Cloud Computing in a Regulated Environment

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cloud Computing in a Regulated Environment"

Transcription

1 Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2 0BS Phone: +44 (0) Fax: +44 (0) Mobile: +44 (0) Registered in England and Wales as Computer Task Group (UK) Limited Registered Address: 11 Beacontree Plaza, Gillette Way, Reading, Berkshire RG2 0BS Registration No:

2 As enterprises look for innovative ways to save money and increase the trust and value in their information systems, cloud computing has emerged as a potential panacea for meeting computing needs, achieving both cost savings and accomplishing business objectives. However, as cloud computing continues to grow in importance and gradually evolve, we must understand how best to handle this new era of computing and how to control it in a compliant manner, both from a business perspective, but also in terms of compliance and security. In order to understand better what Computing is, we should firstly look at its definition: computing itself can almost be categorised as a utility, where users pay for the service for as long as needed. computing can be defined as: A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. U.S. National Institute of Standards and Technology (NIST) computing itself can almost be categorised as a utility, where users pay for the service for as long as needed. This model has been adopted by the cloud service providers, and as a result, cloud users pay by CPU cycles measured and by the amount of storage required over time, thus providing major cost savings, in the enterprise. However, in order to better manage the cloud, we must understand how it is constructed. In a nutshell, the cloud is made up of five basic characteristics, offering three service models, and is available in four distinct deployment models. These are illustrated below: Inside the Deployment Models Characteristics On Demand Resource Pooling Measured Service Broad Network Access Rapid Elasticity Service Models Software as a Service Platform as a Service Infrastructure as a Service Private Community Public Hybrid Following is a more detailed discussion of the above diagram: Characteristics On-demand self service Broad network access Resource pooling Rapid elasticity Measured service 2

3 Service Models The cloud has much to offer to entice prospective clients. However, we must be cognisant that there will be a corresponding increase in compliance and security risk, depending on the cloud service and deployment model selected. Infrastructure as-a-service (IaaS) In the most basic cloud service model, cloud providers offer computers as physical or more often as virtual machines and networks. IaaS providers supply these resources on demand from their large pools installed in data centres, with local area networks as part of the offer. For the wide area connectivity, the Internet can be used or, in carrier clouds, dedicated virtual private networks can be configured. To deploy their applications, cloud users then install operating system images on the machines, as well as their application software. In this model, it is the cloud user who is responsible for patching and maintaining the operating systems and application software. ( providers typically bill IaaS services on a utility computing basis, that is, cost will reflect the amount of resources allocated and consumed.) Platform-as-a-Service (PaaS) In the PaaS model, cloud providers deliver a computing platform and/or solution stack typically including operating system, programming language execution environment, database, and web server. Application developers can develop and run their software solutions on a cloud platform without the cost and complexity of buying and managing the underlying hardware and software layers. Software-as-a-Service (SaaS) In this model, cloud providers install and operate application software in the cloud and cloud users access the software from cloud clients. The cloud users do not manage the cloud infrastructure and platform on which the application is running. This aspect eliminates the need to install and run the application on the cloud user s own computers simplifying maintenance and support. What makes a cloud application different from other applications is its elasticity. This can be achieved by cloning tasks onto multiple virtual machines at run-time to meet the changing work demand. Load balancers distribute the work over the set of virtual machines. This process is transparent to the cloud user who sees only a single access point. To accommodate a large number of cloud users, cloud applications can be multitenant, that is, any machine serves more than one cloud user organisation. These Service Models are presented in four Deployment Models: Public Applications, storage, and other resources are made available to the general public by a service provider. Public cloud services may be free or offered on a pay-per-usage model. There are limited service providers who own all of the infrastructure at their data centre and the only access will be through the internet. No direct connectivity is proposed in public cloud architecture Community Community cloud shares infrastructure between several organisations from a specific community with common concerns (security, compliance, etc.), whether managed internally or by a third-party and hosted internally or externally. Hybrid Hybrid cloud is a composition of two or more clouds (private, community or public) that remain unique entities but are bound together, offering the benefits of multiple deployment models. Private Private cloud is infrastructure operated solely for a single organisation, whether managed internally or by a third-party and hosted internally or externally. As shown in the following illustration, it is apparent that the cloud has much to offer to entice prospective clients. However, we must be cognisant that there will be a corresponding increase in compliance and security risk, depending on the cloud service and deployment model selected. 3

