Managing Cloud Computing Risk

Size: px
Start display at page:

Download "Managing Cloud Computing Risk"

Transcription

1 Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc.

2 Learning Objectives Understand how to identify cloud computing Understand cloud computing service models Understand cloud computing deployment models Understand cloud computing risks Understand how to mitigate cloud computing risks

3 Cloud Computing Defined Cloud computing is a model for enabling ubiquitous, convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Source: The NIST Definition of Cloud Computing, SP

4 5 Essential Characteristics of the Cloud 1. On demand self service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. 2. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Source: The NIST Definition of Cloud Computing, SP

5 5 Essential Characteristics of the Cloud (Cont d) 3. Resource pooling. The provider s computing resources are pooled to serve multiple consumers using a multi tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth. Source: The NIST Definition of Cloud Computing, SP

6 5 Essential Characteristics of the Cloud (Cont d) 4. Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time. Source: The NIST Definition of Cloud Computing, SP

7 5 Essential Characteristics of the Cloud (Cont d) 5. Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. Source: The NIST Definition of Cloud Computing, SP

8 Cloud Computing is Nothing New The five characteristics of cloud computing have been around for quite some time: Mainframes and dumb terminals Servers and thin clients 3 rd party data centers The popularity of the cloud paradigm has been growing exponentially due to the strong value proposition and the many benefits of the cloud model: Reduce IT costs Reduce capital expenditures Increase efficiency Fast scalability 7

9 Learning Objectives Understand how to identify cloud computing Understand cloud computing service models Understand cloud computing deployment models Understand cloud computing risks Understand how to mitigate cloud computing risks 8

10 Infrastructure as a Service (IaaS) The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Source: The NIST Definition of Cloud Computing, SP

11 Infrastructure as a Service (IaaS) Examples 10

12 Platform as a Service (PaaS) The capability provided to the consumer is to deploy onto the cloud infrastructure consumer created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application hosting environment. BUILD, DEPLOY, & MANAGE APPLICATIONS Development platforms for which the development tool itself is hosted in the cloud and accessed through a browser. Source: The NIST Definition of Cloud Computing, SP

13 Platform as a Service (PaaS) Examples 12

14 Software as a Service (SaaS) The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web based ), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings. Source: The NIST Definition of Cloud Computing, SP

15 Software as a Service (SaaS) Examples 14

16 Learning Objectives Understand how to identify cloud computing Understand cloud computing service models Understand cloud computing deployment models Understand cloud computing risks Understand how to mitigate cloud computing risks 15

17 Cloud Deployment Models Private Cloud The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Co location facility In house data center Outsourced data center 16

18 Cloud Deployment Models Community Cloud The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. Different way of congregating users under an umbrella of services IGT Cloud Cloud space for casino game developers Optum Health Care Cloud Secure HIPAA compliant cloud space for the health system members and participants 17

19 Cloud Deployment Models Public Cloud The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Infrastructure components are shared among organizations, no segregation of data guarantee Hard to gain visibility over where the systems and data are stored Data center owns all infrastructure and access is via internet only 18

20 Cloud Deployment Models Hybrid Cloud The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). Cloud Bursting Organization using a private cloud computing infrastructure for normal usage, but utilize public cloud services for high/peak load requirements. Helps ensure that a sudden spike in computing requirements does not affect availability. 19

21 Learning Objectives Understand how to identify cloud computing Understand cloud computing service models Understand cloud computing deployment models Understand cloud computing risks Understand how to mitigate cloud computing risks 20

22 Why Should I Care? 21

23 Why Should I Care? 22

24 Why Should I Care? 23

25 Why Should I Care? 24

26 Cloud Computing Risks Technical Threat Vulnerable access management (infrastructure and application). Description Information assets could be accessed by unauthorized entities due to faulty or vulnerable access management measures or processes. This could result from a forgery/theft of legitimate credentials or a common technical practice (e.g., administrator permissions override). Risk Mitigation / Control Strategy Contractual agreements to clarify who is allowed access. Review identity access management controls of the cloud services provider (CSP), SOC 1, SOC2. Where possible use your own identity access management controls and systems and not the CSP s. 25

