SIA Standards Cloud and Mobility Working Group

Size: px
Start display at page:

Download "SIA Standards Cloud and Mobility Working Group"

Transcription

1 SIA Standards Cloud and Mobility Working Group SIA Standards Committee Security Industry Association Silver Spring, Maryland siaonline.org/standards

2 Acknowledgements SIA Standards would like to thank the following individuals for their contributions to this whitepaper effort and for launching the SIA Standards Cloud and Mobility Working Group. Steve Van Till, Brivo Systems (Chair) Dave Adams, HID Global Sal D Agostino, Idmachines Lars Suneborn, Oberthur Steve Surfaro, Axis Communications Charles Wheeler, Brivo Systems Rob Zivney, IDTPartners 2013, Security Industry Association. All rights reserved. Except as expressly granted by the Security Industry Association, no other implied or express license or right is made or granted by Security Industry Association to this work. Moreover, the documentation cannot be used, displayed, excerpted, modified, distributed, or offered for resale or use, without the prior written consent of the Security Industry Association. ii Cloud and Mobility Working Group

3 Introduction Cloud computing is transforming the physical security industry: Applications that were once confined to local, on-premise servers are now hosted in third-party data centers on the Internet. Critical security data that once resided on customer-owned storage devices now resides on service-provider data farms in the cloud. Monthly recurring subscription fees are replacing up-front capital expenditures and significantly reducing day zero investments. Installers and integrators are now expected to have a wide range of networking and information skills, and familiarity with a much wider world of standards than at any time in our industry s history. Similarly, mobile computing is changing the way that every business operates, and it has significant impacts on security: Applications need to be on-demand and uniform across devices, browsers and operating systems. Users demand a consistent experience and full-functionality whether on a personal computer, tablet or smartphone. Proliferation of personal mobile devices enabled for business uses have prompted enterprises to design procedures and policies governing network access for these devices. This has security implications. Security on a mobile platform can be the responsibility of multiple disparate stakeholders, including the mobile service provider, device manufacturer, application provider, system integrator and the enterprise. These developments and changes drive many standards discussions, and security professionals can use a comprehensive view of how they affect our businesses and our customers. Toward that end, the Security Industry Association (SIA) has formed the Cloud & Mobility Working Group, and presents this white paper as an overview of these topics. This document includes a suggested plan for industry standardization efforts that may be undertaken by this group. We welcome your participation in the Cloud & Mobility Working Group. As with all SIA Standards groups, it is an open forum in which anyone may participate at no cost. Please contact Security Industry Association 1

4 Scope and Purpose This white paper provides an overview of how cloud and mobile computing are transforming physical security systems, and where the new technologies and business models are driving security standards. The scope of the document is: A practical definition of what the cloud means to physical security A reference architecture for cloud-based security applications Interaction between cloud and mobility Examples of security application types currently deployed in the cloud The impact of the cloud on integration Candidate cloud and mobility standards Readers are invited to join the SIA Standards Cloud & Mobility Working Group to learn more, and to help influence SIA s future standards activities. What is the Cloud? Cloud computing has become the most widely referenced technology framework of the last decade. 1 Unfortunately, it has also become one of the most widely misrepresented technologies. Marketing claims from vendors and service providers often obscure the difference between real cloud applications and anything that just happens to touch the Internet. At the other end of the spectrum, standards and technology organizations have created abstract definitions of the cloud, making it almost unrecognizable to consumers and business people. Following is one of the clearest and most concise definitions we have found: Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). The name cloud computing was inspired by the cloud symbol that s often used to represent the Internet in flowcharts and diagrams. A cloud service has three distinct characteristics that differentiate it from traditional hosting. It is sold on demand, typically by the minute or the hour; it is elastic a user can have as much or as little of a service as they want at any given time; and the service is fully managed by the provider (the consumer needs nothing but a personal computer and Internet access). Significant innovations in virtualization and distributed computing, as well as improved access to high-speed Internet and a weak economy, have accelerated interest in cloud computing. 2 When most business people reference cloud computing, they are really talking about SaaS, or Software as a Service, which is a complete turnkey solution for some sort of business problem 3. In other words, it is a finished application or service model 1 See References at the end of this document for links to additional materials As of 2012, SaaS was more than twice the size of IaaS and PaaS combined. 2 Cloud and Mobility Working Group

5 designed to perform a particular task, like word processing or accounting or, in the physical security space, services such as access control or surveillance. The other two service models for cloud computing, Infrastructure as a Service (IaaS) and Platform as a Service (PaaS), can both be thought of as raw materials that can be tooled into a solution, using a programming staff, engineers and time and money to make it happen. In that regard, IaaS is simply raw computing power: computers, disk drives, and network infrastructure that can be adapted to perform a given task when a user adds applications to it. PaaS is similar, but it includes a specialized rapid application or server development environment for programmers. Service models are discussed in greater depth later in this paper (Paginated reference) Following is a simple diagram that illustrates a number of the key aspects of cloud computing: Figure 1, The Cloud While there are many graphic representations of the cloud, this diagram illustrates several important aspects for the purposes of this discussion. The cloud is not a new technology per se, but rather a collection of very real physical servers, storage devices, networks, wires and communications technology all the things you would see in a traditional local data center. Considered in their native state with no other software installed, these components are what the industry refers to as IaaS (Infrastructure as a Service) The cloud hosts not just infrastructure resources, but also software applications that perform specific tasks, such as HR, security, finance, etc. Some are very specialized, while others are familiar applications such as and calendaring. These are examples of SaaS (Software as a Service). The cloud also refers to companies that use SaaS to provide a complete value proposition and business model as a finished service that anyone can purchase directly from the SaaS provider. All of the named companies in the picture are examples of this aspect. Security Industry Association 3

