BRINGING CLOUD COMPUTING DOWN TO EARTH

Size: px
Start display at page:

Download "BRINGING CLOUD COMPUTING DOWN TO EARTH"

Transcription

1 BRINGING CLOUD COMPUTING DOWN TO EARTH WEBINAR: ISM SERVICES GROUP MARCH 14, Prof. Christina L. Kunz Wm. Mitchell College of Law St. Paul, Minnesota

2 CLOUD COMPUTING: ITS PREDECESSORS 2 Why does this sound familiar?

3 PREDECESSORS TO CLOUD COMPUTING Remember EDI? ( electronic data interchange in the early 1990s) Required a value-added network (VAN) between the two parties, to Mediate platform & software differences between parties Store data until cheaper sending times Back up data (disaster recovery partner) Remember ASPs? (application service providers, in the late 1990s to early 2000s) Provided a wide range of online services to customers: Data processing Financial services (payroll, accounts payable and receivable, etc. Rental of software run by ASP leading to

4 MORE PREDECESSORS TO CLOUD COMPUTING Remember SaaS? (software as a service) Vendors who essentially rent their software to customers, saving them from Maintenance, updates, and IT repairs Licenses and royalties Capital expenditures (because the fee is an operating expense) Longer-term commitments to licensed software Which then diversified into SaaS (software as a service) IaaS (infrastructure as a service) PaaS (platform as a service) And became hosting All of which now operate on

5 THE CLOUD 5 But what is it really?

6 THE CLOUD IS REALLY JUST NETWORKS, SERVERS, STORAGE, APPLICATIONS, AND SERVICES, OPERATING ON EARTH 6

7 TODAY S COVERAGE: What is the cloud? How to choose a vendor Crucial clauses in the contract 7

8 A DEFINITION OF CLOUD COMPUTING a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. US Nat l Institute of Standards and Technology (NIST) (search for cloud computing ) 8

9 TYPICAL CHARACTERISTICS OF CLOUD COMPUTING (NIST) Essential characteristics: On-demand self-service Broad network access Resource pooling Rapid elasticity (scalability) Measured service Key enabling technologies include: Fast wide-area networks, Powerful, inexpensive server computers, and High-performance virtualization for commodity hardware. 9

10 DETAILED CHARACTERISTICS OF CLOUD COMPUTING (ACCORDING TO WIKI) Empowerment of end-users of computing resources by putting the provisioning of those resources in their own control, as opposed to the control of a centralized IT service (for example) Agility improves with users' ability to re-provision technological infrastructure resources. Application programming interface (API) accessibility to software that enables machines to interact with cloud software in the same way the user interface facilitates interaction between humans and computers. Cloud computing systems typically use REST-based APIs. 10

11 DETAILED CHARACTERISTICS OF CLOUD COMPUTING (ACCORDING TO WIKI) Cost is claimed to be reduced and in a public cloud delivery model capital expenditure is converted to operational expenditure. This lowers barriers to entry, as infrastructure is typically provided by a third-party and need not be purchased for one-time or infrequent intensive computing tasks. Pricing on a utility computing basis is fine-grained with usage-based options and fewer IT skills are required for implementation (in-house). Device and location independence enable users to access systems using a web browser regardless of the location or device (e.g., PC, mobile phone). As infrastructure is off-site (typically provided by a thirdparty) and accessed via the Internet, users can connect from anywhere. 11

12 DETAILED CHARACTERISTICS OF CLOUD COMPUTING (ACCORDING TO WIKI) Virtualization technology allows servers and storage devices to be shared and utilization be increased. Applications can be easily migrated from one physical server to another. Multi-tenancy enables sharing of resources and costs across a large pool of users thus allowing for: Centralization of infrastructure in locations with lower costs (such as real estate, electricity, etc.) Peak-load capacity increases (users need not engineer for highest possible load-levels) Utilization and efficiency improvements for systems that are often only 10 20% utilized. Reliability is improved if multiple redundant sites are used, which makes well-designed cloud computing suitable for business continuity and disaster recovery. 12