4 Compliance Cube These risks can be described as: When contemplating transferring critical organisational data to the cloud computing platform, it is important to understand who and where all of the companies are that may touch the enterprise data. This includes not only the CSP, but all vendors that are in the critical path of the CSP. Data location Regardless of the deployment model selected, customers may not know the physical location of the server used to store and process their data and applications. The data may reside anywhere. Co-mingled data Many clients will use the same application on the same server concurrently, which may result in the clients data being stored in the same data files. security policy/procedure transparency Some Service Providers (CSPs) may have less transparency than others when it comes to their current information security policies. data ownership The CSP may believe they own the data placed in the cloud computing environment that it maintains, and may also require significant service fees for data to be returned to clients if and when a cloud computing services agreement terminates. CSP business viability As cloud computing continues to mature, there will be CSPs going out of business. Clients need to consider the risk and how data and applications can be easily transferred back to the traditional enterprise or to another CSP. Record protection for audits Clients must also consider the availability of data and records if required for audits. Since data may have been co-mingled and migrated among multiple servers located widely apart, it may be possible that the data for a specific point in time cannot be identified. Identity and access management (IAM) Current CSPs may not develop and implement adequate user access privilege controls. Penetration detection Consideration should be given to whether the CSP has a penetration detection system in use. If such a system is in use, it is important to ensure that it has the required sophistication to monitor all cloud computing activities adequately. Public cloud server owners due diligence When contemplating transferring critical organisational data to the cloud computing platform, it is important to understand who and where all of the companies are that may touch the enterprise data. This includes not only the CSP, but all vendors that are in the critical path of the CSP. Data erasure for current SaaS or PaaS applications When an application and data are transferred from one server to another, the earlier application and data files may remain and may not be erased. Their space on the original hard drives is now available for overwrites. The original data files may still be available for copying up to the third rewrite of the original disk space. 4

5 Disaster recovery In traditional hosting or co-location sites, customers know exactly where their data is in the event that they need to quickly retrieve them, this is not necessarily the case in the cloud. We consider the three critical steps to take in evaluating the as a platform in a highlyregulated industry like pharmaceuticals. In order to address these issues, an understanding of the regulators viewpoint is required We must therefore consider a quote from Robert Tollefsen of the FDA, who said: regulators are interested in the following when they discover that IT is outsourced : Risks are clearly identified and mitigated Data integrity is assured Data backup/recovery is in place and tested Cybersecurity exists for networked systems Contracts exist between clients and providers The provider has a quality system The provider and client have SOPs Validation, change control, training etc An audit of the provider has been carried out by the client In order to comply with these requirements and address the issues above in a higly regulated industry like pharmaceuticals, we need to have a coherent cloud assessment strategy and an ongoing cloud management framework. This can best be achieved by applying the following three steps: Step 1 Due Diligence Step 1 Due Diligence In this step, we need to initially look at the cloud provider s Ongoing background, length of time in service, Step and general Provider approach to security Step and data etc. This can best be achieved by following 2 Risk the process flow, outlined in the diagram 3 Compliance below: Assessment Framework Figure 1 Due Diligence Workflow Provider Track Record How long has the provider been supplying IT services? New to market Long standing provision Is the provider aware of the life sciences environment? Has the provider worked in the life sciences industry previously? Have they worked in both European and U.S. arena s? Has the provider filled in the Security Alliance questionnaire? Does the provider have ISO certification? Is the provider aware of Security Alliance? Have they checked themselves against the questions in the Consensus Assessment Initiative questionnaire? Has the provider taken the time to ensure that their security initiatives and processes are of a recognised standard? Does the provider use a framework to manage their processes, COBIT, ITIL, etc.? Has the provider taken the time to ensure that their processes followed a proven methodology? Audit Provider OK? Risk Assess Capability Audit the provider, using a tool designed for regulatory outsourcing GAMP 5, and for the, i.e., The DSA Controls Matrix. Consider another provider If the audit of the provider is not acceptable, we may need to look for another provider. 5

