CloudingSMEs Deliverable D3.3.1 Document Templates, Spreadsheets, Tools and Techniques. CloudingSMEs FP7- No

Size: px
Start display at page:

Download "CloudingSMEs Deliverable D3.3.1 Document Templates, Spreadsheets, Tools and Techniques. CloudingSMEs FP7- No. 609604"

Transcription

1 CloudingSMEs FP7- No WP2 SMEs Vision and Road mapping for Cloud Development Deliverable D2.2.1 SMEs Requirements for Cloud Development, Adoption and Evolution CloudingSMEs Document Templates, Spreadsheets, Tools and Techniques PROPRIETARY RIGHTS STATEMENT This document contains information, which is proprietary to the CloudingSMEs Consortium. Neither this document nor the information contained herein shall be used, duplicated or communicated by any means to any third party, in whole or in parts, except with prior written consent of the consortium

2 Document Details Project Acronym CloudingSMEs Grant Agreement No Project Title Deliverable Reference Number Deliverable Title Accelerating the adoption, deployment and use of Cloud Computing by SMEs CloudingSMEs--D3.3.1 Document Templates, Spreadsheets, Tools and Techniques Revision Number V0.1 Deliverable Editor(s) Authors / Contributors EBS Fotis Stamatelopoulos (EBS) Angelos Lenis (EBS) Giannis Koutsoubos (EBS) Caterina Berbenni-Rehm (PatS) Andrei Druta (PatS) Wolf Rehm (PatS) Project co-funded by the European Commission within the FP7 Framework Programme Dissemination Level PU Public Statement of originality: This deliverable contains original unpublished work except where clearly indicated otherwise. Acknowledgement of previously published material and of the work of others has been made through appropriate citation, quotation or both. Date: 6/12/2015 2/47 CloudingSMEs

3 Revision History Rev. Author(s) Organization(s) Date Changes V0.1 Fotis Stamatelopoulos, Angelos Lenis V0.2 Fotis Stamatelopoulos, Giannis Koutsoubos V0.25 Fotis Stamatelopoulos, Angelos Lenis V0.30 Caterina Berbenni-Rehm, Andrei Druta, Wolf Rehm EBS 31/01/2014 Initial Structure EBS 25/02/2014 Introduction and Initial Description of Tools EBS 28/02/2014 Section 2 Toolbox Purpose and Roadmap PatS 03/03/2014 Inputs in Section 4 about PROMIS platform and tools V0.31 Caterina Berbenni-Rehm PatS 05/03/2014 Additional comments incorporated V0.35 Fotis Stamatelopoulos, Giannis Koutsoubos V0.4 Fotis Stamatelopoulos, Angelos Lenis, Giannis Koutsoubos V0.45 Fotis Stamatelopoulos, Giannis Koutsoubos V0.50 Angelos Lenis, Fotis Stamatelopoulos EBS 12/03/2014 Inputs in Section 3 EBS 14/03/2014 Authoring of Conclusions (Section 5) and inputs to the Outlook section (Section 2) EBS 17/03/2014 Added more details on tools models and algorithms, updated tool screenshots, incorporated comments EBS 28/03/2014 Addition of Executive Summary and various edits V0.55 Wolf Rehm PROMIS 01/04/2014 Review and additional details in the tool box V0.60 Angelos Lenis, Fotis Stamatelopoulos EBS 10/04/2014 Preparation of pre-final version; Implementation of review comments V1.00 Lorenzo Accardo UEAPME 14/04/2014 Final Version for Delivery to the EC Date: 6/12/2015 3/47 CloudingSMEs

4 Abstract This deliverable describes the first (intermediate) release of CloudingSMEs toolbox, which comprises of a set of tools that are aiming at supporting Small Medium Enterprises (SMEs) in adopting and leveraging the use of the Cloud. The tools are offered as on-line programs/utilities, which will be integrated within the CloudingSMEs web sites. Some of the tools address the needs/decisions of end-user SMEs i.e. SMEs wishing to adopt and/or use cloud computing solutions. However, there are also tools that are destined to address the needs of ICT SMEs i.e. SMEs developing and providing cloud computing solutions and/or services. The development of the tools has been based on a set of initial assumptions about the SMEs needs and the type of services that are needed to cover these needs. It is intended that this first (intermediate) release of the toolbox will be appropriately refined based on feedback from the SMEs. Furthermore, the partners intend to enhance the functionalities of the tools towards providing more personalized support to the SMEs. The relevant enhancements and fine-tunings will lead to the second and final version of this deliverable, which will describe the second (final) release of the CloudingSMEs toolbox.. Date: 6/12/2015 4/47 CloudingSMEs

5 Table of Contents Document Details... 2 Revision History... 3 Abstract... 4 Table of Contents... 5 Table of Tables... 6 Table of Figures... 7 Executive Summary Introduction Toolbox Development Planning Toolbox Purpose and Overview Development Process and Evolution Plan Longer Term Vision Tool Box Interactive Tools (first/initial release) Cloud Security Scorecard TCO Calculator Strategic Considerations Scorecard Cloud Services Catalogue Privacy and Data Protection Guide Guide to an Effective SLA Cloud Standards Catalogue PROMIS Platform Tools and Document Library On-line Support Services Questionnaires - Overview and structure Community of Cloud Experts (CV Data Base) Knowledge Pyramids mycommunication mycommunication Multilingualism Document Library Conclusions References Date: 6/12/2015 5/47 CloudingSMEs

6 Table of Tables Table 1: Tools of the Toolbox and the Issues/Functional Areas that they address Table 2: Questions comprising the Cloud Security Score Card Table 3: Main Components of the mycommunication Tool Date: 6/12/2015 6/47 CloudingSMEs

7 Table of Figures Figure 1: Evolution of the Toolbox (in the scope of the CloudingSMEs work plan) Figure 2: Questions of the Cloud Security Scorecard (Screenshot of Interactive Tool) Figure 3: Comparative Evaluation Results of the Cloud Security Scorecard (Screenshot of Interactive Tool) Figure 4: Input form of the TCO Calculator Figure 5: TCO Calculator Results Recommendation Figure 6: Screenshot of the input form for the Strategic Considerations Scorecard tool Figure 7: Screenshot of the results presentation of the Strategic Considerations Scorecard26 Figure 8: Screenshot from the Cloud Services Catalogue Prototype Figure 9: Checklist selection screenshot Figure 10: Example of checklist generation based on user selection Figure 11: Snapshot of the Cloud Standards Catalogue Figure 12: Snapshot of the CloudingSMEs Questionnaires developed based on the respective tools of the PROMIS toolbox Figure 13: Workflow process for consultants Figure 14: Sample Knowledge Pyramids Figure 15: Snapshot of the PROMIS toolbox Figure 16: Snapshot of the mycommunication Module Date: 6/12/2015 7/47 CloudingSMEs

8 Executive Summary Among the main objectives of CloudingSMEs is to provide support to SMEs that aim at adopting and/or exploiting cloud computing, through a practical toolbox (i.e. the CloudingSMEs toolbox) that will facilitate their cloud-related decisions. In this direction the project is committed to support SMEs in contractual, legal and cost-related issues, including privacy and security issues. The present deliverable corresponds to the first version/release of the CloudingSMEs toolbox, which provides a range of eight on-line interactive decision support tools for SMEs. The tools emphasize support in all of the above-listed areas, through enabling SMEs to identify and understand the main issues and thorny points that they should consider during the process of evaluating and/or selecting cloud services and cloud service providers. Most of the tools address the needs of end-user SMEs (demand-side), while there are also tools that are primarily destined to support ICT SMEs that engage in the provision of cloud services to their customers (supply chain). In a nutshell, the interactive tools that comprise the first version of the CloudingSMEs toolbox include: The Cloud Security Scorecard tool, which allows SMEs to audit/score the level of security offered by their cloud providers. The Privacy and Data Protection Guide tool, which provides information to SMEs about data protection issues in the cloud, including pointers to applicable legislation. The Guide to an effective SLA tool, which should support SMEs in effectively understanding and negotiating their SLAs with cloud providers. The TCO Calculator tool, which facilitates SMEs in calculating the TCO (Total Cost of Ownership) of their cloud solutions, but also in comparing this TCO with a data center solutions. The Strategic Considerations Scorecard, which provides the means to assess whether the SMEs should adopt a cloud solution or not. The Cloud Solutions Catalogue tool, which is a searchable catalogue of cloud solutions, including the purpose/functionality of its solution, the target groups, the target industry, as well as the region(s)/countries where these services are offered. The Cloud Standards Catalogue tool, which is a searchable catalogue of cloud standards and their purpose/usefulness for SMEs. As part of the initial version of the toolbox, initial prototype of all these tools have been developed, while some of the tools are already accessible via the CloudingSMEs portal. The consortium will undertake Date: 6/12/2015 8/47 CloudingSMEs

