WHITEPAPER CLOUD. Possible Use of Cloud Technologies in Public Administration. Version Euritas

Size: px
Start display at page:

Download "WHITEPAPER CLOUD. Possible Use of Cloud Technologies in Public Administration. Version 1.0.0. 2012 Euritas"

Transcription

1 WHITEPAPER CLOUD Possible Use of Cloud Technologies in Public Administration Version Euritas

2 THE BEST WAY TO PREDICT THE FUTURE IS TO CREATE IT. [Willy Brandt] 2

3 PUBLISHER'S IMPRINT Publisher: Euritas (European Association of Public IT Service Providers) Contact: Toni Seifert, IT Dienstleistungszentrum Berlin, Berlin Berliner Str Berlin Authors: Wolfgang Danzinger, Bundesrechenzentrum GmbH, Vienna Biljana Skrbic, Bundesrechenzentrum GmbH, Vienna Uwe Brünnicke, Dataport AöR, Hamburg Christian Gebauer, Magistrat der Stadt Wien, Vienna Rudolf Hellerschmidt, Magistrat der Stadt Wien, Vienna Toni Seifert, IT Dienstleistungszentrum Berlin, Berlin Martin Swiderek, Hessische Zentrale f. Datenverarbeitung, Wiesbaden Editorial team: Manoela Bodiroza, Bundesrechenzentrum GmbH, Vienna Thomas Dickmann, IT Dienstleistungszentrum Berlin, Berlin Ingrid Götzl, Magistrat der Stadt Wien, Vienna Ulrike Schenk, Dataport AöR, Hamburg Jörn Oldag, DVZ Mecklenburg Vorpommern GmbH, Schwerin Peter Lacher, Hessische Zentrale f. Datenverarbeitung, Wiesbaden With the kind support of: Marianne Wulff, Vitako Bundes Arbeitsgemeinschaft der Kommunalen IT Dienstleister e.v., Berlin Design and printing: IT Dienstleistungszentrum Berlin AöR with the kind support of DVZ GmbH, Frau Becker Copyright: Euritas (European Association of Public IT Service Providers) 3

4 LIST OF ABBREVIATIONS CSP Euritas ICT IT ITIL ITSM IaaS PaaS SaaS Cloud Service Provider European Association of Public IT Service Providers Information and Communications Technology Information Technology IT Infrastructure Library IT Service Management Infrastructure as a Service Platform as a Service Software as a Service 4

5 CONTENTS 1 Introduction Objective Management Summary Introduction and definitions Introduction Cloud computing definition Service model types The service levels of a cloud Prerequisite for cloud use The underlying conditions and challenges of public administration Opportunities and potential of cloud computing in administration Compliance with legislation, standards and specifications IT security criteria and requirements Quality criteria for cloud offers and services in administration The challenges of using cloud technologies Possible use of cloud solutions in public administration in Europe Cloud aims and stages of development of public IT Factors encouraging the use of cloud technologies Closing remarks and outlook Appendices (Selected) legal questions for European cloud projects Project and solution reports of Euritas members

6 1 Introduction 1.1 Objective The aim set by the Euritas (European Association of Public IT Service Providers) cloud computing working group is to promote cross border exchange and networking among European public IT service providers. Within this context, the White Paper takes a look at the possible use of cloud technologies in public administration within the EU. In this respect, the first step will not differentiate between the position of a cloud service user and a cloud service provider, as the quality criteria are relevant both to the providers of cloud solutions and to their customers. Furthermore, one and the same organisation is quite likely to be in the position of service provider and service user, so they should be adequately prepared for both sides of the contract. The contents reflect the views and experiences of public IT service providers. General descriptions of the requirements and the current state of the market in Europe have been prepared, backed up by both abstract and specific examples. The Whitepaper Cloud presents the insights gained from technical and organisational specifications from the European public IT service provider viewpoint. A further section also describes in general terms how service providers interpret the following aspect: "We will evaluate which offers, services and functions can be usefully deployed and offered with cloud technologies". Presented in the appendix are specific solutions, as well as the current projects of Euritas members. The objective of the Whitepaper Cloud is to offer the decision makers in the public sector an overview of cloud services, to point out the risks as well as the need for action, and to encourage a mutual exchange of know how and experience throughout Europe. 1.2 Management Summary The New trends in technical innovation, development and implementation shape our daily lives as much as ongoing changes in administrative processes. Increasingly, these are digitised and electronically processed. Technical trends and corresponding regular updates of established procedures and the IT infrastructure are cornerstones in making even administrative work processes more economical and efficient. European public IT service providers will continue to work with different sovereign tasks, unequal basic infrastructures as well as varying stages of development in the optimised operation of computer centres. Yet together, the Euritas members can make a big difference: the different starting points of the public IT service providers involved in Euritas offer an ideal basis for establishing common best practices. This bundling of requirements and interests can influence both manufacturers and standards, and can thus shape the optimal operating environment for European public IT associations. 6