6 Mobility Mobility is one of the biggest drivers of technology and investment right now. In fact, mobile traffic as a percentage of total Internet traffic is growing exponentially and showing no sign of slowing down. Therefore, focusing on the cloud as though physical security customers will only be consuming services on standard Internet browsers would be extremely short-sighted. Anything consumed in a browser can be consumed on a mobile platform. Both end-users (purchasers) of security products and security service providers (manufacturers) should keep mobility and mobile devices in mind when purchasing or developing cloud services. Global Mobile Traffic Growing Rapidly to 13% of Internet Traffic Figure 2, Mobile Traffic, Source: StatCounter Global Stats 11/12 Mobile Service Considerations Web or Native Service: Will the service be accessed via mobile browser (web application), or will the service be designed as an application native to the device? Platform: If the service will be accessed from a native application, what platforms will be supported? ios, Android, Windows and/or Blackberry? Device: Will the service work as expected across devices? As devices proliferate, there are a number of form factors (mobile phone, tablet, mini tablet), device fragmentation within those form factors, and differences in embedded technology (cameras, nearfield-communications, SIM/UICC card, MicroSD, etc.) 4 Cloud and Mobility Working Group

7 Mobile Security Considerations Organizations certainly face risks and operational challenges associated with the use of employee-owned devices in the workplace. However, by applying sensible management and security polices coupled with deeper legal clarity and technological tools organizations can mitigate the fear, uncertainty and doubt associated with a mobile workforce, while enjoying the benefits of increased, convenience, portability and control. Mobility in Security Mobility has found many applications in the traditional areas of physical security, including access control, intrusion detection and mass notification. The area that is most advanced in the leveraging of mobile technology, however, is IP video. Industry practitioners estimate that within five years 75 percent of all physical security video will be accessed via mobile devices. Security professionals must prepare for the unique challenges that mobile video brings to network video systems, including high bandwidth and utilization; for many applications, anything less than a high definition (HD) video stream is unacceptable. Mobile video implementations introduce network and system load complexities that need to be planned into infrastructure, and this is a prime reason why an enterprise cloud strategy should complement an enterprise mobile strategy. Across all areas of physical security, implementers must bring together security, scalability and utility for end-users. Security Industry Association 5

8 Security Cloud Reference Model A note on terminology: In attempting to define a cloud computing reference architecture for physical security, it became obvious that we would need a shorthand term to substitute for that rather unwieldy phrase. Thus, the term security cloud will be used to denote a cloud computing system primarily designed to provide electronic physical security as a service. The term is close to the more widespread phrase cloud security which the IT industry, and this paper, will still use to refer to cyber security measures to protect all cloud architectures. While there are many reference models for cloud computing in general, SIA Standards is not aware of any that have been developed specifically to address the unique features of cloud-based physical security systems. Therefore, the simple model presented in the last section needs to be made more relevant to such systems. We believe it is important to do so in order to facilitate meaningful dialogue on the subject. SIA Standards also recognizes that defining a reference model for any technology domain is inherently risky for many reasons. First, there may be major architectural differences among actual implementations, and reference architecture may appear to unintentionally favor one system design over another. Second, technology changes rapidly, and the model runs the risk of becoming outdated. We hope that the reference model developed for this white paper will generate both feedback and greater participation in the SIA Standards Cloud and Mobility Working Group to help improve the model. Models are all designed to answer certain kinds of questions about a domain and leave other aspects undetermined. In our case, we have set out to create a reference model that answers the following questions about cloud-based security systems: Which parts of the system are in the cloud? Which parts of the system are on premise? Which components are specialized for the cloud? Which components are the same as in non-cloud systems? Where is data stored? What happens if connection to the Internet fails? How are redundancy and disaster recovery provided? Where does virtualization fit into cloud security models? How do cloud systems manage cyber security? Are cloud services the same as managed services? Standardization Candidate: Security cloud reference model. Having common terms of reference and an agreed upon abstract architecture. 6 Cloud and Mobility Working Group

9 Reference Diagram The following diagram is a visual representation of the cloud reference model for physical security, or security cloud. By the very nature of reference models, it is a generalization and abstraction of any actual cloud security system in deployment. It is intended show the major components of these system and the relationships between them. Figure 3, Representative Cloud Reference Architecture for Physical Security Premise Components The onsite electronic components of a cloud security system are, in many cases, identical to those of traditional on-premise server systems, albeit with several important exceptions regarding protocols. Below, we briefly catalog these device types and their roles in a cloud security architecture. Sensors: Sensors include all of the familiar input devices, such as readers, door state sensors, request to exit, motion and smoke detectors, etc. In a few cases, devices such as readers may also contain additional door control functionality and may connect directly to a cloud service. Usually, however, these low-level devices are still connected to upstream devices such as controllers or other intelligent devices. They are generally unaffected by cloud architectures. Controllers: Used as a generic term, a controller might be an access control panel, an elevator control panel, a burglar alarm panel, or any other device with embedded firmware applications and processing, and local cache memory. While many controllers already use Internet protocols to communicate with head-end software, there are usually higher-layer protocol differences for controllers that connect directly to cloud services. Edge Devices: For the purposes of our discussion, edge devices are considered to be a special subset of controllers. They are typically smaller in processing power than other controllers and service fewer sensors, but functionally, they play the same role: receiving input from a user and processing information. Security Industry Association 7

