Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012"

Transcription

1 Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner 23 February 2012

2 Foreword Cloud Security Alliance New Zealand Chapter is grateful to Privacy Commissioner for giving an opportunity to contribute to User Guidance to Cloud Computing. We would like to contribute to this cause through our publicly and freely available security research based on existing industry standards and best practices. The contribution to draft document is based on its generalised structure, thus we recommend description of the document at the specialised layers. Regards Jim Reavis Executive Director CSA Rizwan Ahmad Philip Whitmore Eric Svetoc Daniele Catteddu Managing Director CSA, Europe and Middle East John Martin Dean Carter Warren Schimith

3 1 What is cloud computing The meaning of Cloud Computing needs to be grasped entirely to apply the privacy rules, otherwise, the user, cloud service provider and stakeholders will not be able to determine the actual roles and responsibilities that exist within the cloud layers, and who is associated with those roles and responsibilities. It is important that cloud computing may not be evaluated literally, but it should be understood technically, which will make implementation of legal and regulatory controls easier. There are various definitions publically available with NIST , ENISA, ITU-T and Cloud Security Alliance documents. In this document, the definition of NIST is elucidated as a reference definition and explained in the terms that can be understood by the Cloud User (CU), Cloud Service Provider (CSP) and stakeholder. 1.1 Stack of layers The technical definition provided by NIST refers to a stack of layers dependant on each other. These layers are Software as a Service, Platform as a Service and Infrastructure as a Service, and are based on a virtualised 1 platform provided by the physical data centre. The explanation of the layers is technically defined in NIST The NIST definition (as with the Cloud Security Alliance description of cloud computing and ENISA description of responsibility of Cloud User (CU) and Cloud Service Provider (CSP) layers) also provides an understanding of its architecture and division of responsibility NIST Definition 2 Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models Essential Characteristics 3 1. On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. 2. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). 3. Resource pooling. The provider s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacentre). Examples of resources include storage, processing, memory, and network bandwidth. 1 Virtualised environment does not mean that the data does not have the Persistent state, it can be stored at the space given by the IaaS Characteristics are meant to differentiate it from existing services and cloud terminologies in the world. Characteristics may be taken as a whole.

4 4. Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time. 5. Measured service. Cloud systems automatically control and optimise resource use by leveraging a metering capability1 at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilised service Service Models 1. Software as a Service (SaaS). The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure 4. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g. web-based ), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. 2. Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. 3. Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls) Deployment Models 1. Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organisation comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organisation, a third party, or some combination of them, and it may exist on or off premises. 2. Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organisations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and 4 A cloud infrastructure is the collection of hardware and software that enables the five essential characteristics of cloud computing. The cloud infrastructure can be viewed as containing both a physical layer and an abstraction layer. The physical layer consists of the hardware resources that are necessary to support the cloud services being provided, and typically includes server, storage and network components. The abstraction layer consists of the software deployed across the physical layer, which manifests the essential cloud characteristics. Conceptually the abstraction layer sits above the physical layer.

5 operated by one or more of the organisations in the community, a third party, or some combination of them, and it may exist on or off premises. 3. Public cloud 5. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organisation, or some combination of them. It exists on the premises of the cloud provider. 4. Hybrid cloud 6. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardised or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). 1.2 Understanding the Stack for SaaS, PaaS and IaaS Cloud Layers In cloud architecture, a relationship exists between the cloud layers and cannot be ignored due to dependencies. The Cloud Security Alliance Cloud architecture in figure1 below illustrates the relationships and dependencies between the cloud computing layers. These stacks of layers are interdependent on each other, and level and nature of responsibilities for those who use and provide services on each of these layers changes. In the figure, IaaS is the foundation layer on which PaaS and SaaS exists. Simply, it will be pertinent to say that SaaS is dependent of PaaS and PaaS is dependent on IaaS. Due to dependency and inheritance, the characteristics of layers are inherited along with the risks. It is important to note that commercial cloud providers may not neatly fit into the layered service model. The model is a prototype to understand security, privacy and legal issues by mapping real world services to an architectural framework. Figure 1: Cloud Security Alliance Stack of Cloud Layers 7 5 For privacy, the main concern is public cloud; these are transnational and located anywhere in the world. 6 Hybrid clouds can be based on public and private clouds. These are also important while considering the privacy based on interoperability, sovereignty of public clouds. In these cases the contractual terms needs a balance and cloud service provider must provide the transparency to the users through disclosure of information. 7 See cloud security alliance reference document v3

