Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com
|
|
- Amanda Moody
- 8 years ago
- Views:
Transcription
1 Cloud Security & Risk Adam Cravedi, CISA Senior IT Auditor
2 Agenda About Compass Overcast - Cloud Overview Thunderheads - Risks in the Cloud The Silver Lining - Security Approaches Lifting the Fog - Guidance 6/7/2012
3 FOCUS AREAS Financial Industry Compliance Services Business Continuity Planning Services IT Auditing and Risk Assessment Services IT Security Assessment Services Payment Card Industry Services 6/7/2012
4 Overcast Cloud Overview What is Cloud Computing? - The on-demand use and provisioning of shared computing resources. Three Types of Cloud Services - IaaS delivers computer Infrastructure as a Service - SaaS delivers application Software as a Service - PaaS delivers a computer Platform as a Service Four Cloud Deployment Models - Private used primarily by a single entity* - Community used by a group of similar entities* - Public readily shared by many heterogeneous entities - Hybrid any combination of the above *In many cases these can be on-site or hosted by third parties 6/7/2012
5 Overcast Cloud Overview 6/7/2012
6 Thunderheads Risks Virtualization and Distributed Computing - Physical Security is being replaced by Logical Security Servers are just files/images that can be copied Memory can be accessed from the hypervisor Multi-Tenancy - Resources could be shared between many different organizations Data for many organizations may reside on the same physical storage One size does not fit all Relinquish Control - Configuration, Security & Operational control shifts as more services are provided by the cloud. Traditional IT IaaS PaaS SaaS 6/7/2012
7 Thunderheads Risks Cloud Security s 7 Deadly Sins - Data loss/leakage - Shared technology vulnerabilities - Malicious insiders - Account, service and traffic hijacking - Insecure application programming interfaces - Abuse of cloud computing - Unknown risk profile 6/7/2012
8 Silver Lining - Security 6/7/2012
9 Silver Lining - Security Define the Risks - What type of data will be stored? - What type of services will be used? - How will a security incident impact the business? Customers? Develop Strong Cloud-based Policies - Linked to Vendor Management - Considerations for Business Continuity How will you recover your data? Where are the Single Point of Failures? What contingencies are in place? The Business? The Provider? - Security Controls and Protection How does the provider safeguard the data? Who is responsible for the data? Who is responsible for access control? 6/7/2012
10 Silver Lining - Security As Control Shifts to the Cloud Provider: - Contract language becomes critical Clearly define the responsibilities of service, security and recovery Include provisions for logging, reporting, and vulnerability management - Identity and access management User access must equal user s responsibilities Administrative access must be logged and monitored Can the cloud provider access customers data? - Assurances of Data protection and removal Logical segregation of each customers data If services are terminated, what happens to your data? 6/7/2012
11 Lifting the Fog - Guidance FFIEC IT Handbook: Outsourcing Technology Services: Appendix A - In April of 2012 Appendix A was updated to include specific language related to Cloud Computing Is service hosted internally or outsourced? What type of Service is used: IaaS, PaaS, SaaS, DaaS What type of Deployment model is in place: Public, Private, Community Evaluate the Selection Process and the Contract in place Determine if inherent risks have been evaluated and addressed Ensure related policies have been updated to reflect the need for increased controls Review any material sub-contractor employed by the could provider delivering services related to PaaS, IaaS, or DaaS. 6/7/2012
12 Lifting the Fog - Guidance Other Guidance and Related References: - FFIEC: - NIST: Cloud Security Alliance: - IBM: 6/7/2012
13 Questions? Adam Cravedi, CISA Compass IT Compliance, LLC (888)
14 MANAGING IT RISK WITH CLOUD-BASED TECHNOLOGIES Joseph Larizza Chief Administrative Officer
15 FIELDPOINT PRIVATE Intellectual capital & technology able to deliver the power of a behemoth, with the intimacy of a boutique. 31 Founders Several ran major Wall Street firms Full Service: Personal & Business Banking Wealth Management Family Office Ultra High-Net-Worth Families Free of conflicting interests Truly boutique, custom experience 17
16 May '08 Jan-09 Q1 '09 Q2 '09 Q3 '09 Q4 '09 Q1 '10 Q2 '10 Q3 '10 Q4 '10 Q1 '11 Q2 '11 Q3 '11 Q4 '11 Feb-12 FIELDPOINT PRIVATE S GROWTH Wealth Management Growth Bank Growth 4,000 3,500 3, ,000 2, ,500 2,000 1,500 1, , WM Assets Bank Assets Loans Deposits $$ in millions 18
17 EXTRAORDINARILY CROWDED SPACE Large established Regionals & Boutiques Emerging 19