7 European public IT service providers can utilise cloud computing to offer their clients demand oriented and flexible sources of supply for ICT (information and communication technology) if the required basis is established in the years to come. For this reason, the Euritas Cloud Working Group has identified the following areas of action to promote the utilisation of cloud technologies across Europe in the future: Preparation and development of cross border standardised procedures and a legal framework for the European administrative environment Formulation of guidelines and manufacturer independent standards for the utilisation of cloud technologies in the European administrative environment Compiling best practices and economic indicators for public administrative IT services (planning, implementation and operation) Development of suitable benchmarks and bases of valuation to obtain cloud services and cloud operating environments from a cloud service provider Exchange of experience in the operation and design of service catalogues (cloud offers) for establishing suitable nationwide and cross border IT services Manufacturer independent cloud services are not available yet. They will, however, be a decisive factor in future investment decisions. Depending on the speed of development of standards, procedures and guidelines, cloud services will gain increasing importance for public administrations. The following factors have been identified for having an influence on the success of cloud initiatives in European administrations: Hardware oriented cloud technologies present a much lesser challenge than organisational structuring and the holistic implementation of processes for the provision and procurement of cross border cloud services. The larger the quantity of sales, the more cost savings and scaling effects can be achieved. European cloud initiatives require multidisciplinary teams of experts, providing specialist administration know how, legal expertise in the European environment, compliance knowledge regarding standards, guidelines, norms, technical expertise as well as organisational and standardisation knowledge. The standardisation of operational processes will enable cost savings once cloud technologies are introduced in public administrations. However, the real cost savings potential can only be proven upon the development, implementation and operation of joint solution scenarios. Nonetheless, the decision to implement cloud computing in public administrations must not be restricted to costs alone. Many other aspects and areas related to the complex operation of computer centres of non profit organisations such as the consolidation of servers and procedures affect the decision making process. Currently, many things are still difficult to 7

8 measure and cannot be compared (yet), given their heterogeneous structures. Numerous questions related to the complex field of cloud computing thus arise. For example: how can a public IT service provider use an economic efficiency model to transparently and comprehensibly transfer and evaluate, e.g., human resources which were displaced for other activities, accelerated processes, satisfied customers, faster product and service development cycles as well as shorter value added chains? It is the aim of the Euritas White Paper to offer initial guidance to these viewpoints. Given the various situations, sovereign tasks, political guidelines and interests of the different European public IT service providers, different cloud scenarios will also be used. This makes it even more important to counter the exuberance for cloud technologies with careful consideration for sustainability and value adding benefits. The results of this White Paper provide an overview of the future market demand and the frameworks required for an economically viable implementation of cloud technologies. In addition, the White Paper provides an overview of what needs to be done from a European perspective to enable the successful utilisation of cloud services. 2 Definitions 2.1 Introduction This section systematises (organises and defines) the technical terms used in a cloud environment. Many of the terms that have developed around cloud computing are not definitions in the technical sense, but marketing terms, that attribute features to the product that do not strictly exist in the technical sense. The areas of client, network connections and security are addressed from the technology viewpoint. Cloud computing is a development of familiar technologies and solutions, expanding them to include the concept of demand driven elasticity. The related topics here are grid computing, outsourcing and application service providing. Cloud computing is a particularly flexible form of outsourcing that involves shorter contract periods (hours or months), suitable elasticity (demand driven addition or reduction of resources) and lower or even non existent investment costs. 2.2 Cloud computing definition Cloud computing is now omnipresent in the ICT sector, and many companies and organisations are devoting their full attention to the opportunities and potential as well as the risks of this new technology. The basic features attributed to cloud solutions are very interesting in the pan European context, because in general, the provision of IT services can be handled less expensively and more efficiently with a maximum level of automation and a high level of flexibility. This is achieved by using visualisation technologies and abstraction mechanisms. Payment is made in accordance with individual consumption. 8

9 The following features are characteristic of a cloud service 1 : Virtual resources: The physical implementation of the service is hidden from its users. This allows the operator to optimise the service with regard to efficiency and standardisation. Multi tenancy capability: The individual resources serve several users in a shared environment, where mechanisms are applied to protect and isolate each tenant. Consumption dependent payment: Users only pay for the resources that have actually been utilised. User driven provision: Individual users can request resources which are then automatically provided, without interaction with the service provider. Elasticity: The services can respond spontaneously and quickly to load changes in virtualised environments. Resources seem to be infinite, as far as the user is concerned. Programmatic control: With the aid of a programming interface, users can configure, use and control the resources. This allows users to control consumption dynamically via the application and allows providers to automate resource management. The widely accepted definition by the American standardisation agency NIST expresses this as follows: "Cloud computing is a model for enabling ubiquitous, convenient, ondemand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction." 2 In addition to the regional definitions used in Germany, such as the one BITKOM uses in its publications, the cloud criteria specified internationally by the "National Institute of Standards and Technology (NIST)" can also be enlisted for the cloud definition, as well as for assessing whether or not a service complies with the requirements of cloud services. Measured services: The use of resources and services is measured and transparently monitored, controlled and charged, subject to use. Rapid elasticity: The service resources can be scaled up or down as required, at any time and to any extent. 1 See BITKOM guide, "Cloud Computing Evolution in der Technik, Revolution im Business", See The NIST Definition of Cloud Computing (National Institute of Standards and Technology, Information Technology Laboratory) 9

10 On demand customer self service: Procurement of services as called for by the user, without direct interaction with the provider (self service portal). Broad network access: Services can be reached via a network (Internet), standard access via a browser is possible from a wide variety of platforms. Resource pooling: Using a shared, location independent IT infrastructure resource pool of (multi )tenancy capable virtualised resources that are allocated dynamically. 2.3 Service model types The term "cloud computing" is used for a great many things in connection with information processing issues and the provision of IT services. Cloud computing is not a product, not a special technology and not a proprietary standard; it is a method of providing flexible, shared IT services. The typical distinguishing features and attributes of these forms are as follows: Public cloud: Cloud services offered over the Internet to vast numbers of users and available on the market to anyone. Private cloud: Private clouds are understood to mean cloud services provided over a private network, such as within a company Intranet. Hybrid cloud: Hybrid clouds combine the so called public cloud services with those of a private cloud. There are also some special forms. These are based on similar base architectures, but differ in terms of requirements, functionalities and service types. This is made clear in the examples below: European, national and regional cloud services (geographical limitation) Government clouds (networking between different authorities) Community clouds (sector specific clouds) 2.4 The service levels of a cloud If you take the most established definitions of cloud computing, cloud computing offers can be categorised into three basic service levels 3,4. These service levels and service platforms build on one another in a hierarchical structure, as shown in the illustration below: 3 See such as NIST, BITKOM, DMTF 4 See Höllwarth Tobias, Cloud Migration, mitp,