6 SaaS: It is a CSP which delivers software as a service to user. It is his responsibility to develop the software, using secure Platform (Paa-S 8 ) to compile the software and use an infrastructure (Iaa-S) to host it. Therefore, SaaS is dependent on PaaS and IaaS, otherwise delivery of any software as a service might not be possible. There are two use cases of SaaS: 1 The SaaS provider will own PaaS and IaaS and provide services to the user, for example CRM solutions such as Salesforce. The CU is the Data Controller and CSP is Data Processor. 2 There are cloud service providers only providing SaaS 9 but hosting their applications on another cloud service provider. For example A is a SaaS provider and can use Amazon PaaS and IaaS to host its application. In this case where the SaaS provider is using a different IaaS provider, he will be Data Controller for IaaS provider and Data Processor for CU. ENISA has referred and apprised about the roles and responsibilities during interaction of cloud user and provider that differ on each layer. It is also helpful in determining who will implement the privacy controls, administratively, operationally and in software. Table 1: Responsibility at SaaS CU Responsibility Jurisdictional Risk assessment Compliance with data protection law Identity Management Access Control Policy Authentication SaaS Layer CSP Responsibility Ownership of physical structure Physical security Management of software security Management of network security OS patch management Incident response and resiliency Monitoring and Maintenance Compliance with standards and legal regulation PaaS: it is cloud service provider which delivers platform for development of software to SaaS providers or to any user. The PaaS layer is dependent on the IaaS layer for storage, API etc. Windows Azure is one of the examples. Table 2: Responsibility at PaaS PaaS Layer CU Responsibility CSP Responsibility Maintenance of Application Ownership of physical structure Identity Management Physical security Compliance to privacy acts and data protection laws Management of network security Authentication OS patch management Development of software Incident response and resiliency Testing of Software Monitoring and Maintenance Maintenance of software and software security Compliance with standards and legal regulation Compliance with law related to malicious software 8 Paa-S S is for service and it is added to platform when any cloud service provider is actually providing the service to its users. 9 The SaaS provider may try to avoid high cost and may choose non-accredited IaaS cloud service provider to host their application, which in the long run may lead to loss of data.

7 IaaS: It is cloud service provider which delivers infrastructure to run your operating systems, store data etc. It is only dependant on the physical medium of data centre. It is foundation layer for PaaS and IaaS Table 3: Responsibilities at IaaS CU Responsibility Maintenance of Application security policy Identity Management Compliance to privacy acts and data protection laws Authentication Testing of Software Maintenance of software and security Compliance with law related to malicious software Configuration of logical security platform Configuration and maintenance of guest operating system IaaS Layer CSP Responsibility Ownership of physical structure Physical security Management of network security Incident response and resiliency Monitoring and Maintenance Compliance with standards and legal regulation Tables 1, 2 and 3 illustrate the amount of control exercised by CU and CSP. The level of control of CSP decreases from SaaS to IaaS giving control to CU. The control of data is in the hands of CU (data controller) in each layer and CSP is data processor. The privacy controls are implemented differently on each layer. At SaaS, the software is developed by the SaaS provider, and it is their responsibility that the technical privacy controls need to be implemented by design. Thereafter, SaaS is used by CU and data is entered. CSP deals with the backend data and interoperability, and security is their responsibility. Similarly, at PaaS, the CU develops the software, and it is their responsibility to have privacy controls embedded by design in the software, as is the case with IaaS. 2 Risk Analysis The performance of a risk analysis before the cloud services are adopted by the user is important. The risk analysis in cloud domain is not necessarily restricted to risk management practices and is expanded to analyse the legal risks also. In this document, risk analysis is limited to the Office of the Privacy Commissioner s draft requirements; however, an example of a comprehensive risk analysis document has been published by ENISA 10. The pre-adoption assessment of cloud risk is the CU s responsibility. 2.1 Deployment Models and Privacy The risk to privacy leakage emanates from transnational nature of public and hybrid clouds, however cloud service providers (CSP) residing in one jurisdiction with the cloud user (CU) can easily be controlled through local law and regulatory compliance. Public cloud computing spread over different jurisdiction creates following risks:- 1. New Zealand subjects are not protected under the CSP jurisdiction 10 See

