COMMUNICATIONS ALLIANCE LTD
|
|
- Clara George
- 8 years ago
- Views:
Transcription
1 COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol
2 - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE 3 SECTION 2 COMMENTS ON CONSUMER CONFIDENCE 4 SECTION 3 SUGGESTING DRAFTING CHANGES TO SECTION 4 5 SECTION 4 COMMENTS ON SECTION 7 OF THE PAPER 6 SECTION 5 COMMENTS ON SPECIFIC QUESTIONS IN THE PAPER 7
3 - 2 - INTRODUCTION Communications Alliance welcomes the opportunity to provide this submission in response to ACS Discussion Paper on a Potential Cloud About Communications Alliance Communications Alliance is the primary telecommunications industry body in Australia. Its membership is drawn from a wide cross-section of the communications industry, including carriers, carriage and internet service providers, content providers, equipment vendors, IT companies, consultants and business groups. Its vision is to provide a unified voice for the telecommunications industry and to lead it into the next generation of converging networks, technologies and services. The prime mission of Communications Alliance is to promote the growth of the Australian communications industry and the protection of consumer interests by fostering the highest standards of business ethics and behaviour through industry self-governance. For more details about Communications Alliance, see
4 - 3 - SECTION 1 Overview of Response Communications Alliance offers the following over-arching viewpoint about the utility and objectives of the potential Protocol. These comments are preliminary, in line with the earlystage nature of the discussion paper and we look forward to more detailed consultation when a draft protocol is available 1. The most significant potential market failure that the proposed Cloud Computing Consumer Protocol would seek to address, in the view of Communications Alliance Members, is that of the lack of consumer knowledge and understanding, which appears to be inhibiting uptake of cloud services 2. The best way to address this is via a range of educational tools, e.g. awareness campaigns, web-sites, on-line forums, Wikis, etc. and by leveraging existing informational sources. 3. This education task should be the focus of the ACS Cloud Protocol 4. The CSP members of Communications Alliance do not support the creation of an additional protocol covering what might be disclosed by providers to customers. 5. The existing, registered and enforceable Telecommunications Consumer Protections Code 2012 governs the disclosure requirements for CSPs when they provide services to their customers and provides a strong basis for the way CSPs will inform customers in circumstances where CSPs are also providing cloud-based services. Overlaying the TCP Code is the regulated framework of the Australian Consumer Law, with which CSPs are also required to comply. 6. The situation in New Zealand is very different to that in Australia the co-regulatory and regulatory requirements including applicable consumer law and the new Privacy Act amendments - on service providers are not as comprehensive in New Zealand as in Australia.
5 - 4 - SECTION 2 Comments on Consumer Confidence Typically there are two main concerns with the use of cloud services from a security perspective: 1. The security of the platform that the cloud service is based on (responsibility of the provider). 2. The secure use of the platform by consumer (responsibility of the consumer). Having assurance that security is being addressed from both of these angles will increase consumer confidence in using the service. Each item is discussed in the following paragraphs: 1. To address the security of the cloud platform from the provider s perspective cloud providers may choose to publish publicly accessible statements regarding compliance to security standards. There are many standards available (such as ISO 27001, PCI DSS and SOC 1/SSAE 16/ISAE 3402) that would be confusing to a customer. To assist the customer in deciphering these codes into what constitutes good security practice the protocol might include plain language guidance around these standards. For example, the protocol might say: ISO give assurance that the cloud provider has gone through a basic compliance programme to verify robust security practices Medium level of assurance. PCI DSS might come with a high level of assurance etc. 2. To address the secure use of the cloud platform of the consumer, the protocol might recommend that service providers publish best practice guidelines around common pitfalls and mistakes that customers might encounter while using the service. Such concerns can include: a. User management (on-boarding, off-boarding and regular audits) b. Encrypting confidential data c. Security of hosted servers, network elements and applications d. How to identify malicious behaviour e. Common products and partners that can assist in the above.