11 Figure 1: Cloud service levels (source: see EuroCloud) The business scenario uses a holistic strategy to determine which forms of cloud computing are referred to. It is generally true that the potential for standardisation increases, the closer you are to the infrastructure related cloud services (IaaS). The possible applications are also more universal on the basis of uniform infrastructure resources. The higher the level (PaaS and SaaS), the more specifically this environment is adapted to demand. So essentially, three service models have emerged in the references and are listed below: IaaS Infrastructure as a Service PaaS Platform as a Service SaaS Software as a Service Storage as a service is also frequently available in the cloud. Other services are regarded more as outsourced backup solutions, or as the provision of desktop environments (desktop as a service), based on the use of virtual desktops, for example. Cloud computing can also support "business process as a service" solutions, which outsource all the business processes of an organisation. 2.5 Prerequisite for cloud use To further develop existing IT and the use of cloud technologies, it is advisable to introduce a standardisation and centralisation process and, if necessary, to initialise an organisational development process as well. 11

12 Standardisation must be applied to the applications and also some of the infrastructure, as this is the only way that a centrally operated service can be used cost effectively. Centralised data management is also an important prerequisite, as usually the computing power has to be generated where the data is stored. A prerequisite for the use of these services is the structuring and classification of the data and information used in the organisation, so that it will be possible to outsource the less sensitive data to a cloud environment. The other selected prerequisites for using a cloud service concern the terminal, the network connection, IT security and the manageability of the cloud services. Consistent standardisation of the organisational procedures and processes is also required in addition to this technical standardisation. This is essential for operation, use, fault management, billing, and setting the performance level for service use from the cloud. It may be necessary to realign the organisation, or individual areas. As well as these standardisation issues, it must also be possible to access the cloud services. All devices capable of establishing a network connection to the service provider and which have integrated an application (browser, client) that can process the service data, can normally gain access. Especially with private cloud services, which usually make classic computer services available to users in a company Intranet, the operation and capacity of the terminal must bear comparison with a standard PC. The "bring your own device" approach is a currently discernible trend being considered in the design of notebooks, tablets and smartphones (mobile devices), as well as the user's own terminals. Cloud services are provided online, either on the Intranet, via VPN or on the Internet. So the essential technical basis for using centrally provisioned cloud services is an adequate and stable network connection that complies with and ensures data security. As the industrialisation of information processing, cloud computing tries to see the entire process as a service, from ordering, provisioning and using to setting the performance level and automatic billing over the entire usage time of the IT. The holistic view of the core business process of a public IT service provider (from procurement to automated billing) should optimise the use of the existing resources as much as possible. There are many aspects to consider in preparatory planning. The following perspectives are a basic selection: What is required of the cloud infrastructure Depending on the individual situation of the particular public IT service provider, a cost/benefit analysis should be carried out to cover the possible use of cloud computing, to serve as the basis for the other decisions that need to be made about cloud. When commencing cloud service implementation, the specific requirements of the application scenarios, a review of the market and the environment that takes customers as future users into account, and an economic feasibility study should all be carried out. This study can then be helpful for the basic selection of suitable cloud services and of a cloud provisioning model. Modifying your own IT services 12

13 A further step is to isolate and separate the different functional elements as much as possible. This is done by consolidating and virtualising the basic technologies (networks, storage, servers, software and public IT procedures). The use of a central infrastructure for each cloud method is a key factor, so particular care and attention must be devoted to building up these resources, to ensure that the system being operated is robust and readily available. Automation and provisioning Once successful system management has been introduced, further steps can be taken towards automating the IT services, such as the automatic provisioning of infrastructure resources and services. Taking such steps can reduce the cost of manual labour and the associated error rates. Service management An important function in complex cloud infrastructures is universal, consistent and central service management, that must ensure that the desired infrastructure is reliably available for the agreed service level agreements. Service management should ideally be supported by a service management tool. This makes it possible to monitor operating standards, automate event handling, be strict about change management, record billing data and ultimately, ensure stable and successful operation. The aim of each cloud solution integration is not only to benefit from the economic advantages and the provision of services with attractive and effective content, but ultimately to increase customer satisfaction. This correlates closely with the performance of the individual applications, service availability and simple operating and provisioning mechanisms. For cloud offers to be acceptable, pre defined, protected and abstracted infrastructures must be set up that are reusable and modular, as the underlying conditions and requirements for the operation of cloud computing solutions. The focus here is heavily on the virtualisation and security of the ICT systems. The availability, integrity, reliability and confidentiality of the data and information processed within the cloud infrastructure must also be ensured. The IT infrastructure, modern monitoring and surveillance tools and dynamic software, supported by self service mechanisms for the service users, ensure flexibility, scalability and automation of the IT services on offer. 3 The underlying conditions and challenges of public administration 3.1 Opportunities and potential of cloud computing in administration Current cloud considerations focus heavily on reducing costs and on efficient service provision, while striving to keep the same level of security and quality for the services that 13

