Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs
|
|
- Leo Holt
- 8 years ago
- Views:
Transcription
1 Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs
2 Guy Wiggins Director of Practice Management Kelley Drye & Warren LLP 325 Attorneys 6 Offices NY, Washington DC, CT, CH, NJ and LA August 18, 2014
3 Common Definitions From NIST (National Institute of Standard and Technology) Three basic types of Cloud Service Models Cloud Infrastructure as a service (IAAS) involves the provisioning of fundamental computer resources (e.g. processing, storage) Cloud Software as a Service (SaaS) involves access to a provider s software as a Service (e.g. G mail, SalesForce) Cloud Platform as a Service (Paas) involving the provision to users of the capability to deploy onto cloud infrastructure applications created by the user with provider supported programming languages and tools (e.g. Azure)
4 Common Definitions From NIST (National Institute of Standard and Technology) Four models for deployment of cloud infrastructure Private Cloud maintain all technology components, servers and software for a single organization. May be managed by a 3 rd party. Public Cloud available to anyone, from individuals to large organizations and is owned and controlled by the provider of the service. Offers the greatest potential flexibility and cost savings. E.g Salesforce Community Cloud cloud infrastructure shared by several organizations that supports a specific community with shared concerns. Hybrid Cloud involves a mix of two or more of these models
5 Cloud Value Proposition What makes moving to the Cloud compelling for a business? Pay just for what you need Cloud technologies make it easy to scale up and scale down depending on demand for storage, bandwidth, processing etc. Flexible Pricing pay just for what you use, and quickly increase or decrease usage with minimal involvement by the service provider. Agility Cloud technologies allow companies to move quickly. No long procurement cycles and new business ideas and services can be brought to market much more quickly. Improved Focus on business value instead of maintaining current systems, your IT Department can spend more time solving new business problems. Mobility being on the cloud means that that information is instantly available to all devices, from PC s to laptops to tablets and iphones. Most Cloud services are also browser and OS agnostic
6 Can the Cloud be Trusted? How to assess risk Key concerns Privacy Loss of control Regulatory Compliance Physical/logical security Need for Due Diligence Governance, Risk and Compliance Risk Assessments Business Impact of What If s Ensuring you use the right contractual terms to enable your strategy Security and Privacy Business Continuity 3 rd Party Litigation and e Discovery Regulation Compliance
7 Bankruptcy M &A (non prevailing product goes extinct) Contract Breach (Blown SLA s) Force Majeure Extended Outage Exit Strategy how can I get my data off once it s on? Can t Recover Your Data Due Diligence Questions Asking What If
8 Crafting a Plan think about working with a neutral 3 rd party vendor Define your Standards What are the Triggers that set contingency in motion? Is there a neutral Third Party that can execute the plan Is there a way to continue working while the contingency plan is being executed Test to verify that the plan works Make sure you have unambiguous contract terms if possible Contingency Planning If something goes wrong, what is the plan?
9 Clear articulation of fees for services and modifications Well defined performance metrics and remedies for service failures Security, privacy and audit commitments that will satisfy regulatory concerns and understanding where data resides Business continuity, disaster recovery and force majeure events Clear restrictions on use and ownership of customer data and IP Provision for termination of contract and moving to a different provider, including data recovery Addressing the impacts of disputes and bankruptcy (e.g. software escrow) E Discovery is there a reasonable process to put in a place a hold and preserve data? Contractual Issues Checklist Key areas to review
10 Alicia Lowery Rosenbaum Attorney Microsoft Legal & Corporate Affairs Thank you for being here today August 18, 2014
11 Trust considerations Is cloud computing secure? security Where is my data and do I have access? How do you support my compliance needs? compliance What does privacy mean? Is my data used for advertising? privacy - Forbes, 2013
12 Security Built in Capabilities Flexible Customer Controls Security best practices like penetration testing, Defense-in-depth to protect against cyberthreats Physical and data security with access control, encryption and strong authentication Unique customer controls with Rights Management Services to empower customers to protect information
13 Defense in depth Physical controls, video surveillance, access control Physical Security Network Host Application Admin Data Edge routers, firewalls, intrusion detection, vulnerability scanning Access control and monitoring, anti-malware, patch and configuration management Secure engineering (SDL), access control and monitoring, anti-malware Account management, training and awareness, screening Threat and vulnerability management, security monitoring, and response, access control and monitoring, file/data integrity, encryption Independently verified to meet key standards ISO 27001, SSAE 16, FISMA
14 Physical Security Seismic bracing 24x7 onsite security staff Days of backup power Tens of thousands of servers
15 Customer data isolation Designed to support logical isolation of data that multiple customers store in same physical hardware. Customer A Customer B Intended or unintended mingling of data belonging to a different customer/tenant is prevented by design using Active Directory organizational units 15
16 Administrators Background checks Screening Automatic account deletion Unique accounts Zero access privileges SDL Annual training
17 Lock Box Zero access privilege & role based access Request Approve Temporary access granted Grants least privilege required to complete task. Verify eligibility by checking if Request with reason Zero standing privileges 1. Background check completed 2. Fingerprinting completed 3. Security training completed
18 Encryption Data at Rest Disks encrypted with Bitlocker Encrypted shredded storage Data in-transit SSL/TLS Encryption Client to Server Server to Server Data center to Data center User
19 ncrypted shredded storage A B C D Content DB Key Store A B C E D
20 Privacy Privacy by design means that we do not use your information for anything other than providing you services No Advertising Transparency Privacy controls No advertising products out of Customer Data No scanning of or documents to build analytics or mine data Access to information about geographical location of data, who has access and when Notification to customers about changes in security, privacy and audit information Various customer controls at admin and user level to enable or regulate sharing If the customer decides to leave the service, they get to take to take their data and delete it in the service
21 Transparency Where is Data Stored? Clear Data Maps and Geographic boundary information provided Ship To address determines Data Center Location Who accesses and what is accessed? Core Customer Data accessed only for troubleshooting and malware prevention purposes. Core Customer Data access is limited to key personnel on an exception basis only. Do I get notified? Microsoft notifies you of changes in data center locations.
