CLOUD MIGRATION. Celina Alexandre M6807

Size: px
Start display at page:

Download "CLOUD MIGRATION. Celina Alexandre M6807"

Transcription

1 CLOUD MIGRATION M6807 S

2 Content 1. Introduction 2. Methodology 3. Requirements Definition Phase 3.1. Strategy 3.2. Knowledge 06/05/15 2

3 Content 4. Analysis Phase 4.1. Aplications and Systems 4.2. Development Model 06/05/15 3

4 Content 4.3. Service Model SaaS Migration Considerations PaaS Migration Considerations IaaS Migration Considerations 4.4. Provider Avaliation 06/05/15 4

5 Content 5. Security Phase 5.1. Migration Tests 5.2. Security Policies 5.3. Security Controls 06/05/15 5

6 Content 6. Operation Phase 7. SaaS Example Normal Proccess 8. SaaS Example 9. References 06/05/15 6

7 1. Introduction S The term cloud is everytime presente in our daily life; S Looking at the advantages, companies have started to think about it as an appealing option; S However, for some companies using cloud services can presente some threats; S All companies should carefully, plan and analyze the change; 06/05/15 7

8 1. Introduction (Cont.) S When using cloud services becomes an option, one should always take into account security issues, analyzing them, finding solutions to mitigate them; S A good organization plan should be presente in all projects if they are to succeed; 06/05/15 8

9 1. Introduction (Cont.) S That being said, one should always have presente a good methodology that helps create a good tasks planning; S 4 Phases Methodology (Walter Andrew Shewhart, 30 s): S Plan; S Do; S Check; S Act. 06/05/15 9

10 2. Methodology S Based on the methodology presented before, in the 50 s, Edward Deming proposed that the business processes, as well as the systems, should be monitorized, measured and analyzed continuously identifying more easily faults and measures to correct them; 06/05/15 10

11 2. Methodology (Cont.) S Deming Plan-Do-Check-Act: S Plan: identification phase of what can be improved and all the necessary changes; S Do: changes implementation phase; S Check: obtained results analysis phase; S Act: phase to correct all that didn t work. 06/05/15 11

12 3. Requirements Definition Phase S One of the most important phases in all projects; S Well defined and clarified objectives; S Organization expertise level identification; S Requirements definition (need of learning); S Or, decide to use external services. 06/05/15 12

13 3.1. Strategy S The plan should include: S Risks and threats; S Applications and systems; S Well defined objectives; S Infrastructures and technologies in the new service; S Existing beneficts; 06/05/15 13

14 3.1. Strategy (Cont.) S Clear and suficient information to answer questions like: S Should the migration project be abandoned? Reduced? Delayed? S The cloud services are the most suitable for the business? S Should more careful analysis be made? 06/05/15 14

15 3.2. Knowledge S The plan before described should be able to make a complete assessment of the thecnical knowledge needed; S With these plans there is an assurance that the project can be accomplished and that all involved have a common definition of the topic at hand: cloud computing. 06/05/15 15

16 4. Analysis Phase S In the analysis phase the applications and systems ready to migrate are identified; S An analysis of the development models should be made, based on efficiency, economic beneficts, agility and inovation. 06/05/15 16

17 4.1. Aplications and Systems S A careful analysis should be made to evaluate what s best; S These can vary from organization, depending on the necessities, information to migrate, laws, regulations, etc 06/05/15 17

18 4.1. Aplications and Systems (Cont.) S The analysis should be made with basis on the following classification: S S S S Availability: identify minimum requirements; Latency: identify the minimum latency requirements for each application; Integration: level of integration, integrated applications can complicate the proccess, unlike stand-alone ones; Portability: evaluate the data migration capacity. 06/05/15 18

