CLOUD MIGRATION. Celina Alexandre M6807
|
|
- Marlene Gardner
- 7 years ago
- Views:
Transcription
1 CLOUD MIGRATION M6807 S
2 Content 1. Introduction 2. Methodology 3. Requirements Definition Phase 3.1. Strategy 3.2. Knowledge 06/05/15 2
3 Content 4. Analysis Phase 4.1. Aplications and Systems 4.2. Development Model 06/05/15 3
4 Content 4.3. Service Model SaaS Migration Considerations PaaS Migration Considerations IaaS Migration Considerations 4.4. Provider Avaliation 06/05/15 4
5 Content 5. Security Phase 5.1. Migration Tests 5.2. Security Policies 5.3. Security Controls 06/05/15 5
6 Content 6. Operation Phase 7. SaaS Example Normal Proccess 8. SaaS Example 9. References 06/05/15 6
7 1. Introduction S The term cloud is everytime presente in our daily life; S Looking at the advantages, companies have started to think about it as an appealing option; S However, for some companies using cloud services can presente some threats; S All companies should carefully, plan and analyze the change; 06/05/15 7
8 1. Introduction (Cont.) S When using cloud services becomes an option, one should always take into account security issues, analyzing them, finding solutions to mitigate them; S A good organization plan should be presente in all projects if they are to succeed; 06/05/15 8
9 1. Introduction (Cont.) S That being said, one should always have presente a good methodology that helps create a good tasks planning; S 4 Phases Methodology (Walter Andrew Shewhart, 30 s): S Plan; S Do; S Check; S Act. 06/05/15 9
10 2. Methodology S Based on the methodology presented before, in the 50 s, Edward Deming proposed that the business processes, as well as the systems, should be monitorized, measured and analyzed continuously identifying more easily faults and measures to correct them; 06/05/15 10
11 2. Methodology (Cont.) S Deming Plan-Do-Check-Act: S Plan: identification phase of what can be improved and all the necessary changes; S Do: changes implementation phase; S Check: obtained results analysis phase; S Act: phase to correct all that didn t work. 06/05/15 11
12 3. Requirements Definition Phase S One of the most important phases in all projects; S Well defined and clarified objectives; S Organization expertise level identification; S Requirements definition (need of learning); S Or, decide to use external services. 06/05/15 12
13 3.1. Strategy S The plan should include: S Risks and threats; S Applications and systems; S Well defined objectives; S Infrastructures and technologies in the new service; S Existing beneficts; 06/05/15 13
14 3.1. Strategy (Cont.) S Clear and suficient information to answer questions like: S Should the migration project be abandoned? Reduced? Delayed? S The cloud services are the most suitable for the business? S Should more careful analysis be made? 06/05/15 14
15 3.2. Knowledge S The plan before described should be able to make a complete assessment of the thecnical knowledge needed; S With these plans there is an assurance that the project can be accomplished and that all involved have a common definition of the topic at hand: cloud computing. 06/05/15 15
16 4. Analysis Phase S In the analysis phase the applications and systems ready to migrate are identified; S An analysis of the development models should be made, based on efficiency, economic beneficts, agility and inovation. 06/05/15 16
17 4.1. Aplications and Systems S A careful analysis should be made to evaluate what s best; S These can vary from organization, depending on the necessities, information to migrate, laws, regulations, etc 06/05/15 17
18 4.1. Aplications and Systems (Cont.) S The analysis should be made with basis on the following classification: S S S S Availability: identify minimum requirements; Latency: identify the minimum latency requirements for each application; Integration: level of integration, integrated applications can complicate the proccess, unlike stand-alone ones; Portability: evaluate the data migration capacity. 06/05/15 18
19 4.1. Aplications and Systems (Cont.) S In terms of security it is necessary to evaluate: S S S S Security: data security requirements and available system encryption options; Privacy and Confidentiality: security requirements that allow the control of privacy and confidentiality; Integrity: assure information integrity using redundancy, etc. Compliance: specific laws and regulations regarding sensible information. 06/05/15 19
20 4.2. Development Model S There are several facts to consider, for exemple: economic and security issues; S Organizations may choose to use a private or public cloud, depending of the necessity and available budget. 06/05/15 20
21 4.2. Development Model (Cont.) S The following table shows a brief analysis of both cloud models: Factor Public Cloud Private cloud Costs Low cost; Only pay for the necessary services; Cloud provider in charge of the Infrastructure. High cost: - Instalation; - Configuration; - Maintenance. Access to the available hardware. 06/05/15 21
22 4.2. Development Model (Cont.) Factor Public Cloud Private cloud Security Suitable for information or services not critical for the organization. Suitable for information or services critical for the organization. 06/05/15 22
23 4.2. Development Model (Cont.) Factor Public Cloud Private cloud Threats Limited Infrastructure control since it is in charge of the cloud provider; Requires good security policies that should be assured in the contract. Controls to protect the private cloud can be implemented. 06/05/15 23
24 4.2. Development Model (Cont.) Factor Public Cloud Private cloud Scalability High, virtually infinite, only limited by the contract between cliente and provider. Low, limited to the infrastructure and monetary resources available. 06/05/15 24
25 4.3. Service Model S In choosing from the several servisse models, Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), it is necessary to take into consideration the organization business requirements; S Have knowledge of the requirements for the type of system or information used. 06/05/15 25
26 SaaS Migration Considerations S Security options restricted at the application level; S Model used for colaboration applications, i.e., , productivity, Customer Relationship Management (CRM), or specific sectors, like logistics; 06/05/15 26
