Cloud Computing Security Issues and Controls

Size: px
Start display at page:

Download "Cloud Computing Security Issues and Controls"

Transcription

1 Cloud Computing Security Issues and Controls ACC 626 Information System Assurance & Computer-Assisted Auditing Peter Shih-Hsien Chen June 30th, 2013

2 Table of Contents Introduction... 1 History of Cloud Computing... 1 Types of Cloud Computing Services... 2 Benefits of Cloud Computing... 2 Examples of Cloud Computing... 3 Relevance to C-Suite Executives... 3 Examples of Cloud Computing Security Breaches... 4 Approaches to Address Cloud Computing Security Issues... 5 Fundamental Approaches... 5 Audits... 5 Insurance... 6 Cloud Structure... 6 Human Factors... 6 Credible Cloud Service Providers with Effective Procurement Processes... 6 Organization Policies and Procedures... 6 Technical Frameworks Proposed by Literature Survey... 7 Multi-Cloud Databases (MCDB)... 7 Single Gateway and Real-time Auditing Framework... 8 Combined Approach at Data Storage and Retrieval Phases Anonymous User Identity and Separation of Cloud Application Framework Other Technical Approaches Conclusion Bibliography... 14

3 Introduction Cloud computing provides computing resources as on-demand services that are hosted remotely, accessed over the Internet, and generally billed on a per-use basis. 1 One widely accepted definition of cloud computing by the US National Institute of Standards and Technology states cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. 2 One research study claims that refusing to use cloud capabilities is not a viable option for most institutions. 3 Therefore, it is clear that cloud computing technology has significant impacts on businesses that cannot be ignored and must be addressed carefully by all organizations. Security measures are critical in ensuring successful adoption of cloud technology by companies. This report provides a general overview of cloud computing technology and its impact on business organizations. Various aspects of security concerns faced by the cloud computing environment and various ways for organizations to prevent these security issues are examined. History of Cloud Computing Although cloud computing has recently received much attention and growth, the concept of cloud computing is not entirely new; in 1960s, the timesharing technology existed to allow access to the processing power of offsite mainframes by transmitting data for processing through the telephone lines. 2 More recently, the modern age of cloud computing technology began with the establishment of (Search for Extra-Terrestrial Intelligence at home) project conducted by the UC Berkeley Space Sciences Laboratory in 1999, salesforce.com in 1999, and Amazon Web Services (AWS) and Amazon Elastic Compute Cloud (EC2) in Ever since, cloud computing has undergone significant and rapid growth, where more than 69% of Americans, ranging from individuals to large corporations, have used some form of cloud computing technology. 4 Increased adoption of cloud computing technology by organizations will likely continue in the future. It was established in a recent survey conducted by McKinsey & Company that 80% of all North American organizations will use some form of cloud computing technology; out of those organizations, up to 75% of the applications used by the organization will be hosted using cloud technologies, translating to up to 70% 1 (G.R. & Rama Mohan Reddy, 2012): 2 (Bender, 2012): 3 (Kaplan, Rezek, & Sprague, 2012): 4 (Harauz, Kaufman, & Potter, 2009): Fabs_all.jsp%3Farnumber%3D Page 1

4 of cost savings. 5 The majority of business leaders agreed that cloud computing technology has clear advantages over traditional technology and can help the entire organization become more agile and responsive. 5 Types of Cloud Computing Services There are three main models of cloud computing services: 6 Public Cloud: a cloud service that allows access to any registered users; in other words, anyone can gain access to a public cloud service by registering an account. Private Cloud: a cloud service that is built within an organization s intranet; therefore, it provides services only to the members of the organization that owns the private cloud. It can be hosted either internally or externally. Private clouds generally provide more customization capabilities and control for the organization. Hybrid Cloud: a combination of both public cloud and private cloud models, where a private cloud is connected to public clouds and can use their resources. Depending on the service provided over the cloud, there are three major types of cloud computing services referred as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). 7 Benefits of Cloud Computing The most significant benefits of cloud computing to businesses are cost savings and superior computing capabilities. 5 In summary, cloud computing provides the following benefits: 6 Fast deployment and provision: cloud services, especially the public cloud model, can be deployed at a rapid speed. In both public and private cloud models, software deployment or upgrade is done only once on the centralized cloud server. Pay-for-use and scalability: public clouds usually operate under a subscription based model, so companies can easy scale up or down depending on the need of the company in a very short turnaround time. Lower cost: public clouds eliminate most of the need for companies to maintain their own hosting infrastructure, such as expensive data centres. Both private and public cloud models provide centralized data storage and computation so they require less maintenance on an individual basis. In addition, less costly IT equipment is required for each user because most of data storage and computing can be performed in the cloud. 5 (Kaplan, Rezek, & Sprague, 2012): 6 (G.R. & Rama Mohan Reddy, 2012): 7 (Takabi, 2010): Fxpls%2Fabs_all.jsp%3Farnumber%3D Page 2