8 2. CU is at the non-negotiable terms and dependant on the click wrap agreements, where the choice of jurisdiction is often based on where the data centre or the headquarters of the CSP is situated 3. Government agencies in another jurisdiction have extensive or unlimited powers to access the data without or with CU knowledge 4. The litigation is merely impossible to pursue Jurisdiction Risk Analysis and What Pre-Adoption Questions can be asked by user In cloud, CU is the owner of the data and it is therefore their responsibility to analyse the risks before acquiring services from a CSP. It is important for the CU to understand the security level and classification of their data. They should be vigilant and cynical in performing due care assessment of their data and therefore choose the appropriate cloud layer. The CU can ask following questions regarding the location of information 11 : 1. Is the location of the CSP 12 data centre stated? 2. Is the country where the data is located high risk or low risk 13? 3. Is the CSP willing to provide a choice of jurisdiction to CU? Does the CSP allow the users to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where the data is stored vs. accessed)? 5. Does the privacy legislation in the country of CSP residency mandatorily require the CSP to provide adequate level of protection as aligned with EU data protection directives and the New Zealand Privacy Act? 6. Does New Zealand have bilateral or multilateral agreements with the CSP country for data protection 15? 7. Is the CSP SSAE or ISAE 3402 certified, and does the CSP provide copy of these reports to the CU for their assessment? 8. Does the CSP undergo a privacy impact assessment under the ISO standard? 9. Does the CSP include a protection of privacy clause 17 in their contracts or online agreements? 10. Does the CSP delete the data when a user is deprovisioned, or does it retain the data for some specific period of time? 11. Does the CSP perform secure deletion according to international best practices? 12. Does the CSP select and monitor outsourced providers in compliance with laws in the country where the data is processed and stored and transmitted? 11 Checklist, paragraph CSP also gives the choice of place where the data is processed for example services from Amazon, Rackspace etc. 13 See NZ list or World Bank good governance indicators. During risk assessment it will give an idea about the condition of rule of law, regulatory quality, voice and accountability, corruption in a specific country where data center is located. World bank good governance data is available at 14 It is recommended that jurisdiction for any legal document should favour the CU. 15 Please see NZISM 2.2 Agencies should not engage industry for the provision of off-site information technology services and functions in countries that New Zealand does not have a multilateral or bilateral security agreement with for the protection of classified information of the government of New Zealand. 16 SSAE 16 is comprised of SOC1, SOC2 and SOC3 reports. The recommended report for assurance and risk analysis is SOC2. SOC2 audits the datacentre under security core principles confidentiality, integrity and availability. SOC3 is the trusted seal after successful SOC2 reports. 17 Section 95b of privacy act 1988 au can be referenced.

9 13. Does the CSP inform users in case of data migration to partner cloud provider for resiliency? 14. Do Partner CSPs have the same security compliance standard as the primary cloud provider? 15. Does the CSP provide users with a role definition document clarifying their administrative responsibilities vs. those of the user? 16. Does the CSP follow ISO for record keeping? 2.2 Responsibility In these cloud layers, there is a change of responsibility between the CU and the CSP. The data protection and privacy controls are a joint responsibility of both. The main responsibility will be on the CU shoulders as the CU will be collecting data, updating and deleting the data. While the logical layer for control of data is the CU responsibility; the transition and deletion of data on physical medium will be the responsibility of the CSP Questions that need to asked by the CU The questions below cover the areas of security of information that a CU should ask a CSP, and address the following topics in the Checklist included in the Office of the Privacy Commissioner s draft: Security lock it down Use and Disclosure who sees the information and what will it be used for Ability to exit, and deletion of information. Security and Privacy Policy Data Governance Do your information security and privacy policies align with particular industry standards (e.g. ISO-27001, ISO-22307, CoBIT)? Is your Privacy Policy aligned with industry standards? Do you have agreements which ensure your providers adhere to your information security and privacy policies? Can you provide evidence of due diligence mapping of your controls, architecture and processes to regulations and/or standards? Do you notify your users when you make material changes to your information security and/or privacy policies? Ownership / Stewardship Classification Do you follow a structured data-labelling standard (e.g. ISO 15489, Oasis XML Catalog Specification, CSA data type guidance)? Do you provide a capability to identify virtual machines via policy tags/metadata (e.g. tags can be used to limit guest operating systems from booting/instantiating/transporting data in the wrong country, etc.)? Do you provide a capability to identify hardware via policy tags/metadata/hardware tags (e.g. TXT/TPM, VN-Tag, etc.)? Do you have a capability to use system geographic location as an authentication factor?