22 On government snooping To be clear, here s what we do, and what we don t do: We don t provide any government with direct, unfettered access to your data. We don t assist any government s efforts to break our encryption or provide any government with encryption keys. We don t engineer back doors into our products and we take steps to ensure governments can independently verify this. If, as reports suggest, there is a bigger surveillance program, we are not involved
23 EU Data Protection Authorities validate Microsoft s approach to privacy Article 29 Working Party - collection of data protection authorities in Europe regulating world s toughest privacy laws Validation by EU Data Protection Authorities for Microsoft s commercial commitments for DPA/EU Model Clauses. (covering Office 365, Azure, CRM Online, and Intune) Microsoft is the only provider to have received this validation Standard part of contracts as of July 1st
24 Built in Capabilities Office 365 is built with a focus on privacy and security that allows us to obtain important industry certifications and enables customers to meet international laws and regulations 3rd party certification and audits. Customer controls for compliance Data Loss Prevention (DLP) Archiving and Legal Hold E-Discovery
25 archiving and retention Preserve Search In-Place Archive Governance Hold ediscovery Secondary mailbox with separate quota Managed through EAC or PowerShell Available on-premises, online, or through EOA Automated and timebased criteria Set policies at item or folder level Expiration date shown in message Capture deleted and edited messages Time-Based In-Place Hold Granular Query-Based In-Place Hold Optional notification Web-based ediscovery Center and multi-mailbox search Search primary, In-Place Archive, and recoverable items Delegate through roles-based administration De-duplication after discovery Auditing to ensure controls are met
26 Data Loss Prevention (DLP) Empower users to manage their compliance Contextual policy education Doesn t disrupt user workflow Works even when disconnected Configurable and customizable Admin customizable text and actions Built-in templates based on common regulations Import DLP policy templates from security partners or build your own
27 Questions We ll now open it up for questions
28 Thank You
Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?
Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities
More informationCloud e-mail services: Security, Compliance and Privacy. Nasos Kladakis Solutions Specialist Microsoft Hellas
Cloud e-mail services: Security, Compliance and Privacy Nasos Kladakis Solutions Specialist Microsoft Hellas Risk Management Program Overview Information Security Policy Security Privacy & Regulatory Service
More informationProtecting Data and Privacy in the Cloud
Protecting Data and Privacy in the Cloud Contents 1 3 6 9 12 13 Protecting Data and Privacy in the Cloud an Introduction Building Services to Protect Data Protecting Data in Service Operations Empowering
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationThings You Need to Know About Cloud Backup
Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing
More informationConnecting Your Business to the Cloud. Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom
Connecting Your Business to the Cloud Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom Agenda What is the Cloud? Top Cloud Apps How Do I Get Started? Examples Business Benefits Migration
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationCloud Computing Security Issues
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,
More informationCopyright 2015 EMC Corporation. All rights reserved. 1
Copyright 2015 EMC Corporation. All rights reserved. 1 ROADMAP INFORMATION DISCLAIMER EMC makes no representation and undertakes no obligations with regard to product planning information, anticipated
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationService Level Agreements for IT
Service Level Agreements for IT Sunday, May 22, 3:50 4:40, CPE - 1 Linda Cramer, Assistant County Manager, Chatham County Gary Robinson, Director Budget and Finance, Pierce County Todd Sander, Executive
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationMicrosoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries.