5 Low-cost disaster recovery and storage solutions: in both public and private cloud models, most data is stored generally at a centralized cloud server. Therefore, data backups can be created more easily compared to backing up each individual computer within the organization; this effectively reduces the cost of disaster recovery. Examples of Cloud Computing Current examples of business-related cloud computing applications at various levels are illustrated in Figure 1 below. Major companies like Twitter and The New York Times are currently delivering their services to users by using Amazon s EC2 IaaS. 8 9; 10 Figure 1: Examples of Business Applications Using Cloud Computing Technology IaaS Google Compute Engine Amazon EC2 PaaS Google App Engine Force.com SaaS GMail Salesforce.com Relevance to C-Suite Executives Cloud computing technology provides a wide range of benefits, resulting in increased in reliance on the cloud over time by users and organizations of all kinds for business applications. All kinds of information are being stored and processed centrally in the cloud, including sensitive and confidential information, so it becomes important to enable the right people to access the right information in a trusted environment. 11 Therefore, cloud computing services can be a tempting target for cybercrimes. 12 The potential damage caused by a single security breach in the cloud computing environment is much larger, and can result in more data being accessed without authorization in any single incident because all data is 8 (Juels & Opera, 2013): 9 (Cloud Sherpas, 2013): 10 (Caruso, 2011): html?page=1 11 (Katzan, 2011): 12 (Harauz, Kaufman, & Potter, 2009): Fabs_all.jsp%3Farnumber%3D Page 3

6 stored at a centralized location. 13 For these reasons, security is the most significant concern about cloud computing technologies, as rated by business leaders (Figure 2). 14 Figure 2: Ratings of Challenges/Issues in the Cloud Computing Environment 14 The essential cloud computing security components include identity of the user, authentication of user s identity, authorization of each user s permission, accountability of the users and trusted computing environment, such as secured hardware, trusted operating system and applications, trusted users, and trusted data. 15 Data security aspects, in particular data confidentiality, integrity and availability (CIA), are important concerns in the cloud computing environment. 16 Failure to secure data stored in the cloud could lead to data loss, unauthorized access and corruption. 16 Examples of Cloud Computing Security Breaches There are many ways that security breaches can occur in the cloud computing environment, including attacks initiated by malicious tenants sharing the cloud computing resource on a public cloud. 16 Other security concerns include traditional attacks of the Internet, such as phishing and botnet attacks. 14 The cloud service provider can also cause security breaches by accessing clients information without proper authorization (Juels & Opera, 2013): 14 (Kuyoro, Ibikunle, & Awodele, 2011): 176.pdf 15 (Katzan, 2011): 16 (Harauz, Kaufman, & Potter, 2009): Fabs_all.jsp%3Farnumber%3D (Sood, 2012): Page 4

