Orchestrating the New Paradigm Cloud Assurance
|
|
- Abel Shawn Booker
- 7 years ago
- Views:
Transcription
1 Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner
2 Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems to be unable to support the business: Cost savings Increasing expenditure Faster time-to-market Rigidity Innovation Outdated infrastructure Traditional IT seems to fail to keep pace within innovations and the way consumers use IT
3 Understanding the Cloud Environment Cloud Environment = Internet-based data access & exchange + Internet-based access to low cost computing & applications Cloud Environment Characteristics: On-Demand Self-Service Internet Accessibility Pooled Resources Elastic Capacity Usage- Based Billing Software as a Service Business operations over a network Cloud Service Models Platform as a Service Deploy customercreated applications to a cloud Infrastructure as a Service SaaS PaaS IaaS Rent storage, processing, network and other computing resources Private Public Cloud Deployment Models Operated for a single organization Available to the general public or large industry group, owned by an organization selling cloud services Google Docs, Salesforce.com MS Azure, Amazon Web Services Mozy, Rackspace Community Shared by several organizations, supporting a specific community
4 Business Benefits of Cloud Increased Agility Rapidly respond to changing market conditions or needs Greater Flexibility More options in combining people, process, and technology to deliver economic value Faster Results Faster time-to-value in achieving results that support more iterative solution design and delivery strategies Reduced Cost Lower total cost to deploy new solutions or to achieve new capability levels
5 KPMG Survey May 2010 Conducted in the Netherlands 120 CIOs/CISOs participated
6 Cloud into perspective: cloud computing is both marginal and significant Marginality of the cloud Europe < 5 percent of total IT spending US: 60 percent of total IT spending Significance of the cloud Growth of commercial cloud services 20 to 30 percent per year ( ) Move towards centralization and commoditization of IT
7 Cloud Computing is here to stay!
8 The hybrid environment as new paradigm On premise IT, serviced by local, own organization Organization Other Cloud Customers Outsourced IT, serviced by limited number of outsourcing partners Users Services Users Internet or LAN Internet IT in the Cloud, services by growing numbers of cloud service providers Organizations Internal IT Service provider Service provider Service provider Hardware, software + data Hardware, software + data Hardware, software + data Hardware, software + data Internal Data Center Private Managed hosting Private-External Third-Party Vendor (Multi-Tenant) Public Combined Public + Private Cloud Hybrid
9 IT Service Integrator Model: ability to Orchestrate Successful adoption of a Cloud delivery model depends on an organization s ability to establish a robust Enterprise IT Service Integration model. The Business Service Ownership: Single Point of Contact with the Cloud Service Providers (CSP) & IT Demand Capture Services Standards Service Level Monitoring Service Owner Vendor Manager IT Risk Manager IT Finance Manager IT Risk Management Risk identification and analysis across different CSPs Risk library Vendor/CSP Audits Vendor Management: Vendor certification Contract Negotiations Rackspace Google Amazon Web Services Internal IT Organization (retained IT Services) IT Finance Management Business case Service Costing and Chargeback SLA penalty-bonus calculation
10 Risk and security is seen as major concern for cloud adoption
11 Key Privacy, Regulatory and Compliance Challenges Some key regulatory and compliance challenges that can be characterized as particular to the Cloud-computing context are: Localization of Information: Data may be stored in the cloud without proper customer segregation allowing possible accidental or malicious disclosure to third parties. Individual Rights: Data may physically reside in a legal jurisdiction where the rights of data subject conflict or may not be protected at all. Data Movement: The cloud s loosely defined, uncertain or moving geography means that consumers are faced with increased legal complexity, legal contradictions and uncertainty. Confidentiality: The cloud facilitates the ability to use/share data across organizations and therefore increases the potential for secondary uses of data that require additional consent or authorization. Breach and Disclosure: The timely discovery, assessment, and reporting of the breaches from within the cloud are more challenging.. Cloud Audit: It is difficult to audit the data in the cloud, because isolating the scope in a cloud environment is challenging. Data Retention: Enterprise s data retention or data archiving requirements may not be met when using cloud due to lack of standardization. 10
12 Considerations Dependency of the cloud External data storage and processing Sharing of IT resources (multi tenancy) Dependency on the public internet Complexity of the hybrid environment Multiple concepts regarding: Data management Contracts Technology Financial Security Assurance Complexity to ensure compliance Lack of industry standards and certifications for cloud providers (ISAE3400 / ISAE3000) Vendor Business Risks Operational Emerging government schemes like FEDRAMP Regulatory Compliance Technology
