Information Auditing and Governance of Cloud Computing IT Capstone Spring 2013 Sona Aryal Laura Webb Cameron University.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University."

Transcription

1 Information Auditing and Governance of Cloud Computing IT Capstone Spring 2013 Sona Aryal Laura Webb Cameron University P a g e 1

2 P a g e 2 Table of Contents Abstract... 3 Introduction... 3 Previous Work... 3 Definition... 4 Cloud Computing... 4 Private clouds... 4 Public cloud... 4 Community cloud... 4 Hybrid cloud... 5 IT Auditing... 5 Technological Innovation Process Audit... 5 Innovative Comparison Audit... 5 Technological Position Audit... 6 Cloud Based IT Audit Process... 6 Traditional Auditing vs. Cloud Auditing... 6 Risk Management and Risk Assessment... 7 Cloud-Based IT Standards and Governance... 7 Current and Future Guidance... 7 Cloud Security Alliance (CSA )... 8 Information Systems Audit and Control Association (ISACA)... 8 Implementing and Maintaining Governance Methodology... 9 Conclusion & Future Work... 9 Works Cited... 10

3 P a g e 3 Information Auditing and Governance of Cloud Computing Sona Aryal and Laura Webb Abstract - Cloud computing is the most recent attempt in delivering computing resources as a service instead of it being just a product to purchase. There is no escaping from the constant discussion on the future of cloud computing and how it is going to impact businesses finances and resources. In this paper, we will discuss the importance of performing standard audit of cloud computing. This paper will include an in-depth analysis of what cloud computing and IT auditing is and the issues surrounding the auditing technology. We will explore various types, steps and standards involved in information auditing in the cloud. Introduction Cloud computing is receiving a great deal of attention, not only in publications and among experts in the field but also with the users - from individuals at home to the U.S. government [1]. Most among us have either communicated, collaborated or used a service (i.e., tax preparation, online gaming, video sharing, or ) in the cloud or at least have some familiarity on what it is and how it works. Technology evolves at an ever changing pace, and cloud computing has come a long way since it was first introduced in the early 1990 s. A substantial number of businesses have transformed their organizations and adopted the cloud s technology. With this new business model are also skepticism regarding the security, privacy, performance, availability, and liability [2]. Introducing the cloud in today s businesses opens up a door to a whole new level of technological developments benefiting both businesses and its consumers. With the growing number of mobile and remote workers, instant access almost anywhere is necessary. This realization has led the businesses to slowly treat the cloud like any other traditional technological assets of the organization. This is where information technology auditing in cloud plays a vital role. Unlike other information resources used in any organization, cloud computing can be complicated to understand. This unfamiliarity with new, yet powerful technological assets can make the process of auditing chaotic. Therefore, focusing on how businesses perform IT auditing while in the cloud and what governmental standards are utilized becomes crucial. Being able to compare traditional IT auditing with cloud auditing and understanding the similarities and differences each withhold not only help businesses maintain a standard audit trail but also makes their business secured. There has been various guidelines and standards introduced to address the security issues arising from the cloud. Experts in the field have researched on what effective strategies should be implemented to create and propose proper standards and laws. Previous Work There has been a number of work and research done regarding topics closely related to cloud, its security and future of the cloud. All of these findings have been extremely helpful in gaining a broader understanding of this new topic.

