and managed, including enterprise, political and environmental, for which Canopy has developed a Cloud Risk Identification Matrix. This matrix helps an enterprise to identify and score risks so it can plan its path to the cloud more effectively. The message is clear. The risks of failing to plan for cloud computing are real. And so is the risk of missed benefits. Don t fear the cloud; embrace it. 1
2 2 The risks associated with the cloud are a top concern for enterprises considering cloud computing, with security uppermost thanks to the common assumption that a cloud solution is inherently less secure than a traditional one. It s an issue to which cloud vendors respond by reassuring enterprises of the stringent security aspects of their solutions, but this sidesteps a much broader assessment of risk. This view of the cloud is too limited: while enterprises and vendors focus their attention on technical security risks, other, potentially bigger risks either remain unidentified or receive insufficient attention. Cloud computing can be secure - sometimes more secure than an enterprise can achieve on its own. But if an enterprise is to achieve acceptable levels of risk that allow it to migrate to the cloud, it must use a structured approach to identifying, assessing and mitigating risks as well as adopt a governance structure that enables it to manage risk effectively. Enterprises must also retain their legal and regulatory compliance as they move to a cloud model, and must be able to prove this compliance to ensure that the business is not subject to an uncontrolled risk. Cloud computing allows enterprises to achieve greater business efficiencies and can lower the barriers to entry to new markets. But with new paradigms come new risks which may not be well understood. This uncertainty is constraining adoption, as Figure 1 shows. Canopy s Cloud Risk Identification Matrix allows enterprises to identify, segment and score risks so they can develop cloud risk profiles for different workloads. Cloud providers typically respond to enterprise concerns by demonstrating how well their solutions are protected and data centers secured, publishing up-time statistics and displaying compliance certificates. However, just as many enterprises overstate the risks of a cloud solution, at the other end of the scale, some fail to do adequate due diligence and may be too accepting of vendor assurances about the risks of their cloud solutions taking a vendor technical security assessment on trust. The true story is more complex. In reality, all risks are neither wholly the responsibility of the vendors nor are they mostly technical. Risk Identification Risks differ in type and origin, but regardless of the cloud delivery model (private, public, hybrid, etc), there are five sources of risk: 1. Users 2. Enterprise 3. Network Provider 4. Cloud Provider 5. Environment Legal Jurisdiction Security & Data Protection Trust Data Access & Portability Data Location Local Support Change Control Ownership of Customization Evaluation of Usefulness Slow Internet Connection Local Language Tax Incentives Figure 1: Barriers restricting cloud adoption in enterprises (European Commission, IDC 2012) There are many different definitions of cloud risk - Gartner, Forrester, Wikipedia, each has their own that look at different attributes. Based on these definitions and Canopy s experience, Canopy segments risk according to three key defining questions: 1. Which risks may jeopardize service availability? (Availability) 18,2% 18,0% 17,9% 17,0% 25,1% 24,9% 23,8% 22,8% 22,4% 21,4% 31,7% 30,5% 0% 10% 20% 30% 40% Respondents answering very/completely 2. Which risks may jeopardize data integrity and confidentiality? (Integrity & Confidentiality) 3. Which risks may jeopardize compliance to in-house and external policies, rules and regulations and auditability? (Compliance & Auditing) Both the origin of risk and the type of risk define the Cloud Risk Identification Matrix. An enterprise needs to score the risks per application or workload and possibly even per cloud vendor as different vendors may imply different risks. Whether a risk is high or low is determined by three factors: 1. The likelihood of an event 2. The size of impact if that event happens 3. The ease by which such an event can be mitigated The combined risks in the Cloud Risk Identification Matrix define a risk profile for a specific workload which needs to match the risk appetite for that workload. For instance, the required risk profile for an internal training delivery system is likely to be different from that of a
3 Cloud Risk Identification Matrix Risk Origin financial transaction processing system. An example of a risk profile of a specific workload in an enterprise is shown below. Typically, the risks with high frequency and easy mitigation have low impact. This means that the overall risk score is low. Many of the more technical risks, such as performance issues at the provider, fall into this category. On the other hand, catastrophic, environmental risks may happen infrequently but can have a severe impact and can be difficult to mitigate. One problem with risk scoring is that while the impact can be determined accurately, the frequency cannot. Another is that mitigation may exist but may be neglected, which unintentionally increases the actual risk profile. Clearly cloud security is not just about technology - it is also about governance in a diversified