9 efforts towards improving and fine-tuning the tools, in terms of the decision support formulas used, but also in terms of aesthetics and ease of use. To this end the project will take into account feedback from the SMEs communities, which will be solicited and collected as part of the SMEs workshops of the project. Date: 6/12/2015 9/47 CloudingSMEs

10 1 Introduction The CloudingSMEs toolbox is intended to design, integrate and offer a number of interactive tools that could facilitate SMEs in their cloudadoption and cloud-use decisions. It is developed as part of of the project, which (according to the project s workplan / task structure) is intended to cover the following cloud computing areas: Guidance and standards for legal and contractual issues task 3.1 of the workplan Tools for Privacy and Data Protection task 3.2 of the workplan Tools for SLA Management and Negotiation task 3.3 of the workplan Methodologies and Toolkits for Cost Benefit Analysis task 3.4 of the workplan Date: 6/12/ /47 CloudingSMEs

11 In order to cover these areas the project has undertaken the design and development of the following tools Cloud Security Scorecard Tools, which should allow SMEs to audit/score the level of security offered by their cloud providers. Privacy and Data Protection Guide A tool, which provides information to SMEs about data protection issues in the cloud, including pointers to applicable legislation. Guide to an effective SLA A tool, which should support SMEs in effectively understanding and negotiating their SLAs with cloud providers. TCO Calculator A tool, which shall facilitate SMEs in calculating the TCO (Total Cost of Ownership) of their cloud solutions, but also in comparing this TCO with a data center solutions. Strategic Considerations Scorecard Cloud Solutions Catalogue A Tool which shall provide the means to assess whether the SMEs should adopt a cloud solution or not. A tool, which will be a searchable catalogue of cloud solutions, including the purpose/functionality of its solution, the target groups, the target industry, as well as the region(s)/countries where these services are offered. Cloud Standards Catalogue A tool, which will be a searchable catalogue of cloud standards and their purpose/usefulness for SMEs. In addition to these tools, the project will support SMEs on the basis of services provided by the PROMIS platform. In particular, a range of PROMIS tools including: Pyramids to structure and share expert s knowledge in Cloud related matters, Questionnaires of different types: (i) Linear, (ii) Dynamic, Time limited, Recurring questionnaires. Communication between experts and users. Registration of consultants CVs (Curricula Vitae) to qualify as experts in the CloudingSMEs community. On-line support services e.g. Cloud expert s and legal advice. Date: 6/12/ /47 CloudingSMEs

12 Moreover, a number of supporting documents will be provided under the document library of the CloudingSMEs portal. These documents will serve as reference materials for SMEs wishing to access more detailed information about specific topics relating to cloud adoption. Note that the above list of tools constitutes an initial approach to the development of the toolbox as part of first release in March This approach is based on initial assumptions of the CloudingSMEs consortium about the merit and utility of the above-listed tools for SMEs. The tools may be revised in subsequent versions/evolutions of the toolbox, while additional tools might be added as well. The evolution of the toolbox will be based on feedback from stakeholders (including SMEs). In the following paragraphs we provide more information about the operation and use of the various tools. In particular, the structure of the deliverable is as follows: Section 2 illustrates the development process of the CloudingSMEs toolbox. It highlights the baseline assumptions that have led to the production of the first release, while also describing the plan for evolving and improving the toolbox. Section 3 describes the main tools that comprise the toolbox, which cover different functional areas and are delivered on the basis of a variety of interactive formats. Section 4 describes additional tools (originating from the PROMIS platform), which have been adapted/customized to the needs of the CloudingSMEs project. These tools are an integral element of the CloudingSMEs toolbox, given also that the latter will be fully integrated in the PROMIS platform (as part of subsequent deliverable D3.2). Section 4 describes additional tools (originating from the PROMIS platform), which have been and will be adapted/customized to the needs of the CloudingSMEs project. These tools are an integral element of the CloudingSMEs toolbox, given also that the latter will be fully integrated in the PROMIS platform (as part of subsequent deliverable D3.2). Note that Section 4 reports also on the multilingual characteristics of CloudingSMEs toolbox. Section 5 is the concluding section of the deliverable. Date: 6/12/ /47 CloudingSMEs

13 2 Toolbox Development Planning 2.1 Toolbox Purpose and Overview CloudingSMEs is a support action aiming at facilitating SMEs in adopting, using and fully leveraging cloud computing. As such the project is devoted to establishing a support infrastructure on cloud computing issues, which will be freely offered to the SME community that will be built by the project. The CloudingSMEs toolbox is an essential element of this support infrastructure. Primarily, the toolbox aims at: Supporting SMEs in the cloud related decisions, through facilitating them to assess cloud computing service offerings in terms of functionality, quality and cost, as well as in terms of alignment to the SMEs strategy and goals. Indeed, SMEs can use some of the tools of the toolbox in order to assess and/or compare cloud offerings. Assisting SMEs in understanding thorny issues associated with the adoption and use of cloud computing services. Indeed, the toolbox deals with key cloud computing topics, which the SMEs should understand prior to finalizing any of their cloud-related decisions. In particular, the toolbox comprises questions, checklists and input forms, which SMEs are prompted to fill-in as part of the toolbox s operation. No matter what are the answers provided by the SMEs, the formulated questions allow the end-users to obtain insights on the main cloud adoption challenges. The toolbox comprises a set of on-line web-based interactive tools aiming at providing support to SMEs on a wide range of cloud computing issues including: Elements and contents Service Level Agreements (SLAs) and more specifically agreements between the SMEs and cloud services providers. Importance of privacy and data protection issues including relevant rules and regulations at national and EU levels. Cloud costing/pricing issues including assessment of cloud solutions against traditional data center solutions. Cost benefit analysis associated with cloud computing services. Date: 6/12/ /47 CloudingSMEs

14 The above list of issues has been already identified as part of the CloudingSMEs DoW (Description of Work) document. Nevertheless, the list is not exhaustive, since SMEs have additional needs in terms of locating/identifying appropriate cloud services provides, assessing cloud security solutions and more. Hence, the CloudingSMEs toolbox specification and implementation was aimed at providing support in most of the above issues, based on a set of on-line interactive utilities which will be made accessible (to registered SMEs) through the CloudingSMEs web site. The following table lists the tools of the CloudingSMEs toolbox and associates them with the thorny issues identified above. Tools Cloud Security Scorecard Issues/Concerns Addressed Security Issues, SLA Negotiation Issues Privacy and Data Protection Guide Privacy and Data Protection Issues, Legal Issues Guide to an effective SLA SLA Negotiation Issues TCO Calculator Cost-Benefit Analysis Issues / Pricing Issues Strategic Considerations Scorecard Cloud Solutions Catalogue Cost-Benefit Issues and SLA Negotiation Issues Cost-Benefit Analysis Issues / Pricing Issues / SLA Negotiation Issues Table 1: Tools of the Toolbox and the Issues/Functional Areas that they address In most cases the SME needs addressed by each one of the tools is nearly self-evident. For example, the cloud security scorecard facilitates SMEs in comparing different security offerings (by different cloud providers) thereby touching security issues, as well as issues relating to the security aspects of an SLA with a cloud provider. Similarly, the TCO Calculator tool enables SMEs to compare the costs of cloud solutions with the costs of traditional data center solutions targeting the same application or service. Therefore, the TCO calculator tool is clearly destined to provide support on cost-benefit analysis issues, but also on more general pricing issues of the cloud services. It should be noted that Date: 6/12/ /47 CloudingSMEs