4 P a g e 4 We examined many articles of those who have researched various mechanisms in cloud audit. Most have developed specific types of protocols that focus on different areas of the cloud (i.e., cloud server, user, provider, etc). Chen and Yoon proposed an auditing methodology by implementing checklists based on the deployment and service models [3]. In their studies, they suggest that by using this process, precautions and measures would be put into effect therefore minimizing compliance concerns. However, they only designed checklists for IaaS and Saas and not PaaS. Wang and Sherman proposed a privacy preserving auditing protocol by using a random masked technique [4]. This allowed numerous auditing tasks to be performed by a third party auditor without compromising the data content. However, this applies only to the auditor and the data, not authentication between the cloud server, cloud service provider, and the user with the auditor. Haeberlen proposed a tamper evident logging technique which required the use of virtual machines to record all the events that take place [5]. This allows for the cloud to be accountable to the user and provider, but does not define how the data is stored securely. While these are only a few proposals made by others researching this field, the overall consensus are that a set of detailed protocols must be established to protect the cloud from beginning user to end user prior to cloud deployment of any model. Definition The definition of cloud computing as stated by the National Institute of Standards and Technology (NIST) is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction [6]. Cloud Computing There are four types of deployment models represented in cloud computing. These are Private, Public, Community, and Hybrid. Selection of which one to be deployed depends upon the needs of an organization. Each model has own benefits and disadvantages that need to be considered. Private clouds are designed for businesses which require the highest level of security for their sensitive data (i.e., banking institutions, law firms, healthcare facilities, etc). The data center is typically on location where all processes and operations are managed internally. However, third parties can provide the same services off-site. Private clouds are used entirely by the organization and have more control over policy implementation [13]. Public cloud is more suited for the smaller businesses and those just starting up with little physical infrastructure. It is available to the general public for a small fee and serves a more common purpose such as and storage services. These are mainly controlled by major corporations like Amazon, Microsoft or Google [11]. Community cloud is often called the vertical cloud and has likeness with that of the private cloud. It is often associated with agencies within the government. It serves multiple organizations who share a similar purpose [12].

5 P a g e 5 Hybrid cloud consists of an integration of the other clouds that remain exclusive but are linked by technology that facilitates data and application portability [6]. Figure 1 shows the four cloud computing deployment models and illustrates the differences in their design. Figure 1. (Source: Cloud Computing Deployment Models illustrating the differences in their properties. IT Auditing An information technology audit is a method of analyzing an organization s technological capacity, its needs and management process. The major aim of an IT audit is to evaluate the capacity of an organization s technological assets, its reliability, efficiency, and level of compliance. It is not necessarily a solution for any problems within the organization but is the first step in recognizing the problem. Furthermore, successful completion of an auditing process leads the auditing team to create a report with a defined action plan. This report is then presented to management making it easy to analyze the technological needs and improvement of an organization. According to Goodman & Lawless there are three main analytic frameworks characterizing the basic approach of carrying out the IT audit [9]. Technological Innovation Process Audit: This auditing technique analyzes the level of risk involved in ongoing projects and future projects of an organization. It studies the ratio of a company s success and risk involved. It provides an internal look at the company s experience in choosing the technology required for projects/product of the organization. Innovative Comparison Audit: This audit creates a comparison between an organization and its competitor or an established benchmark. It analyzes the organization s technological asset/technique with that of its competitors. The comparison involves examining the company s facilities, its policies and its success rate.

6 P a g e 6 Technological Position Audit: This audit reviews the technologies that the organization currently uses and any future plan of purchases. IT analyzes the needs of current and future technology required by the organization in order to function in the most effective yet economic way. Here, an auditor creates a report stating the urgency/ importance of the technology used within the organization. Cloud Based IT Audit Process With more businesses and customers deploying in the cloud, uncertainty of the standards to follow are blurred. Therefore, the process of IT auditing has become a significant issue. At the 8th Annual KPMG conference in 2012, IT Risk and Emerging Technologies was ranked as the 2nd highest concern [9]. Traditional Auditing vs. Cloud Auditing There are many differences in how auditing is conducted traditionally versus auditing in a web based atmosphere. In a traditional setting, an auditor would make detailed examinations of the internal business processes, generate reports, assess the company s current and future risks and develop a plan for improvement. For the cloud, the audit procedure is more in depth as compliance must exist with both the service provider and the organization. The reason is that the cloud service providers have control over the organization s data so the integrity of the data must remain intact and confidential [2]. Cloud auditing includes identifying the risks and new requirements for securing data in the cloud, aligning the system with the company s policies, determining the weaknesses and vulnerabilities, evaluating the controls and implementing a risk assessment plan [13]. Figure 2 illustrates the complex cloud IT auditing process cycle. Figure 2. (Source An illustration of the complex IT Auditing Process in the cloud.

