BECOME A SMARTER CLOUD CONSUMER
|
|
- Amanda Bryan
- 8 years ago
- Views:
Transcription
1 Kurt Hagerman Chief Information Security Officer BECOME A SMARTER CLOUD CONSUMER Ripping through the Rhetoric to Find Your Cloud & Control Your Risk 05/18/2015
2 ABOUT KURT HAGERMAN Kurt Hagerman Chief Information Security Officer Expert in attaining and maintaining compliance standards, including PCI, HIPAA, ISO 27001, among others. Has conducted hundreds of security reviews and audits across a number of industries including the payment space, healthcare, financial services and higher education. Industry Leadership Cloud Security Alliance SME Council ISACA CSA ISSA
3 So, you ve decided to explore the cloud for your PHI but are worried about HIPAA compliance.
4 Have you done your research and come away confused about how various cloud vendors communicate about HIPAA compliance? It s understandable given what they are saying.
5 Here s What They re Saying HITRUST 2015: Become a Smarter Cloud Consumer
6 Are you Confused? Frustrated? I know I am. SECURITY Outrageous statements being made They sound good but ring hollow What do they actually mean to you, the cloud consumer, and how will your vendor s stance affect your compliance?
7 SNAKE OIL, ANYONE? Vendors trivialize HIPAA compliance Vendors over simplify the requirements to sell their services as a silver bullet HIPAA is risk-based for a reason
8 CONSIDER THE CLOUD MODELS Your responsibilities, and those of your cloud vendor, vary based on the model used by the vendor. Security~You ROLE CLARITY SaaS Software as a Service Security~Them IaaS Infrastructure as a Service PaaS Platform as a Service Software as a Service Platform as a Service Infrastructure as a Service Platform as a Service Infrastructure as a Service Infrastructure as a Service
9 INFRASTRUCTURE AS A SERVICE (IAAS) Providers: AWS, Azure, Rackspace, SoftLayer, etc. Typically only provide security for the underlying infrastructure Any compliance attestations only apply to underlying infrastructure with no leverage available to customers Vendors forced into signing BAAs, but theirs are typically weak based on the lack of security provided to the customer Customer owns nearly 100 percent of the compliance responsibility IaaS Infrastructure as a Service Infrastructure as a Service
10 PLATFORM AS A SERVICE (PAAS) Providers: AWS (Elastic Beanstalk), Salesforce (Force.com), IBM SmartCloud, CloudFoundry, HP Helion, etc. Provide development tools and other building blocks for applications and secure these services Compliance attestations apply to the service with limited leverage available to customers PaaS Platform as a Service Will sign BAAs, but typically provide little liability protection based on limited security provided to the customer Customer owns a majority of the compliance responsibility Infrastructure as a Service Platform as a Service
11 SOFTWARE AS A SERVICE (SAAS) Providers: Salesforce, Box, Epic, Allscripts, Athena, etc. Own the entire stack up through the application SaaS Software as a Service Any compliance attestations apply to the entire service with significant available to customers BAAs are typically stronger based on security provided to customer data and contain reasonable liability language Customer owns very little of the compliance responsibility (at least for the HIPAA security rule) Infrastructure as a Service Platform as a Service Software as a Service
12 THE MODELS COMPARED IaaS and PaaS are fairly close in terms of the split of responsibility between customer and vendor (PaaS more difficult to parse) Significant shift from PaaS to SaaS in terms of vendor responsibility Risk to your organization increases from IaaS to SaaS
13 IT S NOT WHAT THEY SAY. IT S WHAT THEY DO Do you know what your vendor is really doing for you? Do they provide information on the specific security controls that are included with their service? Have they mapped their services and security controls to the HIPAA/HITECH requirements? Does your vendor use third parties to provide services to you? Have they (and their third parties) been independently assessed? Do you know who to call when something goes wrong? What about the privacy and breach rule? How do I manage a compliance program with multiple vendors all providing my cloud services?