27 Cloud Computing Risks Technical Threat Data visible to other tenants when resources are allocated dynamically. Description This refers to data that have been stored in memory space or disk space that can be recovered by other entities sharing the cloud by using forensics techniques. Risk Mitigation / Control Strategy Contractual agreements to clarify who is allowed access Encrypt all sensitive assets and data Request the CSP s technical specs for wiping data from systems Use a private cloud model with no multitenancy 26

28 Cloud Computing Risks Technical Threat Multitenancy visibility. Due to the nature of multitenancy, some assets (e.g., routing tables, media access controls [MAC] addresses, internal IP addresses, local area network [LAN] traffic) can be visible to other entities in the same cloud. Description Malicious entities in the cloud could take advantage of the information; for example, by utilizing shared routing tables to map the internal network topology of an organization, preparing the way for an internal attack. Risk Mitigation / Control Strategy Contractual agreements to clarify who is allowed access Request a SOC 1, SOC2 report. Use a private cloud model with no multitenancy 27

29 Cloud Computing Risks Technical Threat Application vulnerability attacks Description Due to the nature of SaaS, the applications offered by a CSP are more broadly exposed. Because they can be the target of massive and elaborate application attacks, additional security measures (besides standard network firewalls) are required to protect them. Risk Mitigation / Control Strategy Request that the CSP implements application firewalls, antivirus and antimalware tools. SaaS developed using OWASP standards. SLAs or SOC reports must contain detailed specifications about vulnerability testing, classification and actions taken according to the severity level. 28

30 Cloud Computing Risks Technical Threat Collateral damage Description The organization can be affected by issues involving other entities sharing the cloud. For example, DDoS attacks affecting another entity in the cloud can leave the organization without access to business applications (for SaaS models) or extra computing resources to handle peak loads (for IaaS models). Risk Mitigation / Control Strategy Ask the CSP to include the organization in its incident management process that deals with notification. Ensure the contracted capacity is always available and cannot be directed to other tenants without approval. Use a private cloud model with no multitenancy. 29

31 Cloud Computing Risks Regulatory Threat Asset ownership Description Any asset (data, application or process) migrated to a CSP could be legally owned by the CSP based on contract terms. Thus, the organization can lose sensitive data or have data disclosed because the organization is no longer the sole legal owner of the asset. In the event of contract termination, the organization could even be subject (by contract) to pay fees to retrieve its own assets. Risk Mitigation / Control Strategy Include terms in the contract with the CSP that ensure that the organization remains the sole legal owner of any asset migrated to the CSP. Encrypt all sensitive assets being migrated to the CSP prior to the migration to prevent disclosure and ensure proper key management is in place. 30

32 Cloud Computing Risks Regulatory Threat Asset disposal Description In the event of contract termination, to prevent disclosure of the organization s assets, those assets should be removed from the cloud using tools and processes commensurate to data classification; forensic tools may be necessary to remove sensitive data (or other tools that ensure a complete wipeout). Risk Mitigation / Control Strategy Request CSP s technical specifications and controls that ensure that data are properly wiped and backup media are destroyed when requested. Include terms in the contract that require, upon contract expiration or any event ending the contract, a mandatory data wipe carried out under the organization s review. 31

33 Cloud Computing Risks Regulatory Threat Asset Location Description Information assets (i.e. data) are subject to the regulations of the country where they are stored or processed. A CSP may, without notification, migrate information assets to countries where regulations are less restrictive or their transmission is prohibited. Unauthorized entities that cannot have access to assets in one country may be able to obtain legal access in another country. Conversely, if assets are moved to countries with stricter regulations, the organization can be subject to legal actions and fines for noncompliance. Risk Mitigation / Control Strategy Request the CSP s list of infrastructure locations and verify that regulations in those locations are aligned with your organization s requirements. Include terms in the service contract to restrict the moving of organizational assets to only those areas known to be compliant with the organization s own regulatory concerns. To prevent disclosure, encrypt any asset prior to migration to the CSP, and ensure proper key management is in place. 32

34 Cloud Computing Risks Governance Threat Physical security on all premises where data/applicati ons are stored Description Physical security is required in any infrastructure. When the organization migrates assets to a cloud infrastructure, those assets are still subject to the corporate security policy, but they can also be physically accessed by the CSP s staff, which is subject to the CSP s security policy. There could be a gap between the security measures provided by the CSP and the requirements of the organization. Risk Mitigation / Control Strategy Request the CSP s physical security policy. CSP s independent security reviews or certification reports (e.g., SOC1, SOC 2 report, SOX, PCI DSS, HIPAA, ISO, etc.). Contract language that requires the CSP to be aligned with the organization's security policy. CSP s disaster recovery plans and ensure that they contain the necessary countermeasures to protect physical assets during and after a disaster. 33