10 Cameras: IP cameras have been one of the major enablers of cloud-based surveillance systems. As with controllers, most cameras already use standardized Internet protocols to communicate with video management systems on the same network. However, cameras that connect directly to cloud services will also exhibit some higher-layer protocol differences for direct access to cloud services. Gateways: Among other duties, gateways perform protocol adaptation and/or brokerage services between devices on a local area network (LAN) and a wide area network (WAN) such as the Internet or cloud. Functionally, gateways can allow noncloud-capable devices to be used with cloud services by mediating the connection between the two. They are, therefore, useful as part of a bridging or adaptation strategy for cloud-based physical security services. Local Storage: Local storage plays a role in many cloud security architectures. It provides an on-premises data repository as well as resiliency against Internet or other communications disruptions. For example, local storage is often used in conjunction with cloud video or managed video services to allow high-bandwidth recording to a local medium and cloud-based storage, archiving and retrieval only for only offnormal events. Local Applications: There may be some helper applications running in one or more of the components described above. A local video storage device that normally operates with a cloud application, for example, may also support a local video server application to make video viewable when an Internet connection is not available. Cloud Components Local Applications: Deploying software as multi-tenant, rapidly provisioned, demand-elastic, pooled-resource applications is the signature feature of cloud computing. This model stands in contrast with the traditional deployment of singletenant, dedicated-resource systems at the user s premises. Note that simply moving a legacy application from the user premises to a remote data center does not constitute cloud computing. Servers: Servers that run the applications are housed at data centers, usually operated by a third-party business that specializes in operating data centers. Several models are still prevalent for server deployment, from co-location to IaaS and, for larger cloud companies, ownership of the data centers and all related computing resources. Cloud Storage: Cloud storage refers to pooled data storage equipment that is operated in the context of a cloud service offering. Many consumer companies operate cloud storage services for backup of personal computer files. Likewise, there are numerous cloud storage offerings that operate at enterprise scale to offload the burden of storage from IT departments. In the context of cloud applications for physical security, cloud storage figures prominently in hosted video offerings as well as every SaaS offering (since every application requires storage for data). 8 Cloud and Mobility Working Group

11 Virtualization: Often confused with cloud computing, virtualization refers to a layer of software that simulates a hardware platform or another software platform, such as an operating system. Its purpose is to allow multiple virtual servers to reside on a single physical server, thereby improving hardware utilization efficiency and simplifying many aspects of data center management. While virtualization is a technique often used in cloud computing systems, it is also used in non-cloud systems. It does not provide multi-tenant, resource-pooled applications that are characteristic of cloud systems. Resiliency: The ability of a system to compensate for a failure of one or more components. An example within physical security is the ability of a video system to switch over to local storage if access to cloud-based video storage is temporarily unavailable. This system should be able to recover to its original operating state when access to these services is reestablished. Disaster Recovery: The ability of a system to withstand and recover from the loss of one or more data centers. This differs from resiliency in that a loss of a data center can mean the absence of a number of critical services. Disaster recovery can include access to redundant data centers. Communications It probably goes without saying that, if a security system is cloud-based, it uses Internet protocols. However, the converse is not true: just because a security system uses Internet protocols, that fact alone does not necessarily make it a cloud-based system. Many marketers in the security industry attempt to blur this line, but it is important to maintain the distinction within our reference model. Two of the key differentiators in this regard are the interrelated Center to Edge Discovery and NAT Traversal processes that influence communications session establishment. Center to Edge Discovery: Many IP-based devices, including such common consumer products as printers and webcams, support a center to edge discovery and session establishment process whereby a computer (the center ) on the same Local Area Network can find the device (the edge ) using a standardized protocol such as Bonjour or Avahi. In the security industry, many IP cameras use these types of protocols to allow discovery by VMS. This all works fine so long as the center and the edge reside on the same network. Security Industry Association 9

12 Network Address Translation (NAT) Traversal: In the case of cloud-based systems, firewalls and Network Address Translation (NAT) block center-to- edge discovery and other session establishment techniques from working across disparate networks, such as a local corporate LAN and the Internet at large. In a distributed WAN cloud architecture the traditional center-to-edge discovery process must be reversed, whereby the local device ( edge ) finds the cloud application ( center ), rather than vice versa. Absent an edge-to-center session establishment design, legacy devices that rely on traditional center-to-edge discovery or a manual configuration process in lieu of discovery also require holes in firewalls that most IT security policies won t tolerate. Standardization Candidate: Defining a common cloud session establishment framework for physical security products will promote product interoperability, simplify integrator training requirements, improve information security, and increase performance for end-users. 10 Cloud and Mobility Working Group