13 Dimensions of Risk Operating in a cloud environment presents risks in six key dimensions Financial Underestimated start-up costs Exit costs Contract complexity Run-away variable costs Financial Security Security Data segregation, isolation, encryption Information security Identity and access management Intellectual property protection Vendor Operational Vendor lock-in Service provider reliance Performance failure Vendor governance Vendor Business Risks Operational Business Resiliency/Disaster Recovery Service reliability and uptime SLA Compliance Regulatory Compliance Complexity to ensure compliance Regulatory Compliance Technology Technology Lack of industry standards and certifications for cloud providers Records management / records retention Regulatory change control, reliant on vendor timeliness Data privacy Cross-vendor compatibility Proprietary lock-in Customization limitations Inadequate change control capabilities Technical security risks
14 Characteristics of Cloud Computing and impact on assurance Different models Different risks Different controls
15 Assurance frameworks Complexity to ensure compliance Due to cloud additional standards are coming up to address new risk Lack of clarity in industry standards and certifications for cloud providers (ISAE3400 / ISAE3000) Emerging government schemes like FEDRAMP
16 Context: Relevant changes in IT The shift from an IT auditor s point of view Scope of audit Data IT assets/resources Data IT assets/resources Data IT assets/resources IT management IT management IT management Trust Provider s proprietary technology and processes Provider s proprietary technology and processes Provider s proprietary technology and processes Traditional IT Outsourcing Cloud computing
17 Context Assurance: complexity of trust in hybrid cloud environments Customer organisation IT Management Data Internet IT service provider IT service provider IT Management Data Assurance & Quality statement European Union Internet Assuranc e & Quality statement IT service provider IT Management Data Assuranc e & Quality statement Internet United States e Assuranc & Quality statement India IT service provider IT Management Data IT service provider IT Management Data
18 Relevant changes in Assurance New standards due to replacement of SAS70 with ISAE3402 Service Org. Control 1 (SOC 1) Service Org. Control 2 (SOC 2) Service Org. Control 3 (SOC 3) SSAE16 / ISAE3402 Service Auditor Guidance AT 101 / COS & ISAE 3000 AT 101 / COS & ISAE 3000 Restricted Use Report (Type I or II report) Generally a Restricted Use Report (Type I or II report) General Use Report (public seal) Purpose: Reports on controls for FSA Purpose: Reports on controls related to compliance or operations Purpose: Reports on controls related to compliance or operations Trust Services Principles & Criteria Bron: AICPA 2010 ( )
19 Cloud Service Provider s Control Requirements Information Security Management System Areas of Added Emphasis for CSPs Security Policy Organization of Information Security Asset Management Human Resources Security Physical and Environmental Security Communications and Operations Management Access Control Information Systems Acquisition, Development, and Maintenance Information Security Incident Management Business Continuity Management Compliance Data Protection/Segregation Privacy Encryption Standards Logging Authentication to the Cloud Configuration Management Monitoring/Compliance Function The SOC2 and SOC3 assurance framework can be used to demonstrate the effectiveness of the CSP s controls in these areas. 18
20 Relevant changes in Assurance SOC2/3 Criteria Topics Align Well with Cloud Availability Confidentiality Processing Integrity Privacy Availability policy Backup and restoration Disaster recovery Business continuity management Confidentiality policy Confidentiality of inputs Confidentiality of data processing Confidentiality of outputs Information disclosures (including third parties) Confidentiality of Information in systems development System processing integrity policies Completeness, accuracy, timeliness, and authorization of inputs, system processing, and outputs Information tracing from source to disposition Management Notice Choice and consent Collection Use and retention Access Disclosure to third parties Quality Monitoring and enforcement Security IT security policy Security awareness and communication Risk assessment Logical access Physical access Environmental controls Security monitoring User authentication Incident management Asset classification and management Systems development and maintenance Personnel security Configuration management Change management Monitoring and compliance
21 However.. Is this the only applicable standard? ISO Information Security Management System certification ISO IT Service Management certification Federal Information Security Management Act (FISMA) Federal Risk and Authorization Program (FedRAMP ) Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) Financial Industry Shared Assessments Program (FISAP) Cloud Security Alliance (CSA) Framework ENISA Cloud Assurance Framework PCI Data Security Standard (from an advisory perspective) Localized standards and requirements COBIT 4.1 vs Cloud assurance.. And more to come..