35 Cloud Computing Risks Governance Threat Visibility of the security measures put in place by the CSP Description The cloud is similar to any infrastructure in that security measures (technology and processes) should be in place to prevent security attacks. The security measures provided by the CSP should be aligned with the requirements of the organization, including management of security incidents. Risk Mitigation / Control Strategy CSP s independent security reviews or certification reports (e.g., SOC1, SOC 2 report, SOX, PCI DSS, HIPAA, ISO, etc.). Contract language that requires the CSP to provide regular reporting on security (incident reports, intrusion detection system [IDS]/intrusion prevention system [IPS] logs, etc.). Request the CSP s security incident management process to be applied to the organization s assets and ensure that it is aligned with the organization s own security policy. 34

36 Cloud Computing Risks Governance Threat Media management Description Data media must be disposed in a secure way to avoid data leakage and disclosure. Data wipeout procedures must ensure data cannot be reproduced when data media is designated for recycle or disposal. Controls should be in place during transportation (encryption and physical security). This should be specified in the CSP security policy and contract SLA. Risk Mitigation / Control Strategy Request the CSP s process and techniques in place for data media disposal and evaluate whether they meet the requirements of the organization. Include in the contract language that requires the CSP to comply with the organization s security policy. 35

37 Cloud Computing Risks Regulatory Threat Secure software SDLC Description When using SaaS services, the organization must be sure that the applications will meet its security requirements. This will reduce the risk of theft, disclosure and unavailability. Risk Mitigation / Control Strategy Request the CSP s details about the software SDLC policy and procedures in place and ensure that the security measures introduced into the design are compliant with the requirements of the organization. CSP s independent security reviews or certification reports (e.g., SOC1, SOC 2 report, SOX, PCI DSS, HIPAA, ISO, etc.). 36

38 Cloud Computing Risks Governance Threat Service termination issues Description Currently, there is very little available in terms of tools, procedures or other offerings to facilitate data or service portability from CSP to CSP. This can make it very difficult for the organization to migrate from one CSP to another or to bring services back inhouse. It can also result in serious business disruption or failure should the CSP go bankrupt, face legal action, or be the potential target for an acquisition. Risk Mitigation / Control Strategy Ensure by contract or SLA with the CSP an exit strategy that specifies the terms that should trigger the retrieval of the organization s assets in the time frame required by the enterprise. Implement a DRP, taking into account the possibility of complete CSP disruption. 37

39 Cloud Computing Risks Governance Threat Support for audit and forensic investigations Description Security audits and forensic investigations are vital to the organization to evaluate the security measures of the CSP. Performing these actions requires extensive access to the CSP s infrastructure and monitoring capabilities, which are often shared with other CSP s customers. The organization should have the permission of the CSP to perform regular audits and to have access to forensic data without violating the contractual obligations of the CSP to other customers. Risk Mitigation / Control Strategy Request the CSP the right to audit as part of the contract or SLA. If this is not possible, request security audit reports by trusted third parties. Request that the CSP provide appropriate and timely support (logs, traces, hard disk images, etc.) for forensic analysis as part of the contract or SLA. If this is not possible, request to authorize trusted third parties to perform forensic analysis when necessary. 38

40 Next Steps in My Organization Identify and list out all cloud service providers Involve various departments, chances are there are cloud services providers you may not know about! Identify the service model for each Identify the deployment model for each Consider risks noted for each cloud service provider Identify controls in place to mitigate the risks Setup a plan to test the effectiveness of the controls in place 39

41

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes Cloud Computing Supplementary slides Course: Designing and Implementing Service Oriented Business Processes 1 Introduction Cloud computing represents a new way, in some cases a more cost effective way,

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

IS PRIVATE CLOUD A UNICORN?