13 DETAILED CHARACTERISTICS OF CLOUD COMPUTING (ACCORDING TO WIKI) Scalability and Elasticity via dynamic ("ondemand") provisioning of resources on a finegrained, self-service basis near real-time, without users having to engineer for peak loads. Performance is monitored, and consistent and loosely coupled architectures are constructed using web services as the system interface. Maintenance of cloud computing applications is easier, because they do not need to be installed on each user's computer and can be accessed from different places. 13

14 DETAILED CHARACTERISTICS OF CLOUD COMPUTING (ACCORDING TO WIKI) Security could improve due to centralization of data, increased security-focused resources, etc. Security is often as good as or better than other traditional systems, in part because providers are able to devote resources to solving security issues that many customers cannot afford. However, concerns persist about loss of control over certain sensitive data, and the lack of security for stored kernels. The complexity of security is greatly increased when data is distributed over a wider area or greater number of devices and in multi-tenant systems being shared by unrelated users. User access to security audit logs may be difficult or impossible. Private cloud installations are in part motivated by users' desire to retain control over the infrastructure and avoid losing control of information security. 14

15 15

16 MAJOR ACTORS IN CLOUD COMPUTING 16

17 MAJOR ACTORS IN CLOUD COMPUTING (NIST TERMINOLOGY) Cloud consumer Cloud provider Cloud auditor Optional but recommended Cloud carrier Cloud broker Optional but recommended 17

18 18

19 CLOUD CONSUMER A cloud consumer maintains a business relationship with a cloud provider by Browsing the service catalog from a cloud provider, Requesting the appropriate service, Setting up service contracts with the cloud provider, and Using the service. 19

20 CLOUD PROVIDER o A cloud provider o Is responsible for making a service available to interested parties, By way of service deployment, service orchestration, cloud service management, security, and privacy; Acquires and manages the computing infrastructure required for providing the services; Runs the cloud software that provides the services; and Arranges to deliver the cloud services to cloud consumers through network access. 20

21 SERVICE ORCHESTRATION BY CLOUD PROVIDER 21

22 CLOUD AUDITOR A cloud auditor can (if requested by the consumer) perform independent examinations of cloud service controls to verify conformance to standards through an objective review A performance audit can measure the provider s actual performance against the agreed-upon standards A security audit can assess Whether security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to the security requirements for the system, and Compliance with applicable laws and the cloud consumer s security policy. A privacy impact audit can ensure Compliance with applicable privacy laws, and Confidentiality, integrity, and availability of an individual s personal information at every stage of development and operation. 22

23 CLOUD BROKER A cloud broker can (if requested by the cloud consumer) negotiate the relationships between cloud providers and a cloud consumer, if contacted by the cloud consumer, and manage the use, performance, and delivery of cloud services. Service Intermediation: A cloud broker enhances a given service by improving some specific capability and providing value-added services to cloud consumers. The improvement can be managing access to cloud services, identity management, performance reporting, enhanced security, etc. Service Aggregation: A cloud broker combines and integrates multiple services into one or more new services. The broker provides data integration and ensures the secure data movement between the cloud consumer and multiple cloud providers. Service Arbitrage: Similar to service aggregation except that the services being aggregated are not fixed. The broker can choose services from multiple providers. 23

24 CLOUD CARRIER A cloud carrier is an intermediary that provides connectivity and transport of cloud services between cloud consumers and cloud providers, and access to consumers through network, telecommunication, and other access devices. For example, cloud consumers can obtain cloud services through network access devices, such as desktop computers, laptops, mobile phones, and other mobile Internet devices (MIDs). The distribution of cloud services is normally provided by network and telecommunication carriers or a transport agent. A transport agent is a business organization that provides physical transport of storage media, such as high-capacity hard drives. 24

25 25 DEPLOYMENT MODELS

26 DEPLOYMENT MODELS Public cloud Private cloud Private cloud rental Community cloud Hybrid cloud 26

27 DEPLOYMENT MODELS, COMPARED Public cloud (Google, Microsoft, etc.) Resources are made available to the general public Free or pay-per-usage (usually low cost) No negotiation on terms Greater danger of another cloud user hacking into your data Private cloud Operated solely for a single organization Usually more negotiability on terms Consumers have to buy, build, and manage them, so they might not result in less hands-on management and less cost 27

