COMMUNICATIONS ALLIANCE LTD

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "COMMUNICATIONS ALLIANCE LTD"

Transcription

1 COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol

2 - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE 3 SECTION 2 COMMENTS ON CONSUMER CONFIDENCE 4 SECTION 3 SUGGESTING DRAFTING CHANGES TO SECTION 4 5 SECTION 4 COMMENTS ON SECTION 7 OF THE PAPER 6 SECTION 5 COMMENTS ON SPECIFIC QUESTIONS IN THE PAPER 7

3 - 2 - INTRODUCTION Communications Alliance welcomes the opportunity to provide this submission in response to ACS Discussion Paper on a Potential Cloud About Communications Alliance Communications Alliance is the primary telecommunications industry body in Australia. Its membership is drawn from a wide cross-section of the communications industry, including carriers, carriage and internet service providers, content providers, equipment vendors, IT companies, consultants and business groups. Its vision is to provide a unified voice for the telecommunications industry and to lead it into the next generation of converging networks, technologies and services. The prime mission of Communications Alliance is to promote the growth of the Australian communications industry and the protection of consumer interests by fostering the highest standards of business ethics and behaviour through industry self-governance. For more details about Communications Alliance, see

4 - 3 - SECTION 1 Overview of Response Communications Alliance offers the following over-arching viewpoint about the utility and objectives of the potential Protocol. These comments are preliminary, in line with the earlystage nature of the discussion paper and we look forward to more detailed consultation when a draft protocol is available 1. The most significant potential market failure that the proposed Cloud Computing Consumer Protocol would seek to address, in the view of Communications Alliance Members, is that of the lack of consumer knowledge and understanding, which appears to be inhibiting uptake of cloud services 2. The best way to address this is via a range of educational tools, e.g. awareness campaigns, web-sites, on-line forums, Wikis, etc. and by leveraging existing informational sources. 3. This education task should be the focus of the ACS Cloud Protocol 4. The CSP members of Communications Alliance do not support the creation of an additional protocol covering what might be disclosed by providers to customers. 5. The existing, registered and enforceable Telecommunications Consumer Protections Code 2012 governs the disclosure requirements for CSPs when they provide services to their customers and provides a strong basis for the way CSPs will inform customers in circumstances where CSPs are also providing cloud-based services. Overlaying the TCP Code is the regulated framework of the Australian Consumer Law, with which CSPs are also required to comply. 6. The situation in New Zealand is very different to that in Australia the co-regulatory and regulatory requirements including applicable consumer law and the new Privacy Act amendments - on service providers are not as comprehensive in New Zealand as in Australia.

5 - 4 - SECTION 2 Comments on Consumer Confidence Typically there are two main concerns with the use of cloud services from a security perspective: 1. The security of the platform that the cloud service is based on (responsibility of the provider). 2. The secure use of the platform by consumer (responsibility of the consumer). Having assurance that security is being addressed from both of these angles will increase consumer confidence in using the service. Each item is discussed in the following paragraphs: 1. To address the security of the cloud platform from the provider s perspective cloud providers may choose to publish publicly accessible statements regarding compliance to security standards. There are many standards available (such as ISO 27001, PCI DSS and SOC 1/SSAE 16/ISAE 3402) that would be confusing to a customer. To assist the customer in deciphering these codes into what constitutes good security practice the protocol might include plain language guidance around these standards. For example, the protocol might say: ISO give assurance that the cloud provider has gone through a basic compliance programme to verify robust security practices Medium level of assurance. PCI DSS might come with a high level of assurance etc. 2. To address the secure use of the cloud platform of the consumer, the protocol might recommend that service providers publish best practice guidelines around common pitfalls and mistakes that customers might encounter while using the service. Such concerns can include: a. User management (on-boarding, off-boarding and regular audits) b. Encrypting confidential data c. Security of hosted servers, network elements and applications d. How to identify malicious behaviour e. Common products and partners that can assist in the above.

6 - 5 - SECTION 3 Suggesting Drafting Changes to Section 4 What is Cloud Computing? 1 Cloud computing is a general term for the delivery of hosted services (in Virtualised environment) over the internet, enabling users to remotely store, process and share digital information and data. As such it is more a new way of delivering technology services rather than a new technology itself. There are three main categories of cloud, although the distinctions between them are becoming more permeable as their sophistication grows. They are: 1. Infrastructure as a Service (IaaS) offers data centre capacity, processing and storage. An example is Amazon web services. 2. Platform as a Service (PaaS) provides a software development and deployment environment for the applications. Examples are Microsoft s Windows Azure and Salesforce s force.com. 3. Software as a Service (SaaS) offers software applications that can be subscribed by users. Examples include Salesforce, Hotmail and Flickr.