7 P a g e 7 Risk Management and Risk Assessment With the dawn of computerization, the threat of data loss/compromise has always been the most alarming problem. The technological innovation has both helped solve this issue and create a different one every day. However, cloud computing is no exception to this condition. With the uncertainty of where exactly our data is stored and utilized, the risk involved is multiplied. It becomes very important to have a clear understanding of division of liabilities and responsibilities between vendor (provider like amazon, dropbox, and all other cloud based store) and client (home user to high profile companies).study of contract between these two parties should be carefully read and understood.. The process of IT auditing not only helps identify this risk but also guides the authority involved in acknowledging it. Having this understanding helps companies draw proper data recovery process in case of disaster/disruption of data in cloud. Cloud-Based IT Standards and Governance Due to the overwhelming presence the cloud has created, there are three groups who have been working together to build standards and allow interoperability. These are The Cloud Computing Interoperability Forum, The Open Cloud Consortium, and the DMTF Open Clouds Standards Incubator. For the cloud to be open universal protocols must be set in place and utilized by all [12]. Companies are required to follow guidelines ensuring information security. The Sarbanes Oxley Act of 2002 was signed into law to protect investors from inaccurate reporting of financial records of companies they have a venture in [14]. SOX pushed organizations to design business policies to manage risk. The European Network and Information Security Agency (ENISA) is an organization who determines the cost and benefits of cloud computing while analyzing the risks. They also monitor and provide recommendations to other European businesses that are willing to migrate to the cloud [7]. The National Institute of Standards and Technology (NIST) is part of the U.S. Department of Commerce who develops standards and guidelines for Federal agencies; and are responsible for providing adequate information security to those agencies [6]. They works with the private sector, other government agencies, and universities to develop and apply the technology, measurements and standards needed for new and improved products and services [18].The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established federal rules to protect patients by providing rights and disclosure to personal health information [16]. There are many organizations who work together collaborating on current cloud standards and exchange use cases to develop the new standards. NIST publishes this information amongst all the groups and allows for outside organizations to contribute. These standards pertain to different aspects of the cloud such as security, user access, data import and export, network management and registry. Current and Future Guidance By having standard guidelines in place, businesses will gain more confidence in the cloud and develop a greater trust. In order to advance cloud computing, measures to establish greater security will need to be met [17]. The cloud s future will need to expand on its interoperability and ways to handle vendor lock-in.

8 P a g e 8 Cloud Security Alliance (CSA) Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing [8]. The alliance s working group Security as a Service (SecaaS) has published implementation guidance documents which expands on ten different categories of services: 1. Identity and Access Management Implementation Guidance 2. Data Loss Prevention Implementation Guidance 3. Web Security Implementation Guidance 4. Security Implementation Guidance 5. Security Assessments Implementation Guidance 6. Intrusion Management Implementation Guidance 7. Security Information and Event Management Implementation Guidance 8. Encryption Implementation Guidance 9. Business Continuity / Disaster Recovery Implementation Guidance 10. Network Security Implementation Guidance Information Systems Audit and Control Association (ISACA) ISACA is an international professional association focused on IT Governance. The association is responsible in creation of Control Objectives for Information and Related Technology (COBIT) which is one of the most widely used frameworks for information technology management and governance. COBIT addresses 34 IT processes, ranging from strategic planning to implementation, production, support, and monitoring. The processes are grouped into four domains each of which has detailed guidelines as illustrated in Figure 3[10]. COBIT Figure 3 illustrates the four areas of COBIT (designed by Sona Aryal, 2013)