10 Handling / Labelling / Security Policy Information Leakage Risk Assessments Information System Regulatory Mapping Risk Assessments Can you provide the physical location/geography of storage of a user s data upon request? Do you allow users to define acceptable geographical locations for data routing or resource instantiation? Are policies and procedures established for the labelling, handling and securing of data? Do you have controls in place to prevent data leakage or intentional/accidental compromise between users in a multi-user environment? Do you have a Data Loss Prevention (DLP) or extrusion prevention solution in place for all systems which interface with your cloud service offering? Do you provide security control health data in order to allow users to implement industry standard Continuous Monitoring (which allows continual user validation of your physical and logical control status?) Do you have the ability to logically segment or encrypt user data such that data may be produced for a single user only, without inadvertently accessing another user s data? Do you have capability to logically segment and recover data for a specific user in the case of a failure or data loss? Use of information Intellectual Property Do you have policies and procedures in place describing what controls you have in place to protect users intellectual property? If the utilisation of user services housed in the cloud is mined for cloud provider benefit, are the users IP rights preserved? If the utilisation of users services housed in the cloud is mined for cloud provider benefit, do you provide users the ability to opt-out? Incident Response Security and privacy Breach Notifications 18 Incident Response Does your incident response plan comply with industry standards for legally admissible chain-of-custody management processes and controls? Does your incident response capability include the use of legally admissible forensic data collection and analysis techniques? Do you enforce and attest to user data separation when producing data in response to legal subpoenas? Do you inform users of any security breach? 18 Article 13a(3)EU Directive 2009/140/EC, In USA, almost every state has enacted the law for disclosure of breach Cal. Civ. Code 56.06, , ,

11 Are systems in place to monitor for privacy breaches and notify tenants expeditiously if a privacy event may have impacted their data? Nondisclosure Agreements Third Party Agreements Liability Legal Requirements Are the requirements for non-disclosure or confidentiality agreements reflecting the organisation's needs for the protection of data and operational details identified, documented and reviewed at planned intervals? Do you select and monitor outsourced providers in compliance with laws in the country where the data is processed and stored and transmitted? Do you select and monitor outsourced providers in compliance with laws in the country where the data originates? Is your organisation insured by a third party for losses? Do your organisation s service level agreements provide users remuneration for losses they may incur due to outages or losses experienced within your infrastructure? Retention Policy Removal of User from system access Secure Disposal Nonproduction Data Data Retention Do you have technical control capabilities to enforce user data retention policies? Do you have a documented procedure for responding to requests for user data from governments or third parties? Do you have controls in place ensuring timely removal of systems access which is no longer required for business purposes? Is timely deprovisioning, revocation or modification of user access to the organisations systems, information assets and data implemented upon any change in status of employees, contractors, customers, business partners or third parties? Do you support secure deletion (e.g. degaussing / cryptographic wiping) of archived data as determined by the tenant? Can you provide a published procedure for exiting the service arrangement, including assurance to sanitise all computing resources of user data once a customer has exited your environment or has vacated a resource? Do you have procedures in place to ensure production data shall not be replicated or used in non-production environments?