business environment. Identifying the different risks in this complex environment will allow a more accurate assessment of the total risk and ensure mitigations that might otherwise be overlooked. This may in turn lead to different choices on the path to cloud computing. User risks Users are more mobile and often employ a variety of devices for access. In many cases these devices Availability Type of Risk Integrity & Confidentiality are either privately owned (Bring Your Own Device, BYOD) or subject to limited control by the enterprise (such as smartphones or tablets). A risk is the proliferation of data on devices beyond the control of the enterprise. If a device is lost, stolen or discarded, its data may still be accessible. This data does not necessarily need to be structured data; it could well be a file containing sensitive information. In fact, the most common applications - and Excel - may also pose the highest risk as both applications are used heavily to distribute sensitive data beyond the control of an enterprise. Information management should go beyond enterprise applications with structured data. If data is stored on a user device, enterprises must implement proper controls to ensure the data is secured. Enterprise risks Compliance & Auditing User Low Medium Low Enterprise High Medium Medium Network Provider Cloud Provider Environment (natural, political) Medium Medium Low High Low Low Medium Low Low Most enterprises regard the infrastructure within their premises as more secure than the (public) cloud. But in reality, enterprises seldom operate industrial-grade data centers similar to those of largescale cloud providers, which are highly secure in terms of procedure and control. A data center s Power Usage Effectiveness (PUE) assesses how efficiently a data center uses energy - the lower the PUE the better, with a PUE of 1.0 being ideal. Most enterprise data centers operate at a level of 2.0 or higher, whereas Google s PUE, for example, is Efficiency can only be achieved by scaling up to an industrial level with robust processes and control. Apart from being cheaper and greener, large cloud providers are also likely to operate more comprehensive security procedures, resulting in less operational risk. Other key risks may well also be reduced by moving to the cloud. For example, internal events are often under-reported because they are resolved through informal networks of employees, so the enterprise has an inaccurate picture of its current exposure to risk. Moving to the cloud eliminates this as cloud providers have stringent security processes where all events are logged. Another critical area of concern is enterprise identity and access management (IAM), an area any enterprise considering a move to the cloud needs to take seriously. Typically, enterprises use software such as Microsoft Active Directory (AD) to control access and register users. It s not uncommon for 10-20% of registered identities to be ghosts as staff leave or access is revoked. Without good IAM governance processes, an enterprise will have an incomplete picture of its IAM status, which contributes to risk. This is critical as while a generic report on the technical security of a cloud provider may demonstrate excellent technology and processes, a move to that cloud provider may still result in lower security levels for some enterprises depending on the state of their IAM governance processes. To avoid this, a thorough and comprehensive assessment of different sources of risk must be undertaken before making a migration decision. Network provider risks Cloud services may significantly change network topology and bandwidth requirements. While 3
4 network availability is ubiquitous in some countries, in others it is not. There may be two legs of network connections: between the cloud provider and the enterprise, and between a cloud provider and a user. The first leg is more or less static and can be controlled; the second is mostly dynamic and therefore difficult to control. If the user is spread across different regions, it may be a challenge to control the quality of service, which can compromise the "Availability" component of the Cloud Risk Identification Matrix. For example, when a Mediterranean submarine cable was cut near Alexandria in 2012 it caused severe internet outages and disruption in the Middle East, India and Pakistan. In addition, a user may also be prone to session hijacks, such as Man in the Middle (MitM) attacks on wifi connections. Providers typically counter this risk by providing some form of encryption of the communication session, such as SSL. But these security measures can be breached and for enterprises and even cloud providers it can be difficult to identify, qualify and quantify such risks. Internet censorship may also cause disruption, again a risk difficult to qualify and quantify. Nevertheless, it and others should be accounted for under data integrity and confidentiality in the Cloud Risk Identification Matrix. When designing and implementing a solution, there should always be a thorough assessment of network topology, quality of service and risks. Indeed, it should be scheduled on a regular basis as it forms one of the building blocks of good governance for enterprise architecture. Cloud provider risks Enterprises often focus extensively on the risks of cloud providers when they choose a vendor. Many risks are related to the operations of the provider