19 4.1. Aplications and Systems (Cont.) S In terms of security it is necessary to evaluate: S S S S Security: data security requirements and available system encryption options; Privacy and Confidentiality: security requirements that allow the control of privacy and confidentiality; Integrity: assure information integrity using redundancy, etc. Compliance: specific laws and regulations regarding sensible information. 06/05/15 19

20 4.2. Development Model S There are several facts to consider, for exemple: economic and security issues; S Organizations may choose to use a private or public cloud, depending of the necessity and available budget. 06/05/15 20

21 4.2. Development Model (Cont.) S The following table shows a brief analysis of both cloud models: Factor Public Cloud Private cloud Costs Low cost; Only pay for the necessary services; Cloud provider in charge of the Infrastructure. High cost: - Instalation; - Configuration; - Maintenance. Access to the available hardware. 06/05/15 21

22 4.2. Development Model (Cont.) Factor Public Cloud Private cloud Security Suitable for information or services not critical for the organization. Suitable for information or services critical for the organization. 06/05/15 22

23 4.2. Development Model (Cont.) Factor Public Cloud Private cloud Threats Limited Infrastructure control since it is in charge of the cloud provider; Requires good security policies that should be assured in the contract. Controls to protect the private cloud can be implemented. 06/05/15 23

24 4.2. Development Model (Cont.) Factor Public Cloud Private cloud Scalability High, virtually infinite, only limited by the contract between cliente and provider. Low, limited to the infrastructure and monetary resources available. 06/05/15 24

25 4.3. Service Model S In choosing from the several servisse models, Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), it is necessary to take into consideration the organization business requirements; S Have knowledge of the requirements for the type of system or information used. 06/05/15 25

26 SaaS Migration Considerations S Security options restricted at the application level; S Model used for colaboration applications, i.e., , productivity, Customer Relationship Management (CRM), or specific sectors, like logistics; 06/05/15 26

27 SaaS Migration Considerations (Cont.) S Since comunication is done via Internet, it should be considered to use encryption system (proprietary or from other entities); S For critical information it should not only used its own encryption systems, as well as encryption of data stored on the provider 's infrastructure. 07/05/15 27

28 PaaS Migration Considerations S The PaaS offer lies mostly in a complete development environment; S It is an indicated model for own or custom applications or custom applications, security services, databases services, etc. 06/05/15 28

29 PaaS Migration Considerations (Cont.) S Security considerations cover the access control and authorization, operation in shared environments, information and data;; S This model operates on a shared environment, so a strong authentication framework is essential to ensure that access to information is made only by those with permission. 06/05/15 29

30 IaaS Migration Considerations S The vendor provides a complete infrastructure to its customers; S Customers can install and provide services and resources to internal and external users; S It applies primarily to disk space, computing, storage, web page publishing and to backup and disaster recovery systems. 06/05/15 30

31 IaaS Migration Considerations (Cont.) S The customer must ensure that the implemented security controls can effectively separate and secure virtual machines, use of memory, network and storage resources; S As in previous models, encryption methods must be considered either to data in transit, whether for data at rest. 06/05/15 31

32 4.4. Provider Avaliation S This is a complex process which should check comparative standards, in a way that enables a real comparison between the different potential providers of services; S This analysis should focus the following: S Services, data and applications integration: analyze the existing infrastructure integration features in the organization with the services provided by the cloud provider; 06/05/15 32

33 4.4. Provider Avaliation (Cont.) S Protect data and information: analyse which encryption systems the provider has available; S Performance: make admission tests to make sure it is not too slow; S Contract negotiations: conform key settings, such as portability of information and systems, the ease of switching provider, change contractual terms of services, etc. 06/05/15 33

34 4.4. Provider Avaliation (Cont.) S S Physical security: check safety standards for implemented installations and what evidence can be provided; Product support : confirm the inclusion of technical support in the contract and the additional costs of providing this service. Also check the time in which this is available and what training and certification the support team has; S References: request a list of all customers, preferably up to date, and look for information about the organization. 06/05/15 34