7 Some recent security breaches of the cloud computing environment affecting the business community include Amazon s S3 users suffering from data corruption problems. 18 In 2009, Google s cloud document service, Google Docs, had a data security breach where documents stored by its users were accidentally made available to unauthorized users. 19 Approaches to Address Cloud Computing Security Issues There are many approaches to address cloud computing security issues, such as proper encryption to ensure data are safeguarded, adequate access controls to prevent any unauthorized access, frequent backups and safe storage of backup copies. 20 Most security concerns arise from the usage of cloud computing technology provided by an external provider because most computing and data storage occur with the cloud service provider outside of the organization. The approaches to address cloud computing security concerns can be broken down into two categories: fundamental and technical approaches. Fundamental Approaches Fundamental approaches are not technical in nature; rather, they consist of approaches focused on the due diligence exercised by the organization, risk mitigation strategies or other methods, such as policies and procedures that can be adopted by organization without the introduction of technical frameworks. Audits When sourcing a cloud computing service provider, appropriate audit reports should be obtained. 19 Cloud computing service providers that undergo proper audits through credible third parties are likely to have higher security standards. In addition, obtaining proper audit reports from the service providers can also help the client organization prove they exercised due diligence when selecting a cloud computing service provider. 19 Audit reports relevant to cloud computing security issues include audits conducted according to the Service Organization Controls (SOC) framework to ensure adequacy of privacy and security related controls and ISO/IEC 27001:2005 to ensure compliance with the continuous information security management standards. 19 For regulated data, such as health information, additional audit reports can also ensure regulatory compliance of the cloud service provider. 21 The client should also seek a right-to-audit clause when negotiating the contract with the cloud provider to increase transparency of the service provider (AlZain, Soh, & Pardede, 2012): 19 (Bender, 2012): 20 (G.R. & Rama Mohan Reddy, 2012): 21 (Kuyoro, Ibikunle, & Awodele, 2011): 176.pdf 22 (Wilson, 2011): Page 5

8 Insurance Cyber insurance is a good strategy to mitigate the risks faced by an organization utilizing cloud computing technology provided by a third party. 23 Organizations insured with an adequate policy can limit their financial liability should any security incidents occur. Cloud Structure The organization can use the private cloud for sensitive information and public cloud for non-sensitive information. 24 The organization can gain more control and ensure data access by the service provider is minimized by hosting third party provided private cloud solutions onsite. 24 Organizations with similar security measures can establish community clouds together; this will allow the creation of cloud computing environments with security measures that more closely address all the tenants security concerns. 24 Human Factors Human factors play a key role in ensuring the security of cloud computing technology because human behavior can often lead to security breaches; therefore, organizations need to establish and strengthen the necessary capabilities, mind-sets, behavior governance, and culture to reduce the likelihood of security breaches caused by its employees. 24 Employees should be properly informed and trained on how the cloud operates and any possible information security risks that could occur. 25 Credible Cloud Service Providers with Effective Procurement Processes Organizations should make sure they select the service provider that can guarantee long-term stability. 26 When negotiating a contract with the service provider, clear data ownership and allowed data access by the service provider, including how the data is being processed, should be clearly outlined. 26; 25 Warranties and service requirements should be clearly outlined in the contract. 25 Data should be stored in a secured data centre with concrete physical security and recovery and backups of the data should be achieved easily. 26 It is also important to ensure that each business unit will not procure their own cloud providers that overlap with the corporate-wide centralized cloud providers, because it would be difficult to oversee the security issues over many separate cloud services used by an organization. 25 Organization Policies and Procedures The client organization should establish clear data classification policies and procedures, such as clearly outlining the information that should or should not be held in the cloud. 24; 25 Contingency plans should be clearly thought out, including the division of roles and liabilities between the service provider and the client. 25 Lastly, having a viable exit route from any cloud arrangement is critical in case the cloud service provider can no longer provide the adequate services required by the client (Bender, 2012): 24 (Kaplan, Rezek, & Sprague, 2012): 25 (Wilson, 2011): 26 (Kuyoro, Ibikunle, & Awodele, 2011): 176.pdf Page 6

9 Technical Frameworks Proposed by Literature Survey Technical frameworks are used to address the security concerns of cloud computing using technical means, such as encryption and distinctive arrangement of cloud computing structures. Multi-Cloud Databases (MCDB) 27 AlZain and colleagues (2012) proposed a Multi-Cloud Database (MCDB) framework that involves two components referred to as multi-clouds and secret-sharing algorithm to address the security concerns of cloud computing, especially the possibility that the cloud provider would have access to the information stored on the cloud. 27 Secret-Sharing Algorithm Using the secret-sharing algorithm, information is broken down into pieces for distribution onto different clouds using a random polynomial function. 27 The pieces of information are calculated back to its original form using the same polynomial function when retrieved. 27 This approach is simpler than the traditional encryption technology and requires less computing power and processing time. 27 Figure 3: "Secret-Sharing Algorithm 27 Multi-Clouds Structure Multiple cloud service providers are used in this approach and the operation between various cloud providers is managed through a database management system (AlZain, Soh, & Pardede, 2012): Page 7