18 SO, YOU WANT TO BUILD A FINANCIAL SERVICES FIRM Spring, 2008 to Today Bear Stearns & Lehman Brothers Too Big To Fail TARP Bernie Madoff Dodd Frank Wall Street Reform Financial Consumer Protection Act Volker Rule Credit Rating Agency Reform OTS-OCC Merger Banking* 30 Yr. Mortgage Rate -35.6% Housing Starts -35.4% Real Home Price Index -23.5% * = % change, spring 2008 present (Ycharts.com) Wealth Management* S&P 500 Total Return -34.1% 10 Year Treasury Rate -47.5% Venture Capital Investment -17.2% 20
19 REGULATORY ENVIRONMENT: ~65 Person Firm >39 Separate Audits & Regulatory Exams per Year 4+ Regulatory Bodies OCC, Fed, FFIEC, FINRA, SEC 2 Full-time Compliance Staff Several Part-time Roles (IT Security, BSA Officer, DR/BCP, FINOP, Series 24, etc.) External Auditor Firm Internal Auditor Firm Bank Compliance Consulting Firm Broker/Dealer Compliance Consulting Firm Lending / Loan Review Compliance Firm Several Financial Modeling Firms Outside Legal Council Separate IT Internal Audit Firm 21
20 CONSUMERS HAVE LOTS OF TRUST ISSUES Do You Have All the Capabilities Of My Current Firm? Do You Have All of My Products? How Safe is My Money? How Safe is My Privacy? = How Good Are Your Systems? 22
21 OUR IT APPROACH 23
22 IT S GUIDING PRINCIPLES Align Expenses to Revenue: CAPEX OPEX Focus on the Firm s Core Competencies Provide Best-of-Class IT Services 24
23 HOW WE LOOK AT THE CLOUD Services Vendor provides all encompassing services and administration Cloud-based Phone Systems Jack Henry Banking Core Software Vendor provides software and upgrades; We manage administration and configuration Salesforce.com Google Enterprise Mail Infrastructure Vendor provides IT infrastructure services only hardware, disk, network Rackspace Cloud Amazon AWS 25
24 EXPENSE MANAGEMENT Fixed Expenses Limit Your Ability to Manage A Large Financial Services Firm Management s Mandate: - Cut 10% of budget ($ 500,000,000) - Deliver All Committed Projects!! 2008 IT Budget: % Fixed Expense: Signed contracts (e.g. Software, Maintenance) Fixed Assets (e.g. Data Centers, Servers) Variable Portion of Budget: Employee Headcount Contractors / Consulting Travel and T&E $ 5,000,000,000 ~75% $ 1,250,000,000 Required Cut Budget Available $500,000,000 / $1,250,000,000 = ~40% Reduction in Variable Expense 26
25 INFRASTRUCTURE MANAGEMENT Lots of Effort, Little Business Value Produced 18 Months Typical Duration of a Server OS Upgrade Project 10% - 15% Average Server CPU Utilization 20% Percent of applications that are never used, yet remained switched on Three Years Duration of a project to count devises and figure out how to effectively charge back costs 27
26 DISASTER RECOVERY MANAGEMENT Disasters Happen And They Halt Your Entire Firm A Top U.S. Investment Bank August 11, 2001 Datacenter Flood Several significant applications down Temporary cooling & generation required September 11, / 11 Terrorist Attack Thousands of staff unable to get to work Major datacenters offline due to no power October 11, 2001 Virus infects every NT-based PC 1000 s of staff and 100 s of applications offline Weeks of IT staff time to manually disinfect 28
27 STAFFING MANAGEMENT If You re Not the Best, How are You Going to Hire the Best & Brightest? Raleigh, NC A credit card company from Boston (a candidate) IBM Cisco EMC Red Hat HQ A credit card company from Boston = Credit Suisse First Boston 29
28 SERVICE LEVEL MANAGEMENT This is NOT Control You re Fired!!! and FOX and its related entities. All rights reserved. 30
29 LESSONS & CHALLENGES 31
30 MUST RELY ON OUTSIDE REPORTS If its good enough for them, it should be good enough for us FFIEC Vendor Exams SSAE 16 or SAS70 Type II Financial Results 10K / 10Q s, CFO Letters, etc. DR/BCP Plans and Test Results Information Security Policies & Penetration Test (Pen Test) Results Standards-based Certifications PCI, HIPAA, ISO 27002, ITIL, COBIT, etc. Strong Contracts 32
31 WRITE YOUR BOOK REPORTS Don t Just Collect the Reports, Read & Summarize Them FFIEC Vendor Exams Any Exceptions Noted? SSAE 16 or SAS70 Type II Go Through the Matrix Thoroughly Financial Results Have Your Lending Team Review DR/BCP Plans and Test Results Ask if you Can Participate Information Security Policies Does it Match Your Standards? Contracts Have a Checklist of Requirements Non-disclosure Agreements Confidentiality Requirements Identity & Access Management Data Locations Data Encryption Standards (in movement & at rest) 33
32 ONGOING MONITORING IS REQUIRED Risk-Based Annual IT Audit Plan SLA Management Enterprise Systems Monitoring Conduct Your Own Pen Test DR Tests of Your Own (Loss of Technology) Risk Rate your Vendors (IT Security & Business Continuity) IT Risk must be Part of the Vendor Selection Process Ongoing Relationship Management with your Vendors 34
Cloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationThe Elephant in the Room: What s the Buzz Around Cloud Computing?