28 DEPLOYMENT MODELS, COMPARED Private Cloud Rental Rent a modular data center Then (using Virtual Machine concepts) move the running applications from the existing data center to the leased equipment without any disruption to customers. Then remove obsolete data center equipment and replace it with new hardware. Then move the applications from the leased equipment onto the new hardware. Then return the leased equipment. Or keep it on site as a backup, so it can be powered up and used when demand increases. Cost-effective option to consider when security is a concern. Especially when moving critical company private data off-site to a public cloud is not an option 28

29 DEPLOYMENT MODELS, COMPARED Community cloud Shared infrastructure between several organizations from a specific community with common concerns (security, compliance, etc.) Fewer consumers than a public cloud (but more than a private cloud), so only some of the cost savings of cloud computing are realized Hybrid cloud Composition of two or more clouds (private, community or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability Ex.: Company s private cloud can talk to same company s public cloud, but not vice versa 29

30 30

31 31 SERVICE MODELS

32 SERVICE MODELS Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) NIST US Govt. Cloud Computing Technology Roadmap, Release 1.0, vol. 2 32

33 33

34 34

35 SOFTWARE AS A SERVICE (SAAS) The provider deploys, configures, maintains, and updates the operation of the software applications on a cloud infrastructure. The consumer can use the provider s applications that are running on a cloud infrastructure, accessible from various client devices through a thin client interface such as a Web browser (e.g., Web-based ). These applications are not installed locally in the consumer s server. Rather, they re installed elsewhere and made available on a network. So the consumer doesn t need a license from software licensors for the applications it uses. The cloud provider is responsible for managing the applications, security, and the cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, Except that the consumer may have limited administrative 35 control over some user-specific configuration settings on the applications.

36 SAAS SERVICE MODEL The consumers of SaaS can be organizations that provide their members with access to software applications, end users who directly use software applications, or software application administrators who configure applications for end users. SaaS consumers can be billed based on the number of end users, the time of use, the network bandwidth consumed, the amount of data stored, or the duration of stored data. 36

37 PLATFORM AS A SERVICE (PAAS) The provider Manages the computing infrastructure for the platform, Runs the cloud software that provides the components of the platform, Such as runtime software execution stack, databases, and other middleware components, and Typically also supports the development, deployment, and management process of the consumer, by providing tools Such as integrated development environments (IDEs), development versions of cloud software, software development kits (SDKs), and deployment and management tools. The consumer Outsources its operating systems, database and other applications and programs to the provider, So the consumer doesn t need to manage them locally. Does not manage or control the underlying cloud infrastructure (network, servers, operating systems, or storage) Except for possibly some of the hosting environment settings, and Can deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. 37

38 PAAS SERVICE MODEL PaaS consumers can be application developers who design and implement application software, application testers who run and test applications in a cloud-based environment, application deployers who publish applications into the cloud, or application administrators who configure, monitor, and manage applications deployed in a cloud. PaaS consumers can be billed according to the number of PaaS users, the processing, storage, and network resources consumed by the PaaS application, or the duration of the platform usage. 38

39 INFRASTRUCTURE AS A SERVICE (IAAS) The provider acquires the physical computing resources underlying the service, including the servers, networks, storage, and hosting infrastructure, runs the cloud software necessary to render the necessary computing resources to the consumer through a set of service interfaces and computing resource abstractions, such as virtual machines and virtual network interfaces. The provider furnishes the consumer with a virtual computer, network-accessible storage, network infrastructure components, and other fundamental computing resources, on which IaaS consumers can deploy and run arbitrary software. The consumer has control over the operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls), The provider controls the underlying cloud infrastructure the physical hardware and cloud software that make the provisioning of these infrastructure services possible, for example, the physical servers, network equipment, storage devices, host OS, and hypervisor software for virtualization. 39

40 IAAS SERVICE MODEL Compared to SaaS and PaaS consumers, an IaaS consumer has access to more fundamental forms of computing resources and thus has control over more software components in an application stack, including the OS. IaaS can be used by system developers, system administrators, and IT managers who are interested in creating, installing, monitoring, and managing services and applications deployed in an IaaS cloud. IaaS consumers can be billed according to the amount or duration of the resources consumed, such as CPU hours used by virtual computers, volume and duration of data stored, network bandwidth consumed, or the number of IP addresses used for certain intervals. 40