35 5. Security Phase S At this stage we define controls attesting that the security is effective and observed; S Migration tests should be planned, tested and performed to allow a good decision of when and how the migration of applications, data and information should be conducted; S These tests determine whether the migration is done in stages or all at once, understanding the need to maintain services or applications in parallel and for how long. 06/05/15 35

36 5.1. Migration Tests S Migration tests are one of the final steps; S The planning and execution of migration may vary depending on whether the classification of the application: essential or imply losses for the company if it is stopped; S If the application is classified as in the previous topic this the migration should be achieved in phases, coexisting both infrastructures; 06/05/15 36

37 5.1. Migration Tests (Cont.) S The information collected in all the previous steps should be used for creating tests; S A well made and applied test plan will assure a cloud migration project success. 06/05/15 37

38 5.1. Migration Tests (Cont.) S In these tests, the following features should be analyzed: S Confirm the integrity of the data; S Set recovery plans and disaster response ; S Check the need for training workers whose job is to answer questions or problems of users; S Set a return plan in case of unexpected problems arise. 07/05/15 38

39 5.2. Security Policies S Approved by the management of the organization; S A security policy should have (Winkler, 2011): S Identification of all resources and systems we want to protect; S Identify vulnerabilities, threats and exposure to threats; S Measures to protect resources, evaluate security controls and estimate implementation costs. 06/05/15 39

40 5.3. Security Controls S They are administrative, technical and physical measures attesting that security policies are observed and followed; S Guarantee and minimize the loss or unauthorized alteration of the information, unavailability of systems, service degradation and the loss of access to systems. 06/05/15 40

41 5.3. Security Controls (Cont.) S Physical controls: implementation of security controls that prevent unauthorized access to facilities, equipment or systems; S Technical controls: implementing access control technology information stored in IT systems; S Administrative controls: implementation of administrative security controls that prevent access to information intentionally or not. 06/05/15 41

42 6. Operation Phase S It is the last step that occurs after the migration; S It is a strategic assessment at regular intervals to ensure that the contracted services are within the defined objectives; S Metric analysis process should be established so that there is a contract with enforcement agreed with the supplier; 06/05/15 42

43 6. Operation Phase (Cont.) S These processes should: S Promote internal information collection to support achievement of a qualitative and quantitative analysis to assess problems and weaknesses to solve; S Attest to the safety and privacy with the rules that are in force; S Monitor the performance of the contract with the supplier guaranteeing that this is being complied with; 06/05/15 43

44 6. Operation Phase (Cont.) S Analyze similar services from other providers so there is a comparison of the service, conditions, etc... S Ask the supplier for certificates, inspections and audits that guarantee that the processes are maintained and safety checks are laid down in the contract; S Establish billing process monitoring of contracted services and services actually consumed. 06/05/15 44

45 7. SaaS Example Normal Proccess 1. New worker 2. Notification from the access manager to the helpdesk: 5. Worker has access 4. Worker notified Problems: Manual process; Slow; Low volume. 3. Access is assured 06/05/15 45

46 8. SaaS Example 4. Automatic welcome e- mail Work makes request 5. Using application 2. Service invoked automatically Sign up page Beneficts: Automatic; Fast; High volume. Problem: Access restrictions. Access Management Service 3. User registered 06/05/15 46

47 9. References S Dissertação-Migração%20e%20segurança%20em%20plataformas %20cloud%20computing%20-%20Roberto%20Silva.pdf S Zhang.pdf S %2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber %3D &authDecision=-203 S Presentations_ /CMG%20App%20Migration%20PPT.pptx 06/05/15 47

48 CLOUD MIGRATION M6807 S

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

EXIN Cloud Computing Foundation

EXIN Cloud Computing Foundation Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Private vs. Public Cloud Solutions

Private vs. Public Cloud Solutions Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cloud Computing Backgrounder