15 Table 1above refers to the on-line tools that comprise the first version of the toolbox. The second and final version of the toolbox is likely to contain additional tools, as well as revised or enhanced versions of the above-listed on-line tools. This might results into changes to the number and type of issues addressed by each one of the tools. As already outlined, the toolbox infrastructure of the project comprises the tools stemming from the PROMIS platform. These are services supporting SMEs in accessing on-line knowledge and advices in relation to cloud computing topics/issues. Specifically, SMEs can access structured information about specific cloud computing topics through knowledge pyramids, while at the same time they can obtain on-line advice by CloudingSMEs qualified experts. Overall, the toolbox includes the following tools, which have been or will be adapted to the project s needs based on the capabilities of the PROMIS platform: Tools enabling partners and experts to structure Cloud knowledge and expertise in Pyramids. Tools for partners and experts to generate online Questionnaires for SME users. Tools for administering self generated services for/with the SME users. Pyramids with Cloud Experts knowledge made available to interested SME users. Tools for online written communication between an expert owner of knowledge (ICT, legal, business, administrative, economic) and SME users interested in such specific knowledge/expertise. Online advice from experts to SMEs requesting it. Registration of CVs and qualification of consultants and Cloud experts being prepared to provide online advice to interested SMEs. Machine translation of content implemented in the toolbox. The above-listed PROMIS tools provide additional opportunities for supporting SMEs on the basis of expert knowledge. Note however that some of the tools require the participation of experts in the provision of on-line written support. Also the CloudingSMEs portal provides a document library that organizes materials about cloud computing topics. SMEs can assess documents in this library in order to obtain in-depth information about cloud adoption and use issues. Date: 6/12/ /47 CloudingSMEs

16 2.2 Development Process and Evolution Plan The present deliverable reports on the first (intermediate) release of the toolbox. A successive version of this deliverable will provide the second (and final) release of the CloudingSMEs toolbox. In terms of the webbased interactive tools of the toolbox, these two releases have been planned as part of the CloudingSMEs work plan and on the basis of the following evolution stages and milestones: Stage 1 - Early Prototype Implementation / Usage of Simple Models for Calculations and Comparisons: As part of this initial stage the CloudingSMEs consortium has relied on some initial assumptions about the needs of the SMEs in terms of cloud adoption and use, but also in terms of possible ways to support their decision making. The tools presented in the present release of this deliverable are based on these assumptions and serve as a basis for interacting with the SMEs community of the project about the form of on-line support that should be provided to them by the CloudingSMEs project. Stage 2 - Improvement and Fine-Tuning of the tools based on SME feedback / Personalization of the tools according to SMEs profiling data: Following the release of the deliverable and for the next 6-8 months, the project will focus on improving and fine-tuning the implementations of the tools taking into account: o SMEs Feedback: Feedback received from the SMEs communities o as part of on-line interactions (i.e. via the web site), but mainly as part of the workshops for SME communities that will be organized by the SME associations of the project. This feedback will be taken into account in order to make structural, aesthetic and functionalityrelated improvements to the tools. Profiling Data and Information: CloudingSMEs will endeavor to personalize the operation of the tools on the basis of SMEs profile information. The main sources for receiving this information are the registration process of the CloudingSMEs portal, as well as additional questionnaires that will be delivered/administered to the SMEs on-line. The profile information will be used on order to classify the SMEs into various categories (e.g., according to size, business sector, cloud computing knowledge) and accordingly to produce variations of the tools for each different (identified) SME profile. Stage 3 Adaptation of the tools based on data received/analyzed from their on-line use: This will be the final development stage of the interactive tools, which Date: 6/12/ /47 CloudingSMEs

17 will attempt to exploit on-line feedback from SMEs that actually used the (interactive) tools, along with analysis of their answers / inputs provided through the tools. The aim of this analysis will be to derive (crowd-sourced like) knowledge, which could be exploited towards refactoring and fine-tuning the tools, especially in terms of the formulas used to calculate the indicative evaluation scores. However, this step/stage will be subject to the availability of a critical mass of data from SMEs. In case such data will not be available, the project will employ empirical techniques for adaptation and personalization, while postponing the possibility of exploiting crowd-sourced knowledge for the sustainability phase of the project (i.e. following the conclusion of the CloudingSMEs contract). This is a viable and realistic contingency plan for the third stage of the tools development. An overview of this staged development/evolution process for the interactive tools of the CloudingSMEs toolbox is provided in Figure 1 Figure 1: Evolution of the Toolbox (in the scope of the CloudingSMEs work plan) Note that during the second and third stages, the partners will also work towards creating the necessary infrastructure for multi-linguicism in order to ensure that localized versions of the tools can be produced. This is an essential step towards the large scale penetration of the tools. 2.3 Longer Term Vision The vision of the CloudingSMEs consortium in terms of its Cloud Computing Toolbox is to become a valuable and credible source of SME s support on cloud computing issues. Hence, in the longer term (i.e. as part of the exploitation and sustainability phase of the project) the partners will endeavor to continually improve the tools, but also to devise a realistic model for their sustainability. This may include the roll-out of a subset of the tools as a paid service for (registered-only) SMEs, in Date: 6/12/ /47 CloudingSMEs

18 addition to the tools that will be offered as free services to the CloudingSMEs community. The conditions under which such fee-based services could be established and provided to the SME community of the project will be explored as part of the exploitation activities of the project (in WP6). Note that the interactive tools of the CloudingSMEs toolbox could serve as a vehicle for the longer term sustainability of the project s results, including their wider use by European SMEs. The partners will attempt to devise relevant business models for exploiting and sustaining the toolbox following the completion of the project. These plans will be created as part of the exploitation activities of the project in WP6 and will be reflected in relevant deliverables. Date: 6/12/ /47 CloudingSMEs

19 3 Tool Box Interactive Tools (first/initial release) 3.1 Cloud Security Scorecard Overview and Purpose The purpose of this tool is to facilitate SME companies in their assessments of cloud security offerings. It is intended to help them score (and possibly compare) different cloud solutions against their security functionalities and characteristics. Hence, the tool is primarily addressed to end-user SMEs wishing to understand, evaluate and compare the security offerings/services of different services providers Nature The tool resembles a web-based scorecard. It accepts as input the SMEs responses to a number of questions about the security offerings/features of one or more cloud providers. Accordingly, it calculates (as output) a score for each security offering. The score is used classify the security offering in one among three categories (Strong, Fair, Poor). Note that the tool enables end-users to compare different security offerings, through responding to the given set of questions for each one of the offerings to be compared Questions The following table lists the questions that comprise the cloud security scorecard. It also lists the possible/allowed answers to each of the questions, along with the relevant weight of each question in the calculation of the total/overall score. No. Questions Weight Possible Answers 1 Is the cloud provider s infrastructure audited by third-parties? High YES / NO 2 Does the cloud provider offer data portability as part of its services? 3 Does the cloud provider specify penalties and liabilities for a potential data or system breach? Low Medium YES / NO YES / NO 4 Does the cloud provider allow you to inspect the cloud facility? Medium YES / NO 5 Does the cloud provider provide encryption and key management? 6 Is the cloud provider implementing single-sign on (i.e. access with one set of credentials) to the applications and services that it provides to you? High Medium YES / NO YES / NO 7 Can the cloud provider accommodate your own security policies? Low NO/ PARTIALLY/ YES 8 Does the cloud provider make provisions for cross-border data transfers? Medium YES / NO Date: 6/12/ /47 CloudingSMEs