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationFeliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia
Feliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia NonSoloSecurity Blog: http://blogs.technet.com/feliciano_intini Twitter: @felicianointini Trustworthy Computing Cloud:
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationHow Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015
How Microsoft is taking Privacy by Design to Work Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 Agenda Introducing the New Microsoft Microsoft privacy principle Protecting privacy
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More information5 Critical Considerations for. Enterprise Cloud Backup
5 Critical Considerations for Enterprise Cloud Backup This guide is written for IT professionals who play a part in data protection and governance at their enterprises. It is meant to provide an initial
More informationSaaS Security for the Confirmit CustomerSat Software
SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationEnterprise Governance and Planning
GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15,
More informationEMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST
EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST Enabling user efficiency with a cloud-based email platform With productivity, revenues and reputation at stake, an
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationWhat s the Path? Information Life-cycle part of Vendor Management
Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationSATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks
SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical
More informationKUIDAS KAITSTA ANDMEID EMC TARKVARAGA?
Madis Pärn Sr. System Engineer EMC madis.parn@emc.com KUIDAS KAITSTA ANDMEID EMC TARKVARAGA? DATA PROTECTION OVERVIEW 1 TALE OF TWO WORLDS Traditional Apps IT On Premise Next Gen Apps Developers Cloud
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationDatacenters of the Past. Datacenter of the (New) Present Datacenter without boundaries. Devices
Start Justin President Convergent Computing http://www.cco.com randm@cco.com Devices Things Apps Big data Cloud 52% of information workers across 17 countries report using 3+ devices for work 212 Billion
More informationEnterprise Architecture Review Checklist
Enterprise Architecture Review Checklist Software as a Service (SaaS) Solutions Overview This document serves as Informatica s Enterprise Architecture (EA) Review checklist for Cloud vendors that wish
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationLibrary Systems Security: On Premises & Off Premises
Library Systems Security: On Premises & Off Premises Guoying (Grace) Liu University of Windsor Leddy Library Huoxin (Michael) Zheng Castlebreck Inc. CLA 2015 Annual Conference, Ottawa, June 5, 2015 Information
More informationWhat You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility
Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery
More informationUNCLASSIFIED. UK Email Archiving powered by Mimecast Service Description
UNCLASSIFIED 11/12/2015 v2.2 UK Email Archiving powered by Mimecast Service Description Cobweb s UK Email Archiving, powered by Mimecast, provides businesses with a secure, scalable cloud-based message
More informationHow To Manage Cloud Data Safely
Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationData Privacy, Security, and Risk Management in the Cloud
Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationFormFire Application and IT Security. White Paper
FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationIntroduction to Cloud Services
Introduction to Cloud Services (brought to you by www.rmroberts.com) Cloud computing concept is not as new as you might think, and it has actually been around for many years, even before the term cloud
More informationOffice Exchange SharePoint Lync
Office Exchange SharePoint Lync Comprehensive tools to do your best work Enterprise-grade cloud services Office 365 is A HIGHLY CONFIGURABLE, but not a customizable solution. MICROSOFT DATA CENTER
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationManaged IT Secure Infrastructure Flexible Offerings Peace of Mind
Managed IT Secure Infrastructure Flexible Offerings Peace of Mind Your Place or Ours Why Trust Your Network to SymQuest? SymQuest is an industry leader with a national reputation for service excellence
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationAddressing E-mail Archiving and Discovery with Microsoft Exchange Server 2010
WHITE PAPER Addressing E-mail Archiving and Discovery with Microsoft Exchange Server 2010 Introduction With businesses generating and sharing an ever-increasing volume of information through e-mail, the
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationOPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
More informationPharma CloudAdoption. and Qualification Trends
Pharma CloudAdoption and Qualification Trends OurCloudExperience Numerous implementations of EDMS systems with external hosting for smaller life science clients Development of qualification strategy for
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationINFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.
INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc. Copyright 2016 Table of Contents INSTRUCTIONS TO VENDORS 3 VENDOR COMPLIANCE PROGRAM OVERVIEW 4 VENDOR COMPLIANCE
More informationHow Should Your Organization Deploy Microsoft Exchange?
WHITEPAPER How Should Your Organization Deploy Microsoft Exchange? Choosing between Exchange Server on premises, Exchange Online in the cloud, and hybrid deployment options Introduction The purpose of
More informationAnatomy of a Cloud Computing Data Breach
Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations
More informationSecuring the Microsoft Cloud Infrastructure. Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06.