Cloud Computing Backgrounder Cloud Computing Backgrounder No surprise: information technology (IT) is huge. Huge costs, huge number of buzz words, huge amount of jargon, and a huge competitive advantage for those who can effectively

More information

Quick guide: Using the Cloud to support your business

Quick guide: Using the Cloud to support your business Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses

More information

Refresher on cloud computing

Refresher on cloud computing Refresher on cloud computing Cloud computing is a form of outsourcing where the organization outsources data processing to computers owned by the vendor. Outsourcing may also include utilizing the vendor

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014 An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

The silver lining: Getting value and mitigating risk in cloud computing

The silver lining: Getting value and mitigating risk in cloud computing The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material

More information

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

penelope athena software SOFTWARE AS A SERVICE INFORMATION PACKAGE case management software

penelope athena software SOFTWARE AS A SERVICE INFORMATION PACKAGE case management software penelope case management software SOFTWARE AS A SERVICE INFORMATION PACKAGE athena software "I've worked with major corporations and universities and I am really impressed with Athena's hosted server and

More information

Security Officer s Checklist in a Sourcing Deal

Security Officer s Checklist in a Sourcing Deal Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Wednesday, January 16, 2013

Wednesday, January 16, 2013 Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago, IL 60654 312.832.4500 Wednesday,

More information

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Technology Service Manager Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance ADVANCED INTERNET TECHNOLOGIES, INC. https://www.ait.com Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance Table of Contents Introduction... 2 Encryption and Protection

More information

USE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES

USE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES 1 USE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES Introduction Small and Medium Enterprises (SMEs) are the drivers of a nation s economy SMEs are leading the way for entering new global markets

More information

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014 Welcome Cloud Computing New Challenges in Data Integrity and Security 13 November 2014 Panel Tracy Lampula, Associate Director of GIS Compliance, Vertex Pharmaceuticals William Sanborn, Director of Information

More information

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative

More information

White Paper. Managed IT Services as a Business Solution

White Paper. Managed IT Services as a Business Solution White Paper Managed IT Services as a Business Solution 1 TABLE OF CONTENTS 2 Introduction... 2 3 The Need for Expert IT Management... 3 4 Managed Services Explained... 4 5 Managed Services: Key Benefits...

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

2014 HIMSS Analytics Cloud Survey

2014 HIMSS Analytics Cloud Survey 2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation

More information

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Isaac Willett April 5, 2011

Isaac Willett April 5, 2011 Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

The Private Cloud Your Controlled Access Infrastructure

The Private Cloud Your Controlled Access Infrastructure White Paper: Private Clouds The ongoing debate on the differences between a Public and Private Cloud are broad and often loud. The bottom line is that it s really about how the resource, or computing power,

More information

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011 A Strawman Model NIST Cloud Computing Reference Architecture and Taxonomy Working Group January 3, 2011 Objective Our objective is to define a neutral architecture consistent with NIST definition of cloud

More information

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public. Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

The NREN s core activities are in providing network and associated services to its user community that usually comprises: 3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of

More information

How To Manage Cloud Data Safely

How To Manage Cloud Data Safely Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

HIPAA/HITECH Compliance Using VMware vcloud Air

HIPAA/HITECH Compliance Using VMware vcloud Air Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the

More information

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference

More information

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

GETTING THE MOST FROM THE CLOUD. A White Paper presented by GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are

More information

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

CONSIDERATIONS BEFORE MOVING TO THE CLOUD CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part I By Debbie C. Sasso Principal When talking technology today, it s very rare that the word Cloud doesn t come up. The benefits

More information

How To Understand Cloud Computing

How To Understand Cloud Computing A STUDY OF CLOUD COMPUTING: APPLICATIONS AND CHALLENGE 1 DR. NEERAJ BHARGAVA, 2 ANCHAL KUMAWAT, 3 DR. RITU BHARGAVA, 4 SONIYA DAYMA 1 Associate Professor, Dept. of Computer Science, School of Engineering