22 To conclude IT is changing fast To meet the changing requirements from the business To meet the changing requirements from the end-user (consumerization of IT) Cloud Computing / Consumerization are seen as key enablers to fulfill these changing requirements However, this will create on mid-term another complexity the hybrid IT environment Key question: how to control the risks of this hybrid IT environment? As assurance frameworks are not keeping up the pace of these new developments
23 KPMG Key Contact Details John Hermans Partner KPMG Advisory N.V. Tel: hermans.john@kpmg.nl 22
24 2012 KPMG Advisory N.V., registered with the trade register in the Netherlands under number , is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and cutting through complexity are registered trademarks of KPMG International Cooperative. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International Cooperative (KPMG International).
Cloud Computing. Bringing the Cloud into Focus
Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice
More informationIntroductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management
Introductions KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management Agenda 1. Introduction 2. What is Cloud Computing? 3. The Identity Management
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationService Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationSATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks
SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical
More informationSSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch
SSAE 16 for Transportation & Logistics Companies Chris Kradjan Kim Koch 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind,
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationEffectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationCloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu
Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the
More informationCloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges
More informationCloud Computing. What we should be auditing
Cloud Computing What we should be auditing What is cloud computing? Model Description What it does Examples SAAS Software as a service Applications often available through a browser Workday, Salesforce.com
More informationKeeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?
Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationCloud Computing: Compliance and Client Expectations
Cloud Computing: Compliance and Client Expectations February 15, 2012 MOSS ADAMS LLP 1 TODAY S PRESENTERS Moderator Kevin Villanueva, CPA, CISA, CISM, CITP, CRISC Sr. Manager, Infrastructure and Security
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationCloud Computing and Disaster Recovery
Understanding the Cloud Environment Cloud Environment = Internet-based data access & exchange + Internet-based access to low cost computing & applications Cloud Computing and Disaster Recovery April 2013
More informationNCTA Cloud Architecture
NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationHow To Understand Cloud Computing
Cloud Computing Information Security and Privacy Considerations April 2014 All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 1 Crown copyright. This copyright
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationyvette@yvetteagostini.it yvette@yvetteagostini.it
1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work
More informationThe Elephant in the Room: What s the Buzz Around Cloud Computing?
The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationClinical Trials in the Cloud: A New Paradigm?
Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand
More informationDaren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD
Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationCloud IT, Privacy, and Security. June 13, 2013
Cloud IT, Privacy, and Security June 13, 2013 Chris Kradjan, CPA, CITP, CRISC Chris Kradjan is the National Leader for IT Consulting and the SSAE 16 Practice of Moss Adams. With more than 16 years of experience,
More informationInformation Security: Cloud Computing
Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationCloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012
Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner 23 February 2012 Foreword Cloud Security Alliance New Zealand Chapter is grateful to Privacy Commissioner for giving an opportunity
More informationHow To Operate In Cloud
Cloud Computing Discussion K P M G L L P 2/12/2012 1 Presenters 2 Presenter Information RICHARD ARCHER Rich is a partner in KPMG s Advisory Services Practice based in Pittsburgh. Rich has assisted clients
More informationAuditing Software as a Service (SaaS): Balancing Security with Performance
Auditing Software as a Service (SaaS): Balancing Security with Performance Goals for Today Defining SaaS (Software as a Service) and its importance Identify your company's process for managing SaaS solutions
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationPCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:
PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationVormetric Data Security Securing and Controlling Data in the Cloud
Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric, Inc. Tel: 888.267.3732 Email: sales@vormetric.com www.vormetric.com Table of Contents Executive Summary.........................................................3
More informationBUSINESS MANAGEMENT SUPPORT
BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationBuying Everything as a Service
Buying Everything as a Service Pierre Mitchell Chief Research Officer Spend Matters Mark Trowbridge, CPSM, C.P.M., MCIPS Principal Strategic Procurement Solutions LLC June, 2015 Session Objectives Review
More informationOutline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages
Ivan Zapevalov 2 Outline What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages 3 What is cloud computing? 4 What is cloud computing? Cloud computing is the
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationPrivate & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012
Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCLOUD COMPUTING DEMYSTIFIED
CLOUD COMPUTING DEMYSTIFIED Definitions you ve been pretending to understand JACK DANIEL, CCSK, CISSP, MVP ENTERPRISE SECURITY Definitions Words have meaning, professionals need to understand them. We
More informationCloud Computing Security Issues
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,
More informationKent State University s Cloud Strategy
Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationHans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
More informationCloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com
Cloud Security & Risk Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com Agenda About Compass Overcast - Cloud Overview Thunderheads - Risks in the Cloud The Silver Lining - Security Approaches
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationWelcome & Introductions
Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.