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes Cloud Computing Supplementary slides Course: Designing and Implementing Service Oriented Business Processes 1 Introduction Cloud computing represents a new way, in some cases a more cost effective way,

More information

The NIST Definition of Cloud Computing

The NIST Definition of Cloud Computing Special Publication 800-145 The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication 800-145 The NIST

More information

IS PRIVATE CLOUD A UNICORN?

IS PRIVATE CLOUD A UNICORN? IS PRIVATE CLOUD A UNICORN? With all of the discussion, adoption, and expansion of cloud offerings there is a constant debate that continues to rear its head: Public vs. Private or more bluntly Is there

More information

The NIST Definition of Cloud Computing (Draft)

The NIST Definition of Cloud Computing (Draft) Special Publication 800-145 (Draft) The NIST Definition of Cloud Computing (Draft) Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Capability Paper. Today, aerospace and defense (A&D) companies find

Capability Paper. Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find themselves at potentially perplexing crossroads. On one hand, shrinking defense budgets, an increasingly

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

CLOUD COMPUTING GUIDELINES FOR LAWYERS

CLOUD COMPUTING GUIDELINES FOR LAWYERS INTRODUCTION Legal practices are increasingly using cloud storage and software systems as an alternative to in-house data storage and IT programmes. The cloud has a number of advantages particularly flexibility

More information

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud? East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management

More information

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there A white paper from Fordway on CLOUD COMPUTING Why private cloud should be your first step on the cloud computing journey - and how to get there PRIVATE CLOUD WHITE PAPER January 2012 www.fordway.com Page

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini Business Intelligence (BI) Cloud Prepared By: Pavan Inabathini Summary Federal Agencies currently maintain Business Intelligence (BI) solutions across numerous departments around the enterprise with individual

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Cloud Computing 159.735 Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Table of Contents Introduction... 3 What is Cloud Computing?... 3 Key Characteristics...

More information

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era (1944-1978) Workstation Era (1968-1985) Xerox Star 1981!

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era (1944-1978) Workstation Era (1968-1985) Xerox Star 1981! Demystifying Cloud Computing What is Cloud Computing? First, a little history. Tim Horgan Head of Cloud Computing Centre of Excellence http://cloud.cit.ie 1" 2" Mainframe Era (1944-1978) Workstation Era

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

Technology & Business Overview of Cloud Computing

Technology & Business Overview of Cloud Computing Your Place or Mine? In-House e-discovery Platform vs. Software as a Service Technology & Business Overview of Cloud Computing Janine Anthony Bowen, Esq. Jack Attorneys & Advisors www.jack-law.com Atlanta,

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

6 Cloud computing overview

6 Cloud computing overview 6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

SCADA Cloud Computing

SCADA Cloud Computing SCADA Cloud Computing Information on Cloud Computing with SCADA systems Version: 1.0 Erik Daalder, Business Development Manager Yokogawa Electric Corporation Global SCADA Center T: +31 88 4641 360 E: erik.daalder@nl.yokogawa.com

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro Cloud definitions you've been pretending to understand Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro You keep using that word cloud. I do not think it means what you think it

More information

CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK

CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK AIPPI 2012 SEOUL XX October 2012 Alexandra NERI, Partner, TMT, +33 1 53 57 70 70, alexandra.neri@hsf.com TOPICS What is cloud computing?

More information

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE H.Madhusudhana Rao* Md. Rahmathulla** Dr. B Rambhupal Reddy*** Abstract: This paper targets on the productivity of cloud computing technology in healthcare

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

Enhancing Operational Capacities and Capabilities through Cloud Technologies

Enhancing Operational Capacities and Capabilities through Cloud Technologies Enhancing Operational Capacities and Capabilities through Cloud Technologies How freight forwarders and other logistics stakeholders can benefit from cloud-based solutions 2013 vcargo Cloud Pte Ltd All

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

An Introduction to Cloud Computing Concepts

An Introduction to Cloud Computing Concepts Software Engineering Competence Center TUTORIAL An Introduction to Cloud Computing Concepts Practical Steps for Using Amazon EC2 IaaS Technology Ahmed Mohamed Gamaleldin Senior R&D Engineer-SECC ahmed.gamal.eldin@itida.gov.eg

More information

Cloud Computing Service and Legal Issues

Cloud Computing Service and Legal Issues Cloud Computing Service and Legal Issues Takato Natsui Professor of Law, Meiji University, Tokyo, Japan 1. Introduction Many IT businesses have indicated that cloud computing is a very promising emerging

More information

The HIPAA Security Rule: Cloudy Skies Ahead?