13 Cybersecurity for Security Clouds Cybersecurity remains the number one concern among all businesses considering cloud services. Many surveys have documented the fact that data security and privacy considerations are the main impediment to universal cloud adoption. These are obviously important considerations for the physical security market. Both end-users and service providers need to understand the risks and mitigation strategies that are relevant to security and in particular cloud deployments. Unfortunately, the topic of cloud (cyber) security is far too large a topic to treat in any depth in this paper, but very extensive literature is available for the interested reader. For our purposes in this paper, we will describe three broad areas technology, policies, and processes that should be considered, and additional references will be provided at the end of the paper. Technologies Technology is often the first focus when cloud consumers ask what their providers are doing to protect their data, and with good reason. Without the right technologies in place, hackers could easily access databases and subvert online systems. Key technologies that should be deployed in any system include: Firewalls Intrusion prevention/detection systems Anti-virus and anti-malware scanners Access logging Encryption Identity management Most cloud consumers are familiar with the basics of firewalls, anti-virus and intrusion prevention systems but the other technologies may be new to some customers. Encryption: Encryption is commonly used to prevent intercepted information from being exploited by providing secrecy to communications and data storage. When evaluating a cloud provider, it is important that all sensitive information be encrypted both at rest and in transit. Encryption is one of a number of cryptographic processes that are used in delivering security for cloud services. Standards are a fundamental part of any cryptographic and encryption solution. An important component is management of the keys that are used for the operation. Identity Management: Identity management includes a number of enterprise policies, services and technologies. It is a must when dealing with a true multi-tenant cloud both from the user as well as the service provider perspective. To help ensure that only authorized users access information, a variety of methods are used. Smart cards, PKI, SAML, Out of Band on USB and mobile devices and Kerberos, as well as evolving standards such as the OpenID Connect and System for Cross Identity Management (SCIM) represent some of the options in the marketplace. In many cases this is addressed inadequately by a simple UserID and Password solution. There are Security Industry Association 11

14 A note on deployment models : Many readers who have been following the development of cloud solutions will be aware of the distinction between public clouds and private clouds. Public clouds are defined as systems that are offered to the public at large and shared among unrelated people and organizations. Gmail and Salesforce.com would be examples of public cloud solutions. Private clouds are defined as systems that are used by one organization alone. They may run similar software as public cloud systems, but they are closed off for one reason or another. Most of the systems that buyers will see in the physical security market are public clouds. Setting up a private cloud for all but the largest customers (e.g., federal government) defeats the economies of scale that are at the heart of cloud economics. Hybrid deployments can include both categories. identity application, enrollment, registration, issuance and lifecycle management associate with individuals and devices to consider. Policies Technology is useless without effective policies to govern how it is used. Several key policy areas that should be addressed as part of every security cloud system include: Providers should follow best practices, and use certified cybersecurity consultants and auditors to complement their own staff. There is no way that a handful of parttime IT security employees can match the collective knowledge of a qualified expert firm in this area. Cloud services customers should make certain that their provider has implemented policies to manage data, access, and storage. Customers and providers should both be aware that the type of cloud service plays an important role in which policies are most important. What works for a SaaS provider will not be as effective for a PaaS provider. The best resource available for further learning on this topic is the Cloud Security Alliance, an industry trade group dedicated to promoting standards for cloud applications. Processes Processes are the expression of policies, and several of the most important are: End-users should require their providers to have one or more standards security audits and/or penetration tests, such as SAS-70, SSAE-16, ISO 27001, or a relevant federal standard such as FISMA or FedRAMP. Without such an audit, there is no assurance that the provider has implemented or tested any cybersecurity measures. Providers should document each aspect of the cloud and be prepared to provide these documents to end-users. Knowledgeable end-users are not content with a black box cloud service and will expect to be able to review policies, test results and configuration documents that will affect them. Cloud Cybersecurity References The International Information Systems Security Certification Consortium (ISC 2 ) is a non-profit organization established to educate and certify information security professionals. The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing. FedRAMP is an emerging federal cloud security program that follows in the footsteps of the more familiar Federal Information Security Management Act (FISMA) regulations. Its goal is to outline a standard way for cloud services to be authorized for use in the federal government. 12 Cloud and Mobility Working Group

15 Service Models We introduced the concept of service models earlier when providing a definition of the cloud for physical security applications. Most of the cloud community has adopted language from NIST when referencing the three main service models. For this reason, we will adopt the lexicon from the NIST framework when referencing service models. Service Model Software-as-a-Service Distinguishing Characteristics Entire application offered by provider. No development or deployment from user. Readily accessible from client devices. User does not manage infrastructure or apps. Rapidly provisioned, pay-as-you-go. Platform-as-a-Service Provider offers hosted development environment only. User programs own applications. Provider manages lower layers of network. User pays for underlying resources and licenses. Infrastructure-as-a-Service Provider offers managed computing infrastructure; user is responsible for everything else. User pays for raw server/storage infrastructure. While these service models are often presented as several competing alternatives for using the cloud, it is far more useful to ask what they mean to end-users (consumers of services) versus vendors (providers of services). Below we examine which models are relevant for each stakeholder group. Security Industry Association 13