and are part of their service level agreement (SLA). But in reality these risks are small compared with those that would exist if the services were provided by the enterprise. Other risks, such as the continued existence of the Example: is probably amongst the most business critical and widely used enterprise applications. Many processes and management control will simply cease to exist without . , or more widely grouped as business productivity tools have been an early adopter of cloud. Microsoft and Google compete fiercely on this market. A large, global enterprise adopted Google Apps for business productivity (such as Gmail). It was cheaper and more secure than what it could achieve in-house. What it did not realize is that by adopting Google Apps, it became exposed to risks out of control of both the enterprise and Google. In 2012, during the Chinese Party Congress, the Chinese government shut down all access to Google services to prevent any possible political unrest. As a result, the enterprises using Gmail was shut off too, which caused significant disruption of its Chinese operations. The enterprise could have prevented or limited the impact if it had identified this risk and planned a mitigation. provider itself, may be small, but could have an impact that is difficult to mitigate. What happens if a provider defaults financially and service is discontinued? The market is currently so fragmented that we can expect some providers to fail as well as consolidation as it matures. The risks of consolidation or bankruptcy among service providers are difficult to identify and it is hard to predict their timing and (expected) frequency. Obviously, scale is important and large providers such as Microsoft, Google and Amazon, are less likely to fail than small niche cloud providers. This risk should either be a selection criterion or risk mitigation scenarios should be available. Another common misconception is that operational risks can be solved through SLAs. An SLA is a contractual or financial incentive for the provider to prevent the occurrence of an event. The event and the impact can be well understood, but the expected occurrence can hardly ever be reliably determined. SLAs can impose an incentive on the provider to manage frequent, but low impact events. They cannot help prevent low frequency, high impact events. In fact, many small, start-up cloud providers may neglect such low frequency, high impact events because they operate with a different appetite for risk. For instance, a cloud provider may have server redundancy in its infrastructure within one data center, but may not have a mirrored infrastructure at hot stand-by available for disaster recovery. At the other end of the risk spectrum, a cloud provider may offer protection from risks so extreme that they are inconsequential. For example, a data center in Finland was built in a former military nuclear bunker complex and marketed its infrastructure as nuclear-bomb proof. Not many businesses care about the risk of such an event. Environmental risks While many risks can be controlled or mitigated, there remains a group that cannot; they are political or caused by natural disasters. Political risk comes in all shapes and sizes, from dictatorial to legislative. For example, when the Chinese government blocked Google in November 2012, many enterprise users with Google Docs were denied service. Yet to be resolved, and clearly a potential risk, is the lack of clarity concerning the impact of the US Patriot Act on data privacy. While the United States demands that its security 4
5 agencies have access to corporate data, even overseas, the European Union forbids such access. Enterprises could find themselves caught in the middle, in a very uncomfortable position. Natural disasters can also affect service availability, mostly due to internet or power outages. The 2011 tsunami in Japan and the subsequent failure of the Fukushima nuclear energy plants resulted in a severe shortage of power, while Hurricane Sandy in 2012 in the US showed that natural disasters can disrupt services in highly developed areas, and with some regularity. These events cannot be controlled. An enterprise can only ensure it has adequate disaster recovery procedures for those services that require high availability. Governance of risks The risks of cloud are diverse and broad. But the process of managing those risks does not fundamentally differ from general risk management. When considering risk mitigation strategies, the options are: 1. Avoid - prevent it from happening 2. Reduce - actively plan and manage to limit occurrence and severity 3. Outsource - hand over to other parties such as the provider 4. Accept - because the cost of mitigation outweighs the risk itself or simply because you cannot control it. The risk strategies of all risks combined and for all cloud solutions determine the risk profile of cloud for an enterprise. The framework below illustrates one approach to managing cloud risks. Such a process may have various permutations as risks are driven by demand (business process needs, cultural and people needs) and by supply (IT infrastructure, IT management and organization). The effectiveness of risk management is determined by the balance between supply and Figure 2: Risk Management demand & supply model demand. Figure 3: Risk Management maturity model Although the risk management and governance frameworks are not fundamentally