Securing the Microsoft Cloud Infrastructure Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06.2015 1 Certification & Security Reliance Microsoft s cloud environment Application
More informationWhat you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered
What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationREDCENTRIC MANAGED ARCHIVE SERVICE SERVICE DEFINITION
REDCENTRIC MANAGED ARCHIVE SERVICE SERVICE DEFINITION SD005 V2.0 Issue Date 02 July 2014 1) SERVICE OVERVIEW Redcentric's Managed Archive Service allows customers to regain control of their Microsoft Exchange
More informationAuditing Cloud Computing and Outsourced Operations
Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, 2012 3:30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationThe Webcast will begin at 1:00pm EST. www.gig-werks.com
SharePoint 2013 & SharePoint Online Security, Compliance & ediscovery The Webcast will begin at 1:00pm EST Today s Presentation: Introduction & About Gig Werks Gig Werks Experience with SharePoint Office
More informationAll Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME
THE NEED FOR HIGH AVAILABILITY AND UPTIME 1 THE NEED FOR HIGH AVAILABILITY AND UPTIME All Clouds Are Not Created Equal INTRODUCTION Companies increasingly are looking to the cloud to help deliver IT services.
More information68% Meet compliance needs with Microsoft Exchange. of companies send sensitive data via email.
Meet compliance needs with Microsoft Exchange As the volume and importance of digital information grows, regulatory compliance schemas are broadening to encompass an ever-larger share of data that companies
More informationCloud, Appliance, or Software? How to Decide Which Backup Solution Is Best for Your Small or Midsize Organization.
WHITE PAPER: CLOUD, APPLIANCE, OR SOFTWARE?........................................ Cloud, Appliance, or Software? How to Decide Which Backup Solution Is Best for Your Small or Midsize Who should read
More informationGovernance and Control in the Cloud. Infrastructure as a Service
1 Governance and Control in the Cloud Infrastructure as a Service Cows 2 The Triumph of the Utility 3 Our Discussion 4 How we ll talk about Governance and Controls today Not an IT-assurance methodology
More informationSAAS MADE EASY: SERVICE LEVEL AGREEMENT
SAAS MADE EASY: SERVICE LEVEL AGREEMENT THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( SaaS Made Easy ). Capitalized terms used herein but not otherwise defined
More informationMICROSOFT EXCHANGE 2013 WHAT EVERY LEGAL PROFESSIONAL SHOULD KNOW
MICROSOFT EXCHANGE 2013 WHAT EVERY LEGAL PROFESSIONAL SHOULD KNOW WELCOME Thank you for joining Numerous diverse attendees Today s topic and presenters This is an interactive presentation You will receive
More informationHosting Services VITA Contract VA-120416-AISN (Statewide contract available to any public entity in the Commonwealth)
Hosting Services VITA Contract VA-120416-AISN (Statewide contract available to any public entity in the Commonwealth) March 2014 Premier Provider of egov Services to the Commonwealth of Virginia Virginia
More informationNCTA Cloud Architecture
NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,
More informationMod 9: Exchange Online Archiving
Office 365 for SMB Jump Start Mod 9: Exchange Online Archiving Chris Oakman Managing Partner Infrastructure Team Eastridge Technology Stephen Hall Owner & IT Consultant District Computers 1 Jump Start
More informationAll your apps & data in the cloud, all in one place.
The Cloud Desktop For Business Unify Your Business IT Experience All your apps & data in the cloud, all in one place. The Cloud Desktop houses all of your organization's applications and data in one easy-to-access
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationCorporate PC Backup - Best Practices
A Druva Whitepaper Corporate PC Backup - Best Practices This whitepaper explains best practices for successfully implementing laptop backup for corporate workforce. White Paper WP /100 /009 Oct 10 Table
More informationDigital Marketplace - G-Cloud
Digital Marketplace - G-Cloud Managed Services, Cloud and infrastructure Core offer 7 services in this area: 1. Aurora Customisation Professional Services Core have over 10 years experience in identity
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More information5 Things You Didn t Know About Cloud Backup
5 Things You Didn t Know About Cloud Backup 1. Data privacy can easily be compromised by encryption key holders. Encryption is vital to data protection and most backup solutions offer it. However, encryption
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationCLOUD SERVICES FOR EMS
CLOUD SERVICES FOR EMS Greg Biegen EMS Software Director Cloud Operations and Security September 12-14, 2016 Agenda EMS Cloud Services Definitions Hosted Service Managed Services Governance Service Delivery
More informationHow To Understand Cloud Computing
CLOUD COMPUTING Jillian Raw Partner, Kennedys http://www.kennedys-law.com/jraw/ Cloud Computing- what they say about it the cloud will transform the information technology industry profoundly change the
More information- CIO/Technology Director
Our Sales teams need to connect with the right customers and systems while on the road I need to deliver secure and compliant communications tools to support a highly distributed workforce. - VP of Sales
More information5 Critical Considerations for. Enterprise Cloud Backup
5 Critical Considerations for Enterprise Cloud Backup This guide is written for IT professionals who play a part in data protection and governance at their enterprises. It is meant to provide an initial
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More information