Cloud Security: Is It Safe To Go In Yet?
|
|
- Sybil Lyons
- 8 years ago
- Views:
Transcription
1 Cloud Security: Is It Safe To Go In Yet? Execu1ve Breakfast Roundtable June 9, 2011 DC Chapter
2 Welcome, Introduc4ons AGENDA Legal Perspec4ve, Reed Smith Break Featured Speakers IBM, Ping Iden4ty, Oracle Break Closed Door Session, Members Only, Bryan Orme, Capital One Q&A, Wrap Up
3 INTRODUCTIONS Name Company Role What is primary security challenge of going to the cloud?
4 Bill s Key Thoughts The Cloud is.(insert adjec4ve here) Major hurdles seem to be: Where data resides (regulatory restric4ons, e- discovery concerns) IAM (trust) Lack of visibility into controls (loss of governance) We MUST help get there
5 LEGAL PERSPECTIVE Host: Reed Smith Amy Mushahwar
6 Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity Amy Mushahwar, Esq.
7 What s New? Not That Much. Some have their heads in the cloud we prefer to stay down in the weeds and know the details. Cloud Computing holds all of the risks of a typical web hosting shared services arrangement. The key is planning ahead and avoiding take-it-orleave-it agreements with standard, non-negotiable terms. If the cloud computing service provider is not willing to negotiate a contract, then the provider may not be worth the supposed cost savings.
8 Oy Veh! Where do I begin? Due Diligence Data Security Performance Terms of Service, Warranty and Indemnification Data Segregation Governmental and Third-Party Litigation Access Trade Secrets and Confidential Information Exit Plan
9 The Privacy/Data Security Analysis Alone Demands Caution Federal: Multiple sector-specific privacy laws: Education information FERPA Medical information HIPAA, the HITECH Act Financial data Gramm-Leach-Bliley ( GLBA ) Disclosure to law enforcement agencies USA Patriot Act Electronic communications ECPA E-Discovery Federal Rules of Civil Procedure ( FRCP ) State: Data-breach statutes, SSN laws, health privacy, financial privacy and the like. International: Personal data within EU The European Union Data Protection Directive; Data laws of non EU-States (i.e. Australia, Canada and now, Mexico) Contract: Payment Card Industry Standards and any other contractual privacy provisions.
10 Data Security: Much More than SAS 70 Certification Data Flows SAS 70 Certification Requirements for Physical and Logical Security Single Point or Multipoint Server Models Privacy Policy Review Data Migration (in and out of system) Data Backups & Recovery Audits? (PCI Compliance/Safe Harbor)
11 Performance / SLAs 24/7/365 uptime of cloud services is of critical importance. The inability to access data stored in the clouds can cause significant business interruption and lost revenue. Discuss Power Multiple Communications Links? Recent Service Level Payments? Recent Outages? Maintenance Windows and Access During Planned Outages? Data Restoration Timing?
12 Terms of Service, Warranty and Indemnification Vendors tend to provide vague terms of service, warranty nothing and make no indemnification promises. The worst clauses that I have seen are below: The unilateral right to limit, suspend, or terminate the service (with or without notice) (and for any reason) Disclaimer of liability relating to service quality and availability (instead, there should be clear initiation and ongoing service levels) Uptime and reliability percentage promises (where the vendor discerns the end points of uptime measurements)
13 Terms of Service, Warranty and Indemnification (continued) Disclaimer of all warranties, including the implied warranties of merchantability and of fitness for a particular purpose Disclaimer of liability for third-party action Remedy limitations, including total damages capped (such as a return of fees paid), and/or exclusion of consequential damages (such as loss of profits/revenue) Indemnification: does it look like a get-out-ofcourt/damages-free card? Has the provider so narrowly tailored the section to indemnify it against actions that are in fact not its responsibility
14 Data Segregation Currently, most cloud service providers offer their services on a shared server basis. Special care should be taken to ensure that your company's data is not inadvertently mingled with that of any other customer (especially, a competitor). The following questions should be asked to ascertain the provider s data segregation procedures: Ensure that no one other than your company has access to the data, even if the customer is hosted on a shared server? How frequently does the provider monitor its server to confirm that data is properly segregated?