6 Step 2 Risk Assessment ce Step 2 Provider Risk Assessment Once we have Ongoing gone through the initial Due Diligence, we are faced with a provider that Step appears to comply with the necessary requirements, and is aware of the intricacies 3 of working Compliance in the pharmaceutical arena. We can then move forward and perform a risk assessment, Framework in order to mitigate the issues/risks that we have previously identified. If we apply a risk management process similar to that of GAMP 5, we can address the risks in the following manner: We can now move forward, putting our present cloud scenario into these 5 process blocks: A supplier of cloud services may create competitive advantage in a regulatory compliant industry, if they adopted these compliance approaches and demands, in the set-up of their facilities and services. Stage 1 Initial risk assessment and system impact What are the regulatory/business/security risks if data security or data retrieval is compromised? Stage 2 Identification of the functions which may impact on patient safety, product quality and data integrity What could go wrong (Who controls what, is our data safe)? Where is our data? Who controls the data? Who can access our data? Can we retrieve our data? Stage 3 Perform a functional risk assessment and identify controls What controls does the provider have in place? Are they adequate? Will they put additional controls in place? What controls do we put in place? Stage 4 Implement and verify appropriate controls Implement the control measures from the previous step Are they adequate? Are they acceptable to the business? Stage 5 Review risks and monitor controls Carry out a periodic assessment to ensure controls are still valid and appropriate 6

7 Step 3 Ongoing Compliance Framework t Step 3 Ongoing Compliance Framework The strategy above should be carried out with the involvement of all relevant stakeholders within the business, and should be led by someone with knowledge of both the cloud and regulatory expectations. Once the service has been implemented, we need to ensure that business as usual processes are robust and reporting is adequate, as we may be operating in a scenario where the responsibility and control of the IT processes is in the hands of a third party. Therefore it is imperative to have a coherent and robust framework in place that provides processes within the regulated business aligned to that of the service providers, e.g., change control, configuration management, validation and qualification, etc. David Stephenson is a highly experienced Computer Systems Validation Consultant, with detailed knowledge of Computer System Validation and particular expertise in IT Infrastructure. He was a member of the GAMP Special Interest Group that was responsible for authoring the Good Practice Guide for Infrastructure Compliance. David is presently the Regulatory Compliance Subject Matter Expert for CTG. Currently in his role, David is looking into cloud solutions and the synergy between data management/protection standards and the requirements of the regulated industries For more information, contact: David Stephenson at Mob Regular monitoring of the service should be set up, with a focus on the quality of the service and adherence to procedure/process. This monitoring should be backed up by a set of robust operational or service level agreements, with roles and responsibilities, expectations and penalties singled out and understood. This then provides us with a model for ongoing compliance of our cloud service provision, including monitoring and feedback, but we must also be prepared to rescind our agreement, if the cloud service does not meet agreement, or proves to be too costly. We therefore need to be aware of: Contractual penalties Management of the cloud provider during the withdrawal period Return of data and deletion within the cloud How the service required will be managed in-house, or once more outsourced to another provider. Conclusion From the above methodology, it can be seen that selection, control and management of cloud provision, can be brought into a compliant state, as long as we follow a defined framework or lifecycle. The onus is on the company who is contemplating using cloud services to carry out the due diligence required, to assess the risk and potential impact of using the service (in terms of regulatory, security and business risk), and finally to set up a mutually managed interface with the supplier. The relationship should be backed up by clearly defined contractual clauses to support the relationship that can then be used to ensure service performance and compliance with regulatory requirements. An important closing thought: A supplier of cloud services may create competitive advantage in a regulatory compliant industry, if they adopted these compliance approaches and demands, in the set-up of their facilities and services. 7

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,

More information

Validating Enterprise Systems: A Practical Guide

Validating Enterprise Systems: A Practical Guide Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Leveraging the Private Cloud for Competitive Advantage

Leveraging the Private Cloud for Competitive Advantage Leveraging the Private Cloud for Competitive Advantage Introduction While it is universally accepted that organisations will leverage cloud solutions to service their IT needs, there is a lack of clarity

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014 Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is

More information

Technology & Business Overview of Cloud Computing

Technology & Business Overview of Cloud Computing Your Place or Mine? In-House e-discovery Platform vs. Software as a Service Technology & Business Overview of Cloud Computing Janine Anthony Bowen, Esq. Jack Attorneys & Advisors www.jack-law.com Atlanta,