The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationKeeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?
Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University
Cloud Computing: Opportunities, Challenges, and Solutions Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University What is cloud computing? What are some of the keywords? How many of you cannot
More informationThe Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant
THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationCompliance and the Cloud: What You Can and What You Can t Outsource
Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationNCTA Cloud Architecture
NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationClinical Trials in the Cloud: A New Paradigm?
Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand
More informationPharma CloudAdoption. and Qualification Trends
Pharma CloudAdoption and Qualification Trends OurCloudExperience Numerous implementations of EDMS systems with external hosting for smaller life science clients Development of qualification strategy for
More informationWhy Migrate to the Cloud. ABSS Solutions, Inc. 2014
Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationAuditing Cloud Computing and Outsourced Operations
Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, 2012 3:30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationDispelling the Myths about Cloud Computing Security
Dispelling the Myths about Cloud Computing Security security is no longer an hinderance to the cloud! Leo F. Howell, CISSP CISA CCSK Knowledge MYTH we are all talking about the same cloud Discussion cloud
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationRunning head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1
Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationSecurity in the Green Cloud
Security in the Green Cloud Smart and Green infrastructure symposium 2011 Prague May 19 th 2011 Steinthor Bjarnason sbjarnas@cisco.com 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationDaren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD
Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationTop 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World
Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society
More informationCloud Security Certification
Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible
More informationGovernance and Control in the Cloud. Infrastructure as a Service
1 Governance and Control in the Cloud Infrastructure as a Service Cows 2 The Triumph of the Utility 3 Our Discussion 4 How we ll talk about Governance and Controls today Not an IT-assurance methodology
More informationCAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST
CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationSECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP
SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson
More informationEnhancing Operational Capacities and Capabilities through Cloud Technologies
Enhancing Operational Capacities and Capabilities through Cloud Technologies How freight forwarders and other logistics stakeholders can benefit from cloud-based solutions 2013 vcargo Cloud Pte Ltd All
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationValidation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014
Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is
More information10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns
BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad
More informationExpert Reference Series of White Papers. 10 Security Concerns for Cloud Computing
Expert Reference Series of White Papers 10 Security Concerns for Cloud Computing 1-800-COURSES www.globalknowledge.com 10 Security Concerns for Cloud Computing Michael Gregg, Global Knowledge Instructor,
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationsecurity in the cloud White Paper Series
security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),
More informationPCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:
PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On
More informationEDC Collaboration White Paper Cloud Companion SM IT Services Delivery Transformation
EDC Collaboration IT Delivery Transformation By W. Fred Rowell Vice President and Chief Technology Officer Companion Data, LLC IT Delivery Transformation Contents Introduction... 1 Cloud DNA... 1 Through
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationCloud Computing Risks and Considerations for a Successful Implementation. Andrew Ellsweig, Director Nicholas Zaky, Manager
Cloud Computing Risks and Considerations for a Successful Implementation Andrew Ellsweig, Director Nicholas Zaky, Manager Agenda Cloud Computing Defined Cloud Computing Benefits Top Cloud Security Threats
More informationData Privacy, Security, and Risk Management in the Cloud
Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,
More informationPublic Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationBUSINESS MANAGEMENT SUPPORT
BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationSecure Cloud Computing through IT Auditing
Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the
More informationThe Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.