7 - 6 - SECTION 4 Comments on Section 7 of the Paper Data Location While Communications Alliance does not advocate specific disclosure recommendations, additional commentary may be useful around the value of data sovereignty and the implications of on-shore versus off-shore hosting. This is of particular importance where a cloud service provider may be owned or operated by a US-based corporation, and thus subject to foreign laws (Patriot Act II, etc.) Backup and Maintenance It s worth pointing out that some cloud providers give clients the ability to choose the level of protection they subscribe to in terms of things like service availability, security, data protection and disaster recovery. There is a cost of providing specific service-related capabilities, such as back-up testing and validation - even when they are automated - and not all clients are willing/able to pay a premium for features such as this and/or may have another means of achieving the required level of data protection. It is important to protect the cloud consumer s ability to choose whether or not to purchase such additional capabilities, or simply make sure that consumers are aware that they have a choice Vendor Lock-In & Data Portability We disagree with the statement At present, the lack of interoperable technical standards between cloud computing services means that users may risk losing their content and media if they change services whilst from an end-user perspective this is true, there are technical tools available to migrate data safely between completely disparate and non-compatible cloud platforms. There is a risk that the cloud service provider industry is perpetuating the belief that customers cannot safely move.

8 - 7 - SECTION 5 Comments on Specific Questions in the Paper Question 6. If you are a provider of cloud services and products, what is the current state of market confidence in cloud computing, and are there any outstanding transparency issues that concern users? If so, what is the best method of addressing these concerns? Cloud computing technology is currently mature and there is no significant technical difficulty in implementing solutions that can be deployed in traditional data centres in Cloud. The concerns relate mainly to data security as well as the nature of multi-tenancy of cloud. Customers sometimes express concern that their data is stored with the service provider but may be shared with the other tenants on the same physical devices. Virtualisation technologies need to be continuously improved to ensure 100% isolation of customer data. Service providers ideally should implement cloud services that comply with various international standards such as ISO and PCI. These compliances are an indication of the high standard of cloud services but will also increase the cost of the services. Question 7. If a voluntary protocol is introduced, do you have any comments on potential compliance costs, jurisdictional complexities and the interaction between the Protocol and other cloud standards currently being developed globally? SMEs and Consumers are typically sensitive to price of services. Cost impacts will need to be carefully assessed before included any proposed compliance regime into the Voluntary Protocol (something that would in itself be unusual). For example, costs increase proportionally based on the type of security measurements to be implemented, adding too comprehensive and stringent security measures means more costs to the service provider and also final cloud end products.

9 Published by: COMMUNICATIONS ALLIANCE LTD Level 9 32 Walker Street North Sydney NSW 2060 Australia Correspondence PO Box 444 Milsons Point NSW 1565 T F E ABN Care should be taken to ensure the material used is from the current version of the Standard or Industry Code and that it is updated whenever the Standard or Code is amended or revised. The number and date of the Standard or Code should therefore be clearly identified. If in doubt please contact Communications Alliance

SENATE STANDING COMMITTEE ON ENVIRONMENT AND COMMUNICATIONS INQUIRY INTO TELECOMMUNICATIONS LEGISLATION AMENDMENT (CONSUMER PROTECTION) BILL 2013

SENATE STANDING COMMITTEE ON ENVIRONMENT AND COMMUNICATIONS INQUIRY INTO TELECOMMUNICATIONS LEGISLATION AMENDMENT (CONSUMER PROTECTION) BILL 2013 COMMUNICATIONS ALLIANCE LTD SENATE STANDING COMMITTEE ON ENVIRONMENT AND COMMUNICATIONS INQUIRY INTO TELECOMMUNICATIONS LEGISLATION AMENDMENT (CONSUMER 2013 - 1 - INTRODUCTION Communications Alliance is

More information

AUSTRALIAN COMMUNICATIONS AND MEDIA AUTHORITY REVIEW OF THE TELECOMMUNICATIONS LABELLING (CUSTOMER EQUIPMENT AND CUSTOMER CABLING) NOTICE 2001