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

GETTING THE MOST FROM THE CLOUD. A White Paper presented by GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Infopaper. Demystifying Platform as a Service

Infopaper. Demystifying Platform as a Service Demystifying Platform as a Service The dividing lines between PaaS and IaaS may be blurring, but it s important for outsourcers of IT infrastructure to understand what sets Private PaaS apart from commodity

More information

CSO Cloud Computing Study. January 2012

CSO Cloud Computing Study. January 2012 CSO Cloud Computing Study January 2012 Purpose and Methodology Survey Sample Survey Method Fielded Dec 20, 2011-Jan 8, 2012 Total Respondents Margin of Error +/- 7.3% Audience Base Survey Goal 178 security

More information

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes Cloud Computing Supplementary slides Course: Designing and Implementing Service Oriented Business Processes 1 Introduction Cloud computing represents a new way, in some cases a more cost effective way,

More information

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro Cloud definitions you've been pretending to understand Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro You keep using that word cloud. I do not think it means what you think it

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

Ensuring security the last barrier to Cloud adoption

Ensuring security the last barrier to Cloud adoption Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It

More information

The Need for Service Catalog Design in Cloud Services Development

The Need for Service Catalog Design in Cloud Services Development The Need for Service Catalog Design in Cloud Services Development The purpose of this document: Provide an overview of the cloud service catalog and show how the service catalog design is an fundamental

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

Cloud Computing. Bringing the Cloud into Focus

Cloud Computing. Bringing the Cloud into Focus Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice

More information

Introduction to Cloud Computing

Introduction to Cloud Computing 1 Introduction to Cloud Computing CERTIFICATION OBJECTIVES 1.01 Cloud Computing: Common Terms and Definitions 1.02 Cloud Computing and Virtualization 1.03 Early Examples of Cloud Computing 1.04 Cloud Computing

More information

CLOUD COMPUTING OVERVIEW

CLOUD COMPUTING OVERVIEW CLOUD COMPUTING OVERVIEW http://www.tutorialspoint.com/cloud_computing/cloud_computing_overview.htm Copyright tutorialspoint.com Cloud Computing provides us a means by which we can access the applications

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi

GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi Disclaimer The views and opinions expressed in the following

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

Commercial Software Licensing

Commercial Software Licensing Commercial Software Licensing CHAPTER 12: Prepared by DoD ESI January 2013 Chapter Overview Most software licenses today are either perpetual or subscription. Perpetual licenses involve software possession

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

WHITE PAPER. How to choose and implement your cloud strategy

WHITE PAPER. How to choose and implement your cloud strategy WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.

More information

Cloud Computing Risk and Rewards

Cloud Computing Risk and Rewards Cloud Computing Risk and Rewards John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society Convergence 2013 May 8, 2013 John

More information

Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity

Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity Reprinted from PHARMACEUTICAL ENGINEERING THE OFFICIAL TECHNICAL MAGAZINE OF ISPE JANUARY/FEBRUARY 2014, VOL 34, NO 1 Copyright ISPE 2014 www.pharmaceuticalengineering.org information systems in a GxP

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

Strategies for Secure Cloud Computing

Strategies for Secure Cloud Computing WHITE PAPER Cloud Basics Strategies for Secure Cloud Computing An Introduction to Exploring the Cloud There is a lot of buzz these days about cloud computing and how it s going to revolutionize the way

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

The Key Components of a Cloud-Based Unified Communications Offering

The Key Components of a Cloud-Based Unified Communications Offering The Key Components of a Cloud-Based Unified Communications Offering Organizations must enhance their communications and collaboration capabilities to remain competitive. Get up to speed with this tech

More information

Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare

Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare WHITEPAPER Executive Summary As healthcare organizations struggle with competing priorities such as HITECH/ARRA, Meaningful option

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

IS PRIVATE CLOUD A UNICORN?