16 A note on managed services: Managed services refer to a subscription based offering in which a service provider uses a labor pool to perform administrative duties on behalf of the end-user. For example, in a standard SaaS system, the end-user would perform such activities as adding and deleting employees from an access control database, generally through a browser. In a managed service, the service providers charge the end-user an additional fee to perform these activities on their behalf. There need not be any technology differences between these approaches; it s just a question of the business model and who sits at the controls. End-User Service Models In the physical security industry, most end-users are not interested in developing their own security cloud. This process would include contracting with an IaaS or PaaS vendor, developing and deploying custom applications, and then using the resulting system as a service. Undertaking that process would defeat the purposes of using cloud services in the first place, which are to lower upfront costs, reduce maintenance expense and enjoy higher service levels. End-users, as security service consumers, can largely ignore the IaaS and PaaS service models. These models may be part of what their SaaS provider uses to make their system work well, but the end-user is typically not exposed to the IaaS and PaaS models in any direct way. The end-user experience is the SaaS experience. Provider Service Models By providers, we refer to companies who have developed a SaaS application for physical security and now offer it to security system customers as a service. For providers, it is very important to ask the question of which service models they want to use to create the end-user SaaS service they are offering. For example, a provider might decide to use an IaaS provider as a way of rapidly scaling their capacity at low capital cost, while lowering staffing requirements for IT technicians. A provider writing an entirely new application might decide that a PaaS development and deployment model is their most rapid path to market. However, in both cases, the SaaS experience should be transparent to the end-user. Detailed discussion of how to build a service offering is beyond the scope of this paper. Our real focus is on examining how these service models, and the SaaS service model in particular, are being deployed for security customer consumption in today s market. 14 Cloud and Mobility Working Group

17 The Cloud Model for Security Apps: Industry Survey We will now examine how the Security Cloud Reference Model and the SaaS Service Model are currently being used to deliver physical security services. Understanding what is already present in the market is a prelude to understanding where the security industry may find it advantageous to develop security cloud standards, which is the purpose of this working group. The following table presents an overview of the types of applications being delivered as cloud-based systems, and how they relate to the reference model developed earlier in this paper. The table identifies common local components, cloud components and service models in the current physical security market. Access Control Table 1, Reference Models vs Security Applications Local Cloud Service Models LAN UX Credentials Readers Controllers Sensors Web Server Application Database Hosted Video Cameras Web Server Application Video Storage Managed Video Cameras Local Storage Local UI Web Server Application Video Archiving SaaS Managed Service SaaS SaaS Mass Notification Identity Management Systems (IDMS) Identity and Entity Registration Credentials Web Server Application Database Web Server Application Database SaaS Managed Service SaaS Managed Service Lifecycle Management Readers (logical access) and other required endpoints. Security Industry Association 15

18 Standardization Candidate: Agreement on mapping between reference model and components, including nomenclature, present in each type of service offering in the industry. Integration Models From a systems integration standpoint, cloud services are integrated differently than most legacy systems. Following are several of the major differences, which all suggest opportunities for standardization. APIs vs. SDKs Cloud service providers typically do not distribute SDKs because SDKs are necessarily platform-specific, which is antithetical to the value of cloud applications. Instead, most cloud service providers publish API definitions that integrators and developers can build however they want. This usually means defining one or more Web services APIs from a family of protocols that includes SOAP, REST, XML-RPC, and several others. Subscriptions vs. Licenses Cloud service providers (almost by definition) sell subscriptions, not licenses. This changes the way that projects are bid, priced and scoped. It also raises questions of data ownership and recovery that are unique to the cloud service model. 16 Cloud and Mobility Working Group

19 Candidate Cloud Standards Throughout this document, we have identified a number of candidates for standardization. Determining which ones are actually pursued will be the subject of ongoing meetings of the Cloud & Mobility Working Group, which anyone is welcome to join. Reference Model The reference model (see Figure 3, Representative Cloud Reference Architecture for Physical Security), along with the nomenclature it uses, is a primary candidate for standardization. Having common terms of reference including an agreed upon abstract architecture and mapping of security cloud components are a necessary foundation for any further standardization. Technical We have identified the following technical candidates: Session establishment, by which on-premise or edge devices connect automatically to Web Services established by security system cloud providers. Best Practices We have identified the following best practices as candidates: CSA best practices are references for core cybersecurity of cloud services, but the working group believes that these should be extended for the electronic devices typically used in security systems. Privacy We have identified the following privacy policies as use case candidates: Privacy of video data Privacy of personally identifiable information (PII) Information Security The Cloud and Mobility Working Group will also examine existing standards and best practices in the areas of information security, compliance, and identity within the cloud. Security Industry Association 17

20 Relationship to Other Specifications The working group will develop a framework for understanding how SIA cloud standards are related to other standards efforts. We believe that it is important for SIA Standards to take a leadership role in various international standards organizations that have yet to address the matter of cloud implementations of physical security systems. References Cloud computing is a big topic, described by numerous articles, books, blogs, and formal treatments by standards organizations, government agencies and international bodies. The following references are by no means exhaustive, but rather a curated list that we believe will be most relevant to the security reader. Cloud Definitions National Institute of Technology and Standards Cloud Standards CloudStandards.org Cloud Standards Customer Council Openstack Open Cloud Initiative Identity National Strategy for Trusted Identities in Cyberspace Kantara Initiative OpenID Foundation Privacy Internet Privacy - American Civil Liberties Union Electronic Frontier Foundation Mobile Computing PCIA The Wireless Infrastructure Association 18 Cloud and Mobility Working Group

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

How to Turn the Promise of the Cloud into an Operational Reality

How to Turn the Promise of the Cloud into an Operational Reality TecTakes Value Insight How to Turn the Promise of the Cloud into an Operational Reality By David Talbott The Lure of the Cloud In recent years, there has been a great deal of discussion about cloud computing

More information

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service Cloud Computing Although cloud computing is quite a recent term, elements of the concept have been around for years. It is the maturation of Internet. Cloud Computing is the fine end result of a long chain;

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

Brivo OnAir TOTAL COST OF OWNERSHIP (TCO) How Software-as-a-Service (SaaS) lowers the Total Cost of Ownership (TCO) for physical security systems.