9 P a g e 9 The organization also partners an institute (IT governance institute) which focuses on conducting research/publication on IT governance related subjects. This association s contribution towards the field of IT audit, security, governance and risk management has been given high credibility for the certifications (CISA, CISM, and RISC) they endorse. Implementing and Maintaining Governance Methodology To secure the cloud, organizations should use encryption technology. The servers should have its own encryption as well as the backup system. This ensures that the data is securely stored and protected. Use of proper access control methods ensures standard identification, authentication and authorization. Cloud automation reduces the risk of user error and malicious actions. To ensure the organization is compliant logging, monitoring and alerting will minimize discrepancies. [15]. Conclusion & Future Work The future of auditing in the cloud is accelerating at a rapid pace. There are many organizations that have developed standards and guidelines; however, the risk of data being compromised will still exist. To regulate these standards on a global scale will take a number of years to implement and enforce. Challenges such as new laws and new requirements that vary by geographic area or jurisdiction, compliance of audit logs across multiple domains, and the increased complexity to comply with new standards remain. Organizations and consumers must continue to work together to build a more effective solution to IT auditing in the cloud. Organizations like NIST, CSA, and ISACA are continuously working with IT professional and experts to research this fairly new subject and it has a long way to grow. Future research on this topic can open up doors to new and improved guidelines and standards that can be adapted by various organizations.this particular paper can be used as a reference to elaborate on all the governance proposed/listed the in paper and compare with any new reforms performed by any other guidelines.

10 P a g e 10 Works Cited 1. Huth, A. & Cebula, J. (2011). The Basics of Cloud Computing. Carnegie Mellon University. 2. Gul, I., & Islam, M. H. (2011, June). Cloud Computing Security Auditing. In Next Generation Information Technology (ICNIT), 2011 The 2nd International Conference on (pp ). IEEE. 3. Chen, Z., & Yoon, J. (2010, July). IT Auditing to Assure a Secure Cloud Computing. In 6th World Congress on Services (pp ). 4. Wang, C., Sherman, C., Wang, Q., Ren, K., & Lou, W. (March 2010). Privacy Preserving Public Auditing for Secure Cloud Storage. INFOCOM Proceedings IEEE, Haeberlen, A. (2010). A Case for the Accountable Cloud. ACM SIGOPS Operating Systems Review, 44(2), Mell, P. & Grance, T. (Sept 2011). The NIST Definition of Cloud Computing. NIST Special Publication Hogben, G. ENISA-Cloud Computing and Security Strategy. Retrieved from 8. Cloud Security Alliance. (2011). Security Guidance for Critical Areas of Focus in Cloud Computing V Goodman, R. A., & Lawless, M. W. (1994). Technology and Strategy: Conceptual Models and Diagnostics. New York: Oxford University Press. 10. Information Systems Audit and Control Association (ISACA), Control Objectives for Information and Related Technology (COBIT). Retrieved from Rhoton, John. (2011). Cloud Computing Explained. Recursive Press. 12. Sriram, I. & Khajen-Hosseini, A. Research in Cloud Technologies. Retrieved from (Sept 2011) New Requirements for Security and Compliance Auditing in the Cloud. Qualys Stults, G. (May 9, 2004). An Overview of Sarbanes-Oxley for the Information Security Professional. SANS Institute. Version 1.4b. Option (2013) Understanding Enterprise Cloud Governance. Enstratius Inc. 16. Health Insurance Portability and Accountability Act of Web Badger, L., et al. (Nov 2011) US Government Cloud Computing Technology Roadmap. Volume 1. Release 1.0 (Draft). National Institute of Standards and Technology. Special Publication Office of the Director Homepage. (n.d.). National Institute of Standards and Technology. Retrieved April 16, 2013, from

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization

More information

Working Group on. First Working Group Meeting 29.5.2012

Working Group on. First Working Group Meeting 29.5.2012 Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of

More information

ISACA Presentation. Cloud, Forensics and Cloud Forensics

ISACA Presentation. Cloud, Forensics and Cloud Forensics ISACA Presentation Cloud, Forensics and Cloud Forensics Agenda What is the Cloud What is Forensics Challenges Cloud poses to Information Security and Forensic Investigations Using Cloud technologies to

More information

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 Perspectives on Moving to the Cloud Paradigm and the Need for Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 2 NIST Cloud Computing Resources NIST Draft Definition of

More information

Logically Securing a Public Cloud Service

Logically Securing a Public Cloud Service SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Secure Cloud Computing through IT Auditing

Secure Cloud Computing through IT Auditing Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the

More information

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Cloud Database Storage Model by Using Key-as-a-Service (KaaS) www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 7 July 2015, Page No. 13284-13288 Cloud Database Storage Model by Using Key-as-a-Service (KaaS) J.Sivaiah