different, cloud will affect how risk management is implemented. The experiences of employees with consumer IT has increased the demand for usability, flexibility and agility at lower cost and the informal use of cloud applications in enterprise is proof of this. Meanwhile, risk management has become more complex because many risks that were internal may now have external implications, such as insufficient identity and access management. Because many services that were previously in-house and onpremise are now provided by a cloud vendor, possibly on an informal basis, control over those risks has become indirect. Demand has grown while the complexity of supply has changed. Cloud computing has therefore led to a need for a new balance of demand and supply of risk management. A rigid risk governance framework is not sufficient to meet this new model. If an enterprise has very restrictive security measures in place, users may revert to informal cloud use. Although an enterprise may have a tightly implemented risk governance framework, the realities of cloud may still increase risk. Should enterprises embrace cloud? 5
6 As with any shift to a new model, there are uncertainties that need to be resolved. The business economics, rationale and user experiences are so compelling that the transformation into the cloud paradigm will happen regardless of enterprise policy. Informal use of public cloud in the enterprise is probably far more widespread than is visible to IT. Restricting rather than facilitating cloud computing will not lead to more security and may lead to inflexibility and competitive disadvantage. An appropriate response is a proactive one in which a clear migration roadmap which includes a clear and robust security plan is defined and managed across IT. Such a policy starts with a honest look at current risk of legacy, on-premise infrastructure. The alternative is a reactive response to demands that will only result in crisis management or repression. Summary Canopy s assessment of risks associated with the use of cloud computing in the enterprise provides us with three important lessons: 1) Cloud is not necessarily less secure. Many cloud providers offer better security than enterprises could manage internally, due to better scale and focus. There are, however, new risks to consider. 2) Risk management in enterprises does not necessarily require a different framework, but an enterprise must ensure that supply and demand are balanced. Enterprises must also ensure that the maturity is sufficient and adjusted to cloud. 3) If enterprises do not embrace cloud, informal IT will increase, and with this comes unmanaged risk. A reactive approach will not only increase risk, but also will exclude many business opportunities that cloud may bring. The message is clear. The risks of failing to plan for cloud computing are real. And so is the risk of missed benefits. Don t fear the cloud; embrace it. 6
7 About Canopy Cloud Canopy ( is a one-stop-cloud-shop for enterprises. It provides strategic consultancy; development, migration and test environments; secure on- and offpremise private cloud implementation; and access to a growing eco-system of business solutions and processes through a SaaS Enterprise Application Store. Canopy is an independent company, founded by Atos, EMC and VMware. Headquartered in London, Canopy is global in scope, with consultancy teams operating across Europe, North America and Asia Pacific. Canopy Consulting is a trusted cloud computing advisor to leading private and public sector organizations around the world. Staffed almost exclusively with professionals trained at tier one strategic advisory firms, we focus on helping senior executives achieve business objectives by leveraging cloud technologies. About the Authors Reinout Schotman is Associate Partner at Canopy Cloud - Consulting and leader in the field of cloud computing. Prior to joining Canopy Cloud in 2013, Reinout worked at Accenture and several international telecom firms. Reinout holds a MSc in Applied Physics of Delft University of Technology. Abbas Shahim is Partner at Atos Consulting and the Global Lead of Information Security and Risk Management. He is also Associate Professor at the VU University Amsterdam and the Vice President of Information Systems Audit and Control Association (ISACA) chapter in the Netherlands. Ahmed Mitwalli is Managing Partner, Canopy Cloud - Consulting. Prior to Canopy, he was with McKinsey & Company for 12 years where he was a Partner and a leader in the Business Technology Office. He has a PhD in Electrical Engineering and Computer Science from MIT, and is a holder of five US technology patents. For more information on how Canopy Cloud helps organizations to benefit from the cloud, please contact: Reinout Schotman reinout.schotman@atos.net Abbas Shahim abbas.shahim@atos.net Ahmed Mitwalli ahmed.mitwalli@atos.net Copyright 2013 Canopy Cloud Ltd Canopy - The Open Cloud Company and its logo are trademarks of Canopy Cloud Ltd. All rights reserved. 7
How to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationBig Data for Marketing:
Whitepaper Big Data for Marketing: When is Big Data the right choice? Helping Chief Marketing Officers identify when to use Big Data 2 Whitepaper Introduction Chief Marketing Officers (CMOs) without plans
More informationWhitePaper. Private Cloud Computing Essentials
Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....