10 Figure 4: Multi-Clouds Structure 28 Advantages This approach helps to ensure availability even when a few service providers are experiencing outage. 28 Without the use of traditional encryption methodology, less computing burden is required so a faster retrieval and storage of data can be achieved. 28 Lastly, the possibility of unauthorized data access, especially by the cloud provider, can be reduced because no single server contains the complete set of data. 28 Disadvantages This approach is more costly because of the need to contract various cloud computing providers and the need to maintain a database management system to build the Multi-Clouds Structure. 28 Although this method is likely to be effective against unauthorized information access by the service provider, the polynomial function used to encrypt the information might not be as secure as other encryption technologies; therefore, the concern of data access by external hackers is still present. Single Gateway and Real-time Auditing Framework 29 A model proposed by Juels and Opera (2013) is designed to achieve data integrity and data freshness. Data integrity means the data is not corrupted or viciously manipulated. 29 Data freshness means the data presented to the users is the most up-to-date version; this is an important security measure because data stored on the cloud could be subject to rollback attacks when the service is manipulated to display older versions of the data (AlZain, Soh, & Pardede, 2012): 29 (Juels & Opera, 2013): Page 8

11 Single Gateway to the Cloud This gateway manages all the encryption of data before the data is stored on the cloud. 30 In addition, this gateway manages the Message-Authentication Codes (MACs) on each data block for the purpose of ensuring the integrity of the data stored on the cloud. 30 MACs are values calculated based on information stored so computers can use this value to verify the integrity of the data at retrieval. 30 For the purpose of ensuring data freshness, the gateway also assigns a specific block version number that can be used to authenticate at data retrieval. 30 Real-time Auditing of Data The data stored on the cloud is continuously audited by an independent cloud-auditing service. 30 The result of the data audit is continuously communicated to the enterprise gateway; therefore, any potential security breach can be discovered early for appropriate counteractions. 30 Figure 5: The Single Gateway to the Cloud and Real-time Auditing Model 30 Advantages Data is encrypted so unauthorized access of data by an external party is less likely. Continuous auditing will increase the likelihood and timeliness of detection of any security breach incident. Thus, concerns of data integrity and freshness are effectively addressed with this approach. Disadvantages More IT infrastructure is required internally to fulfill the requirement of the single gateway. Heavy computing resource is required by the client organization because all data is encrypted before it is stored in the cloud. Further computing burden is added to the gateway because of the need to calculate MACs and block version numbering. Internal computing resource is required during the data retrieval process because of the need to decrypt the data and authenticate the data s integrity and freshness. 30 (Juels & Opera, 2013): Page 9

12 future. 31 Figure 6: Data Storage Framework 31 Combined Approach at Data Storage and Retrieval Phases 31 This framework focuses on the data storage and data retrieval phases of cloud computing. Data integrity and security can be achieved. 31 Data Storage Data is first classified into public, private or limited access depending on how important and sensitive the data is; data is then encrypted depending on the classification. 31 Prior to storage on the cloud, the data is also indexed, the index is encrypted, and MACs are added to ensure fast retrieval and data integrity in the Data Retrieval The user s identity is verified by the client s own server and the user is provided with a decryption key for data and index decryption. 31 The client s own server provides the user s identity to the cloud server, granting the user access. 31 The user can use the decryption key to access the data and research result and the MAC can be used to verify data integrity. 31 Figure 7: Authentication Process at Data Retrieval (Sood, 2012): Page 10

13 Advantages With this approach, the data is never revealed to any external parties, including the cloud service provider. 32 Fast data research results are still allowed by indexing the data stored. 32 In addition, the likelihood of undetected data tampering is minimized with the use of MACs. Lastly, the likelihood of connecting to fake servers is minimized with the use of SSL certification issued by Certificate Authorities. 32 Disadvantages More computing resource is required to encrypt and index the data being stored; these procedures can potentially require longer processing times. In addition, a server is required to be maintained by the client organization, which represents additional costs for the client organization. Anonymous User Identity and Separation of Cloud Application Framework 33 This framework focuses on preventing unauthorized access of client s information by the cloud service provider. The user s identity is also protected through the use of this framework. 33 The overall approach is illustrated in Figure 8 below. Figure 8: Overall Approach of the Anonymous User Identity and Separation of Cloud Application Framework 33 Anonymous User Identity The user s identity is hidden to ensure a higher level security; an identity certificate from a trusted authority is used instead of the user s real identity. 33 Then the application provider generates specific applications based on the user s identity certificate and requirements (Sood, 2012): 33 (Yau, An, & Buduru, 2012): Page 11