41 NOTE THE DIFFERING AMOUNTS OF CONTROL BETWEEN PROVIDER AND CONSUMER, DEPENDING ON THE SERVICE MODEL (NIST) 41

42 USING DUE DILIGENCE TO CHOOSE A CLOUD PROVIDER 42

43 CHECKING OUT THE PROVIDER Ask the provider: How long it s been in business, and in what forms Past security breaches and service interruptions And the provider s responses What kinds of background screening requirements for operator staff? What kind of training to ensure that operator employees (including contractors and third-party users) understand responsibilities related to specific consumers? Which personnel have access to consumers confidential information? What means of monitoring malicious insiders? Is the provider running its own hardware and software? If not, under what leases, licenses, and service agreements? Does the provider have any ISO or SAS certifications? Third-party audit reports? 43

44 CHECKING OUT THE PROVIDER Check publicly available information: Search for published accounts of provider s history and service interruptions For instance, Google searches, Wall St. J., trade journals, etc. Check EDGAR for contracts involving publicly traded companies (SEC records) List of security breaches: eaches.htm Talk to other customers about provider s reputation 44 and trustworthiness

45 CHECKING OUT THE PROVIDER Ask your IT staff Some applications and programs are too complex to run in the cloud Instead of doing that, you may need local servers installed in your office for this programs to run smoothly. Also consider support, availability, service levels and other technical issues Check the provider s service level agreement, to see The promised levels of reliability of service The promised speed and adequacy of responses to problems 45

46 CHECKING OUT THE PROVIDER Look at pricing Will you save more money if you enter an agreement with a pay-as-you-go provider? On what metric(s) will you be billed? Would all of your business s employees require access to the same applications and software? Would it be best that you have these software installed locally on a server instead of being in the cloud? 46

47 CHECKING OUT THE PROVIDER Which deployment model and service model do you need? SaaS? PaaS? IaaS? Public? Private? Hybrid? Community? Is the provider large enough to handle your volume needs? How many and what kind of applications does your business need to run smoothly? How much volume of data and files? How much backup volume? 47 What bandwidth of internet service?

48 SELECTED CLAUSES IN A CLOUD CONTRACT 48

49 SELECTED CLAUSES IN A CLOUD CONTRACT Scope of services Acceptable use policy Service-level agreement Possible reps & warranties Interoperability Portability E-discovery concerns Data Ownership & preservation Location Security Encryption Data retention Disaster recovery Jurisdiction Privacy Governing law Term & termination Other clauses Modification Confidentiality Subcontractors Pricing, payments Remedies, etc. Indemnification, duty to defend, exclusive remedies, remedy limitations, etc. Migration, including transition assistance Duration, termination Alternative dispute resolution Assignability/delegability 49

50 50 LET S LOOK AT EACH CLAUSE

51 SCOPE OF SERVICES Exactly which services will the vendor furnish? With help from subcontractors or third parties? Any duty to maintain & update its technology? To what standards? Which services won t the vendor furnish? Note similarity to licensing of intellectual property Words of grant Exact scope of rights granted 51

52 PROVIDER S LIMITATIONS ON YOUR USE; ACCEPTABLE USE POLICY What uses does the provider limit or bar? May be based on provider s upstream licenses for its software, etc. May be due to exclusive arrangement with third party Who can use? Employees? Subcontractors? Other vendors? Whole supply chain? Customers only? Public? Anyone with password? Where Particular location, terminal, or password? Within U.S. only? When 24/7/365? What Any limit on trade or business? 52

53 SERVICE-LEVEL AGREEMENT (SLA) Even if vendor has no SLA, you can sometimes append an SLA onto the vendor s agreement Often confidential Microsoft? Amazon? Same issues as in other SLAs with online service providers: Speed/responsiveness Accuracy/lack of defects Security Chosen times for vendor s maintenance & updates Back-up plans in case of shut-down or either party s disaster Remedies for performance failures (usually tailored to the seriousness of the defect) How quickly? Remote or in-person assistance? 24/7/365 or less? Technological skill level of assistance personnel English language skills A cloud provider may also list in the SLAs a set of restrictions or limitations, and obligations that cloud consumers must accept. 53