15 Governmental and Third-Party Litigation Access Cloud Computing and the right to governmental access is an issue before the Supreme Court in Ontario v. Quon. Given the present ambiguity in the state of the law, the outsourcing agreement should contemplate the following: For instance: Is the provider required to notify the user if the provider receives a subpoena, search warrant, or other lawful request for user information? (Note, that there are some subpoenas, where the government forbids customer notification). Will the cloud provider seek a protective order to prevent and/or limit disclosure of company data? In the event of litigation, how are litigation holds enforced? What are the procedures to make sure user data is segregated and retained? How are e-discovery requests handled? How would metadata be protected? And how is information searched for and retrieved? Which party bears the costs associated with processing data for discovery purposes?
16 Trade Secrets and Confidential Information Even with good contractual provisions storage of a company s trade secrets with a cloud provider carries significant risk. Under the Uniform Trade Secrets Act, for a company s proprietary information to be accorded trade secret status, the trade secret must be, at a minimum, the subject of efforts that are reasonable under the circumstances to maintain its secrecy. Whether a transfer of trade secrets to a cloud provider extinguishes the trade secret has yet to be ruled upon. A company s trade secrets may lose their status as such even in circumstances where the cloud provider commits to keeping confidential any information it receives. Certainly, where the cloud provider s terms of service allows the provider to see, use, or disclose information, this may degrade the user s claim that the information is a trade secret.
17 Exit Plan An exit plan defining each party s obligations in the event of a termination of services should also be clearly set forth in the agreement, consider the following: Reasons for Termination Timing for Termination (allowing for a transition plan?) Risk of Provider Lock-in Data Return / Data Backup Transition Assistance / Data Format / Data Transfer Data Disposal Encryption Complications
18 A Few Words from Our Tax Lawyers Cloud computing, including cloud services, is one of the most notable, recent targets in the federal and state governments search for revenue. Federal legislation was introduced in July 2010 that would impose sales tax on digital commerce, including possibly some cloud services, and many states have begun to expand their state tax laws to reach cloud products and services. The primary tax issues involved in cloud computing and cloud services are: Nexus Contacts with the Jurisdiction (e.g., income, gross receipts, sales and use)? Taxability Service Characterization Dictates Treatment (e.g. a good, service, data processing, infrastructure, platform, and software services). Sourcing revenue sourced to destination, origination, ugh! 18
19 Encryption: Avoiding Information Transfers vis-à-vis Encryption Emerging view regarding encryption is if the service provider does not have the encryption key, then information has technically not been transferred If data is encrypted in the cloud, the service provider has not been given access to the data. However, a company may have reasons to provide the service provider with an encryption key. What if the key is lost or there is employee turnover? An encryption key may be held in trust by a third-party so that the key is not held by the service provider. A key held in trust is then kept safe and available if needed later
20 Attorney- Client Privilege Expectations When Transferring to the Cloud Normally, when one transfers information to a third-party, confidentiality and attorney-client privilege is moot. There can be no expectation of privacy when information has been transferred to a party that has no obligation to keep the information confidential. So, is the cloud considered a third-party?? Common law view is that the cloud IS a third party and there is no expectation of privacy Emerging modern view taken by some states ethics panels is that if the service provider does its due diligence and keeps the information confidential and secure, when an attorney puts information in the could, privilege DOES NOT dissolve.
21 Department of Commerce Information Security Report Released yesterday. Increases the visibility of cybersecurity and effectuates President Obama s cyber security mandate. Expect cybersecurity/cloud security legislative movement in the next year.
22 Conclusion Sometimes the seemingly amazing cost savings of a commodity provider fails to reveal the hidden regulatory costs that could emerge down the line. We recommend cautiously exploring each solution with full network documentation, before entering into a cloud outsourcing arrangement.