14 SIX COMPLIANCE CHALLENGES 1 Identifying the division of responsibility between you and your cloud vendor 2 Ensuring the services your vendor is providing are properly mapped to your risk assessment 3 4 Getting the evidence you need for your audit Obtaining objective attestation documentation from the vendor for the controls they have full or partial responsibility for 5 6 Monitoring ongoing compliance of your vendors Receiving support from vendor during a breach event
15 BE A SMARTER CLOUD CONSUMER CAVEAT EMPTOR You need to deal with vendors who will be transparent about what they do and how it assists you in mitigating risk and addressing compliance requirements.
16 BE A SMARTER CLOUD CONSUMER CAVEAT EMPTOR Your Vendor Should: Provide a clear, concise explanation of the specific security controls they include in their service and how these directly assist you in meeting your compliance obligations Articulate the boundaries between their responsibility and yours Provide documentation that backs up assertions about being HIPAA Compliant, including independent audit reports that clearly state: - the scope of the assessment - the control framework used - how compliance can be leveraged by you
17 WHAT ABOUT BUSINESS ASSOCIATE AGREEMENTS? Many vendors say they are business associate-friendly and that they will sign a BAA. Does their BAA include language that clearly states what services they are providing and what responsibility they are taking for security incidents? Do they suggest this language when reviewing yours?
18 Thank You Questions? Kurt Hagerman Phone
PHI and the Cloud: Caveat Emptor. Kurt Hagerman Chief Information Security Officer
PHI and the Cloud: Caveat Emptor Kurt Hagerman Chief Information Security Officer HITRUST 2014 24 April, 2014 Cloud Peace of Mind What did you consider when looking to leverage the cloud for PHI? Security
More informationHans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationHIPAA and HITRUST - FAQ
A COALFIRE WHITE PAPER HIPAA and HITRUST - FAQ by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead Coalfire February 2013 Introduction Organizations are
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationPCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:
PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On
More informationGRC Stack Research Sponsorship
GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary
More informationCloud Computing Flying High (or not) Ben Roper IT Director City of College Station
Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationHIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com
HIPAA and HITECH Compliance Simplification Sol Cates CSO @solcates scates@vormetric.com Quick Agenda Why comply? What does Compliance look like? New Cares vs Rental Cars vs Custom Cars Vormetric Q&A Slide
More informationCompliance and the Cloud: What You Can and What You Can t Outsource
Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick
More informationSecurity Considerations for the Cloud
June 6, 2012 Security Considerations for the Cloud Presented by: Mac McMillan CEO CynergisTek, Inc. Chair, HIMSS Privacy & Security Policy Task Force 1 2012 NIST/OCR Conference Agenda Threat Implications
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationDaren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD
Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National
More informationCloud Platforms Today: The Big Picture
Cloud Platforms Today: The Big Picture David Chappell Chappell & Associates www.davidchappell.com Mobile Workforce Big Data Cloud Computing Social Enterprise Privacy and Security The traditional world
More informationDigital Healthcare: Author. A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider. Alex Ginzburg
: A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider Author Alex Ginzburg VP of Technology, Intervention Insights, Inc. Kanda Software 200 Wells Ave, Newton, MA 02459 617-340-3850 Over
More informationAzure and Its Competitors
Azure and Its Competitors The Big Picture @DChappellAssoc Copyright 2014 Chappell & Associates The Three Most Important IT Events In the last decade Salesforce.com IPO, 2004 Showed that Software as a Service
More informationCustomer Success Story. Central Logic. Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance.