IS PRIVATE CLOUD A UNICORN? IS PRIVATE CLOUD A UNICORN? With all of the discussion, adoption, and expansion of cloud offerings there is a constant debate that continues to rear its head: Public vs. Private or more bluntly Is there

More information

The NIST Definition of Cloud Computing

The NIST Definition of Cloud Computing Special Publication 800-145 The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication 800-145 The NIST

More information

The NIST Definition of Cloud Computing (Draft)

The NIST Definition of Cloud Computing (Draft) Special Publication 800-145 (Draft) The NIST Definition of Cloud Computing (Draft) Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud? East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management

More information

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - 45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014 Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is

More information

The HIPAA Security Rule: Cloudy Skies Ahead?

The HIPAA Security Rule: Cloudy Skies Ahead? The HIPAA Security Rule: Cloudy Skies Ahead? Presented and Prepared by John Kivus and Emily Moseley Wood Jackson PLLC HIPAA and the Cloud In the past several years, the cloud has become an increasingly

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

The Cloud vs. the Back-Office. Which is right for you?

The Cloud vs. the Back-Office. Which is right for you? The Cloud vs. the Back-Office Which is right for you? Introductions Andy Skrzypczak President NetSource One We help, guide and support frustrated and overwhelmed business owners who want Pain Free IT so

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

1. From the CIO 3. 2. Strategic Direction for Cloud Computing at Kent State 4. 3. Cloud Computing at Kent State University 5

1. From the CIO 3. 2. Strategic Direction for Cloud Computing at Kent State 4. 3. Cloud Computing at Kent State University 5 Kent State University ss Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

Capability Paper. Today, aerospace and defense (A&D) companies find

Capability Paper. Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find themselves at potentially perplexing crossroads. On one hand, shrinking defense budgets, an increasingly

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

REQUEST FOR INFORMATION FLORIDA AGENCY FOR STATE TECHNOLOGY CLOUD SERVICES AND SOLUTIONS RFI NO.: 150925

REQUEST FOR INFORMATION FLORIDA AGENCY FOR STATE TECHNOLOGY CLOUD SERVICES AND SOLUTIONS RFI NO.: 150925 I. PURPOSE REQUEST FOR INFORMATION FLORIDA AGENCY FOR STATE TECHNOLOGY CLOUD SERVICES AND SOLUTIONS RFI NO.: 150925 The State of Florida, Agency for State Technology (AST), hereby issues this Request for

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

6 Cloud computing overview

6 Cloud computing overview 6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

Enhancing Operational Capacities and Capabilities through Cloud Technologies

Enhancing Operational Capacities and Capabilities through Cloud Technologies Enhancing Operational Capacities and Capabilities through Cloud Technologies How freight forwarders and other logistics stakeholders can benefit from cloud-based solutions 2013 vcargo Cloud Pte Ltd All

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era (1944-1978) Workstation Era (1968-1985) Xerox Star 1981!

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era (1944-1978) Workstation Era (1968-1985) Xerox Star 1981! Demystifying Cloud Computing What is Cloud Computing? First, a little history. Tim Horgan Head of Cloud Computing Centre of Excellence http://cloud.cit.ie 1" 2" Mainframe Era (1944-1978) Workstation Era

More information

Strategies for Secure Cloud Computing

Strategies for Secure Cloud Computing WHITE PAPER Cloud Basics Strategies for Secure Cloud Computing An Introduction to Exploring the Cloud There is a lot of buzz these days about cloud computing and how it s going to revolutionize the way

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

CLOUD COMPUTING GUIDELINES FOR LAWYERS

CLOUD COMPUTING GUIDELINES FOR LAWYERS INTRODUCTION Legal practices are increasingly using cloud storage and software systems as an alternative to in-house data storage and IT programmes. The cloud has a number of advantages particularly flexibility

More information

Technology & Business Overview of Cloud Computing

Technology & Business Overview of Cloud Computing Your Place or Mine? In-House e-discovery Platform vs. Software as a Service Technology & Business Overview of Cloud Computing Janine Anthony Bowen, Esq. Jack Attorneys & Advisors www.jack-law.com Atlanta,

More information

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini Business Intelligence (BI) Cloud Prepared By: Pavan Inabathini Summary Federal Agencies currently maintain Business Intelligence (BI) solutions across numerous departments around the enterprise with individual

More information

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:

More information

OVERVIEW Cloud Deployment Services

OVERVIEW Cloud Deployment Services OVERVIEW Cloud Deployment Services Audience This document is intended for those involved in planning, defining, designing, and providing cloud services to consumers. The intended audience includes the

More information

PRIVATE CLOUD PLATFORM OPTIONS. Stephen Lee CEO, ArkiTechs Inc.