14 Separation of Cloud Application Components At least three different cloud computing applications are involved in this framework, including the data processing provider, data storage provider and applications providers. 34 Data Processing, Obfuscation and Cryptography Data transmitted is always encrypted and obfuscated. 34 Data encryption occurs at the user s side using an encryption key that is only shared with the data processing application. 34 When requested, the data storage application provides the requested data to the data processing application for decryption and processing. 34 Any processed data will be encrypted and stored with the data storage application. 34 Thus, neither the data storage provider nor the data processing provider will ever obtain the complete data set in un-encrypted form. 34 The data storage application can provide data directly in the encrypted form to the user to be decrypted. 34 Advantages User identity and associated activities are not easily revealed to any single service provider. 34 Therefore, it decreases the significance of any security breach. This framework also ensures the complete set of data is not easily accessed by any single service provider, which effectively maintains a higher level of data confidentiality. 34 Disadvantages This framework requires multiple cloud service providers, adding significant costs to the organization. 34 Precise coordination is required between all the service providers to ensure adequate performance and high availability of the service 34 Other Technical Approaches At minimum, organizations should set up proper firewalls and secured virtual private network (VPN) connections, enforce strict authentication processes, maintain offsite backups, and ensure proper logging and monitoring of security logs. 35 If strong authentication of users across various cloud services is required, the centric identity management system and role-based access controls can be used. 36 To prevent attack from malicious tenants, a strong segregation of customer identity and authentication information must be enforced by the cloud service provider. 36 To further address the security concerns of the cloud computing environment where multiple virtual machines reside within a physical machine, IBM proposed approaches such as virtual machine introspection and lie detection. 37 In the virtual machine 34 (Yau, An, & Buduru, 2012): 35 (Sood, 2012): 36 (Takabi, 2010): Fxpls%2Fabs_all.jsp%3Farnumber%3D (Anthes, 2010): Page 12

15 introspection approach, a single anti-virus software is used to scan all the virtual machines within the physical machine; this approach increases the likelihood of malware detection because the virtual machines are not aware that they are being scanned. 38 In the lie detection approach, the anti-virus software compares the list of currently running processes within the virtual machine and the actually running processes, which are the processes that are consuming the computing resources of the physical machine; any discrepancies between the two lists can potentially represent the existence of malware. 38 Microsoft explored another solution with a proof of storage experimental service that ensures strong data integrity. 38 Conclusion Different approaches can to be used when addressing various cloud computing security concerns. The fundamental approaches focus primarily on the human factors, corporate policies and procedures, and the relationship between client and cloud service providers. Most of the fundamental approaches should be adopted by all organizations utilizing cloud technology because it represents the minimal level of due diligence to be exercised. The technical approaches primarily focus on preventing unauthorized access by service providers or third parties. Each framework contains some unique features. MCDB framework is the preferred approach when internal computing resources are limited because it does not require all data to be encrypted. 39 The single gateway and real-time auditing framework is unique because its real-time auditing component allows for faster detection of any security breach incidents. 40 The usual performance issues related to encrypting all data, such as rendering data unsearchable, is reduced with the Combined Approach at Data Storage and Retrieval Phase. 41 In the Anonymous User Identity and Separation of Cloud Application Framework, the service provider s ability to view the user s identity is reduced, and the complete set of the client s information is never revealed to any single service provider. 42 Other approaches can also help to prevent any malicious attacks initiated by the cloud neighbors sharing the cloud computing resources. Overall, the benefits of cloud computing technology are accompanied by various security concerns that could prevent the organization from adopting cloud computing technology altogether. Therefore, organizations must carefully equip themselves with adequate security measures to address the concerns. The security measures required by each organization will vary because each organization will have different security requirements and different resources to support the security measures. 38 (Anthes, 2010): 39 (AlZain, Soh, & Pardede, 2012): 40 (Juels & Opera, 2013): 41 (Sood, 2012): 42 (Yau, An, & Buduru, 2012): Page 13