IS PRIVATE CLOUD A UNICORN? IS PRIVATE CLOUD A UNICORN? With all of the discussion, adoption, and expansion of cloud offerings there is a constant debate that continues to rear its head: Public vs. Private or more bluntly Is there

More information

OVERVIEW Cloud Deployment Services

OVERVIEW Cloud Deployment Services OVERVIEW Cloud Deployment Services Audience This document is intended for those involved in planning, defining, designing, and providing cloud services to consumers. The intended audience includes the

More information

JISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction

JISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction JISC Technical Review of Using Cloud for Research Guidance Notes to Cloud Infrastructure Service Providers May, 2010 Introduction Provisioning and maintenance of research computing facilities is a core

More information

Cloud Computing in Banking

Cloud Computing in Banking Financial Services the way we see it Cloud Computing in Banking What banks need to know when considering a move to the cloud Contents 1 Overview 3 2 Why Cloud Computing for Banks? 4 2.1 Cost Savings and

More information

Fundamental Concepts and Models

Fundamental Concepts and Models Chapter 4: Fundamental Concepts and Models Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

20 th Year of Publication. A monthly publication from South Indian Bank. www.sib.co.in

20 th Year of Publication. A monthly publication from South Indian Bank. www.sib.co.in To kindle interest in economic affairs... To empower the student community... Open YAccess www.sib.co.in ho2099@sib.co.in A monthly publication from South Indian Bank 20 th Year of Publication Experience

More information

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:

More information

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors Bringing the Cloud into Focus A Whitepaper by CMIT Solutions and Cadence Management Advisors Table Of Contents Introduction: What is The Cloud?.............................. 1 The Cloud Benefits.......................................

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service Cloud Computing Although cloud computing is quite a recent term, elements of the concept have been around for years. It is the maturation of Internet. Cloud Computing is the fine end result of a long chain;

More information

The Key Components of a Cloud-Based UC Offering

The Key Components of a Cloud-Based UC Offering The Key Components of a Cloud-Based UC Offering Organizations must enhance their communications and collaboration capabilities to remain competitive. Get up to speed with this tech primer and find new

More information

Building Private & Hybrid Cloud Solutions

Building Private & Hybrid Cloud Solutions Solution Brief: Building Private & Hybrid Cloud Solutions WITH EGENERA CLOUD SUITE SOFTWARE Egenera, Inc. 80 Central St. Boxborough, MA 01719 Phone: 978.206.6300 www.egenera.com Introduction When most

More information

PLATFORM & INFRASTRUCTURE AS A SERVICE

PLATFORM & INFRASTRUCTURE AS A SERVICE PLATFORM & INFRASTRUCTURE AS A SERVICE Creating New Efficiencies Industry Perspective Executive Summary It s undeniable that cloud computing has changed the way that government does business. With the

More information

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition VMware vcloud Architecture Toolkit Version 2.0.1 October 2011 This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents

More information

Selecting the right Cloud. Three steps for determining the most appropriate Cloud strategy

Selecting the right Cloud. Three steps for determining the most appropriate Cloud strategy Selecting the right Cloud Three steps for determining the most appropriate Cloud strategy Selecting the most appropriate cloud model can be a challenging process for organisations and IT executives tasked

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.

More information

Confidence in the Cloud Five Ways to Capitalize with Symantec

Confidence in the Cloud Five Ways to Capitalize with Symantec Five Ways to Capitalize with Symantec Solution Brief: Confidence in the Cloud Confidence in the Cloud Contents Overview...............................................................................................

More information

White Paper: Vendor Selection for Your Life Science Company Cloud

White Paper: Vendor Selection for Your Life Science Company Cloud White Paper: Vendor Selection for Your Life Science Company Cloud GlobalSubmit 123 South Broad Street, Suite 1850 Philadelphia, PA 19109 www.globalsubmit.com Methodsense, Inc. P.O. Box 110352 Durham, NC

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

CLOUD COMPUTING. When It's smarter to rent than to buy

CLOUD COMPUTING. When It's smarter to rent than to buy CLOUD COMPUTING When It's smarter to rent than to buy Is it new concept? Nothing new In 1990 s, WWW itself Grid Technologies- Scientific applications Online banking websites More convenience Not to visit

More information

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

The NREN s core activities are in providing network and associated services to its user community that usually comprises: 3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of

More information

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015 Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud

More information

BUSINESS MANAGEMENT SUPPORT

BUSINESS MANAGEMENT SUPPORT BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing

More information

Cloud Service Rollout. Chapter 9

Cloud Service Rollout. Chapter 9 Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and