20 9 Does the provider guarantee that your data will remain private? High YES / NO 10 Does the cloud provider offer application firewalls? High YES / NO 11 Could the cloud provider partition your applications and services from other users/customers? Medium YES / NO 12 Are the above issues taken into account and included in the SLA? High NONE / FEW OF THEM / MOST OF THEM / ALL OF THEM 13 Is the cloud service vendor ISO certified 1 High YES / NO Table 2: Questions comprising the Cloud Security Score Card Score Calculation Model The score calculation will be always based on models open and transparent to the CloudingSMEs community. The model employed in the initial prototype is based on empirical knowledge of the cloud experts of the consortium (EBS, EuroCloud) regarding cloud security, as well as on some initial assumptions associated with the impact of various factors on the quality of cloud security services. In the scope of subsequent development phases, changes to the model will occur based on feedback from relevant stakeholders/communities and/or domain experts (if available). The project will enable stakeholders to provide such feedback based on an appropriate web-based form. Currently, the scoring algorithm (implemented in this initial version of the tool) is based on the following principles: Each question carries a weight and each answer option carries a score. Score: Sum(question.weight * optionselectedscore). MaxScore: Sum(question.weight * max(optionscores)). We extract % percentage by Score*100/MaxScore. Score % >=70% is characterized as Excellent. 30< Score % < 70 is characterized as OK/Fair. Score % < 30 is characterized as Poor. 1 Vendor has an Information Security Management System (ISMS) that is compliant with ISO and the best practices detailed in ISO Date: 6/12/ /47 CloudingSMEs

21 Answers and questions are dynamically configured. Currently the implementation uses the following configuration: Question Weight Option1 Option1 score Option2 Option2 score Option3 Option3 Score Option4 Option4 score 1. Is the cloud provider's infrastructure audited by thirdparties? 2. Does the cloud provider offer data portability as part of its services? 3. Does the cloud provider specify penalties and liabilities for a potential data or system breach? 4. Does the cloud provider allow you to inspect the cloud facility? 5. Does the cloud provider provide encryption and key management? 6. Is the cloud provider implementing single-sign on (i.e. access with one set of credentials) to the applications and services that it provides to you? 3 NO 0 YES 10 3 NO 0 YES 10 3 NO 0 YES 10 3 NO 0 YES 10 3 NO 0 YES 10 3 NO 0 YES Can the cloud provider accommodate your own security policies? 3 ΝΟ 0 PARTI- ALLY 5 YES Does the cloud provider make provisions for crossborder data transfers? 9. Does the provider guarantee that your data will remain private? 3 NO 0 YES 10 3 NO 0 YES Does the cloud provider offer application firewalls? 3 ΝΟ 0 PARTI- ALLY 5 YES Does the cloud provider implements identity management services (i.e. authentication, single-sign on, data analysis)? 12. Could the cloud provider partition your applications and services from other users/customers? 3 NO 0 ΥΕS 10 3 NO 0 ΥΕS Are the above issues taken into account and included in the SLA? 3 NONE 0 FEW OF THEM 3 MOST OF THEM 6 ALL OFΤΗΕΜ Is the cloud service vendor ISO certified? 3 NO 0 ΥΕS 10 Date: 6/12/ /47 CloudingSMEs

22 3.1.5 Implementation Status An initial version of the scorecard has been implemented as an interactive web-based tool and is already accessible via the CloudingSMEs portal / website. A couple of relevant screenshots follow. Specifically, Figure 2 depicts a snapshot of the questions that are presented to the user of the tool (i.e. the SME), which Figure 3 illustrates the comparative results/scoring produced by the tools once the user/sme inputs data in the questionnaire about multiple providers (i.e. fills in the questionnaire for multiple cloud providers). Figure 2: Questions of the Cloud Security Scorecard (Screenshot of Interactive Tool) Figure 3: Comparative Evaluation Results of the Cloud Security Scorecard (Screenshot of Interactive Tool) Date: 6/12/ /47 CloudingSMEs

23 3.2 TCO Calculator Overview and Purpose The purpose of this tool is to enable SMEs to compare the cost (in terms of Net-Present-Value (NPV)) of cloud-based solutions to the respective costs of a traditional data center solution that could provide/support the same services as the cloud solution. In this way the TCO calculator enables SMEs to make an initial estimate of potential cost benefits that could result from the adoption of the cloud solutions instead of a traditional data center solution. In addition to the calculations per se, this tool is expected to provide valuable insights to SMEs assessing the cost benefits of (potential) cloud solutions, since it helps them understand the cost components of the various solutions Nature The tool prompts SMEs to provide estimates for various data center costs, as well as for the various cost components of the cloud solution. Accordingly it will produce a ballpark comparison of the Total Cost of Ownership (TCO) for both the data center and the cloud solution. In the sequel, we provide a list of TCO components for both options (data center, cloud provider), which the tool takes into account towards the TCO calculation of the two alternative options: Cost-components of the Data Center Solution: Server costs. Storage costs. Network costs. Backup and archive costs. Disaster recovery costs. Platform costs. Software maintenance costs (for packaged software). Software maintenance costs (for in-house software). Operational support personnel cost. Infrastructure software costs. Data center infrastructure costs. Cost-components of the Cloud Solution: Pay-as-you-go-fees. Private Cloud Costs (for private cloud solutions only). Note that the TCO calculation is based on NPV (Net-Present-Value) calculation (taking into account the WACC (Weighted Average Cost of Capital (WACC)). Furthermore, the tool illustrates prerequisites in order Date: 6/12/ /47 CloudingSMEs

24 to make the comparison valid (e.g., the availability of workloads and applications that could be moved into the cloud) Implementation Status A first version of the TCO calculator has been implemented as a webbased tool, which is already integrated within the CloudingSMEs portal. Figure 4 illustrates a snapshot of the form for inputting data associated with the TCO calculator (i.e. costs associated with a data center and a respective cloud based solution). Figure 4: Input form of the TCO Calculator Also, Figure 5 depicts the results produced by the tool in terms of NPV calculation, but also in terms of the overall suggestion (in favor or against a cloud solution) provided to the end-user of the tool. Figure 5: TCO Calculator Results Recommendation Date: 6/12/ /47 CloudingSMEs

25 3.3 Strategic Considerations Scorecard Overview and Purpose The purpose of this tool is to provide indications/guidelines to SMEs on whether cloud adoption could be a good option for them. To this end, SMEs will provide information on a number of strategic factors that relate to cloud deployments Nature The tool is essentially a scoring utility, which calculates a Cloud Appropriateness Score (CAS) (or alternative Cloud Adoption Score) indicating whether an SME should strongly consider cloud adoption or not. In particular, the higher the CAS score, the most likely that the SME could benefit from cloud adoption. The calculation of the CAS score will be calculated on the basis of a weighted formula that will take into account the status of different strategic factors for the SMEs. For each strategic factor the SMEs will specify: A weight signifying its relevant importance for cloud adoption. Scores associated with the different options of these strategic factors. The above-mentioned weights and scores will be used for calculating the CAS score. The strategic factors (along with some options for them) include: Workload (Small, Medium, High). It is assumed that enterprises with high workloads are more likely to favor cloud computing solutions. Cost of Data Center per User (Small, Medium, High). It is assumed that enterprises with high data center costs are more likely to adopt cloud computing solutions. Burstiness and Fluctuation of Workload (Small, Medium, High). It is assumed that enterprises with high burstiness and fluctuation in their workloads are more likely to adopt cloud computing solutions. Availability of Resources in the company's existing data center (Very Low, Low, Medium, High). It is assumed that enterprises with low availability of resources in their data center are more likely to adopt cloud computing solutions. Cloud Adoption by Competitors (Low, Medium, High). In cases where an enterprise s competitors are adopting cloud solutions, it is considered strategically more appropriate for the enterprise to do so as well. Pressure to reduce capital expenses (Yes, No, Don't know). Company s under pressure to reduce capital expenses are more likely to adopt cloud computing solutions. Planning to develop/deploy new ICT technology in the coming months (Yes, No, May Be). The deployment of new ICT technology is Date: 6/12/ /47 CloudingSMEs

26 seen as a strategic opportunity to adopt and leverage the benefits of cloud computing solutions. Current value from existing data center operations (Low, Medium, High). Enterprises that get low value from their existing data center are more likely to adopt cloud computing solutions Implementation Status An initial implementation of the Strategic Considerations Scorecard solution is available and linked to the CloudingSMEs web site / portal. Figure 6: Screenshot of the input form for the Strategic Considerations Scorecard tool Two snapshots of the current implementation are provided in Figure 6 (depicting the data input process/form) and Figure 7 (depicting how the results/suggestions are displayed to the end-user. Figure 7: Screenshot of the results presentation of the Strategic Considerations Scorecard Date: 6/12/ /47 CloudingSMEs