The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationHIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers
How to Effectively Collaborate with Cloud Providers Speaker Bio Chad Kissinger Chad Kissinger Founder OnRamp Chad Kissinger is the Founder of OnRamp, an industry leading high security and hybrid hosting
More informationCloud Computing Trends, Examples & What s Ahead
Cloud Computing Trends, Examples & What s Ahead Mike Klein President, Online Tech June 21, 2010 Cloud Computing Defined One Definition: On-Demand Computing Elastic & Scalable Rapidly Provisioned Virtualized
More informationEAaaS Cloud Security Best Practices
EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationSecurity Considerations for the Cloud
June 6, 2012 Security Considerations for the Cloud Presented by: Mac McMillan CEO CynergisTek, Inc. Chair, HIMSS Privacy & Security Policy Task Force 1 2012 NIST/OCR Conference Agenda Threat Implications
More informationCloud Infrastructure Security
Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and
More informationCloud Computing Backgrounder
Cloud Computing Backgrounder No surprise: information technology (IT) is huge. Huge costs, huge number of buzz words, huge amount of jargon, and a huge competitive advantage for those who can effectively
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationSecuring Oracle E-Business Suite in the Cloud
Securing Oracle E-Business Suite in the Cloud November 18, 2015 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda The
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 18th December 2014 Duration 2 Days Location Dublin Course Code SS906 Programme Overview Cloud Computing is gaining increasing
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationFACING SECURITY CHALLENGES
24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays
More informationLogically Securing a Public Cloud Service
SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only
More informationStudy concluded that success rate for penetration from outside threats higher in corporate data centers
Auditing in the cloud Ownership of data Historically, with the company Company responsible to secure data Firewall, infrastructure hardening, database security Auditing Performed on site by inspecting
More informationOracle ERP & The Cloud. Presented by Adriaan Kruger
Oracle ERP & The Cloud Presented by Adriaan Kruger ? What is the Cloud? What options are there in the Cloud for JD Edwards / E-Business Suite Customers? What is the Cloud? Different Layers IaaS (Infrastructure
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationThe Cloud in Regulatory Affairs - Validation, Risk Management and Chances -
45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART
More informationCLOUD COMPUTING READINESS CHECKLIST
CLOUD COMPUTING READINESS VOLKER RATH VOLKER RATH 1 CONTENTS HOW SHOULD THIS GUIDE BE USED? 2 WILL MY COMPANY BENEFIT FROM 2 TRANSITIONING SERVICES TO THE CLOUD? CLOUD READINESS OVERVIEW 3 SECURITY CONCERNS
More informationCloud Computing. Chapter 1 Introducing Cloud Computing
Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationCloud Computing. Bringing the Cloud into Focus
Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice
More informationOutsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP
Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management
More informationSaaS Security for the Confirmit CustomerSat Software
SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture
More informationLeveraging Technology New Horizons Computer Learning Center of Memphis
New Horizons Computer Learning Center of Memphis Presents Leveraging Technology Presenter: Charles B. Watkins, Sr. Technical Instructor New Horizons Computer Learning Center of Memphis About Me: Agenda:
More informationCompliance and Cloud Computing
Compliance and Cloud Computing Balaji Palanisamy Director, Southwest- US Coalfire Systems, Inc. July 24, 2014 Agenda Introduction Cloud Computing Basics Cloud Computing Threats Security vs. Compliance
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationCloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak
Cloud Standardization, Compliance and Certification Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Todays Agenda IT Resourcing with Cloud Computing and related challenges Landscape
More informationOverview of Topics Covered
How to Effectively Collaborate with Cloud Providers Agenda Overview of Topics Covered Agenda Evolution of the Cloud Comparison of Private vs. Public Clouds Other Regulatory Frameworks Similar to HIPAA
More informationHow To Understand Cloud Computing
Cloud Computing Information Security and Privacy Considerations April 2014 All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 1 Crown copyright. This copyright
More informationProduction in the Cloud
2/18/2013 Production in the Cloud Presentation by: Rick Dmytryshyn, Program Manager Ph. (303) 882-1282, E-mail. rick.dmytryshyn@willbros.com Presentation Overview DEFINITION: What is the Cloud? SECURITY:
More informationSecurity Considerations for Public Mobile Cloud Computing
Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of
More information