6 - 5 - SECTION 3 Suggesting Drafting Changes to Section 4 What is Cloud Computing? 1 Cloud computing is a general term for the delivery of hosted services (in Virtualised environment) over the internet, enabling users to remotely store, process and share digital information and data. As such it is more a new way of delivering technology services rather than a new technology itself. There are three main categories of cloud, although the distinctions between them are becoming more permeable as their sophistication grows. They are: 1. Infrastructure as a Service (IaaS) offers data centre capacity, processing and storage. An example is Amazon web services. 2. Platform as a Service (PaaS) provides a software development and deployment environment for the applications. Examples are Microsoft s Windows Azure and Salesforce s force.com. 3. Software as a Service (SaaS) offers software applications that can be subscribed by users. Examples include Salesforce, Hotmail and Flickr.
7 - 6 - SECTION 4 Comments on Section 7 of the Paper Data Location While Communications Alliance does not advocate specific disclosure recommendations, additional commentary may be useful around the value of data sovereignty and the implications of on-shore versus off-shore hosting. This is of particular importance where a cloud service provider may be owned or operated by a US-based corporation, and thus subject to foreign laws (Patriot Act II, etc.) Backup and Maintenance It s worth pointing out that some cloud providers give clients the ability to choose the level of protection they subscribe to in terms of things like service availability, security, data protection and disaster recovery. There is a cost of providing specific service-related capabilities, such as back-up testing and validation - even when they are automated - and not all clients are willing/able to pay a premium for features such as this and/or may have another means of achieving the required level of data protection. It is important to protect the cloud consumer s ability to choose whether or not to purchase such additional capabilities, or simply make sure that consumers are aware that they have a choice Vendor Lock-In & Data Portability We disagree with the statement At present, the lack of interoperable technical standards between cloud computing services means that users may risk losing their content and media if they change services whilst from an end-user perspective this is true, there are technical tools available to migrate data safely between completely disparate and non-compatible cloud platforms. There is a risk that the cloud service provider industry is perpetuating the belief that customers cannot safely move.
8 - 7 - SECTION 5 Comments on Specific Questions in the Paper Question 6. If you are a provider of cloud services and products, what is the current state of market confidence in cloud computing, and are there any outstanding transparency issues that concern users? If so, what is the best method of addressing these concerns? Cloud computing technology is currently mature and there is no significant technical difficulty in implementing solutions that can be deployed in traditional data centres in Cloud. The concerns relate mainly to data security as well as the nature of multi-tenancy of cloud. Customers sometimes express concern that their data is stored with the service provider but may be shared with the other tenants on the same physical devices. Virtualisation technologies need to be continuously improved to ensure 100% isolation of customer data. Service providers ideally should implement cloud services that comply with various international standards such as ISO and PCI. These compliances are an indication of the high standard of cloud services but will also increase the cost of the services. Question 7. If a voluntary protocol is introduced, do you have any comments on potential compliance costs, jurisdictional complexities and the interaction between the Protocol and other cloud standards currently being developed globally? SMEs and Consumers are typically sensitive to price of services. Cost impacts will need to be carefully assessed before included any proposed compliance regime into the Voluntary Protocol (something that would in itself be unusual). For example, costs increase proportionally based on the type of security measurements to be implemented, adding too comprehensive and stringent security measures means more costs to the service provider and also final cloud end products.
9 Published by: COMMUNICATIONS ALLIANCE LTD Level 9 32 Walker Street North Sydney NSW 2060 Australia Correspondence PO Box 444 Milsons Point NSW 1565 T F E info@commsalliance.com.au ABN Care should be taken to ensure the material used is from the current version of the Standard or Industry Code and that it is updated whenever the Standard or Code is amended or revised. The number and date of the Standard or Code should therefore be clearly identified. If in doubt please contact Communications Alliance
What is Australia's Communications Alliance?