16 Bibliography AlZain, M. A., Soh, B., & Pardede, E. (2012). A New Model to Ensure Security in Cloud Computing Services. The Society of Service Science and Springer, Anthes, G. (2010). Security in the Cloud. Communications of the ACM, Bender, D. (2012). Privacy and Security Issues in Cloud Computing. The Computer & Internet Lawyer, Caruso, J. (2011, November 2). IaaS vs. PaaS vs. SaaS - Cloud computing flavors designed to meet almost any need. Retrieved June 29, 2013, from Network World: html?page=1 Cloud Sherpas. (2013). SaaS, PaaS and IaaS - What They Mean, and Why You Should Care. Retrieved June 29, 2013, from Cloud Sherpas: G.R., V., & Rama Mohan Reddy, A. (2012). An Efficient Security Model in Cloud Computing based on Soft computing Techniques. International Journal of Computer Applications, Harauz, J., Kaufman, L. M., & Potter, B. (2009). Data Security in the World of Cloud Computing. Security & Privacy, IEEE, Juels, A., & Opera, A. (2013). Kaplan, J., Rezek, C., & Sprague, K. (2012). Protecting information in the cloud. McKinsey on Business Technology. Katzan, H. J. (2011). On The Privacy Of Cloud Computing. International Journal of Management & Information Systems, Kuyoro, S. O., Ibikunle, F., & Awodele, O. (2011). Cloud Computing Security Issues and Challenges. International Journal of Computer Networks, Sood, S. K. (2012). A combined approach to ensure data security in cloud computing. Journal of Network and Computer Applications, Takabi, H. (2010). Security and Privacy Challenges in Cloud Computing Environments. IEEE Security & Privacy, Wilson, P. (2011). Positive perspectives on cloud security. Information Security Technical Report, Yau, S. S., An, H. G., & Buduru, A. B. (2012). An Approach to Data Confidentiality Protection in Cloud Environment. Internal Journal of Web Services Research, Page 14

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

How cloud computing can transform your business landscape

How cloud computing can transform your business landscape How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments IJSTE - International Journal of Science Technology & Engineering Volume 1 Issue 10 April 2015 ISSN (online): 2349-784X A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining

More information

Cloud SQL Security. Swati Srivastava 1 and Meenu 2. Engineering College., Gorakhpur, U.P. Gorakhpur, U.P. Abstract

Cloud SQL Security. Swati Srivastava 1 and Meenu 2. Engineering College., Gorakhpur, U.P. Gorakhpur, U.P. Abstract International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 4, Number 5 (2014), pp. 479-484 International Research Publications House http://www. irphouse.com /ijict.htm Cloud

More information

HARNESSING THE POWER OF THE CLOUD

HARNESSING THE POWER OF THE CLOUD HARNESSING THE POWER OF THE CLOUD Demystifying Cloud Computing Everyone is talking about the cloud nowadays. What does it really means? Indeed, cloud computing is the current stage in the Internet evolution.

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 ISSN 2229-5518

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 ISSN 2229-5518 International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 Software as a Model for Security in Cloud over Virtual Environments S.Vengadesan, B.Muthulakshmi PG Student,

More information

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word

More information

Private vs. Public Cloud Solutions

Private vs. Public Cloud Solutions Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

CHAPTER 8 CLOUD COMPUTING

CHAPTER 8 CLOUD COMPUTING CHAPTER 8 CLOUD COMPUTING SE 458 SERVICE ORIENTED ARCHITECTURE Assist. Prof. Dr. Volkan TUNALI Faculty of Engineering and Natural Sciences / Maltepe University Topics 2 Cloud Computing Essential Characteristics

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages Ivan Zapevalov 2 Outline What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages 3 What is cloud computing? 4 What is cloud computing? Cloud computing is the

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

How cloud computing can transform your business landscape.