Customer Success Story Central Logic Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance. Page 2 of 6 Central Logic Comprehensive SRA helps healthcare
More informationCase Studies: Protecting Sensitive Data in
Case Studies: Protecting Sensitive Data in C.J. Radford Vice President, Cloud September 18, 2014 Contact: @cjrad; cradford@vormetric.com Agenda Data Security Challenges Top Considerations for Data Centric
More informationPractical Advice for Cloud Data Protection
Practical Advice for Cloud Data Protection Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com Ulf Mattsson, Protegrity CTO Cloud Security Alliance (CSA) PCI Security Standards Council Cloud & Virtualization
More informationCloud Data Security. Sol Cates CSO @solcates scates@vormetric.com
Cloud Data Security Sol Cates CSO @solcates scates@vormetric.com Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationLocking Down the Cloud for Healthcare. Kurt Hagerman Chief Information Security Officer
Locking Down the Cloud for Healthcare Kurt Hagerman Chief Information Security Officer SECURITY TRENDS Healthcare businesses are fighting REAL threats Threats are growing over time by percent of breaches
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationIBM Impact 2012 Conference. Don t Underestimate Monitoring in the Cloud! Rodney Morrison VP Products SL Corporation
IBM Impact 2012 Conference Don t Underestimate Monitoring in the Cloud! Rodney Morrison VP Products SL Corporation Session Id: 2974a Topics Cloud Definition Cloud Deployment Models Monitoring options for
More informationSecure Your Cloud and Outsourced Business with Privileged Identity Management
Secure Your Cloud and Outsourced Business with Privileged Identity Management Table of Contents Executive Summary... 3 Understanding Privilege... 3 Do All Service Providers Get It?... 5 Managing Privilege
More informationSUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR
SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our
More informationThe silver lining: Getting value and mitigating risk in cloud computing
The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations
More information7 INSIGHTS FROM OUR 2014 CLOUD ADOPTION SURVEY
1 7 INSIGHTS FROM OUR 2014 CLOUD ADOPTION SURVEY THE NEW INDUSTRY PULSE ON CLOUD MIGRATION We asked nearly 200 IT professionals in industries ranging from healthcare and government to finance and media/
More informationCloud Security Certification
Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible
More informationOpen Certification Framework. Vision Statement
Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption
More informationCloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing
Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for
More informationData, Data, Who Has The Data?
Data, Data, Who Has The Data? 13 February 2015 Mari Heiser IBM STSM (Senior Technical Staff Member) Master Certified Architect IBM Cloud Security and Compliance Twitter: @MariHeiser What is Cloud? The
More informationSOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS
SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or
More informationHealthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework
Cloud 101 General Overview of Cloud Services January 21, 2015 Agenda Healthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework 2. 2014
More informationHow To Be A Successful Compliance Officer
: A Pragmatic Approach to SOC2 and PCI compliance The Cadence Group is a professional services firm specializing in financial and IT compliance and risk management services. Our value proposition includes:
More informationIPFW Innovate Cloud Service Task Force
Research Objective: IPFW Innovate Cloud Service Task Force (Research Findings) Richard & Andrew 1) Identify possible IT services that have the potential to move to the cloud. 2) Gather and compile the
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationCode in the cloud for the cloud jfokus.mybluemix.net
Code in the cloud for the cloud jfokus.mybluemix.net Lauren Schaefer @Lauren_Schaefer #jfokus #Code4TheCloud Code in the cloud for the cloud jfokus.mybluemix.net Lauren Schaefer @Lauren_Schaefer #jfokus
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationWhy HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW
Why HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW By Mike McAlpen, 8x8 Executive Director of Privacy, Security and Compliance The Champion For Business
More informationPlatforms in the Cloud
Platforms in the Cloud Where Will Your Next Application Run? Jazoon, Zurich June 2011 Copyright 2011 Chappell & Associates An Organization without Cloud Computing Users A A A VM VM VM A A A Application
More informationSOLUTION WHITE PAPER. IT Business Management and Compliance Ensuring Cloud Governance
SOLUTION WHITE PAPER IT Business Management and Compliance Ensuring Cloud Governance Contents EXECUTIVE SUMMARY 1 THE ROLE OF GOVERNANCE AND COMPLIANCE IN THE CLOUD 2 IT PROCESS INTEGRATION 2 CONTINOUS
More informationHealthcare Data in the Cloud A Gathering Storm of Governance. Erik Pupo Senior Manager, Deloitte
Healthcare Data in the Cloud A Gathering Storm of Governance Erik Pupo Senior Manager, Deloitte Objectives for this Webinar Explain what the healthcare cloud really means Highlight emerging challenges
More informationCloud and Regulations: A match made in heaven, or the worst blind date ever?
Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing
More informationSecurity & IT Governance: Strategies to Building a Sustainable Model for Your Organization
Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
More informationPRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY
PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY Shane Weeden IBM Session ID: CLD-W01 Session Classification: Advanced Agenda Cloud security
More informationTRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014
TRUSTED CLOUD Our commitment to provide a cloud you can trust Fernando Machado Píriz September 2014 Technology Trends Driving cloud adoption 71% of strategic buyers cite scalability, cost and business
More informationLeveraging the Cloud for Smarter Development On Oilfields; What Does that Entail? Kevin Wagner, Director - Energy
Leveraging the Cloud for Smarter Development On Oilfields; What Does that Entail? Kevin Wagner, Director - Energy Covisint Overview Cloud platform enabling organizations with complex business relationships
More informationWrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors
1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance
More informationSECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com
SECURING HEALTH INFORMATION IN THE CLOUD Feisal Nanji, Executive Director, Techumen feisal@techumen.com Conflict of Interest Disclosure Feisal Nanji, MPP, CISSP Has no real or apparent conflicts of interest
More informationCloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology
Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing Co-Chair, Cloud Security WG Co-Chair, Cloud Forensics Science WG Cloudy with Showers of Business Opportunities and a Good Chance of
More informationCloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015
Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix
More informationCloud Service Rollout. Chapter 9
Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and
More informationSecure Cloud Hosting for Healthcare Organizations
Secure Cloud Hosting for Healthcare Organizations OUR MISSION FIREHOST MISSION Our core is an unshakable, no compromise commitment to protect our customer's digital assets with integrity and innovation
More informationHow Safe are you in your Cloud?
Nov Nov 4-5, 4-5, 2014 2014 Monarch Monarch Beach, Beach, CA CA How Safe are you in your Cloud? Security Intelligence and Regulatory Compliance in the Cloud November 2014 Heather Hinton, Ph.D. IBM Distinguished
More informationGlobal Healthcare Cloud Computing Market 2015-2019
Brochure More information from http://www.researchandmarkets.com/reports/3129428/ Global Healthcare Cloud Computing Market 2015-2019 Description: About Healthcare Cloud Computing Increased adoption of
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationLeveraging Technology New Horizons Computer Learning Center of Memphis
New Horizons Computer Learning Center of Memphis Presents Leveraging Technology Presenter: Charles B. Watkins, Sr. Technical Instructor New Horizons Computer Learning Center of Memphis About Me: Agenda:
More informationPlease Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box 80278 Portland, OR 97280 503-384-2538 877-376-1981 503-384-2539 Fax
Please Read This business associate audit questionnaire is part of Apgar & Associates, LLC s healthcare compliance resources, Copyright 2014. This questionnaire should be viewed as a tool to aid in evaluating
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationObtaining CSF Certification Lessons Learned and Why Do It
Obtaining CSF Certification Lessons Learned and Why Do It Aaron Miri, Chief Technology Officer, Children s medical Center of Dallas Ryan Sawyer, Director, Technology Risk and Identity Governance, WellPoint
More informationProtecting Data and Privacy in the Cloud
Protecting Data and Privacy in the Cloud Contents 1 3 6 9 12 13 Protecting Data and Privacy in the Cloud an Introduction Building Services to Protect Data Protecting Data in Service Operations Empowering
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationSECURETexas Health Information Privacy & Security Certification Program FAQs
What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare
More informationCloud Hosting. QCLUG presentation - Aaron Johnson. Amazon AWS Heroku OpenShift
Cloud Hosting QCLUG presentation - Aaron Johnson Amazon AWS Heroku OpenShift What is Cloud Hosting? According to the Wikipedia - 2/13 Cloud computing, or in simpler shorthand just "the cloud", focuses
More information5/29/2015. Auditing IT Contracts From Afar. Disclaimer. Agenda
Auditing IT Contracts From Afar Ensuring Compliance Michael Carr, JD, CISSP, CIPP Director, Enterprise IT Architecture & Chief Information Security Officer University of Kentucky June 2015 Disclaimer The