More information

Cloud Computing Risk and Rewards

Cloud Computing Risk and Rewards Cloud Computing Risk and Rewards John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society Convergence 2013 May 8, 2013 John

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY

CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY 1 CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY Torrell Griffin 2 Cloud Technology Implementation/Risk Mitigation The purpose of this report, in essence, is to define cloud technology as well as describe some

More information

Information Security Guideline: Cloud Computing Services. Information Security and Privacy Committee Draft version 8/1/2012

Information Security Guideline: Cloud Computing Services. Information Security and Privacy Committee Draft version 8/1/2012 Information Security Guideline: Cloud Computing Services Information Security and Privacy Committee Draft version 8/1/2012 Table of Contents Introduction... 1 Purpose... 2 Scope... 2 Risks and Concerns

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

Digital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics

Digital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics Digital Forensics Lab 10: Cloud Computing & the Future of Digital Forensics Today's Topics Cloud Computing Overview Applications of Cloud Computing Impact of CC to Digital Forensics Future of Digital Forensics

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

Global Efforts to Secure Cloud Computing

Global Efforts to Secure Cloud Computing April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

Week 1 Assignment. William Slater. CYBR 615 Cybersecurity Governance and Compliance. Bellevue University

Week 1 Assignment. William Slater. CYBR 615 Cybersecurity Governance and Compliance. Bellevue University The Roles of the Internal Audit Team in Cloud Computing 1 Week 1 Assignment William Slater CYBR 615 Cybersecurity Governance and Compliance Bellevue University The Roles of the Internal Audit Team in Cloud

More information

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:

More information

Framework for Cloud Usability

Framework for Cloud Usability Published in proceedings of HCI International 2015 Framework for Cloud Usability Brian Stanton 1, Mary Theofanos 1, Karuna P Joshi 2 1 National Institute of Standards and Technology, Gaithersburg, MD,

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

Private Vs Public Cloud

Private Vs Public Cloud Private Vs Public Cloud Solanke Vikas 1, Kulkarni Gurudatt 2, Maske Vishnu 3, Kumbharkar Prashant 4 1 Lecturer in Information Technology Department,MM Polytechnic Pune, India solankevs@mmpolytechnic.com

More information

CLOUD COMPUTING. A Primer

CLOUD COMPUTING. A Primer CLOUD COMPUTING A Primer A Mix of Voices The incredible shrinking CIO CIO Magazine, 2004 IT Doesn t Matter, The cloud will ship service outside the institution and ship power from central IT groups to

More information

COMMUNICATIONS ALLIANCE LTD

COMMUNICATIONS ALLIANCE LTD COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory Perspectives on Cloud Computing and Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory Caveats and Disclaimers This presentation provides education on cloud technology and its benefits

More information

UTH~ihltli. December 11, 2014. Report on Institutional Use of Cloud Computing #14-204

UTH~ihltli. December 11, 2014. Report on Institutional Use of Cloud Computing #14-204 -- UTH~ihltli The University of Texas Health Science Center at Houston Office of Auditing & Advisory Services December 11, 2014 Report on Institutional Use of Cloud Computing #14-204 We have completed

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

EXIN Cloud Computing Foundation

EXIN Cloud Computing Foundation Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011 A Strawman Model NIST Cloud Computing Reference Architecture and Taxonomy Working Group January 3, 2011 Objective Our objective is to define a neutral architecture consistent with NIST definition of cloud

More information

Customer Security Issues in Cloud Computing

Customer Security Issues in Cloud Computing Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IJCSMC, Vol. 2, Issue.