14 public IT service providers produce for their customers and the citizens in general. The cloud operator and the cloud provider should therefore be looked at individually, as the level of maturity achieved by each public IT service provider with regard to optimised computing centre operation already differs in the classic issues of centralisation, consolidation and virtualisation. The potential for optimisation and saving in the cloud context depends on the level of maturity that has already been achieved (see figure 5, section 4.2). The IT services to be provided for a larger user community are standardised, in order to achieve the expected economies of scale. A number of small service units can be combined by a central shared service centre, where similar processes and procedures are brought together. The shared use of these service offers allows public agencies and public IT service providers to organise their IT infrastructure more efficiently, optimise their procedures and reduce their costs. The European public IT service providers can expect to achieve the greatest benefits by consistently implementing a holistic internal visualisation and standardisation strategy. This is regarded as a basic prerequisite for cloud offers, and implementation can then form the basis for considering whether in a subsequent step, service offers can be provided from the cloud with self service options for users, or used by other cloud service providers (CSP). So whatever the cloud issue, the following advantages can be achieved by pooling know how and by centralising and virtualising the IT infrastructures: Accelerating the complete procedure and shortening turnaround times when implementing projects and customer orders, Simplification and transparency, as well as improving the handling and comprehensibility of complex IT systems and solutions, Standardisation and flexibility, as well as interoperability and the integration of processes and concepts, Optimised sizes for standard products thanks to the fixed cost degression effects, Optimised utilisation of the centrally operated IT systems (Green IT), Removing avoidable interfaces, data redundancies, departmental boundaries, Increasing employee motivation with defined and more simple procedures, Achieving increased reusability thanks to standardisation, Future viability and scalability. Cloud computing is therefore an opportunity to support these processes for establishing shared service centres. The potential and the increased possible uses for cloud services should be seen in addition to the hardware oriented offers in web based services and systems. This is enough to ensure that what are currently individual operations (areas of technical specialisation), such as servers, storage and network, must and will be brought together in future. The opportunities and potential listed below can be achieved in the short and medium term through cloud computing, by consistently automating processes, subject to the current level of maturity of computing centre organisation: 14

15 Reducing production and development times, as well as production start up costs, Increasing IT capacity, competitiveness and the quality of products and solutions, Increasing customer satisfaction. The essential factor for success when bringing together different areas based on the division of labour, is consistent alignment to the value creation processes of the public IT service providers for planning, implementation and productive operation. In summary, this means: providing "IT on tap", an implementation and service model that is attractive to customers and which meets their needs. Taking the viewpoint that automatically provided IT services are more economically efficient if high sales volumes and large quantities make economies of scale possible, it is also attractive to analyse the cross border EU wide potential and to exploit this once it proves to be economical. However, to do this, it is necessary to resolve all the technical, organisational, administrative and legal questions in order to create uniform, EU wide underlying conditions, by establishing standards, specifications and guidelines, for example. 3.2 Compliance with legislation, standards and specifications It is crucial for European public IT service providers that the use of public cloud services is currently excluded for many government IT procedures because the legal situation has yet to be finally resolved. This applies in particular to services where the protection requirements of the data and information are high or very high, or that involve classified data. This inevitably produces market restriction with regard to the use of the commercial cloud solutions of third party suppliers. In many European countries, the principles of power separation and federalist structures also exist (e.g. separating the legislative, executive and judicial areas of responsibility), with their distribution also being reflected in operation and in the supporting provision of IT services in major public IT associations. Among the most important underlying legal conditions are compliance with the data protection act and maintaining the integrity of data from sensitive areas or even classified data. This starts with testing the reliability criteria for data use and also includes ensuring appropriate IT data security. Checks to ensure compliance with official notification and licensing obligations are also included, as is compliance with the legal licensing issues for the use of dynamic cloud solutions. Suitable licensing models and ensuring compliance are essential factors for the acceptance of cloud solutions. As well as these typical issues, there are legal, regulatory and sector specific requirements throughout Europe that must also be followed. Typical of these special features in the public sector are central security guidelines, accountability and due diligence, as well as precautionary measures in the context of comprehensive risk and IT emergency management throughout the company. The agreed classic service level agreements provide the opportunity to define availability, reliability and performance promises in the contractual relationships, as well as to measure 15

16 and assess them. However, this is not currently creating a pan European and mandatory legal framework for cross border IT service provision and use. An overview of the relevant legal areas and the (selected) questions that have been identified is given below, with detailed supporting information in the appendix: Data protection legislation regarding personal data (EU data protection regulation), Public procurement law and IT contractual legislation (EU public procurement directive), Liability and warranty, Business, commercial and criminal procedure legislation, Jurisdiction in all liability and warranty questions, Compliance, IT security (compliance with legislation, standards and specifications) Licensing conditions and compliance with copyright law, Standard terms and conditions and "take it or leave it" agreements, Obligation to record and provide information in traffic data (access protocols). If a cloud project is implemented throughout Europe, or shared use of a cloud infrastructure is intended, the different legal requirements and repercussions must be examined and if necessary optimised and brought together, to ensure legally enforceable implementation of the project. Because the issues involved are so highly complex and business models have yet to be established, basic legal frameworks should be created for cross border pan European service offers and their use. The different legal areas and instances, as well as the implementations in the individual countries throughout Europe, must be taken into consideration. Errors in these areas can quickly lead to considerable financial losses for the cloud service provider and those involved in general. It is therefore absolutely essential that there is careful, legal support to the project, right from the start. The legal assessment will resolve a great many individual aspects and detailed questions and must include a detailed examination of the initial legal situation in the countries involved. At the present moment, the content of the requisite legal advice services cannot be definitively described, as the business models and the specific services to be offered throughout Europe have yet to be developed. These legal considerations on practically feasible and implementable business models for a pan European cloud, as well as working out the advantages and disadvantages of the models from a purely legal viewpoint (contractual relationships, questions of liability, sub contractors, accepting and excluding providers), are absolutely essential for the initial analyses when considering EU wide cloud solutions. The formulation of the individual legal provisions and problem areas in the context of the platform operator as supplier, as well as legal problem areas from the viewpoint of the user of the services, must be included in the study. 16