Brivo OnAir TOTAL COST OF OWNERSHIP (TCO) How Software-as-a-Service (SaaS) lowers the Total Cost of Ownership (TCO) for physical security systems. Brivo OnAir TOTAL COST OF OWNERSHIP (TCO) How Software-as-a-Service (SaaS) lowers the Total Cost of Ownership (TCO) for physical security systems. WHITE PAPER Page 2 Table of Contents Executive summary...

More information

How cloud computing can transform your business landscape.

How cloud computing can transform your business landscape. How cloud computing can transform your business landscape. This whitepaper will help you understand the ways cloud computing can benefit your business. Introduction It seems like everyone is talking about

More information

How cloud computing can transform your business landscape

How cloud computing can transform your business landscape How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Getting Familiar with Cloud Terminology. Cloud Dictionary

Getting Familiar with Cloud Terminology. Cloud Dictionary Getting Familiar with Cloud Terminology Cloud computing is a hot topic in today s IT industry. However, the technology brings with it new terminology that can be confusing. Although you don t have to know

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Enterprise Cloud Computing Standards, Innovation & Shifts

Enterprise Cloud Computing Standards, Innovation & Shifts Enterprise Cloud Computing Standards, Innovation & Shifts Anubrata Chakrabarti Director, Technology Integration July 29, 2011 Standards - the need & the way forward Hybrid Cloud Community Cloud Does every

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

FICAM and Software as a Service

FICAM and Software as a Service The Comments of Brivo Systems, LLC On FICAM Version 1.0 FICAM and Software as a Service SaaS and the efficient realization of FICAM goals by Steve Van Till President & CEO Brivo Systems Table of Contents

More information

Secure Cloud Computing through IT Auditing

Secure Cloud Computing through IT Auditing Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the

More information

6 Cloud computing overview

6 Cloud computing overview 6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based

More information

Capturing the New Frontier:

Capturing the New Frontier: Capturing the New Frontier: How Software Security Unlocks the Power of Cloud Computing Executive Summary Cloud computing is garnering a vast share of IT interest. Its promise of revolutionary cost savings

More information

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST No Longer On The Horizon Essential Characteristics On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service

More information

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud Overview The purpose of this paper is to introduce the reader to the basics of cloud computing or the cloud with the aim of introducing the following aspects: Characteristics and usage of the cloud Realities

More information

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled HEXAWARE Q & A E-BOOK ON CLOUD BI Layers Applications Databases Security IaaS Self-managed

More information

Securing The Cloud With Confidence. Opinion Piece

Securing The Cloud With Confidence. Opinion Piece Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

The Key Components of a Cloud-Based Unified Communications Offering

The Key Components of a Cloud-Based Unified Communications Offering The Key Components of a Cloud-Based Unified Communications Offering Organizations must enhance their communications and collaboration capabilities to remain competitive. Get up to speed with this tech

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

Cloud Computing in Higher Education: A Guide to Evaluation and Adoption

Cloud Computing in Higher Education: A Guide to Evaluation and Adoption Cloud Computing in Higher Education: A Guide to Evaluation and Adoption Executive Summary Public cloud computing delivering infrastructure, services, and software on demand through the network offers attractive

More information

Leveraging the Private Cloud for Competitive Advantage

Leveraging the Private Cloud for Competitive Advantage Leveraging the Private Cloud for Competitive Advantage Introduction While it is universally accepted that organisations will leverage cloud solutions to service their IT needs, there is a lack of clarity

More information

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

GETTING THE MOST FROM THE CLOUD. A White Paper presented by GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are

More information

TOP 10 CLOUD MYTHS DEBUNKED Navigating to the Cloud - Maximize Operational Efficiencies and Minimize by Avoiding Common Cloud Myths WHITE PAPER

TOP 10 CLOUD MYTHS DEBUNKED Navigating to the Cloud - Maximize Operational Efficiencies and Minimize by Avoiding Common Cloud Myths WHITE PAPER TOP 10 CLOUD MYTHS DEBUNKED Navigating to the Cloud - Maximize Operational Efficiencies and Minimize by Avoiding Common Cloud Myths WHITE PAPER Contents 1. EXECUTIVE SUMMARY 2. INTRODUCTION Top Market

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

A Survey on Cloud Security Issues and Techniques

A Survey on Cloud Security Issues and Techniques A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com

More information

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

VMware vcloud Powered Services

VMware vcloud Powered Services SOLUTION OVERVIEW VMware vcloud Powered Services VMware-Compatible Clouds for a Broad Array of Business Needs Caught between shrinking resources and growing business needs, organizations are looking to

More information

Virtualization and Cloud Computing

Virtualization and Cloud Computing Written by Zakir Hossain, CS Graduate (OSU) CEO, Data Group Fed Certifications: PFA (Programming Foreign Assistance), COR (Contracting Officer), AOR (Assistance Officer) Oracle Certifications: OCP (Oracle

More information

Buyers Guide to ERP Business Management Software

Buyers Guide to ERP Business Management Software Buyers Guide to ERP Business Management Software one 1. Introduction When you search for ERP or Enterprise Resource Planning on the web, the sheer amount of information that appears can be overwhelming

More information

Avnet's Guide to Cloud Computing

Avnet's Guide to Cloud Computing Avnet's Guide to Cloud Computing Reimagine Transform Accelerate Cloud Computing from A Z Avnet can help you reduce complexity by understanding the terminology and phrases associated with cloud computing.