AUSTRALIAN COMMUNICATIONS AND MEDIA AUTHORITY REVIEW OF THE TELECOMMUNICATIONS LABELLING (CUSTOMER EQUIPMENT AND CUSTOMER CABLING) NOTICE 2001 COMMUNICATIONS ALLIANCE LTD AUSTRALIAN COMMUNICATIONS AND MEDIA AUTHORITY REVIEW OF THE TELECOMMUNICATIONS LABELLING (CUSTOMER EQUIPMENT AND CUSTOMER CABLING) NOTICE 2001 12 APRIL 2013 - 1 - - 2 - EXECUTIVE

More information

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol). Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the

More information

AARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper. James Sankar, Alex Reid August 2013

AARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper. James Sankar, Alex Reid August 2013 AARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper James Sankar, Alex Reid August 2013 AARNet, Australia's Academic and Research Network (AARNet) is the not- for- profit

More information

Cloud Computing Consumer Protocol. ACS Cloud Discussion Paper July 2013

Cloud Computing Consumer Protocol. ACS Cloud Discussion Paper July 2013 Cloud Computing Consumer Protocol ACS Cloud Discussion Paper July 2013 ACS Cloud Protocol Discussion Paper July 2013 2 CONTENTS SECTION PAGE 1. Introduction and Purpose 3 2. Structure and Timelines 3 3.

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Microsoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions

Microsoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions Microsoft Pty Ltd Australian Financial System Inquiry: Response to request for further submissions August 2014 1 Response in relation to Chapter 9 of the Interim Report Microsoft is pleased to respond

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Security in the Cloud

Security in the Cloud Security in the Cloud Visibility & Control of your Cloud Service Provider Murray Goldschmidt, Pierre Tagle, Ph.D. April 2012 Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

Australian Communications and Media Authority s Calling the Emergency Call Service Review of Arrangements Discussion Paper

Australian Communications and Media Authority s Calling the Emergency Call Service Review of Arrangements Discussion Paper Australian Communications and Media Authority s Calling the Emergency Call Service Review of Arrangements Discussion Paper Submission by Communications Alliance and the Australian Mobile Telecommunications

More information

Cloud Computing. Information Security and Privacy Considerations. April 2014

Cloud Computing. Information Security and Privacy Considerations. April 2014 Cloud Computing Information Security and Privacy Considerations April 2014 All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 1 Crown copyright. This copyright

More information

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Security in the Cloud: Visibility & Control of your Cloud Service Providers Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

How a Cloud Service Provider Can Offer Adequate Security to its Customers

How a Cloud Service Provider Can Offer Adequate Security to its Customers royal holloway s, How a Cloud Service Provider Can Offer Adequate Security to its Customers What security assurances can cloud service providers give their customers? This article examines whether current

More information

Anypoint Platform Cloud Security and Compliance. Whitepaper

Anypoint Platform Cloud Security and Compliance. Whitepaper Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

ICT managed services and cloud computing. Patrick Sefton Principal, Brightline Lawyers

ICT managed services and cloud computing. Patrick Sefton Principal, Brightline Lawyers ICT managed services and cloud computing Patrick Sefton Principal, Brightline Lawyers ICT a longer view (for context) series of disruptive revolutions 1980s: PC revolution end dominance of centralised

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Privacy, the Cloud and Data Breaches

Privacy, the Cloud and Data Breaches Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global

More information

Quick guide: Using the Cloud to support your business

Quick guide: Using the Cloud to support your business Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses

More information

CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT

CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT Present awareness and demands of cloud computing calls for increasing needs of cloud specialists development noticeably worldwide. VMware's Singapore

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

Adopting Cloud Computing with a RISK Mitigation Strategy

Adopting Cloud Computing with a RISK Mitigation Strategy Adopting Cloud Computing with a RISK Mitigation Strategy TS Yu, OGCIO 21 March 2013 1. Introduction 2. Security Challenges Agenda 3. Risk Mitigation Strategy Before start using When using 4. Policy & Guidelines

More information

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled HEXAWARE Q & A E-BOOK ON CLOUD BI Layers Applications Databases Security IaaS Self-managed

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

Cloud Service Providers Overcoming security and compliance barriers

Cloud Service Providers Overcoming security and compliance barriers Cloud Service Providers Overcoming security and compliance barriers Dr Theodoros Stergiou, CEng, CPMM Security Solutions Product Manager & Cloud Security Officer Agenda A brief introduction Security barriers