17 Euritas would like to suggest that these investigations and considerations continue logically and that the unresolved issues and questions are dealt with gradually in structured projects 3.3 IT security criteria and requirements Questions relevant to security keep emerging directly in cloud projects and cloud environments. Fundamentally influential here are quality, timeframes and costs, subject to the selected or stipulated level of security. Public IT service providers in particular must also take into account this interaction between cost and expenditure, quality and security requirements and timeframes and the associated duration of the project. The basic paradigm for data and information protection used to be classic perimeter protection. The starting point in the past was the assumption that there was a clearly defined boundary between network segments with regard to "internal and external access". This ensured that it was possible to have central checkpoints (firewalls) for all data and communications traffic. Actually, however, the development of IT in recent years, particularly the new cloud computing trend, has been taking a quite different direction. Mobility, the dynamic approach to terminals and IT infrastructures, the large numbers of mobile and private devices (e.g. notebooks, USB sticks, MP3 players, PDAs, mobile phones) and the increasing interaction between the various networks, all make it clear that progressive and distributed checks, as well as additional data security, are necessary. So it is essential to implement another approach to the protection of data and information, namely protecting the data and information itself. This protection mechanism must also be taken into account in a safe cloud environment, as different user groups with different authorisations will be acting and interacting simultaneously. In an open structure, elementary protection of data and information applies. This particularly includes especially in the public sector the protection of personal data by encrypted data transmission, as well as safe data storage and data management. So, subject to the particular need for protection of the data and information being processed, a combination of the two approaches, i.e. perimeter protection (e.g. firewalls, intrusion detection) protection of data and information (e.g. encrypting the data) must be implemented in practice. In this context, it is necessary to undertake security analyses to ponder the fact that the elementary data and information security aims in data and information processing, i.e. availability (the capacity of information to be accessible and useful for an authorised person on request) integrity (the capacity that ensures the accuracy, completeness and credibility of the information) confidentiality (protection of the capacity of the information to only be accessible or made known to authorised natural or legal persons or processes) 17

18 obviously have to be guaranteed in cloud offers. It is necessary in the context of a European cloud to make sure that additional security aims are derived from the three main categories. Also necessary are keeping to the compliance requirements (conformity with legislation, guidelines and standards) and fulfilling the basic principle of effective, efficient and economical information processing and of course, the demands for obligation and nonrepudiation of information interactions (e.g. in legally binding online business transactions and for the purposes of evidence preservation). Figure 2: The triangle of conflict and IT security aims in the context of cloud computing (Source: ITDZ Berlin, Toni Seifert, July 2012) The issue of virtualisation and platform independence, which is the basic technology for cloud services, has organisational prerequisites that have to be implemented and also included in the descriptions of standards that have yet to be developed. Virtualisation combines the risks and threats from the physical and virtual server worlds. Firewalls placed in front of a server system or network as a protective barrier may not always provide sufficient protection within the virtualised server world, as the separation between the hardware systems is no longer clear. This brings additional risks, which have to be resolved both from a technical and from an organisational viewpoint. The following seven (representative) examples illustrate the difference of operating a virtualised cloud solution: Administration of the server and application virtualisation environment and configuration of the various network segments, become more complex. Formerly 18

19 separate tasks and specialisations, such as server administration and network management are combined (new employee qualifications). Consolidation of several servers within virtual environments must also take into consideration the various confidentiality and security zones of the formerly physical servers (new security requirements). Virtual servers exist as file images that can be quickly set up, copied, relocated and restored, which produces higher risks, as well as various advantages (new organisational rules). The basic updating of virtual server systems in cloud environments means new requirements to keep the system up to date and to protect it. Setting up a virtual system based on protection that was provided at an earlier stage may also result in patch levels that are no longer up to date (increased patch management demands). Higher standards are required in productive operation with regard to the organisational arrangements for the server lifecycle of virtual systems (e.g. set up, support, updates, loading patches, configuration or end of usage time), because setup is so simple and quick (new models of product and service provision). To ensure safe communication to the cloud and within the cloud, the definition and maintenance of all identities, rights and roles are one of the central tasks of security management. Higher standards must also be implemented for access control, as well as administration and the separation of data and applications (new technologies). Dynamic IT services as a cloud service require all the processes of service management and central monitoring of service level agreements to be changed (new operational and service management processes). When setting up and developing a cloud environment, these must be regarded as underlying conditions and implemented accordingly. The organisation of the company must also be adapted to these new and dynamic approaches, especially with the cross divisional provisioning of IT services across technical boundaries. Safe access to a cloud service is dependent on many technical as well as organisational measures. It is important to establish first where the access is coming from and then to implement relevant security measures, based on the need for protection of the data and information and the system of authentication that is being used. This makes it clear that the extensive combination of technical and organisational IT data security measures that has to be implemented for productive operation when provisioning cloud services does not just apply to "public clouds" but is also relevant within a "private cloud". It is therefore advisable to carry out a risk analysis tailored to public IT service providers for the respective cloud service offers and then based on this, to create the service catalogue, so 19