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

The Elephant in the Room: What s the Buzz Around Cloud Computing?

The Elephant in the Room: What s the Buzz Around Cloud Computing? The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton

More information

Time to Value: Successful Cloud Software Implementation

Time to Value: Successful Cloud Software Implementation Time to Value: Successful Cloud Software Implementation Cloud & Data Security 2015 Client Conference About the Presenter Scott Schimberg, CPA, CMA Partner, Consulting, Armanino Scott became a Certified

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

The Key Components of a Cloud-Based UC Offering

The Key Components of a Cloud-Based UC Offering The Key Components of a Cloud-Based UC Offering Organizations must enhance their communications and collaboration capabilities to remain competitive. Get up to speed with this tech primer and find new

More information

MANUFACTURING IN THE CLOUD IMPROVED PRODUCTIVITY AND COST SAVINGS ARE ON THE HORIZON

MANUFACTURING IN THE CLOUD IMPROVED PRODUCTIVITY AND COST SAVINGS ARE ON THE HORIZON MANUFACTURING IN THE CLOUD IMPROVED PRODUCTIVITY AND COST SAVINGS ARE ON THE HORIZON White paper by Bala Adiseshan President & CEO inkumo, Inc. MANUFACTURING IN THE CLOUD: IMPROVED PRODUCTIVITY AND COST-

More information

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this

More information

security in the cloud White Paper Series

security in the cloud White Paper Series security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),

More information

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure KEMP LoadMaster Enabling Hybrid Cloud Solutions in Microsoft Azure Introduction An increasing number of organizations are moving from traditional on-premises datacenter architecture to a public cloud platform

More information

THE BLUENOSE SECURITY FRAMEWORK

THE BLUENOSE SECURITY FRAMEWORK THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program

More information

CLOUD COMPUTING SECURITY ISSUES

CLOUD COMPUTING SECURITY ISSUES CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights

More information

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication Cloud Computing Secured Thomas Mitchell CISSP A Technical Communication Abstract With the migration to Cloud Computing underway in many organizations IT infrastructure, this will cause a paradigm shift

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

Everything You Need To Know About Cloud Computing

Everything You Need To Know About Cloud Computing Everything You Need To Know About Cloud Computing What Every Business Owner Should Consider When Choosing Cloud Hosted Versus Internally Hosted Software 1 INTRODUCTION Cloud computing is the current information

More information

Cloud Computing. Cloud computing:

Cloud Computing. Cloud computing: Cloud computing: Cloud Computing A model of data processing in which high scalability IT solutions are delivered to multiple users: as a service, on a mass scale, on the Internet. Network services offering:

More information

White Paper: Optimizing the Cloud Infrastructure for Enterprise Applications

White Paper: Optimizing the Cloud Infrastructure for Enterprise Applications White Paper: Optimizing the Cloud Infrastructure for Enterprise Applications 2010 Ashton, Metzler, & Associates. All rights reserved. Executive Summary Given the technological and organizational risks

More information

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access

More information

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors Bringing the Cloud into Focus A Whitepaper by CMIT Solutions and Cadence Management Advisors Table Of Contents Introduction: What is The Cloud?.............................. 1 The Cloud Benefits.......................................

More information

20 th Year of Publication. A monthly publication from South Indian Bank. www.sib.co.in

20 th Year of Publication. A monthly publication from South Indian Bank. www.sib.co.in To kindle interest in economic affairs... To empower the student community... Open YAccess www.sib.co.in ho2099@sib.co.in A monthly publication from South Indian Bank 20 th Year of Publication Experience

More information

Understanding The Cloud

Understanding The Cloud Understanding The Cloud Benefits and Considerations for Fund Managers Backstop Solutions Group www.backstopsolutions.com Executive Summary Today, cloud computing pervades nearly every aspect of our digital

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government October 4, 2009 Prepared By: Robert Woolley and David Fletcher Introduction Provisioning Information Technology (IT) services to enterprises

More information

http://ubiqmobile.com

http://ubiqmobile.com Mobile Development Made Easy! http://ubiqmobile.com Ubiq Mobile Serves Businesses, Developers and Wireless Service Providers Businesses Be among the first to enter the mobile market! - Low development

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

SafeMail April 2015. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres.

SafeMail April 2015. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres. SafeMail April 2015 Secure cloud solutions with guaranteed UK data sovereignty. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres. Detailing the

More information

Making Sense of Cloud Computing in the Public Sector. By EVA OlSAKER

Making Sense of Cloud Computing in the Public Sector. By EVA OlSAKER Making Sense of Cloud Computing in the Public Sector By EVA OlSAKER Every other article or news clip about government Platform as a Service. PaaS allows customers to use hardware, operating systems, storage,

More information

The Internet of ANYthing

The Internet of ANYthing The of ANYthing Abstract It is projected that by 2020 there will be 50 billion things connected to the. This presents both unprecedented opportunity and challenge. In the global network of things, new

More information

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization How Data-Centric Protection Increases Security in Cloud Computing and Virtualization Executive Overview Cloud services and virtualization are driving significant shifts in IT spending and deployments.