More informationThe NREN s core activities are in providing network and associated services to its user community that usually comprises:
3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationIntermedia s Dedicated Exchange
Intermedia s Dedicated Exchange This is a practical guide to implementing Intermedia s Dedicated Hosted Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationCloud Computing An Internal Audit Perspective. Heather Paquette, Partner Tom Humbert, Manager
Cloud Computing An Internal Audit Perspective Heather Paquette, Partner Tom Humbert, Manager March10 2011 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationTrust but Verify. Vincent Campitelli. VP IT Risk Management
Trust but Verify Vincent Campitelli VP IT Risk Management McKesson Corporation Trust but Verify Cloud Security 3 Agenda Cloud Defined Cloud Opportunities Cloud Challenges What s Different? How to Verify
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs
ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs The security challenges cloud computing presents are formidable, including those
More informationOn Premise Vs Cloud: Selection Approach & Implementation Strategies
On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile
More informationRunning head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1
Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:
More informationA Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey
A Comparison of IT Governance & Control Frameworks in Cloud Computing Jack D. Becker ITDS Department, UNT & Elana Bailey ITDS Department, UNT MS in IS AMCIS 2014 August, 2014 Savannah, GA Presentation
More informationIdentity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015
Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationAuditing Cloud Computing and Outsourced Operations
Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, 2012 3:30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls
More informationProtecting your brand in the cloud Transparency and trust through enhanced reporting
Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationTop 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
More informationCOMMUNICATIONS ALLIANCE LTD
COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE
More informationUTH~ihltli. December 11, 2014. Report on Institutional Use of Cloud Computing #14-204
-- UTH~ihltli The University of Texas Health Science Center at Houston Office of Auditing & Advisory Services December 11, 2014 Report on Institutional Use of Cloud Computing #14-204 We have completed
More informationSecurity in the Cloud
Security in the Cloud Visibility & Control of your Cloud Service Provider Murray Goldschmidt, Pierre Tagle, Ph.D. April 2012 Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney
More informationVMware vcloud Powered Services
SOLUTION OVERVIEW VMware vcloud Powered Services VMware-Compatible Clouds for a Broad Array of Business Needs Caught between shrinking resources and growing business needs, organizations are looking to
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationWrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors
1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance
More informationAdopting Cloud Apps? Ensuring Data Privacy & Compliance. Varun Badhwar Vice President of Product Strategy CipherCloud
Adopting Cloud Apps? Ensuring Data Privacy & Compliance Varun Badhwar Vice President of Product Strategy CipherCloud Agenda Cloud Adoption & Migration Challenges Introduction to Cloud Computing Cloud Security
More informationSECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com
SECURING HEALTH INFORMATION IN THE CLOUD Feisal Nanji, Executive Director, Techumen feisal@techumen.com Conflict of Interest Disclosure Feisal Nanji, MPP, CISSP Has no real or apparent conflicts of interest
More informationCan SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations
Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationUnderstanding ISO 27018 and Preparing for the Modern Era of Cloud Security
Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Presented by Microsoft and Foley Hoag LLP s Privacy and Data Security Practice Group May 14, 2015 Proposal or event name (optional)
More informationCloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More information10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015
10 Considerations for a Cloud Procurement Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015 www.lbmctech.com info@lbmctech.com Purpose: Cloud computing provides public sector organizations
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More informationControls over CIS. Ryan O Halloran, Senior Manager KPMG Hobart. TAO Client Information Session. May 2015
Controls over CIS Ryan O Halloran, Senior Manager KPMG Hobart TAO Client Information Session May 2015 Agenda The KPMG presenters information: Ryan O Halloran Advisory Senior Manager, Hobart Tel: (03) 6230
More information