20 that customers have a data and information sensitivity classification to help them to select suitable IT services. A technical and organisational cloud security policy must also be established. This allows requirement and indicator based monitoring and control, which is the basis for carrying out regular audits. This can also be the basis for verifying that the underlying conditions have been observed and for identifying potential improvements. 3.4 Quality criteria for cloud offers and services in administration In the cloud computing context, it is primarily a service that is rented, and the way in which the provider produces the service can be very complex and totally detached from regional considerations. The selected aspects shown below allow you to assess the quality of a cloud service or as a cloud service provider, to be guided by the high standard of quality required for service provision. These criteria are geared to the EuroCloud criteria catalogue, which is applicable throughout Europe. As a general requirement, a weighting should be given with regard to the necessary level of accomplishment of the areas given below by way of example 5 : IT and data security, control possibilities and compliance, Flexibility, transparency and scalability, Service quality and its measurability, Integration capability and expenditure, as well as economic efficiency, Cost structures for long term planning, Possibility of integration with existing IT infrastructure, Access technologies (inc. access management), Data import and export, secure data deletion (e.g. when services are discontinued). Requirements can be viewed differently, depending on the risk assessment and specialist use of the managed data. For each suitable IT service to be purchased or offered from the cloud, it is advisable to develop a system of indicators, to help in the risk analysis. The technical requirements vary greatly and have specific effects on the assessment of risk. 5 See termine/zertifizierung.html 20

CLOUD CONTRACTS WHAT PROVIDERS AND CUSTOMERS SHOULD DISCUSS

CLOUD CONTRACTS WHAT PROVIDERS AND CUSTOMERS SHOULD DISCUSS CLOUD CONTRACTS WHAT PROVIDERS AND CUSTOMERS SHOULD DISCUSS Catalogue of recommended contractual components in General Terms and Conditions of Business (AGB) and Service Level Agreements (SLA) for Cloud

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

The NREN s core activities are in providing network and associated services to its user community that usually comprises: 3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of

More information

Fujitsu Dynamic Cloud Bridging today and tomorrow

Fujitsu Dynamic Cloud Bridging today and tomorrow Fujitsu Dynamic Cloud Bridging today and tomorrow Contents Cloud Computing with Fujitsu 3 Fujitsu Dynamic Cloud: Higher Dynamics for Enterprises 4 Fujitsu Dynamic Cloud: Our Offering 6 High Security Standards

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

Information Services Strategy 2011-2013

Information Services Strategy 2011-2013 Information Services Strategy Issue 1 1 Introduction The States of Jersey public sector is facing significant pressure for efficiencies and savings. This has created the context to take a fresh look at

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

Cloud Computing in a Regulated Environment

Cloud Computing in a Regulated Environment Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2

More information

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based

More information

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there A white paper from Fordway on CLOUD COMPUTING Why private cloud should be your first step on the cloud computing journey - and how to get there PRIVATE CLOUD WHITE PAPER January 2012 www.fordway.com Page

More information

Ensuring security the last barrier to Cloud adoption

Ensuring security the last barrier to Cloud adoption Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It

More information

Service Definition Document

Service Definition Document Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration

Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration Problem Cloud computing offers massive scalability - in virtual computing power, storage, and applications resources - all at almost

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

ONLINE SERVICES. Business and ICT Service Delivery Redefined

ONLINE SERVICES. Business and ICT Service Delivery Redefined ONLINE SERVICES Business and ICT Service Delivery Redefined RULES AND ROLES Even ten years ago, the rules and roles which governed the provision of ICT business services were very different. Business demands

More information

Oxford City Council ICT Strategy 2015 2018

Oxford City Council ICT Strategy 2015 2018 Oxford City Council ICT Strategy 2015 2018 1 Contents 2 Overview... 2 3 OCC Business Drivers... 2 4 ICT Principles... 3 4.1 Business Requirements... 3 4.2 Information Management... 3 4.3 Applications...

More information

Creating Dynamic IT Infrastructure at Reduced Cost with Cloud Computing

Creating Dynamic IT Infrastructure at Reduced Cost with Cloud Computing Creating Dynamic IT Infrastructure at Reduced Cost with Cloud Computing White Paper Date: 12/9/2011 Version: 0.4 (Final) Author: Matt Baker, Clarity Business and IT Solutions Creating Dynamic IT Infrastructure

More information

Profile. Business solutions with a difference

Profile. Business solutions with a difference Profile Business solutions with a difference Overview ITeM Group was founded in 1999 and has a successful history of delivering IT solutions in Australia, New Zealand, Indonesia, China and Canada. We specialise

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

IBM 000-281 EXAM QUESTIONS & ANSWERS

IBM 000-281 EXAM QUESTIONS & ANSWERS IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

White Paper: AlfaPeople ITSM 2013. This whitepaper discusses how ITIL 3.0 can benefit your business.

White Paper: AlfaPeople ITSM 2013. This whitepaper discusses how ITIL 3.0 can benefit your business. White Paper: AlfaPeople ITSM 2013 This whitepaper discusses how ITIL 3.0 can benefit your business. Executive Summary Imagine trying to run a manufacturing business without a comprehensive and detailed

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

Big Data Analytics Service Definition G-Cloud 7

Big Data Analytics Service Definition G-Cloud 7 Big Data Analytics Service Definition G-Cloud 7 Big Data Analytics Service Service Overview ThinkingSafe s Big Data Analytics Service allows information to be collected from multiple locations, consolidated

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Whitepaper. The ABC of Private Clouds. A viable option or another cloud gimmick?

Whitepaper. The ABC of Private Clouds. A viable option or another cloud gimmick? Whitepaper The ABC of Private Clouds A viable option or another cloud gimmick? Although many organizations have adopted the cloud and are reaping the benefits of a cloud computing platform, there are still

More information

NSW Government. Cloud Services Policy and Guidelines

NSW Government. Cloud Services Policy and Guidelines NSW Government Cloud Services Policy and Guidelines August 2013 1 CONTENTS 1. Introduction 2 1.1 Policy statement 3 1.2 Purpose 3 1.3 Scope 3 1.4 Responsibility 3 2. Cloud services for NSW Government 4

More information

SECURE CLOUD SOLUTIONS FOR YOUR BUSINESS.