The HIPAA Security Rule: Cloudy Skies Ahead? The HIPAA Security Rule: Cloudy Skies Ahead? Presented and Prepared by John Kivus and Emily Moseley Wood Jackson PLLC HIPAA and the Cloud In the past several years, the cloud has become an increasingly

More information

Seeing Though the Clouds

Seeing Though the Clouds Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating

More information

Cloud Computing: The Next Computing Paradigm

Cloud Computing: The Next Computing Paradigm Cloud Computing: The Next Computing Paradigm Ronnie D. Caytiles 1, Sunguk Lee and Byungjoo Park 1 * 1 Department of Multimedia Engineering, Hannam University 133 Ojeongdong, Daeduk-gu, Daejeon, Korea rdcaytiles@gmail.com,

More information

Soft Computing Models for Cloud Service Optimization

Soft Computing Models for Cloud Service Optimization Soft Computing Models for Cloud Service Optimization G. Albeanu, Spiru Haret University & Fl. Popentiu-Vladicescu UNESCO Department, University of Oradea Abstract The cloud computing paradigm has already

More information

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - 45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART

More information

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference

More information

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,

More information

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Cloud Computing. Information Security and Privacy Considerations. April 2014

Cloud Computing. Information Security and Privacy Considerations. April 2014 Cloud Computing Information Security and Privacy Considerations April 2014 All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 1 Crown copyright. This copyright

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

Cloud Computing in a Regulated Environment

Cloud Computing in a Regulated Environment Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

Cloud Computing: Background, Risks and Audit Recommendations

Cloud Computing: Background, Risks and Audit Recommendations Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For

More information

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government October 4, 2009 Prepared By: Robert Woolley and David Fletcher Introduction Provisioning Information Technology (IT) services to enterprises

More information

Strategies for Secure Cloud Computing

Strategies for Secure Cloud Computing WHITE PAPER Cloud Basics Strategies for Secure Cloud Computing An Introduction to Exploring the Cloud There is a lot of buzz these days about cloud computing and how it s going to revolutionize the way

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

Verifying Correctness of Trusted data in Clouds

Verifying Correctness of Trusted data in Clouds Volume-3, Issue-6, December-2013, ISSN No.: 2250-0758 International Journal of Engineering and Management Research Available at: www.ijemr.net Page Number: 21-25 Verifying Correctness of Trusted data in

More information

Cloud Computing Toolkit

Cloud Computing Toolkit DEPARTMENT OF INFORMATION STUDIES, ABERYSTWYTH UNIVERSITY Cloud Computing Toolkit Guidance for outsourcing information storage to the cloud Nicole Convery 26/08/2010 Toolkit to guide information professionals

More information

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014 Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is

More information

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Subhash Sankuratripati NetApp SNIA Legal Notice The material contained in

More information

Cloud Panel Draft Statement of Requirement

Cloud Panel Draft Statement of Requirement Cloud Panel Draft Statement of Requirement August 2014 Statement of Requirement This draft Statement of Requirement (SOR) has been created to provide Commonwealth Agencies, industry members and interested

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

OVERVIEW Cloud Deployment Services

OVERVIEW Cloud Deployment Services OVERVIEW Cloud Deployment Services Audience This document is intended for those involved in planning, defining, designing, and providing cloud services to consumers. The intended audience includes the

More information

The Keys to the Cloud: The Essentials of Cloud Contracting

The Keys to the Cloud: The Essentials of Cloud Contracting The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb

More information

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015 NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren

More information

Compliance and the Cloud: What You Can and What You Can t Outsource

Compliance and the Cloud: What You Can and What You Can t Outsource Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

More information

Amazon Web Services: Risk and Compliance July 2012

Amazon Web Services: Risk and Compliance July 2012 Amazon Web Services: Risk and Compliance July 2012 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers

More information

Top 10 Cloud Risks That Will Keep You Awake at Night

Top 10 Cloud Risks That Will Keep You Awake at Night Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com