How cloud computing can transform your business landscape. How cloud computing can transform your business landscape. This whitepaper will help you understand the ways cloud computing can benefit your business. Introduction It seems like everyone is talking about

More information

WHITEPAPER. Data Security for Office 365 Balancing control & usability

WHITEPAPER. Data Security for Office 365 Balancing control & usability WHITEPAPER Data Security for Office 365 Balancing control & usability Contents Executive Summary... 2 Top Security Issues for Office 365... 4 Compelled Disclosures... 4 Unauthorized Sharing... 4 External

More information

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies

More information

Cloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader

Cloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader Cloud Computing Making legal aspects less cloudy Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader 30 September 2014 1 Contents A. Introduction: a short walk

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 1 Cloud Computing In the Industry Introduction to Cloud Computing The term cloud computing is simply the use of computing

More information

Secure Cloud Computing through IT Auditing

Secure Cloud Computing through IT Auditing Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Top 10 Cloud Risks That Will Keep You Awake at Night

Top 10 Cloud Risks That Will Keep You Awake at Night Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com

More information

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Cloud Database Storage Model by Using Key-as-a-Service (KaaS) www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 7 July 2015, Page No. 13284-13288 Cloud Database Storage Model by Using Key-as-a-Service (KaaS) J.Sivaiah

More information

The Elephant in the Room: What s the Buzz Around Cloud Computing?

The Elephant in the Room: What s the Buzz Around Cloud Computing? The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access

More information

Addressing Data Security Challenges in the Cloud

Addressing Data Security Challenges in the Cloud Addressing Data Security Challenges in the Cloud Coordinate Security. The Need for Cloud Computing Security A Trend Micro White Paper July 2010 I. INTRODUCTION Enterprises increasingly recognize cloud

More information

Electronic Records Storage Options and Overview

Electronic Records Storage Options and Overview Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for

More information

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS *Dr Umesh Sehgal, #Shalini Guleria *Associate Professor,ARNI School of Computer Science,Arni University,KathagarhUmeshsehgalind@gmail.com

More information

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk

More information

Addressing Cloud Computing Security Considerations

Addressing Cloud Computing Security Considerations Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft

More information

WhitePaper. Private Cloud Computing Essentials

WhitePaper. Private Cloud Computing Essentials Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....

More information

Cloud Computing Phillip Hampton LogicForce Consulting, LLC

Cloud Computing Phillip Hampton LogicForce Consulting, LLC Phillip Hampton LogicForce Consulting, LLC New IT Paradigm What is? Benefits of Risks of 5 What the Future Holds 7 Defined...model for enabling ubiquitous, it convenient, ondemand network access to a shared

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

Risks of Hosting Practice Data on the Cloud Vs. Locally

Risks of Hosting Practice Data on the Cloud Vs. Locally Risks of Hosting Practice Data on the Cloud Vs. Locally Software involving the cloud is becoming ever more popular amongst health professions due to the myriad of benefits it delivers. This concept is

More information

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - 45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART

More information

{Moving to the cloud}

{Moving to the cloud} {Moving to the cloud} plantemoran.com doesn t mean outsourcing your security controls. Cloud computing is a strategic move. Its impact will have a ripple effect throughout an organization. You don t have

More information

Introduction to Cloud Computing

Introduction to Cloud Computing 1 Introduction to Cloud Computing CERTIFICATION OBJECTIVES 1.01 Cloud Computing: Common Terms and Definitions 1.02 Cloud Computing and Virtualization 1.03 Early Examples of Cloud Computing 1.04 Cloud Computing

More information

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4 TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6 TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4 Cloud services (Data Centre) and related Functional requirement Cloud services as a Control

More information

IIABSC 2015 - Spring Conference

IIABSC 2015 - Spring Conference IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015 Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud

More information

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material

More information

The silver lining: Getting value and mitigating risk in cloud computing

The silver lining: Getting value and mitigating risk in cloud computing The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

The Second National HIPAA Summit

The Second National HIPAA Summit HIPAA Security Regulations: Documentation and Procedures The Second National HIPAA Summit Healthcare Computing Strategies, Inc. John Parmigiani Practice Director, Compliance Programs Tom Walsh, CISSP Practice

More information

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY Siliveru Ashok kumar* S.G. Nawaz ## and M.Harathi # * Student of M.Tech, Sri Krishna Devaraya Engineering College, Gooty # Department

More information

Vormetric Data Security Securing and Controlling Data in the Cloud

Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric, Inc. Tel: 888.267.3732 Email: sales@vormetric.com www.vormetric.com Table of Contents Executive Summary.........................................................3

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

The HIPAA Security Rule: Cloudy Skies Ahead?