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Fujitsu Dynamic Cloud Bridging today and tomorrow

Fujitsu Dynamic Cloud Bridging today and tomorrow Fujitsu Dynamic Cloud Bridging today and tomorrow Contents Cloud Computing with Fujitsu 3 Fujitsu Dynamic Cloud: Higher Dynamics for Enterprises 4 Fujitsu Dynamic Cloud: Our Offering 6 High Security Standards

More information

Middleware- Driven Mobile Applications

Middleware- Driven Mobile Applications Middleware- Driven Mobile Applications A motwin White Paper When Launching New Mobile Services, Middleware Offers the Fastest, Most Flexible Development Path for Sophisticated Apps 1 Executive Summary

More information

An Introduction to Cloud Computing Concepts

An Introduction to Cloud Computing Concepts Software Engineering Competence Center TUTORIAL An Introduction to Cloud Computing Concepts Practical Steps for Using Amazon EC2 IaaS Technology Ahmed Mohamed Gamaleldin Senior R&D Engineer-SECC ahmed.gamal.eldin@itida.gov.eg

More information

OVERVIEW Cloud Deployment Services

OVERVIEW Cloud Deployment Services OVERVIEW Cloud Deployment Services Audience This document is intended for those involved in planning, defining, designing, and providing cloud services to consumers. The intended audience includes the

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Remote Voting Conference

Remote Voting Conference Remote Voting Conference Logical Architecture Connectivity Central IT Infra NIST Best reachability in India for R-Voting Initiative 200+ Physical MPLS POPs across India 5 Regional Data Centre at Pune,

More information

1 Introduction. 2 What is Cloud Computing?

1 Introduction. 2 What is Cloud Computing? 1 Introduction Table of Contents 1 Introduction 2 What is Cloud Computing? 3 Why is Cloud Computing important? 4 Why Cloud deployments fail? 5 Holistic Approach to cloud computing implementation 6 Conclusion

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

EAaaS Cloud Security Best Practices

EAaaS Cloud Security Best Practices EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

Introduction to Cloud Services

Introduction to Cloud Services Introduction to Cloud Services (brought to you by www.rmroberts.com) Cloud computing concept is not as new as you might think, and it has actually been around for many years, even before the term cloud

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Asigra Cloud Backup V13.0 Gives You Greater Flexibility and Expands Your Total Addressable Market

Asigra Cloud Backup V13.0 Gives You Greater Flexibility and Expands Your Total Addressable Market Datasheet Asigra Cloud Backup V13.0 Gives You Greater Flexibility and Expands Your Total Addressable Market As a provider of cloud-based data protection services, you want to offer customers a spectrum

More information

Windows Embedded Security and Surveillance Solutions

Windows Embedded Security and Surveillance Solutions Windows Embedded Security and Surveillance Solutions Windows Embedded 2010 Page 1 Copyright The information contained in this document represents the current view of Microsoft Corporation on the issues

More information

DLT Solutions and Amazon Web Services

DLT Solutions and Amazon Web Services DLT Solutions and Amazon Web Services For a seamless, cost-effective migration to the cloud PREMIER CONSULTING PARTNER DLT Solutions 2411 Dulles Corner Park, Suite 800 Herndon, VA 20171 Duane Thorpe Phone:

More information

Infrastructure Virtualization for Hybrid Cloud

Infrastructure Virtualization for Hybrid Cloud Infrastructure Virtualization for Hybrid Cloud Technology Transformation Public cloud has delivered elastic computing to enterprises by offering on-demand resources to accommodate the burst computing needs.

More information

industry perspective: MAKING SMARTER IT INVESTMENTS: Customizing the Cloud

industry perspective: MAKING SMARTER IT INVESTMENTS: Customizing the Cloud industry perspective: MAKING SMARTER IT INVESTMENTS: Customizing the Cloud 1 A Brief Introduction Today, cloud computing offers government the opportunity to re-imagine how services are delivered. But

More information

Optimizing Data Center Networks for Cloud Computing

Optimizing Data Center Networks for Cloud Computing PRAMAK 1 Optimizing Data Center Networks for Cloud Computing Data Center networks have evolved over time as the nature of computing changed. They evolved to handle the computing models based on main-frames,

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

Compliance and the Cloud: What You Can and What You Can t Outsource

Compliance and the Cloud: What You Can and What You Can t Outsource Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

RSS Cloud Solution COMMON QUESTIONS

RSS Cloud Solution COMMON QUESTIONS RSS Cloud Solution COMMON QUESTIONS 1 Services... 3 Connectivity... 5 Support... 6 Implementation... 7 Security... 8 Applications... 9 Backups... 9 Email... 10 Contact... 11 2 Services What is included

More information

The Advantages of Security as a Service versus On-Premise Security

The Advantages of Security as a Service versus On-Premise Security The Advantages of Security as a Service versus On-Premise Security ABSTRACT: This document explores the growing trend of hosted/managed security as a service and why the cloud is quickly becoming the preferred

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information