COMMUNICATIONS ALLIANCE LTD SENATE STANDING COMMITTEE ON ENVIRONMENT AND COMMUNICATIONS INQUIRY INTO TELECOMMUNICATIONS LEGISLATION AMENDMENT (CONSUMER 2013 - 1 - INTRODUCTION Communications Alliance is
More informationAUSTRALIAN COMMUNICATIONS AND MEDIA AUTHORITY REVIEW OF THE TELECOMMUNICATIONS LABELLING (CUSTOMER EQUIPMENT AND CUSTOMER CABLING) NOTICE 2001
COMMUNICATIONS ALLIANCE LTD AUSTRALIAN COMMUNICATIONS AND MEDIA AUTHORITY REVIEW OF THE TELECOMMUNICATIONS LABELLING (CUSTOMER EQUIPMENT AND CUSTOMER CABLING) NOTICE 2001 12 APRIL 2013 - 1 - - 2 - EXECUTIVE
More informationMicrosoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).
Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the
More informationCloud Computing Consumer Protocol. ACS Cloud Discussion Paper July 2013
Cloud Computing Consumer Protocol ACS Cloud Discussion Paper July 2013 ACS Cloud Protocol Discussion Paper July 2013 2 CONTENTS SECTION PAGE 1. Introduction and Purpose 3 2. Structure and Timelines 3 3.
More informationAARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper. James Sankar, Alex Reid August 2013
AARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper James Sankar, Alex Reid August 2013 AARNet, Australia's Academic and Research Network (AARNet) is the not- for- profit
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationMicrosoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions
Microsoft Pty Ltd Australian Financial System Inquiry: Response to request for further submissions August 2014 1 Response in relation to Chapter 9 of the Interim Report Microsoft is pleased to respond
More informationAustralian Communications and Media Authority s Calling the Emergency Call Service Review of Arrangements Discussion Paper
Australian Communications and Media Authority s Calling the Emergency Call Service Review of Arrangements Discussion Paper Submission by Communications Alliance and the Australian Mobile Telecommunications
More informationSecurity in the Cloud
Security in the Cloud Visibility & Control of your Cloud Service Provider Murray Goldschmidt, Pierre Tagle, Ph.D. April 2012 Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationICT managed services and cloud computing. Patrick Sefton Principal, Brightline Lawyers
ICT managed services and cloud computing Patrick Sefton Principal, Brightline Lawyers ICT a longer view (for context) series of disruptive revolutions 1980s: PC revolution end dominance of centralised
More informationSecurity in the Cloud: Visibility & Control of your Cloud Service Providers
Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationHow To Understand Cloud Computing
Cloud Computing Information Security and Privacy Considerations April 2014 All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 1 Crown copyright. This copyright
More informationCloud Courses Description
Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,
More informationWhite Paper on CLOUD COMPUTING
White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationHow a Cloud Service Provider Can Offer Adequate Security to its Customers
royal holloway s, How a Cloud Service Provider Can Offer Adequate Security to its Customers What security assurances can cloud service providers give their customers? This article examines whether current
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk
Cyber Security and Cloud Computing Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Scope of Today SME Attractors for Cloud Switching to the Cloud Public Private Hybrid Big
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More informationUsing AWS in the context of Australian Privacy Considerations October 2015
Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview
More informationInformation Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University.
Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University P a g e 1 P a g e 2 Table of Contents Abstract... 3 Introduction... 3 Previous
More informationHexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled
Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled HEXAWARE Q & A E-BOOK ON CLOUD BI Layers Applications Databases Security IaaS Self-managed
More informationCloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu
Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the
More informationACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA
ACS CLOUD COMPUTING CONSUMER PROTOCOL Response from AIIA AUGUST 2013 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing multinational and domestic
More informationPCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:
PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On
More informationIntermedia s Dedicated Exchange
Intermedia s Dedicated Exchange This is a practical guide to implementing Intermedia s Dedicated Hosted Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationHans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
More informationAdopting Cloud Computing with a RISK Mitigation Strategy
Adopting Cloud Computing with a RISK Mitigation Strategy TS Yu, OGCIO 21 March 2013 1. Introduction 2. Security Challenges Agenda 3. Risk Mitigation Strategy Before start using When using 4. Policy & Guidelines
More informationGETTING THE MOST FROM THE CLOUD. A White Paper presented by
GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationRevelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014
Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014 OUR COMMITMENT Your privacy is important to us. This document explains how Revelian collects, handles, uses and discloses your
More informationCloud Service Providers Overcoming security and compliance barriers
Cloud Service Providers Overcoming security and compliance barriers Dr Theodoros Stergiou, CEng, CPMM Security Solutions Product Manager & Cloud Security Officer Agenda A brief introduction Security barriers
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationQuick guide: Using the Cloud to support your business
Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses
More informationCloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5
Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,
More informationSecuring The Cloud With Confidence. Opinion Piece
Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery
More informationCLOUD COMPUTING SECURITY ISSUES
CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationNSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015
NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au
More informationCERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT
CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT Present awareness and demands of cloud computing calls for increasing needs of cloud specialists development noticeably worldwide. VMware's Singapore
More informationProtecting Data and Privacy in the Cloud
Protecting Data and Privacy in the Cloud Contents 1 3 6 9 12 13 Protecting Data and Privacy in the Cloud an Introduction Building Services to Protect Data Protecting Data in Service Operations Empowering
More informationTime to Value: Successful Cloud Software Implementation
Time to Value: Successful Cloud Software Implementation Cloud & Data Security 2015 Client Conference About the Presenter Scott Schimberg, CPA, CMA Partner, Consulting, Armanino Scott became a Certified
More informationWrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors
1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance
More informationImplications for Cloud Computing & Data Privacy
Implications for Cloud Computing & Data Privacy Diane Mueller Cloud Evangelist, ActiveState dianem@activestate.com http://www.activestate.com/stackato Founded 1997 2 million developers, 97% of Fortune
More informationAUSTRALIAN INDUSTRY GROUP SUBMISSION to. Australian Computer Society. Discussion paper on the Cloud Computing Consumer Protocol
AUSTRALIAN INDUSTRY GROUP SUBMISSION to Australian Computer Society Discussion paper on the Cloud Computing Consumer Protocol 6 September 2013 EXECUTIVE SUMMARY The Australian Industry Group (Ai Group)
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationCloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012
Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner 23 February 2012 Foreword Cloud Security Alliance New Zealand Chapter is grateful to Privacy Commissioner for giving an opportunity
More informationThe Cadence Partnership Service Definition
The Cadence Partnership Service Definition About Cadence The Cadence Partnership is an independent management consultancy, specialising in working with a wide range of organisations, solving complex issues
More informationIT Enterprise Services
IT Enterprise Services Capita Private Cloud Agile Infrastructure-as-a-Service (IaaS) Cloud potential unleashed Cloud computing at its best Cloud is now an integral part of every IT strategy. It reduces
More informationCloud Workload Migration
Cover Sheet Cloud Workload Migration Where the Cloud-Based Service Delivery Model Makes Sense Sungard(print)New branding.indd 1 28/03/2014 16:09 Summary of Research A significant majority of applications
More informationCompliance and the Cloud: What You Can and What You Can t Outsource
Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationMulti-tenancy in federated Clouds
Multi-tenancy in federated A CloudWATCH webinar Agenda 14:00 Welcome and Introduction 5 14:05 One minute madness 5 14:10 Multi tenancy in federated 30 14:40 Open discussion 20 Introduction Introduction
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More information10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015
10 Considerations for a Cloud Procurement Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015 www.lbmctech.com info@lbmctech.com Purpose: Cloud computing provides public sector organizations
More informationCloud Computing Flying High (or not) Ben Roper IT Director City of College Station
Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationData Breach Notifications. Submission by the Australian Communications Consumer Action Network to the Attorney General s Department
Data Breach Notifications Submission by the Australian Communications Consumer Action Network to the Attorney General s Department November 2012 About ACCAN The Australian Communications Consumer Action
More informationCommunications Alliance Ltd & Australian Mobile Telecommunications Association (AMTA)
Communications Alliance Ltd & Australian Mobile Telecommunications Association (AMTA) Proposal to the ACMA regarding Calls to 1800/13/1300 Numbers from Mobile Handsets November 2012 This proposal has been
More informationSATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks
SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical
More informationCloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile
Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile Jerry Wertelecky, CPA, Fellow HKIoD & Managing Director INTRODUCTION Jerry Wertelecky Country of Birth: United States Current
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationFEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS
International Journal of Computer Engineering and Applications, Volume VIII, Issue II, November 14 FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS Saju Mathew 1, Dr.