23 BREAK
24 BREAK
25 MEMBER ONLY SESSION Sponsors Depart Featuring Member Bryan Orme, Capital One
26 Cloud Computing June 9,
27 What is Cloud Computing? Cloud Computing Defined In the purest sense, Cloud Computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Five Attributes of Cloud Computing It is service-based It is scalable and elastic you can add and remove infrastructure as needed It uses shared infrastructure to build economies of scale It is metered and users pay according to usage It uses Internet technologies for delivery 27
28 Risks of The Cloud Security Weakness Concerns What happens when the Internet fails in a crisis? Will our data and other information be compromised? Lack of Monitoring Capability How will we know if our data is compromised? Monitoring metrics are insufficient Vendors are reluctant to reveal performance statistics Inability to guarantee secure connectivity on the Internet 28
29 Risks of The Cloud Based on Type of Use Software as a Service Authentication and authorization capabilities are developed to be easy to manage and available for a large audience so they may have shortcomings in how they audit and log capabilities or access. Platform as a Service Development risks exist because development staff rarely includes application security professionals. Infrastructure as a Service The infrastructure is designed for a large number of users with different needs, which can lead to unpredictable issues and vulnerabilities based on how it is used, what it is used for, and the provider s security practices. 29
30 Up in the Clouds Public, Managed, Private, Hybrid 30
31 Private Clouds and Virtualization Virtualization Defined Broad term that refers to the abstraction of computer resources. Virtualization is disassociating the tight bond between software and hardware. Types of Virtualization Server Virtualization Blades centers, Superdome, VMware, UCS, Z9 Application Virtualization Java, Websphere, Weblogic Desktop Virtualization PC on a stick, virtual desktop imaging Network Virtualization MPLS, VPN, VPN SSL Storage Virtualization Tiers, pooled storage, geographic deployment 31
32 Many Financial Institutions are building an Internal Cloud, that easily adapts to future technology capabilities Characteristics Associated Capabilities Dynamic and Virtualized Shared, Elastic and Scalable Infrastructure Data center infrastructure virtualization Application abstraction Automated discovery and provisioning Integrated infrastructure stack Standardized services with fewer technology stacks Stateless computing Pervasive application workload/state mobility High availability One unified network with embedded in depth security Efficient and Ondemand Dynamic provisioning (minutes vs. days) Improved utilization and efficiency Tiered storage and optimized backup Green and efficient data center Efficient network with embedded infrastructure services SLAs based off resource units Streamlined Operations Standard processes and tools Real time monitoring of business availability Proactive infrastructure monitoring Global availability center Cost transparency Enhanced security Enhanced Business Continuity High availability across datacenters Standardized business continuity tiers Seamless fail back to production Failover applications on-demand 32
33 So where do we stand and how do we get a new state???? Traditional Data Center Thousands of disparate servers, disjoint networking and storage Cloud Based Data Center Control Domain Control Domain Wintel Stack Linux Stack Unix Stack MF Stack Biz Appls Base App Svcs Biz Appls Base App Svcs Biz Appls Base App Svcs Biz Appls Base App Svcs Security Security Security Security Network Storage Network Storage Network Storage Network Storage Platform Platform Platform Platform M P L S V P N Thousands of disparate servers, disjoint networking and storage Common Storage Farm Control Domain Common Network Infrastructure Control Domain C L O U D 33
34 CHAPTER BUSINESS Next Chapter Mee1ng: July 14, Mobile Device Security Need a member to lead discussion Seeking sponsor vendors
35 Q&A & Wrap Up
36 THANKS Return Badges See you July 14
Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq.
Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity Amy Mushahwar, Esq. What s New? Not That Much. Some have their heads in the cloud we prefer to stay down in the weeds and know
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationCloud Security: Is It Safe To Go In Yet?
Cloud Security: Is It Safe To Go In Yet? Execu1ve Breakfast Roundtable June 22, 2011 Boston Chapter WAY TO GO BRUINS! Welcome, Introduc4ons AGENDA Legal Perspec4ve, Bingham McCutchen Break Featured Speakers
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationChecklist for a Watertight Cloud Computing Contract
Checklist for a Watertight Cloud Computing Contract Companies of all industries are recognizing the need and benefit of moving some if not all of their IT infrastructure to a Cloud whether public or private.