27 3.3.4 Score Calculation Model Similarly to other tools, the Strategic Consideration Scorecard implementation uses a score calculation model based on question weights and answer-option scores. The methodology and principles for exposing and evolving the scoring algorithms are exactly as in the case of the (earlier presented) Cloud Security Scorecard tool. Currently, the model uses the following parameters and recommendation algorithms: Score = Sum (question.weight * answer.optionselectedscore). If Score > 0 then the recommendation is pro cloud; if Score < 0 the recommendation is pro datacenter. MinimumScore = sum (q.weight*min(options)). MaximumScore = sum (q.weight*max(options)). Cloud Adoption Score = score-minimumscore/maximumscore- MinimumScore. Question Weight Option1 Option1 score Option2 Option2 score Option3 Option3 Score Option4 Option4 score 1. Major concerns for 3 Privacy -20 Security -10 SLA Workload 3 Low -20 Medium 0 High Data center operational cost per user 4. Data center operational cost per application 3 Low -20 Medium 5 High 20 3 Low -20 Medium 5 High Availability of Resources in the company's existing data center 3 Very Low 20 Low 10 Medium -10 High Current value from existing data center operations 7. Cloud Adoption By Competitors 3 Low -20 Medium 0 High 20 3 Low -20 Medium 0 High Pressure to reduce capital expenses 3 Yes 20 No -20 Do not know 5 9. Planning to develop/deploy new ICT technology in the coming months 3 Yes 20 No -20 Maybe 0 These parameters will be reviewed and validated via experimentation and feedback from users and experts. 3.4 Cloud Services Catalogue Overview and Purpose The purpose of this tool is to allow SMEs to find cloud services that could be appropriate for their needs. To this end, the tool creates and maintains a catalogue/directory of cloud solutions/services and of their vendors along with their metadata. Accordingly, it also provides a search facility Date: 6/12/ /47 CloudingSMEs

28 enabling SMEs to search the various solutions on the basis of various criteria. The service specifies a schema with the metadata of the various services. On the basis of this schema, CloudingSMEs will offer tools and services enabling cloud solution providers and vendors to register their solutions, thereby seamlessly expanding the catalogue. In the course of the productive deployment and operation of the tool, emphasis will be paid in the registration of solutions that are offered to certain countries or regions, in order to allow SMEs to access information about localized services (at national or regional levels) Nature The tool acts as a search facility that provides search functionality over a directory/database of metadata about cloud solutions. The metadata kept comprise the following (non-exhaustive attributes): Title of the solution/service. Short description of the solution/service. Extended description of the solution/service. Name of the Vendor/Provider. URL of the Vendor/Provider and/or of the solution/service itself. Information about pricing (options, models, prices). Classification of the solution as IaaS/PaaS/SaaS/Other. Region/Country where the solution/service is offered. Supported Standards. Other characteristics/information (as free text). Other attributes will be specified as well. Based on the above attributes a data format (XML or JSON schema) for describing a specific cloud solution/service is specified. This schema serves as a basis for implementing services enabling: Addition of new solutions/services to the directory. Update of existing solutions/services already residing within the directory. At latter stages, this tool will be supported by a data entry & maintenance application that will be accessible to registered cloud services providers for updating their profile or for registering a live URL via which the tool receives automated updates (XML format discussed above). Date: 6/12/ /47 CloudingSMEs

29 3.4.3 Implementation Status An initial prototype implementation of the Cloud Services Catalogue is available (Figure 8). However, it is not linked to the CloudingSMEs portal and it is not populated with real (production) data of existing/realistic cloud service providers and associated cloud services. Figure 8: Screenshot from the Cloud Services Catalogue Prototype 3.5 Privacy and Data Protection Guide Overview and Purpose The purpose of this tool is to help SMEs understand and identify data protection issues associated with their potential cloud deployment, along with applicable legislation. The tools will provide a checklist of the main privacy and data protection issues that require special attention by SMEs adopting or deploying cloud solutions Guide The checklist will provide information on issues associated with: Data location. Applicable data protection laws and jurisdictions at EU level (e.g., EU Directive 95/46/EC). Applicable data protection laws and jurisdictions at national level. National laws are applicable when (a) An EU-based controller located in its territory processes personal data, (b) A Controller outside EU uses equipment within its territory. Applicable industry regulations (such as the Health Insurance Portability and Accountability Act [HIPAA] in US we need feedback from the Consortium on related EU regulations). Date: 6/12/ /47 CloudingSMEs

30 Specific country laws and their implications for accessing and controlling data. Cross-border transfer of data due to local laws, along with the implications of virtualization which makes it difficult to know where the data is at any particular moment. Co-mingling of data i.e. physically storage of data in a database along with data from other companies. Data or metadata vulnerability to alternative or secondary uses by the cloud service provider (e.g., controls and service level agreements that prevent use of data may be used for marketing purposes). Ownership by the service provider of metadata, which it has created to help manage the SMEs user data Implementation Status The implementation of the tool is in progress. The user is initially prompted to select one or more sections/areas for which the tools shall provide the main areas of attention (see Figure 9) Figure 9: Checklist selection screenshot In this way the tools provide custom Privacy and Data Protection Checklists based on the user s selection and preference. The list of sections/areas will be refined and enhanced to address the possible different needs of various profiles of the CloudingSMEs service users. The following screenshot (Figure 10) displays an example of a checklist generated by the tool for the selection above. The user may print the generated checklist directly from his browser and use it on paper, or save in a file or copy & paste in other documents. Note that this is a tool intended to provide checklists to be used offline aiming to guide practical Date: 6/12/ /47 CloudingSMEs

31 compliance to recommendations, and this is exactly why the feedback is generated in the form of a checklist. Figure 10: Example of checklist generation based on user selection 3.6 Guide to an Effective SLA Overview and Purpose The purpose of this tool is to guide SMEs in understanding and paying attention to the most common articles/terms that comprise a contract between an SME and a cloud computing provider. To this end, it lists a set of SLA issues, with emphasis on the ones most commonly debated between customer (i.e. SME) and provider (i.e. cloud computing provider). Accordingly, it provides a brief yet comprehensive overview of these issues in order to assist SMEs in the negotiation of these terms Nature The tool is being implemented as a tree structure of options/decisions/ questions/issues associated with cloud contracts. SMEs will be able to browse or search the tree in order to access information about key issues comprising an SLA and accordingly in order to obtain information/insights about these issues. In this way the tool will allow SMEs to understand the key clauses that they should expect to see as part of a cloud contract, but also to identify important missing clauses and issues that the SME company should discuss/negotiate with the cloud provider. An indicative set of issues that will be addressed as part of the tree structure of SLA issues follows: Date: 6/12/ /47 CloudingSMEs

32 Illustration of how contract terms are provided: Standard click-through terms, which SMEs are prompted to accept before adopting a service. Standard click-through terms can be either: Negotiable (usually for paid services, since fee make providers more willing to negotiate). Non-Negotiable (usually the case with large mainstream cloud providers. Through off-line cloud contracts that can be scrutinized by SMEs legal departments, legal experts or owners (depending on the size of the SME). Illustrate that cloud contracts (to end-users) could be provided by: Cloud Service Provider/Vendor Cloud Integrators and Solution Providers (including SMEs) Illustration of the SMEs main drivers towards deviating from the standard terms that cloud providers offer, including: Commercial issues (e.g., request for higher/better service levels). Risk reduction and sharing issues (e.g., moving risks to provider on the basis of providers liability). Regulatory issues (i.e. need to comply with rules and regulations). The involvement of insurance companies, which in several cases provide their services given specific terms in the cloud contract. The fact that free of charge or low cost does not necessarily mean free of risk or low risk. Contract clauses on exclusion or limitation of liability and remedies (if negotiable). Explanation will be further provided for liabilities concerning: Data Loss/ Data integrity / Data corruption Provider could accept liability. User can implement its own additional solution (e.g., back-up on SME servers). Outages. Disaster recovery. Intellectual Property Rights. Contract clauses on Service levels, concerning: Resilience and Business Continuity Uptime percentage (%) Availability. QoS including: Number of Users that can be served based on a given response time for each user. Time it takes to restore data from backups. Mechanisms of Transparency. Logging. Date: 6/12/ /47 CloudingSMEs