27 SaaS Migration Considerations (Cont.) S Since comunication is done via Internet, it should be considered to use encryption system (proprietary or from other entities); S For critical information it should not only used its own encryption systems, as well as encryption of data stored on the provider 's infrastructure. 07/05/15 27
28 PaaS Migration Considerations S The PaaS offer lies mostly in a complete development environment; S It is an indicated model for own or custom applications or custom applications, security services, databases services, etc. 06/05/15 28
29 PaaS Migration Considerations (Cont.) S Security considerations cover the access control and authorization, operation in shared environments, information and data;; S This model operates on a shared environment, so a strong authentication framework is essential to ensure that access to information is made only by those with permission. 06/05/15 29
30 IaaS Migration Considerations S The vendor provides a complete infrastructure to its customers; S Customers can install and provide services and resources to internal and external users; S It applies primarily to disk space, computing, storage, web page publishing and to backup and disaster recovery systems. 06/05/15 30
31 IaaS Migration Considerations (Cont.) S The customer must ensure that the implemented security controls can effectively separate and secure virtual machines, use of memory, network and storage resources; S As in previous models, encryption methods must be considered either to data in transit, whether for data at rest. 06/05/15 31
32 4.4. Provider Avaliation S This is a complex process which should check comparative standards, in a way that enables a real comparison between the different potential providers of services; S This analysis should focus the following: S Services, data and applications integration: analyze the existing infrastructure integration features in the organization with the services provided by the cloud provider; 06/05/15 32
33 4.4. Provider Avaliation (Cont.) S Protect data and information: analyse which encryption systems the provider has available; S Performance: make admission tests to make sure it is not too slow; S Contract negotiations: conform key settings, such as portability of information and systems, the ease of switching provider, change contractual terms of services, etc. 06/05/15 33
34 4.4. Provider Avaliation (Cont.) S S Physical security: check safety standards for implemented installations and what evidence can be provided; Product support : confirm the inclusion of technical support in the contract and the additional costs of providing this service. Also check the time in which this is available and what training and certification the support team has; S References: request a list of all customers, preferably up to date, and look for information about the organization. 06/05/15 34
35 5. Security Phase S At this stage we define controls attesting that the security is effective and observed; S Migration tests should be planned, tested and performed to allow a good decision of when and how the migration of applications, data and information should be conducted; S These tests determine whether the migration is done in stages or all at once, understanding the need to maintain services or applications in parallel and for how long. 06/05/15 35
36 5.1. Migration Tests S Migration tests are one of the final steps; S The planning and execution of migration may vary depending on whether the classification of the application: essential or imply losses for the company if it is stopped; S If the application is classified as in the previous topic this the migration should be achieved in phases, coexisting both infrastructures; 06/05/15 36
37 5.1. Migration Tests (Cont.) S The information collected in all the previous steps should be used for creating tests; S A well made and applied test plan will assure a cloud migration project success. 06/05/15 37
38 5.1. Migration Tests (Cont.) S In these tests, the following features should be analyzed: S Confirm the integrity of the data; S Set recovery plans and disaster response ; S Check the need for training workers whose job is to answer questions or problems of users; S Set a return plan in case of unexpected problems arise. 07/05/15 38
39 5.2. Security Policies S Approved by the management of the organization; S A security policy should have (Winkler, 2011): S Identification of all resources and systems we want to protect; S Identify vulnerabilities, threats and exposure to threats; S Measures to protect resources, evaluate security controls and estimate implementation costs. 06/05/15 39
40 5.3. Security Controls S They are administrative, technical and physical measures attesting that security policies are observed and followed; S Guarantee and minimize the loss or unauthorized alteration of the information, unavailability of systems, service degradation and the loss of access to systems. 06/05/15 40
41 5.3. Security Controls (Cont.) S Physical controls: implementation of security controls that prevent unauthorized access to facilities, equipment or systems; S Technical controls: implementing access control technology information stored in IT systems; S Administrative controls: implementation of administrative security controls that prevent access to information intentionally or not. 06/05/15 41
42 6. Operation Phase S It is the last step that occurs after the migration; S It is a strategic assessment at regular intervals to ensure that the contracted services are within the defined objectives; S Metric analysis process should be established so that there is a contract with enforcement agreed with the supplier; 06/05/15 42
43 6. Operation Phase (Cont.) S These processes should: S Promote internal information collection to support achievement of a qualitative and quantitative analysis to assess problems and weaknesses to solve; S Attest to the safety and privacy with the rules that are in force; S Monitor the performance of the contract with the supplier guaranteeing that this is being complied with; 06/05/15 43