SECURE CLOUD SOLUTIONS FOR YOUR BUSINESS. SECURE CLOUD SOLUTIONS FOR YOUR BUSINESS. 2015 Learning Possibilities Ltd, 506 Centennial Park, Centennial Avenue, Elstree, Herts, WD6 3FG Email: info@cloudpossibilities.com Telephone: +44 (0) 20 8236

More information

ICT Strategy 2010-2013

ICT Strategy 2010-2013 ICT Strategy 2010-2013 If you would like to receive this publication in an alternative format (large print, tape format or other languages) please contact us on 01832 742000. East Northamptonshire Council

More information

IAAS CLOUD EXCHANGE WHITEPAPER

IAAS CLOUD EXCHANGE WHITEPAPER IAAS CLOUD EXCHANGE WHITEPAPER Whitepaper, July 2013 TABLE OF CONTENTS Abstract... 2 Introduction... 2 Challenges... 2 Decoupled architecture... 3 Support for different consumer business models... 3 Support

More information

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013 Cloud Computing in the Enterprise An Overview For INF 5890 IT & Management Ben Eaton 24/04/2013 Cloud Computing in the Enterprise Background Defining the Cloud Issues of Cloud Governance Issue of Cloud

More information

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager Role title Digital Cultural Asset Manager Also known as Relevant professions Summary statement Mission Digital Asset Manager, Digital Curator Cultural Informatics, Cultural/ Art ICT Manager Deals with

More information

Cloud Panel Draft Statement of Requirement

Cloud Panel Draft Statement of Requirement Cloud Panel Draft Statement of Requirement August 2014 Statement of Requirement This draft Statement of Requirement (SOR) has been created to provide Commonwealth Agencies, industry members and interested

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

Cloud Computing An Introduction

Cloud Computing An Introduction Cloud Computing An Introduction Distributed Systems Sistemi Distribuiti Andrea Omicini andrea.omicini@unibo.it Dipartimento di Informatica Scienza e Ingegneria (DISI) Alma Mater Studiorum Università di

More information

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined. Table of Contents Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined. 1.1 Cloud Computing Development... Error! Bookmark not

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Secure Cloud Computing through IT Auditing

Secure Cloud Computing through IT Auditing Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the

More information

GovDC Marketplace information pack

GovDC Marketplace information pack GovDC Marketplace information pack November 2013 Contents What is the Marketplace? The Marketplace concept Benefits of the Marketplace Service Catalogue Marketplace operation Contracts and commercials

More information

6 Cloud computing overview

6 Cloud computing overview 6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable

More information

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4

More information

Choosing a global cloud infrastructure provider

Choosing a global cloud infrastructure provider IMAGE: ANIMIND/FOTOLIA.COM Choosing a global cloud infrastructure provider Top considerations for choosing a global cloud infrastructure provider A guide for enterprises considering IaaS services, by Lisa

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

THE INS AND OUTS OF CLOUD COMPUTING

THE INS AND OUTS OF CLOUD COMPUTING THE INS AND OUTS OF CLOUD COMPUTING and Its Impact on the Network April 2010 Rev. A 04/10 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com http://www.spirent.com AMERICAS

More information

2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn

2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn 2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn Contents Contents 1 Introduction 1.1 Version History 1.2 Objective 1.3 Target group 1.4 Application

More information

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.

More information

IBM & Cloud Computing. Smarter Planet. John Easton UK & Ireland Cloud Computing Technical Leader

IBM & Cloud Computing. Smarter Planet. John Easton UK & Ireland Cloud Computing Technical Leader Cloud Getting hold Computing of the cloud: for a & Cloud Computing Smarter Planet John Easton UK & Ireland Cloud Computing Technical Leader Copyright Corporation 2010 Cloud is important to Corporation

More information

Amazon Relational Database Service (RDS)

Amazon Relational Database Service (RDS) Amazon Relational Database Service (RDS) G-Cloud Service 1 1.An overview of the G-Cloud Service Arcus Global are approved to sell to the UK Public Sector as official Amazon Web Services resellers. Amazon

More information

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access

More information

The cloud - ULTIMATE GAME CHANGER ===========================================

The cloud - ULTIMATE GAME CHANGER =========================================== The cloud - ULTIMATE GAME CHANGER =========================================== When it comes to emerging technologies, there is one word that has drawn more controversy than others: The Cloud. With cloud

More information

NetVision. NetVision: Smart Energy Smart Grids and Smart Meters - Towards Smarter Energy Management. Solution Datasheet

NetVision. NetVision: Smart Energy Smart Grids and Smart Meters - Towards Smarter Energy Management. Solution Datasheet Version 2.0 - October 2014 NetVision Solution Datasheet NetVision: Smart Energy Smart Grids and Smart Meters - Towards Smarter Energy Management According to analyst firm Berg Insight, the installed base

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

journey to a hybrid cloud

journey to a hybrid cloud journey to a hybrid cloud Virtualization and Automation VI015SN journey to a hybrid cloud Jim Sweeney, CTO GTSI about the speaker Jim Sweeney GTSI, Chief Technology Officer 35 years of engineering experience

More information

Planning the Migration of Enterprise Applications to the Cloud

Planning the Migration of Enterprise Applications to the Cloud Planning the Migration of Enterprise Applications to the Cloud A Guide to Your Migration Options: Private and Public Clouds, Application Evaluation Criteria, and Application Migration Best Practices Introduction