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationAnatomy of a Cloud Computing Data Breach
Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationEvery Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World
Every Cloud Has A Silver Lining Protecting Privilege Data In A Hosted World May 7, 2014 Introduction Lindsay Stevens Director of Software Development Liquid Litigation Management, Inc. lstevens@llminc.com
More informationNegotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham
Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham The dynamic provisioning of IT capabilities, whether hardware, software, or
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationConsiderations for Outsourcing Records Storage to the Cloud
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
More informationLegal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009
Legal Issues Associated with Cloud Computing Laurin H. Mills May 13, 2009 What Is Cloud Computing? The cloud is a metaphor for the Internet Leverages the connectivity of the Internet to optimize the utility
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationBUSINESS MANAGEMENT SUPPORT
BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationThe Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations
The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors
More informationHIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers
How to Effectively Collaborate with Cloud Providers Speaker Bio Chad Kissinger Chad Kissinger Founder OnRamp Chad Kissinger is the Founder of OnRamp, an industry leading high security and hybrid hosting
More informationWelcome & Introductions
Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.
More informationIPFW Innovate Cloud Service Task Force
Research Objective: IPFW Innovate Cloud Service Task Force (Research Findings) Richard & Andrew 1) Identify possible IT services that have the potential to move to the cloud. 2) Gather and compile the
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationThe Importance of Privacy & Data Security in a Changing World
Cyber, PrivaCy & Data SeCurity 360 www.mpplaw.com about our PraCtiCe Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but
More informationCloud Computing and HIPAA Privacy and Security
Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &
More informationSecure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net
Secure Enterprise Mobility Management White Paper: Cloud-Based Enterprise Mobility Management soti.net Background Facing a business environment of constant change and increasing complexity, enterprises
More informationCLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
More informationData Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005
Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005
More informationCCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING
CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law
More informationHIPAA in the Cloud How to Effectively Collaborate with Cloud Providers
How to Effectively Collaborate with Cloud Providers Agenda Overview of Topics Covered Agenda Evolution of the Cloud Comparison of Private vs. Public Clouds Other Regulatory Frameworks Similar to HIPAA
More informationCloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler
Cloud computing Alessandro Galtieri, Senior Lawyer, Colt Technology Services, London, UK Pavel Klimov, General Counsel EMEA, Unisys, London, UK Severin Loeffler, Assistant General Counsel, Central Eastern
More informationCloud Agreements: Do s, Don ts, and Cautions
Cloud Agreements: Do s, Don ts, and Cautions 4 th Annual Grand Rapids IT Symposium June 11, 2015 Nate Steed & Ken Coleman 2015 Warner Norcross & Judd LLP. All rights reserved. WNJ.com Disclaimer 2015 Warner
More informationCloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
More informationData Privacy, Security, and Risk Management in the Cloud
Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,
More informationOverview of Topics Covered
How to Effectively Collaborate with Cloud Providers Agenda Overview of Topics Covered Agenda Evolution of the Cloud Comparison of Private vs. Public Clouds Other Regulatory Frameworks Similar to HIPAA
More informationThe Legal Pitfalls of Failing to Develop Secure Cloud Services
SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global
More informationEvolving Technology Issues: Cloud Computing
Evolving Technology Issues: Cloud Computing Michael Bennett October 16, 2011 2011 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP Cloud Computing Does compliance with applicable laws fall to
More informationCLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1
CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities
More informationCloud Computing Security Issues
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationHarnessing The Cloud: Managing Risks and Governance in a Cloud Environment Russell G. Weiss November 9, 2011
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Harnessing The Cloud: Managing Risks and Governance in a Cloud Environment Russell G. Weiss November 9, 2011 Presenter Russell Rusty Weiss Partner
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationHIPAA/HITECH Compliance Using VMware vcloud Air
Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the
More informationHow To Create A Cloud Backup Service
Cloud Backup Recovery and Restore Requirements Ashar Baig, Asigra Chairman, SNIA Cloud Backup Recovery and Restore (BURR) Special Interest Group (SIG) SNIA Legal Notice The material contained in this tutorial
More informationCloud Computing in Vermont State Government
Cloud Computing in Vermont State Government Analysis of Opportunities Duncan Goss, Legislative Director of Information Technology David Tucker, State CIO Introduction Legislation passed during the 2009
More informationCan SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations
Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS
More informationLAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)
CHARLES LUCE S LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) A. Cloud Computing Defined: n. A loosely defined term for any system providing access
More informationCyber-insurance: Understanding Your Risks
Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationWhy You Should Consider Cloud- Based Email Archiving. A whitepaper by The Radicati Group, Inc.