44 6. Operation Phase (Cont.) S Analyze similar services from other providers so there is a comparison of the service, conditions, etc... S Ask the supplier for certificates, inspections and audits that guarantee that the processes are maintained and safety checks are laid down in the contract; S Establish billing process monitoring of contracted services and services actually consumed. 06/05/15 44
45 7. SaaS Example Normal Proccess 1. New worker 2. Notification from the access manager to the helpdesk: 5. Worker has access 4. Worker notified Problems: Manual process; Slow; Low volume. 3. Access is assured 06/05/15 45
46 8. SaaS Example 4. Automatic welcome e- mail Work makes request 5. Using application 2. Service invoked automatically Sign up page Beneficts: Automatic; Fast; High volume. Problem: Access restrictions. Access Management Service 3. User registered 06/05/15 46
47 9. References S Dissertação-Migração%20e%20segurança%20em%20plataformas %20cloud%20computing%20-%20Roberto%20Silva.pdf S Zhang.pdf S %2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber %3D &authDecision=-203 S Presentations_ /CMG%20App%20Migration%20PPT.pptx 06/05/15 47
48 CLOUD MIGRATION M6807 S
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationEXIN Cloud Computing Foundation
Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationPrivate vs. Public Cloud Solutions
Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCloud Computing Backgrounder
Cloud Computing Backgrounder No surprise: information technology (IT) is huge. Huge costs, huge number of buzz words, huge amount of jargon, and a huge competitive advantage for those who can effectively
More informationQuick guide: Using the Cloud to support your business
Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses
More informationRefresher on cloud computing
Refresher on cloud computing Cloud computing is a form of outsourcing where the organization outsources data processing to computers owned by the vendor. Outsourcing may also include utilizing the vendor
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationINTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS
INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing
More informationInternational Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014
An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationThe silver lining: Getting value and mitigating risk in cloud computing
The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationCloud Security: Evaluating Risks within IAAS/PAAS/SAAS
Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationPublic Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
More informationpenelope athena software SOFTWARE AS A SERVICE INFORMATION PACKAGE case management software
penelope case management software SOFTWARE AS A SERVICE INFORMATION PACKAGE athena software "I've worked with major corporations and universities and I am really impressed with Athena's hosted server and
More informationSecurity Officer s Checklist in a Sourcing Deal
Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationWednesday, January 16, 2013
Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago, IL 60654 312.832.4500 Wednesday,
More informationInformation Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Technology Service Manager Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationLeveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance
ADVANCED INTERNET TECHNOLOGIES, INC. https://www.ait.com Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance Table of Contents Introduction... 2 Encryption and Protection
More informationUSE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES
1 USE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES Introduction Small and Medium Enterprises (SMEs) are the drivers of a nation s economy SMEs are leading the way for entering new global markets
More informationWelcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014
Welcome Cloud Computing New Challenges in Data Integrity and Security 13 November 2014 Panel Tracy Lampula, Associate Director of GIS Compliance, Vertex Pharmaceuticals William Sanborn, Director of Information
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationWhite Paper. Managed IT Services as a Business Solution
White Paper Managed IT Services as a Business Solution 1 TABLE OF CONTENTS 2 Introduction... 2 3 The Need for Expert IT Management... 3 4 Managed Services Explained... 4 5 Managed Services: Key Benefits...
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More information2014 HIMSS Analytics Cloud Survey
2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation
More informationCloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing
Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for
More informationModule 1: Facilitated e-learning
Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1
More informationCloud Courses Description
Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,
More informationIsaac Willett April 5, 2011
Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationThe Private Cloud Your Controlled Access Infrastructure
White Paper: Private Clouds The ongoing debate on the differences between a Public and Private Cloud are broad and often loud. The bottom line is that it s really about how the resource, or computing power,
More informationA Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011
A Strawman Model NIST Cloud Computing Reference Architecture and Taxonomy Working Group January 3, 2011 Objective Our objective is to define a neutral architecture consistent with NIST definition of cloud
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationCloud Computing for SCADA
Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry
More informationThe NREN s core activities are in providing network and associated services to its user community that usually comprises:
3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of
More informationHow To Manage Cloud Data Safely
Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationHIPAA/HITECH Compliance Using VMware vcloud Air
Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the
More informationCloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.
Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference
More informationGETTING THE MOST FROM THE CLOUD. A White Paper presented by
GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are
More informationCONSIDERATIONS BEFORE MOVING TO THE CLOUD
CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part I By Debbie C. Sasso Principal When talking technology today, it s very rare that the word Cloud doesn t come up. The benefits
More informationHow To Understand Cloud Computing
A STUDY OF CLOUD COMPUTING: APPLICATIONS AND CHALLENGE 1 DR. NEERAJ BHARGAVA, 2 ANCHAL KUMAWAT, 3 DR. RITU BHARGAVA, 4 SONIYA DAYMA 1 Associate Professor, Dept. of Computer Science, School of Engineering
More informationVirtualization - Adoption
Virtualization - Adoption Virtualization - Hypervisors Multiple Hypervisors within data center Virtualization Challenges 1. Application performance 2. Security 3. VM sprawl 4. Licensing costs 5. Stuck
More informationAUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM
GENERAL: The Technology department is responsible for the managing of electronic devices and software for the District, as well as the Help Desk for resolution of employee-created help tickets. The subgroups
More informationFive Tactics to Hybrid Cloud Success
March 2016 Five Tactics to Kick Start Your Table of Contents High-Performance IT Environments Drive Revenue and Agility 3 What is Hybrid Cloud? 4 Five Keys for Hybrid Cloud Success: 1. Start with a Business
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationAssessing, Evaluating and Managing Cloud Computing Security
Assessing, Evaluating and Managing Cloud Computing Security S.SENTHIL KUMAR 1, R.KANAKARAJ 2 1,2 ASSISTANT PROESSOR, DEPARTMENT OF COMMERCE WITH COMPUTER APPLICATIONS Dr.SNS RAJALAKSHMI COLLEGE OF ARTS
More informationLeveraging the Cloud for Your Business
Leveraging the Cloud for Your Business by CornerStone Telephone Company 2 Third Street Troy, NY 12180 As consumers, we enjoy the benefits of cloud services from companies like Amazon, Google, Apple and
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationChapter 7 Information System Security and Control
Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationInformation Security Program
Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationData Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture
Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction
More informationDaren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD
Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationProtecting Official Records as Evidence in the Cloud Environment. Anne Thurston
Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after
More informationCloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology
Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing Co-Chair, Cloud Security WG Co-Chair, Cloud Forensics Science WG Cloudy with Showers of Business Opportunities and a Good Chance of
More informationServices Providers. Ivan Soto
SOP s for Managing Application Services Providers Ivan Soto Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed
More informationEast African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?
East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management
More informationLegal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009
Legal Issues Associated with Cloud Computing Laurin H. Mills May 13, 2009 What Is Cloud Computing? The cloud is a metaphor for the Internet Leverages the connectivity of the Internet to optimize the utility
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationCloud Computing--Efficiency and Security
Cloud Computing--Efficiency and Security Mick Atton, VP & Chief Architect Thomson Reuters--Legal July 22, 2013 Thomson Reuters Thomson Reuters is the leading source of intelligent information for the world's
More informationSRA International Managed Information Systems Internal Audit Report
SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...
More informationTopics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.
Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing
More informationSECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING
SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com
More informationProject management solution in the cloud
www.parm.com successful projects Project management solution in the cloud From Mario Angelsberger and Oliver Giger Cloud computing is the talk of the town and meanwhile becomes understood as solution for
More informationUsing Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
More informationHybrid Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Hybrid Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction The economic benefits offered by public clouds are attractive enough for many
More informationCloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World
Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com
More informationOPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds
sm OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds SM Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Overview... 5 Interoperability... 6 Service
More informationWelcome & Introductions
Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.
More informationIT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.
IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT
More informationNavigating Endpoint Encryption Technologies
Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS
More informationensurcloud Service Level Agreement (SLA)
ensurcloud Service Level Agreement (SLA) Table of Contents ensurcloud Service Level Agreement 1. Overview... 3 1.1. Definitions and abbreviations... 3 2. Duties and Responsibilities... 5 2.1. Scope and
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationCLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS
CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS Copyright 2012 by the Construction Financial Management Association. All rights reserved. This article first appeared in CFMA Building Profits.
More information