33 SLA Auditing. Proactive and timely provision of statistics regarding the SLA. Contract Issues relating to security and privacy, notably: Regulatory issues under the European Union Data Protection Directive. National data protection law (especially in Europe). Regulations concerning the financial sector. Location of the data. Processing of the data. Unauthorized access to the data. Export control laws. Support for security standards and related policies (e.g., ISO27001). Notifications about security breaches, data loss etc. Contract issues associated with lock-in and exit, concerning: Terms about exit. Termination rights, including: Keeping data for a certain time after termination and before they are deleted. Deletion of data, duplicates and backups. Provision of evidence of the deletion of data. Return of data on exit. Data portability, including: Availability of data in popular formats that facilitate export/import. Provision of support by the provider. Duration of contract, including: Minimum and Maximum duration. Early termination fees. Fixed term vs. rolling contracts. Termination events, including: Insolvency. Material breach. Breach of Acceptable Use Policies (AUPs). Breach of confidentiality. Breach of security policies. Breach of Intellectual Property Rights (IPRs). Non-payment. Provision of notice before termination. Users/SMEs opportunities to remedy breaches and avoid termination. Service Suspension, including: Non-payment. Breach of Acceptable Use Policies (AUPs). Security Incident. Date: 6/12/ /47 CloudingSMEs

34 Technical maintenance and support (e.g., upgrades, patches etc.). Contract clauses associated with the providers ability to change service features, including: Change of service features unilaterally. Provision of prior notifications to end-users. Right to terminate contract due to changes in service features. Right to reject changes. Minor changes allowed. Service improvements allowed and accepted. Intellectual property rights, including: Most common in SaaS services. Users retain ownership of cloud processed data. Rights to applications that SME users develop or deploy on IaaS/PaaS. Rights to service improvements and bug fixes that are initiated from users. Coverage of costs associated with software/applications licenses in the cloud. Licensing terms and charges (e.g., monthly per-user payments, charges based on number of processor cores in the system used). As part of the tool, some guidelines to ICT SMEs (cloud integrators/solutions providers) could be provided. In particular, ICT SMEs could understand the needs of end-users in terms of contract flexibility and negotiated terms in order to differentiate themselves from large cloud services providers which tend to offer generalized one size fits all commodity services. Indeed, ICT SMEs have opportunities of acting as niche providers and integrators, who will be more willing to tailor services to user needs, based on appropriate contract terms or service features. The SLA tool of the CloudingSMEs toolbox could allow them to understand user concerns and gain flexibility in negotiations Implementation Status The implementation of this tool is work in progress. It will be based on the same checklist infrastructure available as part of the data protection guide. 3.7 Cloud Standards Catalogue Overview and Purpose Standards are essential for safeguarding interoperability and portability, which are two of main concerns that companies have when choosing to outsource their IT infrastructure and services to a provider. The adoption, Date: 6/12/ /47 CloudingSMEs

35 use and implementation of standards can greatly facilitate SMEs in: (a) Seamlessly switching between providers and (b) Integrating applications residing in the company s data centers with other cloud applications (in public and/or private clouds). The cloud standards catalogue aims at helping SMEs finding cloud standards and their role in tackling the above issues. It should be noted that the cloud standards catalogue will be very useful for ICT SMEs as well, since it will enable them to identify and track standards relevant to their developments, products and services Nature This tool will be a searchable list of standards, along with information about the merit and use of each one. Note that the tools will provide the means for editing existing standards and inserting new ones. An indicative (non-exhaustive) list of standardization bodies engaging in the production of cloud standards follows: Open Cloud Consortium (OCC) (www.opencloudconsortium.org). Open Grid Forum (OGF) (www.ogf.org). Storage Networking Industry Association (SNIA) (www.snia.org). Object Management Group (OMG) (www.omg.org). Cloud Computing Interoperability Forum (www.ccif.org). Cloud Security Alliance (www.cloudsecurityalliance.org). Distributed Management Task Force (DMTF) (www.dmtf.org) Implementation Status An initial prototype implementation of the cloud standards catalogue is available (Figure 11). However, at the time of release of this (initial version) of the deliverable it is not linked to the CloudingSMEs portal and not populated with production data. Figure 11: Snapshot of the Cloud Standards Catalogue Date: 6/12/ /47 CloudingSMEs

36 4 PROMIS Platform Tools and Document Library In CloudingSMEs the PROMIS toolbox organizes and tailors different interactive services with the objective to support the structuring and sharing of expertise and knowledge between experts, consultants, lawyers, associations, institutions and all those, whose business and/or mission is to server SMEs in Europe and beyond. 4.1 On-line Support Services In CloudingSMEs a range of on-line support services for SMEs are created by the PROMIS toolbox in order to allow advanced users: a) to conceive different types of questionnaires, b) to structure their knowledge in pyramids, c) to allow experts to generate templates (e.g. ISO family), d) to administer and share the services developed by associations, e) consultants or institutions for their customers and/or members. Two types/categories of services are offered at present after tailoring: 1. To create services: Tool for partners and experts, to structure Cloud knowledge and expertise in Pyramids. Tool for partners and experts to generate online Questionnaires for SME users. Tool to administer self generated services for/with the SME users Tool for the registration of CVs and qualification of consultants and experts being prepared to provide online advice to interested SMEs. Tool to generate templates (e.g. ICT Security & Data Protection - ISO family) 2. To administer services Pyramids with Cloud Experts knowledge made available to interested SME users. Online communication between an expert owner of knowledge (ICT, legal, business, administrative, economic) and SME users interested in such specific knowledge/expertise. Contact qualified experts/consultants that can provide online and/or personal support; Access information on best practice; Translation of content implemented in the tools which will be translated after marking the text. The goal is to: structure knowledge and dedicated services as described in chapter 4 Date: 6/12/ /47 CloudingSMEs

37 work interactively online with Cloud consultants and subject matter experts, build professional communities, to disseminate and implement best practices. The tools available in the toolbox may contain technical guidance, and can be further customised for any Cloud-related sector, opening the way to an enormous economy of scale and to considerable perspectives in many areas of need. 4.2 Questionnaires - Overview and structure A tool for creating questionnaires is available in the toolbox. Within the questionnaire tool an expert can create yes / no questions, free text questions, and ranking questions with various response options which can be sorted by criteria. Files can also be uploaded in response to specific questions. The tool can generate different types of questionnaires: (i) Linear, (ii) Dynamic, (iii) Time limited, (iv) Recurring questionnaires. It can also be used to generate tests for the certification of etraining courses. The tools have already been used towards creating questionnaires for CloudingSMEs, notably questionnaires that are used in the scope of WP2 of the project. A snapshot of one of these questionnaires Figure 12: Snapshot of the CloudingSMEs Questionnaires developed based on the respective tools of the PROMIS toolbox 4.3 Community of Cloud Experts (CV Data Base) The Cloud experts, register in the pre-structured CV become members of CloudingSMEs. As soon as accepted, they can structure knowledge and Date: 6/12/ /47 CloudingSMEs

38 expertise in pyramids for different sectors, themes and domains and questionnaires. The self-assessment questionnaire helps SMEs and consultants to get together and then to communicate online. Only the SMEs can select the experts and when the experts have accepted the invitation, they are connected with each other and can communicate. The workflow process is shown in the following figure: Figure 13: Workflow process for consultants 4.4 Knowledge Pyramids Pyramids are available for consultants, who structure knowledge, as well as for SME`s, who make use and learn from that knowledge. A sample is illustrated in Date: 6/12/ /47 CloudingSMEs

39 Figure 14. In addition to supporting the structure of information and knowledge, the pyramid is more and more accepted as an instrument to register and protect intellectual property. This is due to the fact that each individual, expert, association or institution structuring their knowledge in one or more of the CloudingSMEs pyramids, becomes the owner of a pyramid that can be accessed and updated only by them. The three-sided Pyramid allows structuring Cloud related knowledge and link to external knowledge from institutions and other organisations. Each face of the three- sided pyramid is integrated with the other two. The pyramid is horizontally subdivided in levels. Each face is vertically subdivided in sectors starting from the top. Figure 14: Sample Knowledge Pyramids Date: 6/12/ /47 CloudingSMEs