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems

Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems eenviper White Paper #4 Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems 1 Executive Summary Cloud computing could revolutionise public services

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

JISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction

JISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction JISC Technical Review of Using Cloud for Research Guidance Notes to Cloud Infrastructure Service Providers May, 2010 Introduction Provisioning and maintenance of research computing facilities is a core

More information

The Need for Service Catalog Design in Cloud Services Development

The Need for Service Catalog Design in Cloud Services Development The Need for Service Catalog Design in Cloud Services Development The purpose of this document: Provide an overview of the cloud service catalog and show how the service catalog design is an fundamental

More information

Cloud Procurement Discussion Paper. For Comment

Cloud Procurement Discussion Paper. For Comment Cloud Procurement Discussion Paper For Comment AUGUST 2014 Acronyms Acronym AGIMO ASD DCaaS MUL IaaS NIST PaaS RFT SaaS SCS Definition Australian Government Information Management Office Australian Signals

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

security in the cloud White Paper Series

security in the cloud White Paper Series security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),

More information

Securing The Cloud With Confidence. Opinion Piece

Securing The Cloud With Confidence. Opinion Piece Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery

More information

CAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING?

CAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING? CAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING? Ameer Pichan School of Electrical Engineering & Computing Curtin University, Australia What is it? Similar to other services net r

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

1. From the CIO 3. 2. Strategic Direction for Cloud Computing at Kent State 4. 3. Cloud Computing at Kent State University 5

1. From the CIO 3. 2. Strategic Direction for Cloud Computing at Kent State 4. 3. Cloud Computing at Kent State University 5 Kent State University ss Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION

PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION 1. Introduction This document has been written for all those interested in the future approach for delivering ICT

More information

Solutions as a Service N.Konstantinidis Technical Director - MNG

Solutions as a Service N.Konstantinidis Technical Director - MNG Med Nautilus Greece Connected World April 10, 2014 Solutions as a Service N.Konstantinidis Technical Director - MNG MedNautilus Greece Solutions as a Service 2014 SINCE 2002 Data Center Physical Colocation

More information

Our Cloud Offers You a Brighter Future

Our Cloud Offers You a Brighter Future Our Cloud Offers You a Brighter Future Qube Global Software Cloud Services are used by many diverse organisations including financial institutions, international service providers, property companies,

More information

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - 45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

Cloud Computing - Starting Points for Privacy and Transparency

Cloud Computing - Starting Points for Privacy and Transparency Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia University of Applied Science Wolfenbüttel, Germany IFIP Summerschool: Privacy and Identity Management for Life, Helsingborg,

More information

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud VALUE PROPOSITION FOR SERVICE PROVIDERS Helping Service Providers accelerate adoption of the cloud Partnership with Service Providers Enabling Your Cloud Services in Complex Environments Today s challenge

More information

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL: Module Db Technical Solution Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL: Cost is reduced through greater economies of scale, removal of duplication

More information

GUIDELINE. on SERVER CONSOLIDATION and VIRTUALISATION. National Computer Board, 7th Floor Stratton Court, La Poudriere Street, Port Louis

GUIDELINE. on SERVER CONSOLIDATION and VIRTUALISATION. National Computer Board, 7th Floor Stratton Court, La Poudriere Street, Port Louis GUIDELINE on SERVER CONSOLIDATION and VIRTUALISATION National Computer Board, 7th Floor Stratton Court, La Poudriere Street, Port Louis Introduction There is an ever increasing need for both organisations

More information

Leveraging the Private Cloud for Competitive Advantage

Leveraging the Private Cloud for Competitive Advantage Leveraging the Private Cloud for Competitive Advantage Introduction While it is universally accepted that organisations will leverage cloud solutions to service their IT needs, there is a lack of clarity

More information

Capability Paper. Today, aerospace and defense (A&D) companies find

Capability Paper. Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find themselves at potentially perplexing crossroads. On one hand, shrinking defense budgets, an increasingly

More information

INFORMATION TECHNOLOGY MANAGEMENT CONTENTS. CHAPTER C RISKS 357-7 8. Risk Assessment 357-7

INFORMATION TECHNOLOGY MANAGEMENT CONTENTS. CHAPTER C RISKS 357-7 8. Risk Assessment 357-7 Information Technology Management Page 357-1 INFORMATION TECHNOLOGY MANAGEMENT CONTENTS CHAPTER A GENERAL 357-3 1. Introduction 357-3 2. Applicability 357-3 CHAPTER B SUPERVISION AND MANAGEMENT 357-4 3.

More information

Private vs. Public Cloud Solutions

Private vs. Public Cloud Solutions Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper

More information

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions. Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory

More information

Business Process Automation through Application Software

Business Process Automation through Application Software 5 Business Process Automation through Application Software 5.1 Introduction The speed of automation of all activities, whether they be connected to business directly or not has surprised the stakeholders

More information

BBC Technology Strategy

BBC Technology Strategy BBC Technology Strategy Issued: January 2010 For more information contact: Spencer.piggott@bbc.co.uk Copyright 2010 BBC All Rights Reserved TECHNOLOGY STRATEGY Introduction This paper defines the BBC s

More information

Norwegian Data Inspectorate

Norwegian Data Inspectorate Norwegian Data Inspectorate Narvik kommune Postboks 64 8501 NARVIK Norway Your reference Our reference (please quote in any reply) Date 1111/1210-6/PEJA 11/00593-7/SEV 16 January 2012 Notification of decision

More information

BUSINESS MANAGEMENT SUPPORT

BUSINESS MANAGEMENT SUPPORT BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing

More information