The HIPAA Security Rule: Cloudy Skies Ahead? The HIPAA Security Rule: Cloudy Skies Ahead? Presented and Prepared by John Kivus and Emily Moseley Wood Jackson PLLC HIPAA and the Cloud In the past several years, the cloud has become an increasingly

More information

Quick guide: Using the Cloud to support your business

Quick guide: Using the Cloud to support your business Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses

More information

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:

More information

Library Systems Security: On Premises & Off Premises

Library Systems Security: On Premises & Off Premises Library Systems Security: On Premises & Off Premises Guoying (Grace) Liu University of Windsor Leddy Library Huoxin (Michael) Zheng Castlebreck Inc. CLA 2015 Annual Conference, Ottawa, June 5, 2015 Information

More information

Contracting for Cloud Computing

Contracting for Cloud Computing Contracting for Cloud Computing Geofrey L Master Mayer Brown JSM Partner +852 2843 4320 geofrey.master@mayerbrownjsm.com April 5th 2011 Mayer Brown is a global legal services organization comprising legal

More information

Geschäftsanwendungen bereit machen für die Cloud. Make your Business Applications ready for the Cloud

Geschäftsanwendungen bereit machen für die Cloud. Make your Business Applications ready for the Cloud Geschäftsanwendungen bereit machen für die Cloud Make your Business Applications ready for the Cloud Ingo Brandes, travel-ba.sys Guido Falkenberg, Software AG Why should we care for the cloud? 8 June 2011

More information

About me & Submission details

About me & Submission details About me & Submission details Parveen Yadav Security Researcher aka Ethical Hacker. Working as a Freelancer. White Hat Hacking work. Few Recognitions :- Got listed my name in Google Hall of fame,amazon,paypal,adobe

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

Dr Markus Hagenbuchner markus@uow.edu.au CSCI319. Introduction to Cloud Computing

Dr Markus Hagenbuchner markus@uow.edu.au CSCI319. Introduction to Cloud Computing Dr Markus Hagenbuchner markus@uow.edu.au CSCI319 Introduction to Cloud Computing CSCI319 Chapter 1 Page: 1 of 10 Content and Objectives 1. Introduce to cloud computing 2. Develop and understanding to how

More information

UTH~ihltli. December 11, 2014. Report on Institutional Use of Cloud Computing #14-204

UTH~ihltli. December 11, 2014. Report on Institutional Use of Cloud Computing #14-204 -- UTH~ihltli The University of Texas Health Science Center at Houston Office of Auditing & Advisory Services December 11, 2014 Report on Institutional Use of Cloud Computing #14-204 We have completed

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

7/23/2014. Cloud Computing in Medical Imaging. Conflict of Interest. Contents. George Kagadis, PhD, FAAPM. Panagiotis Papadimitroulas, MSc

7/23/2014. Cloud Computing in Medical Imaging. Conflict of Interest. Contents. George Kagadis, PhD, FAAPM. Panagiotis Papadimitroulas, MSc Cloud Computing in Medical Imaging George Kagadis, PhD, FAAPM Panagiotis Papadimitroulas, MSc Department of Medical Physics, School of Medicine, University of Patras, Greece 56 th AAPM annual meeting,

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

by: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy

by: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy June 10, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT

More information

Central Agency for Information Technology

Central Agency for Information Technology Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations CYBER SECURITY OPERATIONS CENTRE 6/2011 INITIAL GUIDANCE 12 April 2011 Cloud Computing Security Considerations INTRODUCTION 1. Cloud computing offers potential benefits including cost savings and improved

More information

CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD. Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas

CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD. Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas PART 1 A brief Concept of cloud Issues in cloud Security Issues A BRIEF The Evolution Super

More information

Things You Need to Know About Cloud Backup

Things You Need to Know About Cloud Backup Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY Varun Gandhi 1 Department of Computer Science and Engineering, Dronacharya College of Engineering, Khentawas,

More information

Hosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com

Hosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

Cloud Computing. Information Security and Privacy Considerations. April 2014

Cloud Computing. Information Security and Privacy Considerations. April 2014 Cloud Computing Information Security and Privacy Considerations April 2014 All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 1 Crown copyright. This copyright

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

1. Understanding Big Data

1. Understanding Big Data Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte

More information

Security Issues In Cloud Computing and Countermeasures

Security Issues In Cloud Computing and Countermeasures Security Issues In Cloud Computing and Countermeasures Shipra Dubey 1, Suman Bhajia 2 and Deepika Trivedi 3 1 Department of Computer Science, Banasthali University, Jaipur, Rajasthan / India 2 Department

More information