More information

Virtualization - Adoption

Virtualization - Adoption Virtualization - Adoption Virtualization - Hypervisors Multiple Hypervisors within data center Virtualization Challenges 1. Application performance 2. Security 3. VM sprawl 4. Licensing costs 5. Stuck

More information

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM GENERAL: The Technology department is responsible for the managing of electronic devices and software for the District, as well as the Help Desk for resolution of employee-created help tickets. The subgroups

More information

Five Tactics to Hybrid Cloud Success

Five Tactics to Hybrid Cloud Success March 2016 Five Tactics to Kick Start Your Table of Contents High-Performance IT Environments Drive Revenue and Agility 3 What is Hybrid Cloud? 4 Five Keys for Hybrid Cloud Success: 1. Start with a Business

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

Assessing, Evaluating and Managing Cloud Computing Security

Assessing, Evaluating and Managing Cloud Computing Security Assessing, Evaluating and Managing Cloud Computing Security S.SENTHIL KUMAR 1, R.KANAKARAJ 2 1,2 ASSISTANT PROESSOR, DEPARTMENT OF COMMERCE WITH COMPUTER APPLICATIONS Dr.SNS RAJALAKSHMI COLLEGE OF ARTS

More information

Leveraging the Cloud for Your Business

Leveraging the Cloud for Your Business Leveraging the Cloud for Your Business by CornerStone Telephone Company 2 Third Street Troy, NY 12180 As consumers, we enjoy the benefits of cloud services from companies like Amazon, Google, Apple and

More information

Addressing Cloud Computing Security Considerations

Addressing Cloud Computing Security Considerations Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Chapter 7 Information System Security and Control

Chapter 7 Information System Security and Control Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

Information Security Program

Information Security Program Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after

More information

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing Co-Chair, Cloud Security WG Co-Chair, Cloud Forensics Science WG Cloudy with Showers of Business Opportunities and a Good Chance of

More information

Services Providers. Ivan Soto

Services Providers. Ivan Soto SOP s for Managing Application Services Providers Ivan Soto Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed

More information

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud? East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management

More information

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009 Legal Issues Associated with Cloud Computing Laurin H. Mills May 13, 2009 What Is Cloud Computing? The cloud is a metaphor for the Internet Leverages the connectivity of the Internet to optimize the utility

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Cloud Computing--Efficiency and Security

Cloud Computing--Efficiency and Security Cloud Computing--Efficiency and Security Mick Atton, VP & Chief Architect Thomson Reuters--Legal July 22, 2013 Thomson Reuters Thomson Reuters is the leading source of intelligent information for the world's

More information

SRA International Managed Information Systems Internal Audit Report

SRA International Managed Information Systems Internal Audit Report SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...

More information

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted. Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing

More information

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com

More information

Project management solution in the cloud

Project management solution in the cloud www.parm.com successful projects Project management solution in the cloud From Mario Angelsberger and Oliver Giger Cloud computing is the talk of the town and meanwhile becomes understood as solution for

More information

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA

More information

Hybrid Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Hybrid Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Hybrid Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction The economic benefits offered by public clouds are attractive enough for many

More information

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com

More information

OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds

OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds sm OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds SM Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Overview... 5 Interoperability... 6 Service

More information

Welcome & Introductions

Welcome & Introductions Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

Navigating Endpoint Encryption Technologies

Navigating Endpoint Encryption Technologies Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS

More information

ensurcloud Service Level Agreement (SLA)

ensurcloud Service Level Agreement (SLA) ensurcloud Service Level Agreement (SLA) Table of Contents ensurcloud Service Level Agreement 1. Overview... 3 1.1. Definitions and abbreviations... 3 2. Duties and Responsibilities... 5 2.1. Scope and

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS

CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS Copyright 2012 by the Construction Financial Management Association. All rights reserved. This article first appeared in CFMA Building Profits.

More information