More information

Introduction to Cloud Computing

Introduction to Cloud Computing Institute of Informatics - UFRGS September 2013 Outline Virtualization References Mell, P., & Grance, T. (2011). The NIST denition of cloud computing (draft).nist special publication, 800, 145. Bojanova,

More information

THE CLOUD- CHANGING THE INDIAN HEALTHCARE SYSTEM

THE CLOUD- CHANGING THE INDIAN HEALTHCARE SYSTEM Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 5, May 2013, pg.238

More information

Cloud Computing: Risks and Auditing

Cloud Computing: Risks and Auditing IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

CSO Cloud Computing Study. January 2012

CSO Cloud Computing Study. January 2012 CSO Cloud Computing Study January 2012 Purpose and Methodology Survey Sample Survey Method Fielded Dec 20, 2011-Jan 8, 2012 Total Respondents Margin of Error +/- 7.3% Audience Base Survey Goal 178 security

More information

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Robert Bohn, PhD Advanced Network Technologies Division Cloud FS Americas 2015 New York,

More information

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com IJCSIT, Volume 1, Issue 5 (October, 2014) e-issn: 1694-2329 p-issn: 1694-2345 A STUDY OF CLOUD COMPUTING MODELS AND ITS FUTURE Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

Cloud Computing. Bringing the Cloud into Focus

Cloud Computing. Bringing the Cloud into Focus Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

CHAPTER 8 CLOUD COMPUTING

CHAPTER 8 CLOUD COMPUTING CHAPTER 8 CLOUD COMPUTING SE 458 SERVICE ORIENTED ARCHITECTURE Assist. Prof. Dr. Volkan TUNALI Faculty of Engineering and Natural Sciences / Maltepe University Topics 2 Cloud Computing Essential Characteristics

More information

CLOUD COMPUTING DEMYSTIFIED

CLOUD COMPUTING DEMYSTIFIED CLOUD COMPUTING DEMYSTIFIED Definitions you ve been pretending to understand JACK DANIEL, CCSK, CISSP, MVP ENTERPRISE SECURITY Definitions Words have meaning, professionals need to understand them. We

More information

Enterprise Governance and Planning

Enterprise Governance and Planning GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15,

More information

Developing a Risk-Based Cloud Strategy

Developing a Risk-Based Cloud Strategy Developing a Risk-Based Cloud Strategy Trevor Simmons, ZigZag Associates Ltd David Stokes, Venostic Consulting 23rd April 2015, Chertsey 1 Introductions Tell us briefly Who you are Who you work for What

More information

Cloud Computing & Hosting Solutions

Cloud Computing & Hosting Solutions Cloud Computing & Hosting Solutions SANTA FE COLLEGE CTS2356: NETWORK ADMIN DANIEL EAKINS 4/15/2012 1 Cloud Computing & Hosting Solutions ABSTRACT For this week s topic we will discuss about Cloud computing

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

The Cloud vs. the Back-Office. Which is right for you?

The Cloud vs. the Back-Office. Which is right for you? The Cloud vs. the Back-Office Which is right for you? Introductions Andy Skrzypczak President NetSource One We help, guide and support frustrated and overwhelmed business owners who want Pain Free IT so

More information

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University Cloud Computing: Opportunities, Challenges, and Solutions Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University What is cloud computing? What are some of the keywords? How many of you cannot

More information

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer Plan. Prepare. Protect. About Us Formed by a Group of DC Metro

More information

CLOUD COMPUTING PHYSIOGNOMIES A 1.1 CLOUD COMPUTING BENEFITS

CLOUD COMPUTING PHYSIOGNOMIES A 1.1 CLOUD COMPUTING BENEFITS 193 APPENDIX 1 CLOUD COMPUTING PHYSIOGNOMIES A 1.1 CLOUD COMPUTING BENEFITS A 1.1.1 Cost Savings The biggest reason for shifting to cloud computing is cost. Any company or enterprise has to face sizable

More information

Cloud Models and Platforms

Cloud Models and Platforms Cloud Models and Platforms Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF A Working Definition of Cloud Computing Cloud computing is a model

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information