PRIVATE CLOUD PLATFORM OPTIONS. Stephen Lee CEO, ArkiTechs Inc. PRIVATE CLOUD PLATFORM OPTIONS Stephen Lee CEO, ArkiTechs Inc. WHAT IS THE CLOUD? Virtualization? Virtualization hosted by someone else? NIST DEFINITION (SP 800-145) Cloud computing is a model for enabling

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro Cloud definitions you've been pretending to understand Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro You keep using that word cloud. I do not think it means what you think it

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there A white paper from Fordway on CLOUD COMPUTING Why private cloud should be your first step on the cloud computing journey - and how to get there PRIVATE CLOUD WHITE PAPER January 2012 www.fordway.com Page

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

ITSM in the Cloud. An Overview of Why IT Service Management is Critical to The Cloud. Presented By: Rick Leopoldi RL Information Consulting LLC

ITSM in the Cloud. An Overview of Why IT Service Management is Critical to The Cloud. Presented By: Rick Leopoldi RL Information Consulting LLC ITSM in the Cloud An Overview of Why IT Service Management is Critical to The Cloud Presented By: Rick Leopoldi RL Information Consulting LLC What s Driving the Move to Cloud Computing Greater than 70%

More information

Soft Computing Models for Cloud Service Optimization

Soft Computing Models for Cloud Service Optimization Soft Computing Models for Cloud Service Optimization G. Albeanu, Spiru Haret University & Fl. Popentiu-Vladicescu UNESCO Department, University of Oradea Abstract The cloud computing paradigm has already

More information

Cloud Computing Security Issues And Methods to Overcome

Cloud Computing Security Issues And Methods to Overcome Cloud Computing Security Issues And Methods to Overcome Manas M N 1, Nagalakshmi C K 2, Shobha G 3 MTech, Computer Science & Engineering, RVCE, Bangalore, India 1,2 Professor & HOD, Computer Science &

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Compliant Cloud Computing Managing the Risks

Compliant Cloud Computing Managing the Risks Reprinted from PHARMACEUTICAL ENGINEERING THE OFFICIAL TECHNICAL MAGAZINE OF ISPE JULY/AUGUST 2013, VOL 33, NO 4 Copyright ISPE 2013 www.pharmaceuticalengineering.org information systems Managing the Risks

More information

Compliant Cloud Computing Managing the Risks

Compliant Cloud Computing Managing the Risks Reprinted from PHARMACEUTICAL ENGINEERING THE OFFICIAL TECHNICAL MAGAZINE OF ISPE JULY/AUGUST 2013, VOL 33, NO 4 Copyright ISPE 2013 www.pharmaceuticalengineering.org information systems Managing the Risks

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

SCADA Cloud Computing

SCADA Cloud Computing SCADA Cloud Computing Information on Cloud Computing with SCADA systems Version: 1.0 Erik Daalder, Business Development Manager Yokogawa Electric Corporation Global SCADA Center T: +31 88 4641 360 E: erik.daalder@nl.yokogawa.com

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy June 2015 Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4.

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

Enterprise Governance and Planning

Enterprise Governance and Planning GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15,

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK

CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK AIPPI 2012 SEOUL XX October 2012 Alexandra NERI, Partner, TMT, +33 1 53 57 70 70, alexandra.neri@hsf.com TOPICS What is cloud computing?

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

Cloud Computing: Risks and Auditing

Cloud Computing: Risks and Auditing IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government October 4, 2009 Prepared By: Robert Woolley and David Fletcher Introduction Provisioning Information Technology (IT) services to enterprises

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Robert Bohn, PhD Advanced Network Technologies Division Cloud FS Americas 2015 New York,

More information

Incident Handling in the Cloud and Audit s Role

Incident Handling in the Cloud and Audit s Role Incident Handling in the Cloud and Audit s Role David Cole, CPA, CISA ISACA National Capital Area Chapter Cloud Computing Conference March 17, 2015 1 Outline Cloud Service Models Cloud Types Summary of

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

Cloud computing is a marketing term for technologies that provide servers, outside of the firewall, for:

Cloud computing is a marketing term for technologies that provide servers, outside of the firewall, for: Peter Hirsch Cloud computing is a marketing term for technologies that provide servers, outside of the firewall, for: Computation Software Applications Data access Storage services.that do not require

More information

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.) Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening

More information

Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012

Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012 Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner 23 February 2012 Foreword Cloud Security Alliance New Zealand Chapter is grateful to Privacy Commissioner for giving an opportunity

More information

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind

More information

Verifying Correctness of Trusted data in Clouds

Verifying Correctness of Trusted data in Clouds Volume-3, Issue-6, December-2013, ISSN No.: 2250-0758 International Journal of Engineering and Management Research Available at: www.ijemr.net Page Number: 21-25 Verifying Correctness of Trusted data in

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

More information

Cloud Computing Risk and Rewards

Cloud Computing Risk and Rewards Cloud Computing Risk and Rewards John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society Convergence 2013 May 8, 2013 John

More information

Cloud Panel Draft Statement of Requirement

Cloud Panel Draft Statement of Requirement Cloud Panel Draft Statement of Requirement August 2014 Statement of Requirement This draft Statement of Requirement (SOR) has been created to provide Commonwealth Agencies, industry members and interested

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

THE CLOUD- CHANGING THE INDIAN HEALTHCARE SYSTEM

THE CLOUD- CHANGING THE INDIAN HEALTHCARE SYSTEM Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 5, May 2013, pg.238

More information

Cloud Computing: BY Mesay Hailemariarm Moreda, Team Leader, government Applications and electronic Services, MCIT, Ethiopia June, 2012

Cloud Computing: BY Mesay Hailemariarm Moreda, Team Leader, government Applications and electronic Services, MCIT, Ethiopia June, 2012 Cloud Computing: BY Mesay Hailemariarm Moreda, Team Leader, government Applications and electronic Services, MCIT, Ethiopia June, 2012 Infrastructure Services Number of Users (Oct. 2011) Capacity in 5

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com IJCSIT, Volume 1, Issue 5 (October, 2014) e-issn: 1694-2329 p-issn: 1694-2345 A STUDY OF CLOUD COMPUTING MODELS AND ITS FUTURE Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India

More information

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer Plan. Prepare. Protect. About Us Formed by a Group of DC Metro

More information

Assessing, Evaluating and Managing Cloud Computing Security

Assessing, Evaluating and Managing Cloud Computing Security Assessing, Evaluating and Managing Cloud Computing Security S.SENTHIL KUMAR 1, R.KANAKARAJ 2 1,2 ASSISTANT PROESSOR, DEPARTMENT OF COMMERCE WITH COMPUTER APPLICATIONS Dr.SNS RAJALAKSHMI COLLEGE OF ARTS

More information

Study concluded that success rate for penetration from outside threats higher in corporate data centers

Study concluded that success rate for penetration from outside threats higher in corporate data centers Auditing in the cloud Ownership of data Historically, with the company Company responsible to secure data Firewall, infrastructure hardening, database security Auditing Performed on site by inspecting

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

security in the cloud White Paper Series

security in the cloud White Paper Series security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),

More information

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Cloud Computing 159.735 Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Table of Contents Introduction... 3 What is Cloud Computing?... 3 Key Characteristics...

More information

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net Buyer s Guide to Secure Cloud Buyer s Guide to Secure Cloud An executive guide to outsourcing IT infrastructure and data storage using Private Cloud as the foundation. Executives derive much confidence

More information

Anatomy of a Cloud Computing Data Breach

Anatomy of a Cloud Computing Data Breach Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations

More information

The Cloud at 30,000 feet. Art Ridgway Scripps Media Inc. Managing Director Newspaper IT Operations

The Cloud at 30,000 feet. Art Ridgway Scripps Media Inc. Managing Director Newspaper IT Operations The Cloud at 30,000 feet Art Ridgway Scripps Media Inc. Managing Director Newspaper IT Operations Survey: Where s home? How many using cloud computing now? How many thinking of using cloud computing? How

More information

William Saichek Professor, Computer Science & Information Systems Orange Coast College

William Saichek Professor, Computer Science & Information Systems Orange Coast College William Saichek Professor, Computer Science & Information Systems Orange Coast College What is Cloud Computing What is Cloud Computing The Internet is NOT the cloud Virtualization is NOT the cloud Storage

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information