54 GENERIC SLA (NIST) 54

55 CLOUD-SPECIFIC SLA 55

56 POSSIBLE REPS AND WARRANTIES Where and how the services will be provided Qualifications of the individuals performing the services Reliability of the technology used to perform the services Ownership of intellectual property, or validly licensed rights to that IP Etc. etc. 56

57 INTEROPERABILITY Integrated Mobile Device Support The provider should provide support for heterogeneous clients, configurable through a standard policy management interface. A single interface used to configure all devices eliminates the need to swap between programs when configuring different devices. Integration in Cloud Services The provider should provide a means of integrating cloud application capabilities with the consumer s systems. There should be no need to separately define users within the cloud application; the appropriate information should be received through the bulk provisioning interface. Ensuring that is appropriately configured and relayed provides the consumer with the traceability required for complying with e- discovery laws. 57

58 INTEROPERABILITY Help Desk and Trouble Ticketing Management The provider should provide a standard interface for opening trouble tickets, enabling consumers to open trouble tickets using automated tools or to route trouble tickets from any general ticketing solutions that the consumer may be using. Complexity is decreased for a consumer using multiple cloud services if there is a single point for the creation, update, and monitoring of trouble tickets. provide a standard interface for receiving updates on tickets that are not closed so that automated tools or general ticketing solutions could be updated. Consumers that have automated reporting of problems and outages through their ticketing systems need to integrate cloud provider ticketing with their systems. allow the consumer to update trouble tickets using for those individuals without access to a primary interface. notify the consumer's event management system when appropriate through a standard interface, updating status as appropriate. Monitoring of all system event information through a single interface is necessary for a unified view of important events throughout all applications that are used by the consumer. 58 Moving a particular system to the cloud does not remove the responsibility of the consumer to monitor and understand events in their systems.

59 INTEROPERABILITY Collaboration standards Standard document formats are needed for portability and interoperability. Metadata such as privileges, creation and modification dates, etc., are needed to ensure that privileges, traceability, and information needed to meet e- discovery requirements are retained. The cloud provider shall provide the ability to bulk convert files, including metadata, from old or obsolete formats to current formats. The consumer is responsible for the actual conversion. The cloud provider shall provide a means for cloud subscriber users to not only collaborate internally, but also to collaborate with external partners. The sharing of documents in a secure and compliant way with external organizations is frequently cited as a requirement for a collaboration solution. 59

60 INTEROPERABILITY Billing and Reporting Interoperability Billing and usage reporting should be standardized across systems to enable cloud consumers to make meaningful comparisons of costs and benefits across multiple cloud implementations. VM Management Interoperability Virtual machine management interoperability is required so that platforms running in services provided by multiple cloud providers can be stopped, started, terminated, and maintained using a single interface. 60

61 PORTABILITY Data Portability For purposes of e-discovery, standards for importing and exporting data must include metadata for , calendaring, contacts, tasks, and notes, to ensure portability between different vendors. Data Deletion Ensuring that data are completely deleted decreases the likelihood of security breaches in the future, and ensures compliance with security and privacy laws. In the cloud, the cloud consumer must rely on the cloud provider to ensure deletion of data from all appropriate components (such as hard disks and tapes). 61

62 PORTABILITY At the termination of the consumer-provider contract: The provider must return all business data to the consumer, and ensure that the data are irrevocably deleted from all of their systems So that the provider does not have any future obligation to the consumer, and the consumer need not worry about potential security or privacy breaches at their former provider. The provider must delete all usage data from all services that could be traced back to the consumer. This information could provide useful information to third parties about usage patterns and implementation that the consumer may not want released. If the provider decides to or needs to de-support one cloud solution in order to move it to another cloud, the cloud provider must be required to ensure continuity of operations and could be required by contract to put a copy of all of the source code required to re-create the system in escrow. 62