More information

1 Introduction. 2 What is Cloud Computing?

1 Introduction. 2 What is Cloud Computing? 1 Introduction Table of Contents 1 Introduction 2 What is Cloud Computing? 3 Why is Cloud Computing important? 4 Why Cloud deployments fail? 5 Holistic Approach to cloud computing implementation 6 Conclusion

More information

CAPA in the Cloud Keith Williams CEO GXPi 12 th June 2013

CAPA in the Cloud Keith Williams CEO GXPi 12 th June 2013 CAPA in the Cloud Keith Williams CEO GXPi 12 th June 2013 Controlling Pharma data in the Cloud- Overview Example of a CAPA from 3 years ago (2010) Example of a CAPA today (2013) Example of CAPA in Azure(2014)

More information

Guideline on Implementing Cloud Identity and Access Management

Guideline on Implementing Cloud Identity and Access Management CMSGu2013-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Implementing Cloud Identity and Access Management National

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015 NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

1 America Square, London 30 th May 2012. Cloud Computing: What Are My Options?

1 America Square, London 30 th May 2012. Cloud Computing: What Are My Options? 1 America Square, London 30 th May 2012 Cloud Computing: What Are My Options? Agenda Introductions and Your Challenges The Cloud @ Frontier Technology Infrastructure as a Service Cloud for Business Continuity

More information

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based

More information

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT IntelliDyne, LLC MARCH 2012 STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

More information

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

More information

Cloud Computing Jenn CruverKibi, CPA July 27, 2016

Cloud Computing Jenn CruverKibi, CPA July 27, 2016 Pursuing the Profession While Promoting the Public Good Cloud Computing Jenn CruverKibi, CPA July 27, 2016 2016 Annual Non-Profit Seminar What we will cover 1 What we will cover: What is cloud computing?

More information

Compliance and the Cloud: What You Can and What You Can t Outsource

Compliance and the Cloud: What You Can and What You Can t Outsource Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

More information

CONTENTS. List of Tables List of Figures

CONTENTS. List of Tables List of Figures Prelims 13/3/06 9:11 pm Page iii CONTENTS List of Tables List of Figures ix xi 1 Introduction 1 1.1 The Need for Guidance on ERP System Validation 1 1.2 The Need to Validate ERP Systems 3 1.3 The ERP Implementation

More information

journey to a hybrid cloud

journey to a hybrid cloud journey to a hybrid cloud Virtualization and Automation VI015SN journey to a hybrid cloud Jim Sweeney, CTO GTSI about the speaker Jim Sweeney GTSI, Chief Technology Officer 35 years of engineering experience

More information

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar Cloud Computing Guide & Handbook SAI USA Madhav Panwar Background 2010 WGITA approved the cloud computing project with SAI USA as lead and Canada & India as members 2011 A status report was presented and

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

Dynamic Services from T-Systems: Enterprise Cloud Computing in practice

Dynamic Services from T-Systems: Enterprise Cloud Computing in practice Dynamic Services from T-Systems: ntral & Eastern European Software Engineering Conference, Moscow, November 1, 2011 him Stohr, Head of SAP Global Services Architecture, T-Systems 1 Best of clouds which

More information

WHITE PAPER. IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources

WHITE PAPER. IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources WHITE PAPER IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources Table of Contents IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources... 3 Cloud

More information

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk

More information

Cloud Computing Safe Harbor or Wild West?

Cloud Computing Safe Harbor or Wild West? IT Best Practices Series Cloud Computing Safe Harbor or Wild West? With IT expenditures coming under increasing scrutiny, the cloud is being sold as an oasis of practical solutions. It s true that many

More information

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4

More information

White Paper. Cloud Vademecum

White Paper. Cloud Vademecum White Paper Cloud Vademecum Cloud is the new IT paradigm this document offers a collection of thoughts, internal and external discussions and information. The goal is to inspire and stimulate the route

More information

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled HEXAWARE Q & A E-BOOK ON CLOUD BI Layers Applications Databases Security IaaS Self-managed

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Improving IT Service Management Architecture in Cloud Environment on Top of Current Frameworks

Improving IT Service Management Architecture in Cloud Environment on Top of Current Frameworks Improving IT Service Management Architecture in Cloud Environment on Top of Current Frameworks Fatemeh Arabalidousti 1 and Ramin Nasiri 2 1 Department of Computer Engineering, Islamic Azad University,

More information

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35

More information