More informationDeveloping SAP Enterprise Cloud Computing Strategy
White Paper WFT Cloud Technology SAP Cloud Integration Service Provider Developing SAP Enterprise Cloud Computing Strategy SAP Cloud Computing is a significant IT paradigm change with the potential to
More information50x 2020 40 Zettabytes*
IBM Global Technology Services How to integrate cloud-based disaster recovery into your existing business continuity plans Richard Cocchiara: IBM Distinguished Engineer; CTO IBM Business Continuity & Resiliency
More informationGovernance as an enabler of the Cloud
Whitepaper Governance as an enabler of the Cloud text Cloud solutions are becoming increasingly common building blocks for IT and business solutions. Yet, without some significant modifications to the
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationidentity as the new perimeter: securely embracing cloud, mobile and social media agility made possible
identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,
More informationMoving Applications To Cloud
Whitepaper Jaya Arvind Krishna Mandira Shah Determining and implementing an IT strategy for any enterprise involves deliberating if current or new applications can be offered via the Cloud. The purpose
More informationCyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk
Cyber Security and Cloud Computing Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Scope of Today SME Attractors for Cloud Switching to the Cloud Public Private Hybrid Big
More informationStrategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationShaping the Cloud for the Healthcare Industry
Shaping the Cloud for the Healthcare Industry Louis Caschera Chief Information Officer CareTech Solutions www.caretech.com > 877.700.8324 Information technology (IT) is used by healthcare providers as
More informationWhite paper Reaping Business Value from a Hybrid Cloud Strategy
White paper Fujitsu Hybrid Cloud Services White paper Reaping Business Value from a Hybrid Cloud Strategy How to embrace a hybrid cloud model to maximize the benefits of public and private cloud services
More informationTop 10 Risks in the Cloud
A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question
More informationSoftware as a Service Offers Broadening Appeal for Small and Medium-Sized Discrete Manufacturers
Software as a Service Offers Broadening Appeal for Small and Medium-Sized Discrete Manufacturers WHITE PAPER Sponsored by: SAP Simon Ellis November 2010 IDC MANUFACTURING INSIGHTS OPINION Software as a
More informationTHOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis
Journey to Cloud 9 Navigating a path to secure cloud computing Alastair Broom Solutions Director, Integralis March 2012 Navigating a path to secure cloud computing 2 Living on Cloud 9 Cloud computing represents
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationCloud Computing Readiness - Background
IT Best Practices Audit Cloud Computing Readiness - Background Cloud based offerings are maturing and finally taking off after a long period (e.g. Software as a Service offerings have been available for
More informationConsumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions WWW.WIPRO.COM
Consumerization Managing the BYOD trend successfully WWW.WIPRO.COM Harish Krishnan, General Manager, Wipro Mobility Solutions Employees dictate IT Enterprises across the world are giving in to the Consumerization
More informationClarity in the Cloud. Defining cloud services and the strategic impact on businesses.
Clarity in the Cloud Defining cloud services and the strategic impact on businesses. Table of Contents Executive Summary... 3 Cloud Services... 4 Clarity within the Cloud... 4 Public Cloud Solution...
More informationWhy You Should Consider the Cloud
INTERSYSTEMS WHITE PAPER Why You Should Consider the Cloud In 2014, we ll see every major player make big investments to scale up Cloud, mobile, and big data capabilities, and fiercely battle for the hearts
More informationCisco Unified Computing. Optimization Service
Improve your unified compute so it remains a competitive resource with the Cisco Unified Computing Optimization Service. Cisco Unified Computing Optimization Service Increase Agility and Performance with
More informationWhite Paper Public vs Private Cloud: Food for Thought
Public vs Private Cloud: Food for Thought nec.com.au Cloud computing is quickly becoming the fast food of the IT industry. On the face of it, it s quick, cheap and easy to implement, but as organisations
More informationAligning CFO and CIO Priorities
whitepaper economics Aligning and Priorities Forward-thinking organizations are viewing computing as an investment in business transformation, not just a way to cut costs for IT. Thanks to the, s and s
More informationManaging business risk
Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success
More informationHow To Decide If You Should Move To The Cloud
Can security conscious businesses really adopt the Cloud safely? January 2014 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Executive overview The varied Cloud security landscape How risk assessment
More informationHexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled
Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled HEXAWARE Q & A E-BOOK ON CLOUD BI Layers Applications Databases Security IaaS Self-managed
More informationSECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK
SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK Whitepaper 2 Secure File Sharing and Collaboration: The Path to Increased Productivity and Reduced Risk Executive
More informationIs your business secure in a hosted world?
Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer
More informationPlanning the Migration of Enterprise Applications to the Cloud
Planning the Migration of Enterprise Applications to the Cloud A Guide to Your Migration Options: Private and Public Clouds, Application Evaluation Criteria, and Application Migration Best Practices Introduction
More informationSpecialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services
Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4
More informationPrivate & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012
Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind
More informationWHITE PAPER Making Cloud an Integral Part of Your Enterprise Storage and Data Protection Strategy
WHITE PAPER Making Cloud an Integral Part of Your Enterprise Storage and Data Protection Strategy Sponsored by: Riverbed Technology Brad Nisbet December 2010 Richard L. Villars Global Headquarters: 5 Speen
More informationW H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s
W H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s IDC Middle East, Africa, and Turkey, Al Thuraya Tower 1, Level 15, Dubai
More informationEMBRACING SECURE BYOD
EMBRACING SECURE BYOD Acronis 2002-2014 Introduction The Bring Your Own Device (BYOD) movement has evolved from a buzzword and a trend to a full-fledged corporate phenomenon. Tablets and smartphones have
More informationCloud Computing and HIPAA Privacy and Security
Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &
More informationEmail archives: no longer fit for purpose?
RESEARCH PAPER Email archives: no longer fit for purpose? Most organisations are using email archiving systems designed in the 1990s: inflexible, non-compliant and expensive May 2013 Sponsored by Contents
More information2014 HIMSS Analytics Cloud Survey
2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation
More informationHow To Choose A Cloud Computing Solution
WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.
More informationVMware vcloud Powered Services
SOLUTION OVERVIEW VMware vcloud Powered Services VMware-Compatible Clouds for a Broad Array of Business Needs Caught between shrinking resources and growing business needs, organizations are looking to
More informationCredit Unions and The Cloud. By: Chris Sachse
Credit Unions and The Cloud By: Chris Sachse Agenda! Introduction.! Definition of the cloud.! Discuss cloud popularity.! Look at the use of the cloud.! Discuss cloud management.! Discuss cloud security.!
More informationBusiness case for Cloud adoption
Whitepaper Business case for Cloud adoption Extracting business value from the Cloud Helping CIOs decide which Cloud solutions are valuable, evaluate the benefits both IT and business and build a business
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R F l e x i b l e N e t w o r k - B a s e d, E n t e r p r i s e - C l a s s I P
More informationNo matter the delivery model private, public, hybrid the cloud has the same core attributes:
Private and Public Clouds Powered by SimpliVity Solution Brief SimpliVity s OmniCube is the market-leading hyperconverged infrastructure platform, delivering the best of both worlds: x86 cloud economics
More informationWho moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration
Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration Part I of an ebook series of cloud infrastructure and platform fundamentals not to be avoided when preparing
More informationAddress key business priorities with a strategic approach to outsourcing
Address key business priorities with a strategic approach to outsourcing This paper explores what your company can do, starting today, to win in its markets with smart outsourcing. Points of consideration
More informationADDING CLOUD TO THE SERVICE DELIVERY MIX
ADDING CLOUD TO THE SERVICE DELIVERY MIX Business Drivers and Organizational Considerations By Stanton Jones, ISG, and Kalyan Kumar, HCL www.isg-one.com INTRODUCTION Large global organizations today are
More informationLeveraging the Private Cloud for Competitive Advantage
Leveraging the Private Cloud for Competitive Advantage Introduction While it is universally accepted that organisations will leverage cloud solutions to service their IT needs, there is a lack of clarity
More informationWhy you should ConsIder The Cloud
I N T E R S Y S T E M S D I S C U S S I O N P A P E R Why you should ConsIder The Cloud "In 2014, we' ll see every major player make big investments to scale up Cloud, mobile, and big data capabilities,
More informationCloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013
Cloud Computing in the Enterprise An Overview For INF 5890 IT & Management Ben Eaton 24/04/2013 Cloud Computing in the Enterprise Background Defining the Cloud Issues of Cloud Governance Issue of Cloud
More informationCloud security with Sage Construction Anywhere
Cloud security with Sage Construction Anywhere Table of Contents Cloud computing s advantage for construction companies... 3 Security concerns... 3 The Sage commitment to security... 4 Sage application