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey A Comparison of IT Governance & Control Frameworks in Cloud Computing Jack D. Becker ITDS Department, UNT & Elana Bailey ITDS Department, UNT MS in IS AMCIS 2014 August, 2014 Savannah, GA Presentation

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

CLOUD IN HEALTHCARE EXECUTIVE SUMMARY 1/21/15

CLOUD IN HEALTHCARE EXECUTIVE SUMMARY 1/21/15 CLOUD IN HEALTHCARE CURRENT STATE AND STRATEGIES THAT IMPACT THE BOTTOM LINE EXECUTIVE SUMMARY As healthcare organizations struggle with competing priorities such as HITECH/ARRA, Meaningful Use, ICD-10,

More information

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

Data Integrity Check using Hash Functions in Cloud environment

Data Integrity Check using Hash Functions in Cloud environment Data Integrity Check using Hash Functions in Cloud environment Selman Haxhijaha 1, Gazmend Bajrami 1, Fisnik Prekazi 1 1 Faculty of Computer Science and Engineering, University for Business and Tecnology

More information

Awareness, Trust and Security to Shape Government Cloud Adoption

Awareness, Trust and Security to Shape Government Cloud Adoption Awareness, Trust and Security to Shape Government Adoption Awareness Trust Security A white paper by: April 1 1 Executive Summary The awareness, trust and security issues that have limited federal government

More information

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted. Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing

More information

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory Perspectives on Cloud Computing and Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory Standardization and Cloud Computing Cloud computing is a convergence of many technologies Some

More information

Public Cloud Computing vs. Private Cloud Computing: How Security Matters. Public Cloud Computing vs. Private Cloud Computing: How Security Matters

Public Cloud Computing vs. Private Cloud Computing: How Security Matters. Public Cloud Computing vs. Private Cloud Computing: How Security Matters Public Cloud Computing vs. Private Cloud Computing: How Security Matters 1 Public Cloud Computing vs. Private Cloud Computing: How Security Matters Research Paper Public Cloud Computing vs. Private Cloud

More information

Ensuring Cloud Security Using Cloud Control Matrix

Ensuring Cloud Security Using Cloud Control Matrix International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 3, Number 9 (2013), pp. 933-938 International Research Publications House http://www. irphouse.com /ijict.htm Ensuring

More information

A Survey on Cloud Security Issues and Techniques

A Survey on Cloud Security Issues and Techniques A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

Tips For Buying Cloud Infrastructure

Tips For Buying Cloud Infrastructure 27 Tips For Buying Cloud Infrastructure A Comprehensive list of questions to ask yourself when reviewing potential cloud providers By Christopher Wilson @chrisleewilson Table of Contents Intro: Evaluating

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

How to Turn the Promise of the Cloud into an Operational Reality

How to Turn the Promise of the Cloud into an Operational Reality TecTakes Value Insight How to Turn the Promise of the Cloud into an Operational Reality By David Talbott The Lure of the Cloud In recent years, there has been a great deal of discussion about cloud computing

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

Compliance and the Cloud: What You Can and What You Can t Outsource

Compliance and the Cloud: What You Can and What You Can t Outsource Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

U.S. HOUSE OF REPRESENTATIVES SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HEARING CHARTER

U.S. HOUSE OF REPRESENTATIVES SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HEARING CHARTER U.S. HOUSE OF REPRESENTATIVES SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HEARING CHARTER The Next IT Revolution?: Cloud Computing Opportunities and Challenges

More information

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Whitepaper: Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider WHITEPAPER Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Requirements Checklist

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government October 4, 2009 Prepared By: Robert Woolley and David Fletcher Introduction Provisioning Information Technology (IT) services to enterprises

More information

A Secure System Development Framework for SaaS Applications in Cloud Computing

A Secure System Development Framework for SaaS Applications in Cloud Computing A Secure System Development Framework for SaaS Applications in Cloud Computing Eren TATAR, Emrah TOMUR AbstractThe adoption of cloud computing is ever increasing through its economical and operational

More information

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012 Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

BUSINESS MANAGEMENT SUPPORT

BUSINESS MANAGEMENT SUPPORT BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing

More information

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com The Magazine for IT Security May 2010 sör alex / photocase.com free digital version made in Germany issue 3 Luiz Fotolia.com Clouds or storm clouds? Cloud Computing Security by Javier Moreno Molinero Gradually,

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information

Protecting your brand in the cloud Transparency and trust through enhanced reporting

Protecting your brand in the cloud Transparency and trust through enhanced reporting Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business

More information

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments IJSTE - International Journal of Science Technology & Engineering Volume 1 Issue 10 April 2015 ISSN (online): 2349-784X A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information