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationFollow the Money How Cloud Providers' Business Needs Drive Enterprise Identity & Security
Follow the Money How Cloud Providers' Business Needs Drive Enterprise Identity & Security Kuppinger Cole + Partner European Identity Conference 2010 Dale Olds, Distinguished Engineer, Cloud Security Services
More informationISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com Analogous
More informationCOMMUNICATIONS ALLIANCE LTD
COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationCMIS as the basis for ECM services in the cloud
Bled, 25th October 2012 CLASS Conference 2012 CMIS as the basis for ECM services in the cloud Renato Rjavec INFOTEHNA Group LLC Agenda About INFOTEHNA Group Enterprise Content Management (ECM) Content
More informationCloud Computing Technology
Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures
More informationCloud Services for DevOps: Next-gen PaaS Through MBaaS
Cloud Services for DevOps: Next-gen PaaS Through MBaaS September 2013 Presented by: Brad Shimmin Research Director, Business Technology and Software bshimmin@currentanalysis.com Charlotte Dunlap Sr. Analyst,
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationData Privacy, Security, and Risk Management in the Cloud
Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,
More informationData Privacy and Security for Market Research in the Cloud
Data Privacy and Security for Market Research in the Cloud Peter Milla IIeX2015 NA Agenda Page 2 1. Background 2. Why the Cloud? 3. Data Privacy and Data Security in the Cloud 4. How do We Deal with It?
More informationCloud Computing Risk and Rewards
Cloud Computing Risk and Rewards John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society Convergence 2013 May 8, 2013 John
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationCloud Computing. Chapter 1 Introducing Cloud Computing
Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationIIA Conference. September 18, 2015. Paige Needling Director, Global Information Security Recall, Inc.
IIA Conference September 18, 2015 Paige Needling Director, Global Information Security Recall, Inc. IT SECURITY UMBRELLA Compliance for IT Data Privacy Protection Privacy Risk Assessment Vulnerability
More informationHow To Get A Cloud Security System To Work For You
Trust in the Cloud Ovidiu Pismac MCSE Security, CISSP, MCSE Private Cloud / Server & Desktop infrastructure, MCTS Forefront Microsoft Romania ovidiup@microsoft.com Technology trends: driving cloud adoption
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationCloud Computing Security Issues
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,
More informationHybrid (Cloud) Computing
Pramak 1 Overview Hybrid (Cloud) Computing Hybrid computing is the use different models of computing to achieve one s end goals. These models of computing might work together in a single workflow or individually
More informationTop 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World
Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society
More informationAalborg Universitet. Cloud Governance Berthing, Hans Henrik Aabenhus. Publication date: 2013. Document Version Preprint (usually an early version)
Aalborg Universitet Cloud Governance Berthing, Hans Henrik Aabenhus Publication date: 2013 Document Version Preprint (usually an early version) Link to publication from Aalborg University Citation for
More informationThe Myths and Magic of Cloud Computing and How it is Revolutionizing the World
The Myths and Magic of Cloud Computing and How it is Revolutionizing the World Jay Roy Chief Executive Officer Practical Intelligence for Ensuring Profitability IMA DFW - Fall 2011 Dallas, TX Cloud Computing
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationHIPAA Changes 2013. Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13
HIPAA Changes 2013 Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13 BEI Who We Are DC Metro IT Service Provider since 1987 Network Design/Upgrade Installation/Managed IT Services for small to medium-sized
More informationLicensing Guide for Partners. Leveraging Data Center Providers and Software Services Resellers
Licensing Guide for Partners Leveraging Data Center Providers and Software Services Resellers LEVERAGING DATA CENTER PROVIDERS AND SOFTWARE SERVICES RESELLERS: LICENSING GUIDE Table of Contents Introduction...
More informationCloud Computing. Technologies and Types
Cloud Computing Cloud Computing Technologies and Types Dell Zhang Birkbeck, University of London 2015/16 The Technological Underpinnings of Cloud Computing Data centres Virtualisation RESTful APIs Cloud
More information