More informationSession 11 : (additional) Cloud Computing Advantages and Disadvantages
INFORMATION STRATEGY Session 11 : (additional) Cloud Computing Advantages and Disadvantages Tharaka Tennekoon B.Sc (Hons) Computing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Cloud
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationIBM MobileFirst Managed Mobility
Enterprise Mobility IBM MobileFirst Managed Mobility Service Profile 1 The service 2Service components 3Transition/ deployment 4Service delivery 5Getting started A brief summary of the service and the
More informationHow a Hybrid Cloud Strategy Can Empower Your IT Department
How a Hybrid Cloud Strategy Can Empower Your IT Department A step-by-step guide for developing and implementing a flexible cloud solution 1 / 11 IT service delivery, particularly in the cloud, has evolved
More informationCloud Computing - Advantages and Disadvantages
Could Computing: Concepts and Cost Considerations Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC arlene.minkiewicz@pricesystems.com Optimize tomorrow today. 1 If computers of the kind I have advocated
More informationGETTING THE MOST FROM THE CLOUD. A White Paper presented by
GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationThe cloud - ULTIMATE GAME CHANGER ===========================================
The cloud - ULTIMATE GAME CHANGER =========================================== When it comes to emerging technologies, there is one word that has drawn more controversy than others: The Cloud. With cloud
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationCloud P ROVIDER CHOOSE A HOW TO. A White Paper presented by
Cloud HOW TO CHOOSE A P ROVIDER A White Paper presented by Introduction THE COMING OF AGE OF THE CLOUD More and more organizations are turning to cloud computing to augment or replace their in-house IT
More informationAccenture and Software as a Service: Moving to the Cloud to Accelerate Business Value for High Performance
Accenture and Software as a Service: Moving to the Cloud to Accelerate Business Value for High Performance Is Your Organization Facing Any of These Challenges? Cost pressures; need to do more with the
More informationWhy Network Providers Offer a Compelling Path to the Cloud
Cloud Cover Why Network Providers Offer a Compelling Path to the Cloud By Johna Till Johnson President, Nemertes Research Executive Summary It s time to take cloud procurement seriously. As enterprise
More informationHow To Build An Open Cloud
Why the future of the cloud is open Gordon Haff EXECUTIVE SUMMARY Choosing how to build a hybrid cloud is perhaps the most strategic decision IT leaders will make this decade. It s a choice that will determine
More informationData Center Consolidation in the Federal Government Looking beyond the technology
Data Center Consolidation in the Federal Government Looking beyond the technology Overview The reported number of Federal data centers grew from 432 in 1998 to 2,094 in 2010 1, an increase that is costly,
More informationTactical Guideline: Minimizing Risk in E-Mail Hosting Relationships
Research Publication Date: 26 February 2008 ID Number: G00154838 Tactical Guideline: Minimizing Risk in E-Mail Hosting Relationships Matthew W. Cain This report discusses the often hidden risks in moving
More informationFrom Private to Hybrid Clouds through Consistency and Portability
Extending IT Governance From Private to Hybrid Clouds through Consistency and Portability Gordon Haff 2 Executive summary 3 beyond information security 3 from private to public and back again 4 consistency
More informationHow To Understand The Data Center Bubble In India
Emerging Trends in Data Center Industry A Ctrl S Perspective By : Mr. P Sridhar Reddy CMD Ctrl S Data Center Present Situation Emerging Trends The Indian Datacenter Bubble Emerging Technologies About Ctrl
More information6 Cloud strategy formation. 6.1 Towards cloud solutions
6 Cloud strategy formation 6.1 Towards cloud solutions Based on the comprehensive set of information, collected and analysed during the strategic analysis process, the next step in cloud strategy formation
More informationF5 PARTNERSHIP SOLUTION GUIDE. F5 and VMware. Virtualization solutions to tighten security, optimize performance and availability, and unify access
F5 PARTNERSHIP SOLUTION GUIDE F5 and VMware Virtualization solutions to tighten security, optimize performance and availability, and unify access 1 W H AT 'S INS I DE Data Center Virtualization 3 Enterprise
More informationThe case for cloud-based disaster recovery
IBM Global Technology Services IBM SmartCloud IBM SmartCloud Virtualized Server Recovery i The case for cloud-based disaster recovery Cloud technologies help meet the need for quicker restoration of service
More informationENTERPRISE RISK MANAGEMENT FOR BANKS
ENTERPRISE RISK MANAGEMENT FOR BANKS Seshagiri Rao Vaidyula, Senior Manager, Governance, Risk and Compliance Jayaprakash Kavala, Consultant, Banking and Financial Services 1 www.wipro.com/industryresearch
More informationThe NREN s core activities are in providing network and associated services to its user community that usually comprises:
3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of
More informationCRISIL Young Thought Leader 2014 CLOUD COMPUTING. MALADI SRINIVAS PAVAN 2 nd year student of PGDM INDIAN INSTITUTE OF MANAGEMENT CALCUTTA
CRISIL Young Thought Leader 2014 CLOUD COMPUTING How will cloud computing transfo rm technology? Wha t is the futu re outlo ok for cloud computing? Submitted by MALADI SRINIVAS PAVAN 2 nd year student
More informationVirtualization Essentials
Virtualization Essentials Table of Contents Introduction What is Virtualization?.... 3 How Does Virtualization Work?... 4 Chapter 1 Delivering Real Business Benefits.... 5 Reduced Complexity....5 Dramatically
More informationHYBRID CLOUD: A CATALYST TO DRIVING EFFICIENCIES AND MEETING THE DIGITAL ASPIRATIONS OF THE UK PUBLIC SECTOR
HYBRID CLOUD: A CATALYST TO DRIVING EFFICIENCIES AND MEETING THE DIGITAL ASPIRATIONS OF THE UK PUBLIC SECTOR Public Sector Industry Report Contents 2 Executive Summary 5 3 Pressure to Meet 6 Key Findings
More informationThe PerspecSys PRS Solution and Cloud Computing
THE PERSPECSYS KNOWLEDGE SERIES Solving Privacy, Residency and Security in the Cloud Data Compliance and the Enterprise Cloud Computing is generating an incredible amount of excitement and interest from
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationPrivate vs. Public Cloud Solutions
Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper
More informationDispelling the vapor around Cloud Security
Dispelling the vapor around Cloud Security The final barrier to adopting cloud computing is security of their data and applications in the cloud. The last barrier to cloud adoption This White Paper examines
More informationWhy Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it
The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.
More informationWHITE PAPER Risk, Cost and Quality: Key Factors for Outsourcing QA and Testing
WHITE PAPER Risk, Cost and Quality: Key Factors for Outsourcing QA and Testing In association with: TCS Marianne Kolding December 2012 Ed Cordin IDC OPINION IDC EMEA, 389 Chiswick High Road, London, W4
More informationThe Key Components of a Cloud-Based Unified Communications Offering
The Key Components of a Cloud-Based Unified Communications Offering Organizations must enhance their communications and collaboration capabilities to remain competitive. Get up to speed with this tech
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationSpecialist Cloud Services Lot 4 Cloud EDRM Consultancy Services
Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4 3.2 Service description...
More informationInnovation through Outsourcing
Innovation through Outsourcing Timothy Gehrig timothy.gehrig@cedarcrestone.com David Moore david.moore@cedarcrestone.com Agenda Expectations CedarCrestone Introduction Market Direction Outsourcing Solutions
More informationCLOUD COMPUTING PROTECTION STRATEGIES
CLOUD COMPUTING PROTECTION STRATEGIES WHITE PAPER STRATEGIES FOR SaaS CONTINGENCY PLANNING CONTENTS Executive Summary What is Contingency Planning for SaaS Applications? The Crux of SaaS Enablement How
More informationGET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.
GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. Cloud computing is as much a paradigm shift in data center and IT management as it is a culmination of IT s capacity to drive business
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationMaster the Might of the Hybrid Cloud
Reach for the Sky Master the Might of the Hybrid Cloud WHITE PAPER As an IT decision maker at a global enterprise, you face unique challenges in managing a complex infrastructure with varied resources
More informationHYBRID CLOUD: THE NEXT FRONTIER
2014 HYBRID CLOUD: THE NEXT FRONTIER AN INDUSTRY PRIMER This report is solely for the use of Zinnov client and Zinnov personnel. No part of it may be quoted, circulated or reproduced for distribution outside
More informationIs Cloud Computing Inevitable for Lawyers?
Is Cloud Computing Inevitable for Lawyers? by Sharon D. Nelson and John W. Simek 2015 Sensei Enterprises, Inc. Not a single day goes by when you don t hear something about cloud computing. It could be
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationUSE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES
1 USE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES Introduction Small and Medium Enterprises (SMEs) are the drivers of a nation s economy SMEs are leading the way for entering new global markets
More informationDocument Management in the Cloud
White paper Document Management in the Cloud September 2012 Contents 02 Introduction Context The Challenge Cloud Document Management Scope of Document Management Requirement Statutory Requirements Commercial
More informationCloud Storage. Deep Dive. Extending storage infrastructure into the cloud SPECIAL REPORT JUNE 2011
SPECIAL REPORT JUNE 2011 Cloud Storage Deep Dive Extending storage infrastructure into the cloud Copyright 2011 InfoWorld Media Group. All rights reserved. Sponsored by 2 How to get the most from cloud-based
More information