63 PORTABILITY Portability of virtual desktops The consumer may wish to bargain for the provider to provide a means by which to move virtual desktops between vendors and providers. Currently, once a consumer makes a decision to virtualize the desktop environment, the virtualization stack is very difficult to migrate to a different implementation. The provider should make virtual desktops accessible via any device, mobile or non-mobile. Static virtual machine portability Required so that the maintained platform images can be freely migrated between cloud implementations without the need for parallel development or maintenance. 63

64 PORTABILITY Virtualization of legacy software If needed, the consumer may need to bargain for the provider to provide a means of virtualizing legacy software packages. Legacy software is a significant problem for many cloud consumers. For legacy applications used by only a few people, the virtual version might be cheaper and better supported and monitored. Virtualizing these legacy applications removes the dependency on aging hardware platforms and enables organizations to continue to offer this software on modernized computing infrastructure. 64

65 E-DISCOVERY OF CLOUD DATA Cloud provider must be able to comply with valid demands for e-discovery by Identifying electronic records meeting search criteria, Retrieving both the records and their metadata, Generating portable archives of responsive Electronically Stored Information (ESI) such as documents and spreadsheets, Retaining metadata, even as the underlying ESI are migrated from one vendor to another, Searching various messaging, document repositories, and application databases, Coordinating cloud searches with consumer s searches of other data, and Producing ESI in standard formats, such as native, tiff, jpg, and pdf. The format in which responsive ESI is provided to requesting 65 parties is determined through negotiation of the litigating parties.

66 DATA OWNERSHIP AND PRESERVATION You always own your data, no matter what, no exceptions No one has a right to retain your data beyond what you give permission for Back-up copies? Disaster recovery? No one has a right to sell, transfer, or destroy data, even if you re in breach A cloud provider has no right to use a consumer s data (even in aggregated anonymized form) unless the consumer grants that right Even for a price reduction, think carefully about granting this right it may violate a data privacy law or a data protection law 66

67 DATA LOCATION Best case scenario The cloud provider promises to limit the facilities in which the cloud consumer s data reside to the continental United States, To simplify the compliance with local laws regarding data ownership, privacy, and security, and To decrease security risks Next-best scenario Negotiate exactly where (which countries) the consumer s data will reside Before signing, research the laws of all agreed-upon locations as to ownership, privacy, and security, to make sure consumer and provider can live with these choices Be cautious about EU privacy laws! Bottom line: Complete transparency and accuracy re 67 data location(s)

68 DATA SECURITY Technological Organizational Physical 68

69 DATA SECURITY--PHYSICAL Physical security of the facilities housing the equipment and services: Includes all measures whose purpose is to prevent physical access to a building, resource, or stored information. Applies to third parties engaged by cloud brokers. Inspection of premises The cloud provider should make all cloud service facilities available for inspection by the cloud consumer or the cloud auditor. Cloud service implementations using third parties should allow inspection of thirdparty premises. 69

CLOUD COMPUTING INTRODUCTION HISTORY

CLOUD COMPUTING INTRODUCTION HISTORY 1 CLOUD COMPUTING INTRODUCTION 1. Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

NIST Cloud Computing Reference Architecture

NIST Cloud Computing Reference Architecture NIST Cloud Computing Reference Architecture Version 1 March 30, 2011 2 Acknowledgements This reference architecture was developed and prepared by Dr. Fang Liu, Jin Tong, Dr. Jian Mao, Knowcean Consulting

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Cloud Computing-A Tool For Future

Cloud Computing-A Tool For Future [Volume 1 issue 1 Feb 2013] Page No.09-14 www.ijmcr.in [International Journal Of Mathematics And Computer Research] Cloud Computing-A Tool For Future 1 Dr D S Kushwaha 1 Ankit Maurya 2 Institute of Engineering

More information

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

20 th Year of Publication. A monthly publication from South Indian Bank. www.sib.co.in

20 th Year of Publication. A monthly publication from South Indian Bank. www.sib.co.in To kindle interest in economic affairs... To empower the student community... Open YAccess www.sib.co.in ho2099@sib.co.in A monthly publication from South Indian Bank 20 th Year of Publication Experience

More information

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government October 4, 2009 Prepared By: Robert Woolley and David Fletcher Introduction Provisioning Information Technology (IT) services to enterprises