More informationInfopaper. Demystifying Platform as a Service
Demystifying Platform as a Service The dividing lines between PaaS and IaaS may be blurring, but it s important for outsourcers of IT infrastructure to understand what sets Private PaaS apart from commodity
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges
More informationJISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction
JISC Technical Review of Using Cloud for Research Guidance Notes to Cloud Infrastructure Service Providers May, 2010 Introduction Provisioning and maintenance of research computing facilities is a core
More informationNAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC
Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationEnhancing Operational Capacities and Capabilities through Cloud Technologies
Enhancing Operational Capacities and Capabilities through Cloud Technologies How freight forwarders and other logistics stakeholders can benefit from cloud-based solutions 2013 vcargo Cloud Pte Ltd All
More informationCOMMUNICATIONS ALLIANCE LTD INDUSTRY SPECIFICATION G557.3:2014 VOIP LOCATION INDICATOR FOR EMERGENCY SERVICES SIGNALLING SPECIFICATION
COMMUNICATIONS ALLIANCE LTD INDUSTRY SPECIFICATION G557.3:2014 VOIP LOCATION INDICATOR FOR EMERGENCY SERVICES SIGNALLING SPECIFICATION G557.3:2014 VoIP Location Indicator for Emergency Services Signalling
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationCloud Security: Getting It Right
Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon
More informationCloud Workload Migration
Cover Sheet Infographic Summary Introduction Migration Potential Cloud Applications Security: Myth vs. Reality Data Retrieval Cloud Workload Migration Cloud Control Single vs. Multiple Providers Regulation
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationCLOUD COMPUTING READINESS CHECKLIST
CLOUD COMPUTING READINESS VOLKER RATH VOLKER RATH 1 CONTENTS HOW SHOULD THIS GUIDE BE USED? 2 WILL MY COMPANY BENEFIT FROM 2 TRANSITIONING SERVICES TO THE CLOUD? CLOUD READINESS OVERVIEW 3 SECURITY CONCERNS
More informationITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS
ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information
More informationCOMMUNICATIONS ALLIANCE LTD INDUSTRY CODE C625:2009 INFORMATION ON ACCESSIBILITY FEATURES FOR TELEPHONE EQUIPMENT
COMMUNICATIONS ALLIANCE LTD INDUSTRY CODE C625:2009 INFORMATION ON ACCESSIBILITY FEATURES FOR TELEPHONE EQUIPMENT C625:2009 Information on Accessibility Features for Telephone Equipment Industry Code First
More informationSSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch
SSAE 16 for Transportation & Logistics Companies Chris Kradjan Kim Koch 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind,
More informationThe trusted technology partner in the Public Sector
The trusted technology partner in the Public Sector www.exponential-e.com/public-sector About Exponential-e Market Leaders in Technical Innovation GovConnect: The Exponential-e public sector service portfolio
More informationCloud Computing Consumer Protocol
Cloud Computing Consumer Protocol Submission by the Australian Communications Consumer Action Network to the Australian Computer Society 16 August 2013 Australian Communications Consumer Action Network
More informationThe Cloud. IIA Seminar, York April 30 th 2015. www.bakertilly.co.uk
The Cloud IIA Seminar, York April 30 th 2015 www.bakertilly.co.uk Introduction David Morris Technology Services Director with Baker Tilly Qualified Internal Auditor Based in Manchester Baker Tilly is an
More information