More information

Implications for Cloud Computing & Data Privacy

Implications for Cloud Computing & Data Privacy Implications for Cloud Computing & Data Privacy Diane Mueller Cloud Evangelist, ActiveState dianem@activestate.com http://www.activestate.com/stackato Founded 1997 2 million developers, 97% of Fortune

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Multi-tenancy in federated Clouds

Multi-tenancy in federated Clouds Multi-tenancy in federated A CloudWATCH webinar Agenda 14:00 Welcome and Introduction 5 14:05 One minute madness 5 14:10 Multi tenancy in federated 30 14:40 Open discussion 20 Introduction Introduction

More information

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University.

Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University. Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University P a g e 1 P a g e 2 Table of Contents Abstract... 3 Introduction... 3 Previous

More information

Securing The Cloud With Confidence. Opinion Piece

Securing The Cloud With Confidence. Opinion Piece Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA ACS CLOUD COMPUTING CONSUMER PROTOCOL Response from AIIA AUGUST 2013 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing multinational and domestic

More information

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015 NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au

More information

Intermedia s Dedicated Exchange

Intermedia s Dedicated Exchange Intermedia s Dedicated Exchange This is a practical guide to implementing Intermedia s Dedicated Hosted Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Cyber Security and Cloud Computing Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Scope of Today SME Attractors for Cloud Switching to the Cloud Public Private Hybrid Big

More information

The Cadence Partnership Service Definition

The Cadence Partnership Service Definition The Cadence Partnership Service Definition About Cadence The Cadence Partnership is an independent management consultancy, specialising in working with a wide range of organisations, solving complex issues

More information

10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015

10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015 10 Considerations for a Cloud Procurement Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015 www.lbmctech.com info@lbmctech.com Purpose: Cloud computing provides public sector organizations

More information

Infopaper. Demystifying Platform as a Service

Infopaper. Demystifying Platform as a Service Demystifying Platform as a Service The dividing lines between PaaS and IaaS may be blurring, but it s important for outsourcers of IT infrastructure to understand what sets Private PaaS apart from commodity

More information

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

GETTING THE MOST FROM THE CLOUD. A White Paper presented by GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are

More information

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors 1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance

More information

Compliance and the Cloud: What You Can and What You Can t Outsource

Compliance and the Cloud: What You Can and What You Can t Outsource Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

More information

Protecting Data and Privacy in the Cloud

Protecting Data and Privacy in the Cloud Protecting Data and Privacy in the Cloud Contents 1 3 6 9 12 13 Protecting Data and Privacy in the Cloud an Introduction Building Services to Protect Data Protecting Data in Service Operations Empowering

More information

Verticalization of Cloud Computing Philip Meyer Technology Specialist Software Services Microsoft (Australia) Pty Ltd philme@microsoft.

Verticalization of Cloud Computing Philip Meyer Technology Specialist Software Services Microsoft (Australia) Pty Ltd philme@microsoft. Verticalization of Cloud Computing Philip Meyer Technology Specialist Software Services Microsoft (Australia) Pty Ltd philme@microsoft.com Topics The Evolving Environments Horizontal Vertical Geographic

More information

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

SECURITY AND REGULATORY COMPLIANCE OVERVIEW Powering Cloud IT SECURITY AND REGULATORY COMPLIANCE OVERVIEW BetterCloud for Office 365 Executive Summary BetterCloud provides critical insights, automated management, and intelligent data security for

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical

More information

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,

More information

Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012

Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012 Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner 23 February 2012 Foreword Cloud Security Alliance New Zealand Chapter is grateful to Privacy Commissioner for giving an opportunity

More information

IT Enterprise Services

IT Enterprise Services IT Enterprise Services Capita Private Cloud Agile Infrastructure-as-a-Service (IaaS) Cloud potential unleashed Cloud computing at its best Cloud is now an integral part of every IT strategy. It reduces

More information

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Trust but Verify. Vincent Campitelli. VP IT Risk Management Trust but Verify Vincent Campitelli VP IT Risk Management McKesson Corporation Trust but Verify Cloud Security 3 Agenda Cloud Defined Cloud Opportunities Cloud Challenges What s Different? How to Verify

More information

The Cloud. IIA Seminar, York April 30 th 2015. www.bakertilly.co.uk

The Cloud. IIA Seminar, York April 30 th 2015. www.bakertilly.co.uk The Cloud IIA Seminar, York April 30 th 2015 www.bakertilly.co.uk Introduction David Morris Technology Services Director with Baker Tilly Qualified Internal Auditor Based in Manchester Baker Tilly is an

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS

FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS International Journal of Computer Engineering and Applications, Volume VIII, Issue II, November 14 FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS Saju Mathew 1, Dr.