. The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Why You Should Consider Cloud- Based
More informationHow To Manage Cloud Data Safely
Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In
More informationLegal Challenges for U.S. Healthcare Adopters of Cloud Computing
Legal Challenges for U.S. Healthcare Adopters of Cloud Computing by Kevin Erdman and Nigel Stark of Baker & Daniels LLP 1 ABSTRACT U.S. Healthcare companies have begun experimenting with taking business-critical
More informationInformation security due diligence
web applications and websites W A T S O N H A L L Watson Hall Ltd London 020 7183 3710 Edinburgh 0131 510 2001 info@watsonhall.com www.watsonhall.com Identifying information security risk for web applications
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationDean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage
Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything
More informationCA Automation Suite for Data Centers
PRODUCT SHEET CA Automation Suite for Data Centers agility made possible Technology has outpaced the ability to manage it manually in every large enterprise and many smaller ones. Failure to build and
More informationCyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s
Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices
More informationCloud Computing: Managing Legal Risks and Ethical Issues
Cloud Computing: Managing Legal Risks and Ethical Issues Kathryn L. Ossian Miller, Canfield, Paddock and Stone P.L.C. A. What is Cloud Computing? I. Introduction: The Cloud Is Calling Cloud computing has
More informationTODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures
TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing
More informationUniversity of Alaska. Cloud Computing Guidelines
University of Alaska Cloud Computing Guidelines Guidelines for the Use of 3 rd Party or Cloud Computing Services at the University of Alaska Why is this important to me? If you manage a service and plan
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationHow To Manage A Privileged Account Management
Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least
More informationMASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2
MASSIVE NETWORKS Online Backup Compliance Guidelines Last updated: Sunday, November 13 th, 2011 Contents MASSIVE NETWORKS Online Backup Compliance Guidelines... 1 Sarbanes-Oxley (SOX)... 2 SOX Requirements...
More informationClients Legal Needs in HIPAA Security Compliance
Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance
More informationThe Cloud and Cross-Border Risks - Singapore
The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in
More informationBenefits and risks of cloud computing
Stephen Turner Known-Quantity.com and Holy Family University ABSTRACT Cloud computing vendors maintain data away from the facilities of their customers. This is compelling because it enables companies
More informationBenefits and risks of cloud computing
Benefits and risks of cloud computing Stephen Turner Known-Quantity.com and Holy Family University ABSTRACT Cloud computing vendors maintain data away from the facilities of their customers. This is compelling
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationHow To Deal With Cloud Computing
A LEGAL GUIDE TO CLOUD COMPUTING INTRODUCTION Many companies are considering implementation of cloud computing services to decrease IT costs while providing the flexibility to scale usage on demand. The
More informationPaychex Accounting Online Terms of Use
Paychex Accounting Online Terms of Use Paychex recommends that Client read the Terms of Use prior to using the Paychex Accounting Online Software ( Software ). If Client does not accept and agree with
More informationA Checklist for Software as a Service (SaaS) Vendors and Application Service Providers
A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers This checklist is a longer version of a SaaS Checklist that appeared in the July 2009 issue of LAWPRO Magazine at
More informationUsing SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP
Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP Agenda ADP Cloud Vision and Requirements Introduction to SUSE Cloud Overview Whats New VMWare intergration HyperV intergration ADP
More informationContracting With (or For) Application Service Providers. Thomas C. Carey Bromberg & Sunstein LLP Boston
Contracting With (or For) Application Service Providers Thomas C. Carey Bromberg & Sunstein LLP Boston Table of Contents I. Glossary... 1 II. The Industry... 1 A. The Value Proposition... 1 B. The Players
More informationPrivate & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012
Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationElectronic business conditions of use
Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationAlienVault for Regulatory Compliance
AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have
More informationCloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC
Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns Privacy and Information Management Practice / Washington, DC Disclaimer THIS PRESENTATION IS TO ASSIST IN A GENERAL
More informationWho moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration
Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration Part I of an ebook series of cloud infrastructure and platform fundamentals not to be avoided when preparing
More informationInformation Security: A Perspective for Higher Education
Information Security: A Perspective for Higher Education A By Introduction On a well-known hacker website, individuals charged students $2,100 to hack into university and college computers for the purpose
More information