40 Figure 15: Snapshot of the PROMIS toolbox For example, EuroCloud Germany has created the Star Audit Certification pyramid (http://www.cloudingsmes.eu/en/toolbox.html) which is structured in: Faces: focus each on one of the following: Foundation, Checklists, Star Audit Certification; Sectors: Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service; Levels: from top down represent: (a) Contract/s, (b) Security, (c) Infrastructure, (d) Operational processes, (e) Interoperability. 4.5 mycommunication This is a tool for focused remote written communication between consultants and their SME clients. The main components are listed in the following table: Inbox: System: Staff: Archive: Recycle Bin: All Messages received from Staff and system Messages that were generated by the system Active threads with other PROMIS Enterprise users Closed threads and system messages are stored here All deleted threads and messages can be found here Table 3: Main Components of the mycommunication Tool The message system, basically, works like a mail system. The user can send messages and communicate with other users of CloudingSMEs and structure messages into categories. Date: 6/12/ /47 CloudingSMEs

CloudingSMEs White Paper

CloudingSMEs White Paper CloudingSMEs FP7- No. 609604 WP2 SMEs Vision and Road mapping for Cloud Development Deliverable D2.2.1 SMEs Requirements for Cloud Development, Adoption and Evolution CloudingSMEs PROPRIETARY RIGHTS STATEMENT

More information

CloudingSMEs Deliverable D2.2.4 Roadmap reflecting the SMEs

CloudingSMEs Deliverable D2.2.4 Roadmap reflecting the SMEs Deliverable D2.2.4 CloudingSMEs FP7- No. 609604 Deliverable D2.2.1 SMEs Requirements for Cloud Development, Adoption and Evolution CloudingSMEs Deliverable D2.2.4 Roadmap reflecting the SMEs viewpoint

More information

CloudingSMEs Deliverable D5.5.1 Policy Development Guidelines

CloudingSMEs Deliverable D5.5.1 Policy Development Guidelines CloudingSMEs FP7- No. 609604 WP2 SMEs Vision and Road mapping for Cloud Development Deliverable D2.2.1 SMEs Requirements for Cloud Development, Adoption and Evolution CloudingSMEs PROPRIETARY RIGHTS STATEMENT

More information

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

The NREN s core activities are in providing network and associated services to its user community that usually comprises: 3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined

More information

Adopting Cloud Computing with a RISK Mitigation Strategy

Adopting Cloud Computing with a RISK Mitigation Strategy Adopting Cloud Computing with a RISK Mitigation Strategy TS Yu, OGCIO 21 March 2013 1. Introduction 2. Security Challenges Agenda 3. Risk Mitigation Strategy Before start using When using 4. Policy & Guidelines

More information

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager Role title Digital Cultural Asset Manager Also known as Relevant professions Summary statement Mission Digital Asset Manager, Digital Curator Cultural Informatics, Cultural/ Art ICT Manager Deals with

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions

Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions Financial Conduct Authority Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions Introduction 1. A firm has many choices when designing its operating model

More information

Cloud Vendor Evaluation

Cloud Vendor Evaluation Cloud Vendor Evaluation Checklist Life Sciences in the Cloud Cloud Vendor Evaluation Checklist What to evaluate when choosing a cloud vendor in Life Sciences Cloud computing is radically changing business

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Cloud Service Rollout. Chapter 9

Cloud Service Rollout. Chapter 9 Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

Workshop: How can you as SME benefit from Cloud Computing?

Workshop: How can you as SME benefit from Cloud Computing? Andreas Hermsdorf / pixelio.de Workshop: How can you as SME benefit from Cloud Computing? Funded by European Commission Sebastiano Toffaletti, Pin SMEs & Lorenzo Accardo, UEAPME Agenda 1 2 3 4 5 6 7 Welcome

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

NSW Government. Cloud Services Policy and Guidelines

NSW Government. Cloud Services Policy and Guidelines NSW Government Cloud Services Policy and Guidelines August 2013 1 CONTENTS 1. Introduction 2 1.1 Policy statement 3 1.2 Purpose 3 1.3 Scope 3 1.4 Responsibility 3 2. Cloud services for NSW Government 4

More information

D6.1: Service management tools implementation and maturity baseline assessment framework

D6.1: Service management tools implementation and maturity baseline assessment framework D6.1: Service management tools implementation and maturity baseline assessment framework Deliverable Document ID Status Version Author(s) Due FedSM- D6.1 Final 1.1 Tomasz Szepieniec, All M10 (31 June 2013)

More information

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 sm Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 Legal Notice This Open Data Center Alliance SM Usage:Provider Assurance is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS

More information

INFRASTRUCTURE AS A SERVICE BUYER S CHECKLIST

INFRASTRUCTURE AS A SERVICE BUYER S CHECKLIST INFRASTRUCTURE AS A SERVICE BUYER S CHECKLIST 2 CONTENTS SERVICE LEVELS 3 SERVICE AND SUPPORT 4 CERTIFICATIONS 4 MANAGED HOSTING 7 BILLING 8 SERVICE MANAGEMENT 8 TECHNOLOGY 9 GLOBAL, REGIONAL, LOCAL 10

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Maximize potential with services Efficient managed reconciliation service

Maximize potential with services Efficient managed reconciliation service RECONCILIATION IntelliMatch Operational Control services Optimize. PRODUCT SHEET Maximize potential with services Efficient managed reconciliation service Overview At its best, technology provides financial

More information

CloudingSMEs Deliverable D2.2.1 SMEs Requirements for Cloud Development, Adoption and Evolution

CloudingSMEs Deliverable D2.2.1 SMEs Requirements for Cloud Development, Adoption and Evolution CloudingSMEs FP7- No. 609604 CloudingSMEs SMEs Requirements for Cloud Development, Adoption and Evolution PROPRIETARY RIGHTS STATEMENT This document contains information, which is proprietary to the CloudingSMEs

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

CLOUDCATALYST. Cloud Trends and Critical Success Factors for European SMEs

CLOUDCATALYST. Cloud Trends and Critical Success Factors for European SMEs CLOUDCATALYST Cloud Trends and Critical Success Factors for European SMEs INDEX CLOUDCATALYST PROJECT: BACKGROUND, OBJECTIVES, OUTPUTS AND TARGETS CLOUD COMPUTING TRENDS: SURVEY DEMOGRAPHICS, KEY FINDINGS

More information

5 Things to Look for in a Cloud Provider When it Comes to Security

5 Things to Look for in a Cloud Provider When it Comes to Security 5 Things to Look for in a Cloud Provider When it Comes to Security In This Paper Internal technology services that lack resources, rigor or efficiencies are prime candidates for the cloud Understand the

More information

Addressing Cloud Computing Security Considerations

Addressing Cloud Computing Security Considerations Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft

More information

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0 ITIL by Test-king Number: ITIL-F Passing Score: 800 Time Limit: 120 min File Version: 15.0 Sections 1. Service Management as a practice 2. The Service Lifecycle 3. Generic concepts and definitions 4. Key

More information

WHITE PAPER. How to choose and implement your cloud strategy

WHITE PAPER. How to choose and implement your cloud strategy WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Interoperable Clouds

Interoperable Clouds Interoperable Clouds A White Paper from the Open Cloud Standards Incubator Version: 1.0.0 Status: DMTF Informational Publication Date: 2009-11-11 Document Number: DSP-IS0101 DSP-IS0101 Interoperable Clouds

More information

Cloud Service Contracts: An Issue of Trust

Cloud Service Contracts: An Issue of Trust Cloud Service Contracts: An Issue of Trust Marie Demoulin Assistant Professor Université de Montréal École de Bibliothéconomie et des Sciences de l Information (EBSI) itrust 2d International Symposium,

More information

Kroll Ontrack VMware Forum. Survey and Report

Kroll Ontrack VMware Forum. Survey and Report Kroll Ontrack VMware Forum Survey and Report Contents I. Defining Cloud and Adoption 4 II. Risks 6 III. Challenging Recoveries with Loss 7 IV. Questions to Ask Prior to Engaging in Cloud storage Solutions