More information

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011 A Strawman Model NIST Cloud Computing Reference Architecture and Taxonomy Working Group January 3, 2011 Objective Our objective is to define a neutral architecture consistent with NIST definition of cloud

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Expert Reference Series of White Papers. Understanding NIST s Cloud Computing Reference Architecture: Part II

Expert Reference Series of White Papers. Understanding NIST s Cloud Computing Reference Architecture: Part II Expert Reference Series of White Papers Understanding NIST s Cloud Computing Reference Architecture: Part II info@globalknowledge.net www.globalknowledge.net Understanding NIST s Cloud Computing Reference

More information

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes Cloud Computing Supplementary slides Course: Designing and Implementing Service Oriented Business Processes 1 Introduction Cloud computing represents a new way, in some cases a more cost effective way,

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference

More information

CLOUD COMPUTING SECURITY ISSUES

CLOUD COMPUTING SECURITY ISSUES CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

CLOUD COMPUTING GUIDELINES FOR LAWYERS

CLOUD COMPUTING GUIDELINES FOR LAWYERS INTRODUCTION Legal practices are increasingly using cloud storage and software systems as an alternative to in-house data storage and IT programmes. The cloud has a number of advantages particularly flexibility

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

The HIPAA Security Rule: Cloudy Skies Ahead?

The HIPAA Security Rule: Cloudy Skies Ahead? The HIPAA Security Rule: Cloudy Skies Ahead? Presented and Prepared by John Kivus and Emily Moseley Wood Jackson PLLC HIPAA and the Cloud In the past several years, the cloud has become an increasingly

More information

IS PRIVATE CLOUD A UNICORN?

IS PRIVATE CLOUD A UNICORN? IS PRIVATE CLOUD A UNICORN? With all of the discussion, adoption, and expansion of cloud offerings there is a constant debate that continues to rear its head: Public vs. Private or more bluntly Is there

More information

Cloud Computing - Architecture, Applications and Advantages

Cloud Computing - Architecture, Applications and Advantages Cloud Computing - Architecture, Applications and Advantages 1 Arun Mani Tripathi 2 Rizwan Beg NIELIT Ministry of C&I.T., Govt. of India 2 Prof. and Head, Department 1 of Computer science and Engineering,Integral

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

IBM 000-281 EXAM QUESTIONS & ANSWERS

IBM 000-281 EXAM QUESTIONS & ANSWERS IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of

More information

Insights into Cloud Computing

Insights into Cloud Computing This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid

More information

Cloud Service Rollout. Chapter 9

Cloud Service Rollout. Chapter 9 Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and

More information

6 Cloud computing overview

6 Cloud computing overview 6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Secure Cloud Computing through IT Auditing

Secure Cloud Computing through IT Auditing Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the

More information

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro Cloud definitions you've been pretending to understand Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro You keep using that word cloud. I do not think it means what you think it

More information

Technology & Business Overview of Cloud Computing

Technology & Business Overview of Cloud Computing Your Place or Mine? In-House e-discovery Platform vs. Software as a Service Technology & Business Overview of Cloud Computing Janine Anthony Bowen, Esq. Jack Attorneys & Advisors www.jack-law.com Atlanta,

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Getting Familiar with Cloud Terminology. Cloud Dictionary

Getting Familiar with Cloud Terminology. Cloud Dictionary Getting Familiar with Cloud Terminology Cloud computing is a hot topic in today s IT industry. However, the technology brings with it new terminology that can be confusing. Although you don t have to know

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS April 2014 Cloud Conceptual Reference Model The ease of use a Cloud Consumer experiences results from a complex, behind-the-scenes, orchestration of interchangeable,

More information

Cloud Models and Platforms

Cloud Models and Platforms Cloud Models and Platforms Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF A Working Definition of Cloud Computing Cloud computing is a model

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

Things You Need to Know About Cloud Backup

Things You Need to Know About Cloud Backup Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing

More information

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST No Longer On The Horizon Essential Characteristics On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

Cloud Computing and HIPAA Privacy and Security

Cloud Computing and HIPAA Privacy and Security Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &

More information

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Robert Bohn, PhD Advanced Network Technologies Division Cloud FS Americas 2015 New York,