More information

Infrastructure as a Service (IaaS) Dancik International and Peak 10

Infrastructure as a Service (IaaS) Dancik International and Peak 10 Infrastructure as a Service (IaaS) Dancik International and Peak 10 Infrastructure as a Service Monty Blight, Peak 10 Data Center & Network Services Cloud Services Managed Services Agenda 1. Who is Peak

More information

New Zealand Cloud Computing Code of Practice

New Zealand Cloud Computing Code of Practice New Zealand Cloud Computing Code of Practice Structure and Approach Survey Summary Version 1.0 December 2011 Contents Introduction and Background... 3 Survey Responses... 4 Structure of the code... 4 Disclosures...

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

AUSTRALIAN INDUSTRY GROUP SUBMISSION to. Australian Computer Society. Discussion paper on the Cloud Computing Consumer Protocol

AUSTRALIAN INDUSTRY GROUP SUBMISSION to. Australian Computer Society. Discussion paper on the Cloud Computing Consumer Protocol AUSTRALIAN INDUSTRY GROUP SUBMISSION to Australian Computer Society Discussion paper on the Cloud Computing Consumer Protocol 6 September 2013 EXECUTIVE SUMMARY The Australian Industry Group (Ai Group)

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

Cloud Workload Migration

Cloud Workload Migration Cover Sheet Cloud Workload Migration Where the Cloud-Based Service Delivery Model Makes Sense Sungard(print)New branding.indd 1 28/03/2014 16:09 Summary of Research A significant majority of applications

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

The trusted technology partner in the Public Sector

The trusted technology partner in the Public Sector The trusted technology partner in the Public Sector www.exponential-e.com/public-sector About Exponential-e Market Leaders in Technical Innovation GovConnect: The Exponential-e public sector service portfolio

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

What is Cloud Computing? Tackling the Challenges of Big Data. Tackling The Challenges of Big Data. Matei Zaharia. Matei Zaharia. Big Data Collection

What is Cloud Computing? Tackling the Challenges of Big Data. Tackling The Challenges of Big Data. Matei Zaharia. Matei Zaharia. Big Data Collection Introduction What is Cloud Computing? Cloud computing means computing resources available on demand Resources can include storage, compute cycles, or software built on top (e.g. database as a service)

More information

Cloud Workload Migration

Cloud Workload Migration Cover Sheet Infographic Summary Introduction Migration Potential Cloud Applications Security: Myth vs. Reality Data Retrieval Cloud Workload Migration Cloud Control Single vs. Multiple Providers Regulation

More information

Leveraging the Private Cloud for Competitive Advantage

Leveraging the Private Cloud for Competitive Advantage Leveraging the Private Cloud for Competitive Advantage Introduction While it is universally accepted that organisations will leverage cloud solutions to service their IT needs, there is a lack of clarity

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014

Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014 Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014 OUR COMMITMENT Your privacy is important to us. This document explains how Revelian collects, handles, uses and discloses your

More information

JISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction

JISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction JISC Technical Review of Using Cloud for Research Guidance Notes to Cloud Infrastructure Service Providers May, 2010 Introduction Provisioning and maintenance of research computing facilities is a core

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security

Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Presented by Microsoft and Foley Hoag LLP s Privacy and Data Security Practice Group May 14, 2015 Proposal or event name (optional)

More information

On Premise Vs Cloud: Selection Approach & Implementation Strategies

On Premise Vs Cloud: Selection Approach & Implementation Strategies On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile

More information

CLOUD COMPUTING SECURITY ISSUES

CLOUD COMPUTING SECURITY ISSUES CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

Cloud Computing Guidelines

Cloud Computing Guidelines 1 Cloud Computing Guidelines Contents Introduction... 3 What is cloud computing?... 3 Why use cloud computing?... 4 The building blocks of cloud computing... 8 Best practice guidelines... 12 The legal

More information