More information

Ellucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant

Ellucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant Ellucian Cloud Services Joe Street Cloud Services, Sr. Solution Consultant Confidentiality Statement The information contained herein is considered proprietary and highly confidential by Ellucian Managed

More information

Considerations for Outsourcing Records Storage to the Cloud

Considerations for Outsourcing Records Storage to the Cloud Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

Evolving Issues for Healthcare IT Contracting

Evolving Issues for Healthcare IT Contracting Evolving Issues for Healthcare IT Contracting By: Alan L. Friel This client advisory is based in part on an article appearing in FierceHealthIT. The emergence of mega-suite vendors, more use of the cloud,

More information

OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0

OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0 sm OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0 SM Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Assumptions... 5 SaaS Interoperability

More information

A COMPLETE GUIDE HOW TO CHOOSE A CLOUD-TO-CLOUD BACKUP PROVIDER FOR THE ENTERPRISE

A COMPLETE GUIDE HOW TO CHOOSE A CLOUD-TO-CLOUD BACKUP PROVIDER FOR THE ENTERPRISE A COMPLETE GUIDE HOW TO CHOOSE A CLOUD-TO-CLOUD BACKUP PROVIDER FOR THE ENTERPRISE Contents How to Buy Cloud-to-Cloud Backup...................... 4 Wait What is Cloud-to-Cloud Backup?.....................

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

NSW Government. Cloud Services Policy and Guidelines

NSW Government. Cloud Services Policy and Guidelines NSW Government Cloud Services Policy and Guidelines August 2013 CONTENTS 1. Introduction 2 1.1 Policy statement 3 1.2 Purpose 3 1.3 Scope 3 1.4 Responsibility 3 2. Cloud services for NSW Government 4 2.1

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Cloud Computing: Risks and Auditing

Cloud Computing: Risks and Auditing IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG

More information

How small and medium-sized enterprises can formulate an information security management system

How small and medium-sized enterprises can formulate an information security management system How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING

ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

TECHNICAL SPECIFICATION: SECURE LEGISLATION-AWARE STORAGE SOLUTION

TECHNICAL SPECIFICATION: SECURE LEGISLATION-AWARE STORAGE SOLUTION REALIZATION OF A RESEARCH AND DEVELOPMENT PROJECT (PRE-COMMERCIAL PROCUREMENT) ON CLOUD FOR EUROPE TECHNICAL SPECIFICATION: SECURE LEGISLATION-AWARE STORAGE SOLUTION ANNEX IV (C) TO THE CONTRACT NOTICE

More information

CLOUD MIGRATION STRATEGIES

CLOUD MIGRATION STRATEGIES CLOUD MIGRATION STRATEGIES Faculty Contributor: Dr. Rahul De Student Contributors: Mayur Agrawal, Sudheender S Abstract This article identifies the common challenges that typical IT managers face while

More information

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL INTRODUCTION WHAT IS A RECORD? AS ISO 15489-2002 Records Management defines a record as information created,

More information

State of Oregon. State of Oregon 1

State of Oregon. State of Oregon 1 State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information

More information

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS aims to provide the most secure, the most private, and

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Big Data Analytics Service Definition G-Cloud 7

Big Data Analytics Service Definition G-Cloud 7 Big Data Analytics Service Definition G-Cloud 7 Big Data Analytics Service Service Overview ThinkingSafe s Big Data Analytics Service allows information to be collected from multiple locations, consolidated

More information

Validating Enterprise Systems: A Practical Guide

Validating Enterprise Systems: A Practical Guide Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise

More information

Enterprise Architecture and the Cloud. Marty Stogsdill, Oracle

Enterprise Architecture and the Cloud. Marty Stogsdill, Oracle Marty Stogsdill, Oracle SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may use this material in presentations

More information

Indicative Requirements for Cloud Service Providers. connect communicate collaborate

Indicative Requirements for Cloud Service Providers. connect communicate collaborate Requirements Document Cloud Services connect communicate collaborate www.geant.net This document has been produced with the financial assistance of the European Union. The contents of this document are

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010

Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010 Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010 Better Together Writer: Bill Baer, Technical Product Manager, SharePoint Product Group Technical Reviewers: Steve Peschka,

More information

Qualification Guideline

Qualification Guideline Qualification Guideline June 2013 Disclaimer: This document is meant as a reference to Life Science companies in regards to the Microsoft O365 platform. Montrium does not warrant that the use of the recommendations

More information

Software as a Service: Guiding Principles

Software as a Service: Guiding Principles Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially

More information

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of

More information

Installing and Administering VMware vsphere Update Manager

Installing and Administering VMware vsphere Update Manager Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

PICSE survey. (PICSE: Procurement Innovation for Cloud services in Europe)

PICSE survey. (PICSE: Procurement Innovation for Cloud services in Europe) PICSE survey (PICSE: Procurement Innovation for Cloud services in Europe) To ensure that Europe reaps the benefits of the shift to cloud computing, there is the need to focus on new ways of procuring cloud

More information

Top 10 Risks in the Cloud

Top 10 Risks in the Cloud A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question

More information

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

GETTING THE MOST FROM THE CLOUD. A White Paper presented by GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are

More information

Service Definition Document

Service Definition Document Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)

More information

THE PERSPECSYS KNOWLEDGE SERIES. Solving Privacy, Residency and Security in the Cloud. PerpecSys Inc. 2012. All rights reserved.

THE PERSPECSYS KNOWLEDGE SERIES. Solving Privacy, Residency and Security in the Cloud. PerpecSys Inc. 2012. All rights reserved. THE PERSPECSYS KNOWLEDGE SERIES Solving Privacy, Residency and Security in the Cloud Data Compliance and the Enterprise Cloud Computing is generating an incredible amount of excitement and interest from

More information

The NREN cloud strategy should be aligned with the European and national policies, but also with the strategies of the member institutions.

The NREN cloud strategy should be aligned with the European and national policies, but also with the strategies of the member institutions. 4 External influences PESTLE Analysis A PESTLE analysis is a useful tool to support the investigation and decision process relating to cloud services. PESTLE in general covers Political, Economic, Social,

More information

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING 1. Overview and Background On 27 September 2012, the European Commission adopted a strategy for "Unleashing the potential of cloud computing in

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1 sm Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1 Open Data Center Alliance Usage: Virtual Machine (VM) Interoperability in a Hybrid Cloud

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

The Brave. New World of Healthcare Correspondence. Harnessing the Power of SaaS to Safeguard Patient Data. White paper

The Brave. New World of Healthcare Correspondence. Harnessing the Power of SaaS to Safeguard Patient Data. White paper The Brave New World of Healthcare Correspondence Harnessing the Power of SaaS to Safeguard Patient Data Background The passage of HIPAA in 1996 introduced seismic changes to the way healthcare providers

More information

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Collaborated by Internet Society Hong Kong and Cloud Security Alliance (HK & Macau Chapter) Sponsored by Microsoft Hong Kong Jointly

More information

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication Cloud Computing Secured Thomas Mitchell CISSP A Technical Communication Abstract With the migration to Cloud Computing underway in many organizations IT infrastructure, this will cause a paradigm shift

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

FINAL WORKSHOP REPORT. IU21KT stakeholders, European Commission, Study Team

FINAL WORKSHOP REPORT. IU21KT stakeholders, European Commission, Study Team WORKSHOP REPORT Venue: Date and Time: In attendance: Offices of DLA Piper, Brussels 7 June 2013 at 11 a.m. - 13 p.m. IU21KT stakeholders, European Commission, Study Team The workshop - held in the form

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

The Need for Service Catalog Design in Cloud Services Development

The Need for Service Catalog Design in Cloud Services Development The Need for Service Catalog Design in Cloud Services Development The purpose of this document: Provide an overview of the cloud service catalog and show how the service catalog design is an fundamental

More information

Enterprise level security, the Huddle way.

Enterprise level security, the Huddle way. Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network

More information

The silver lining: Getting value and mitigating risk in cloud computing

The silver lining: Getting value and mitigating risk in cloud computing The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Services Providers. Ivan Soto

Services Providers. Ivan Soto SOP s for Managing Application Services Providers Ivan Soto Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed

More information