More information

Cloud Computing Architecture: A Survey

Cloud Computing Architecture: A Survey Cloud Computing Architecture: A Survey Abstract Now a day s Cloud computing is a complex and very rapidly evolving and emerging area that affects IT infrastructure, network services, data management and

More information

Cloud Computing in a Regulated Environment

Cloud Computing in a Regulated Environment Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Introduction

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged

More information

Architectural Implications of Cloud Computing

Architectural Implications of Cloud Computing Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges. Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges. B.Kezia Rani 1, Dr.B.Padmaja Rani 2, Dr.A.Vinaya Babu 3 1 Research Scholar,Dept of Computer Science, JNTU, Hyderabad,Telangana

More information

White Paper. Cloud Vademecum

White Paper. Cloud Vademecum White Paper Cloud Vademecum Cloud is the new IT paradigm this document offers a collection of thoughts, internal and external discussions and information. The goal is to inspire and stimulate the route

More information

The Keys to the Cloud: The Essentials of Cloud Contracting

The Keys to the Cloud: The Essentials of Cloud Contracting The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb

More information

OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0

OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0 sm OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0 SM Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Assumptions... 5 SaaS Interoperability

More information

Electronic Records Storage Options and Overview

Electronic Records Storage Options and Overview Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for

More information

WHITEPAPER. Data Security for Office 365 Balancing control & usability

WHITEPAPER. Data Security for Office 365 Balancing control & usability WHITEPAPER Data Security for Office 365 Balancing control & usability Contents Executive Summary... 2 Top Security Issues for Office 365... 4 Compelled Disclosures... 4 Unauthorized Sharing... 4 External

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything

More information

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud VALUE PROPOSITION FOR SERVICE PROVIDERS Helping Service Providers accelerate adoption of the cloud Partnership with Service Providers Enabling Your Cloud Services in Complex Environments Today s challenge

More information

9/26/2011. What is Virtualization? What are the different types of virtualization.

9/26/2011. What is Virtualization? What are the different types of virtualization. CSE 501 Monday, September 26, 2011 Kevin Cleary kpcleary@buffalo.edu What is Virtualization? What are the different types of virtualization. Practical Uses Popular virtualization products Demo Question,

More information

Fujitsu Dynamic Cloud Bridging today and tomorrow

Fujitsu Dynamic Cloud Bridging today and tomorrow Fujitsu Dynamic Cloud Bridging today and tomorrow Contents Cloud Computing with Fujitsu 3 Fujitsu Dynamic Cloud: Higher Dynamics for Enterprises 4 Fujitsu Dynamic Cloud: Our Offering 6 High Security Standards

More information

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there A white paper from Fordway on CLOUD COMPUTING Why private cloud should be your first step on the cloud computing journey - and how to get there PRIVATE CLOUD WHITE PAPER January 2012 www.fordway.com Page

More information

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

GETTING THE MOST FROM THE CLOUD. A White Paper presented by GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

NIST Cloud Computing Reference Architecture & Taxonomy Working Group

NIST Cloud Computing Reference Architecture & Taxonomy Working Group NIST Cloud Computing Reference Architecture & Taxonomy Working Group Robert Bohn Information Technology Laboratory June 21, 2011 2 Outline Cloud Background Objective Working Group background NIST Cloud

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

CLOUD SERVICE SCHEDULE

CLOUD SERVICE SCHEDULE CLOUD SERVICE SCHEDULE 1 DEFINITIONS Defined terms in the Standard Terms and Conditions have the same meaning in this Service Schedule unless expressed to the contrary. In this Service Schedule, unless

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds

OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds sm OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds SM Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Overview... 5 Interoperability... 6 Service

More information

Commercial Software Licensing

Commercial Software Licensing Commercial Software Licensing CHAPTER 12: Prepared by DoD ESI January 2013 Chapter Overview Most software licenses today are either perpetual or subscription. Perpetual licenses involve software possession

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Session 2. The economics of Cloud Computing

Session 2. The economics of Cloud Computing Session 2. The economics of Cloud Computing Cloud computing is the next step in the on-going evolution of Information Technology. From a technical standpoint, very little that currently is done on cloud

More information

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015 NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au

More information

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014 Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is

More information