Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?"

Transcription

1 Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011

2 Agenda Introductions Cloud computing overview Risks and audit strategies Q&A

3 Introductions Jeff Spivack, Grant Thornton Partner and Practice Leader Business Advisory Services, Greater Bay Area National Solution Group member for service organization matters relating to cloud computing Local leader for all Governance, Risk and Compliance services Over 25 years of consulting and industry experience in New York and Greater Bay area markets Board Member SF Chapter of IIA

4 Introductions Keith Chin, Salesforce.com Internal Audit Manager, San Francisco 12 Years internal audit experience External audit experience at Deloitte, primarily in the technology and banking industries License management and internal audit manager at Oracle Focused on global audits across a wide spectrum of business processes

5 Introductions Lisa Core, Salesforce.com Technology Audit & Compliance Program Manager 3 years of experience in KPMG's IT Advisory Group Organized and designed a full program of over 300 IT controls at Salesforce.com Leads many technology related audits and assessments Supports the Salesforce.com sales organization with the completion of highly technical RFPs/RFIs and security/privacy-related questionnaires

6 Cloud computing overview Group discussion What is your experience with cloud computing? How does your company utilize cloud computing? What level of involvement did your Internal Audit group have with your Company s cloud computing implementation? Has your company s cloud environment been audited?

7 Learning objectives Presentation focus Today s presentation will focus on the following: Understanding primary outsourced/hosted cloud computing options, industry trends, and benefits including observations from a market leader Methods for deciding if cloud computing fulfills the organization s business needs and risk appetite Understanding unique risks associated with various cloud computing models Practical controls for securing the Company s assets when using cloud computing Methods for auditing the Company s use of cloud computing technologies

8 Agenda Introductions Cloud computing overview Risks and audit strategies Q&A

9 Cloud computing overview Why the buzz? Cloud computing is the future of IT A new and flexible model for deploying technology Extremely reliable and infinitely scalable Cost benefits and ease of ownership Allows you to expand or contract as business needs dictate Pay for only what you need at any given time

10 Cloud computing overview Grant Thornton's CAE Survey More than 300 CAEs surveyed responded that 77% are at least somewhat familiar with cloud computing 69% use cloud computing; many expect cloud computing use to increase (45%) or stay the same (55%) in the next 12 months When asked to describe their view as to the security, governance, risk and controls implications in moving to a cloud environment, 43% responded "I haven t really given it much thought." 64% of respondents do not include cloud computing in their audit plan

11 Cloud computing overview Future of cloud computing Looking past the current industry hype surrounding all things Cloud, Forrester believes that Cloud computing is a sustainable, long-term IT paradigm, and the successor to previous mainframe, client/server, and network computing eras. -Forrester Research, Inc. The Evolution of Cloud Computing Markets

12 Cloud computing overview A full spectrum of definitions - simple The cloud is about immediacy, elasticity, and utility economics Mark Shuttleworth, Ubuntu & Canonical The cloud is water vapor Larry Ellison, Oracle

13 Cloud computing overview Three basic flavors of service (cont'd) #1 Infrastructure Data Center Processor Memory Storage Virtualized & Dynamic Redundant

14 Cloud computing overview Three basic flavors of service (cont'd) #2 Platform Operating System Web Servers Database Servers Operational Services Virtualized Infrastructure

15 Cloud computing overview Three basic flavors of service (cont'd) #3 Application Google Apps Salesforce Mobile Me Platform Infrastructure

16 Cloud computing overview Types and models Types of Clouds Public - Shared computer resources provided by an off-site third-party provider Private - Dedicated computer resources provided by an off-site third party or use of cloud technologies on a private internal network Hybrid - Consisting of multiple public and private clouds Models of Cloud: Software as a Service (SaaS) - Software applications delivered over the Internet Platform as a Service (PaaS) - Full or partial operating system/development environment delivered over the Internet Infrastructure as a Service (IaaS) - Computer infrastructure delivered over the Internet

17 Cloud computing overview Global Public Cloud Market Size

18 Cloud computing overview Service model attributes Software as a Service (SaaS) The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Platform as a Service (PaaS) Consumer has control over the deployed applications and possibly application hosting environment configurations. Infrastructure as a Service (IaaS) Consumer has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).

19 Agenda Introductions Cloud computing overview Risks and audit strategies Q&A

20 Risks and audit strategies System failure at Amazon.com "A widespread failure in Amazon.com s Web services business affected many Internet sites, highlighting the risks involved when companies rely on so-called cloud computing. The problems affected sites including Quora.com, Reddit.com, GroupMe.com and Scvngr.com, which all posted messages to their visitors about the issue. Most of the sites have been inaccessible for hours, and others were only partly operational " -NYTimes.com April 21, 2011

21 Risks and audit strategies Security Breach at Epsilon "A data breach at one of the world's largest providers of marketing services may have enabled unauthorized people to access the names and addresses for customers of major financial-services, retailing and other companies." -WSJ.com April 4, 2011

22 Risks and audit strategies Potential risks What are the physical components of the Clouds? Data Centers self-hosted, third-party, both, etc.? Network circuits and firewalls who s managing, who s watching, etc.? Disaster preparedness and recoverability is there a plan, is it tested, etc.? Who is aware of and managing vendor SLAs and are they adequate? Where s the data and how is it protected? In-flight, standing still/at-rest, etc.? Archives and back-up? Unintended uses? Data privacy and compliance? What is the tone at the top? Stakeholder knowledge of attributes and risks Have internal controls evolved effectively? Who is monitoring internal use of public cloud services?

23 Risks and audit strategies Service organization considerations When outsourcing parts of their business (including cloud computing), companies are still responsible for the data, processing and/or services provided by the outsourcing company (service organization). As a result, many companies (and their auditors) desire or require their service organizations to obtain an independent assessment of their security, availability, processing integrity, confidentiality and privacy practices.

24 Risks and audit strategies Service organization considerations SSAE No. 16, Reporting on Controls at a Service Organization, superseded SAS 70 on June 15, There are several reporting options for service auditors examining controls at service organizations. Financial Reporting Risks Nonfinancial Reporting Risks SOC 1 SOC 2 SOC 3 SSAE 16 With testing details "Pass" with a seal display

25 Risks and audit strategies Six additional risk areas Security Multi-tenancy Data location Reliability Sustainability Scalability

26 Risks and audit strategies 1. Security - risks The cloud provider s security policies are not as strong as the Company s data security requirements Cloud systems which store Company data are not updated or patched when necessary Security vulnerability assessments or penetration tests are not performed to ensure logical and physical security controls are in place The physical location of company data is not properly secured

27 Risks and audit strategies 1. Security audit strategy Determine if the cloud provider meets or exceeds the Company s security requirements Determine if the cloud provider s security posture is based on a security standard (i.e., ISO27001, Cloud Security Alliance, PCI DSS, etc.) Determine if the cloud provider has a security assessment performed Determine if the cloud provider s Service Organization Report (i.e., SSAE 16, SOC Reports) addresses specific security controls

28 Risks and audit strategies 2. Multi-tenancy risks Company data is not appropriately segregated on shared hardware resulting in Company data being inappropriately accessed by third parties The cloud service provider has not deployed appropriate levels of encryption to ensure data is appropriately segregated both in rest and transit The cloud service provider cannot determine the specific location of the Company s data on its systems Company data resides on shared server space which might conflict with regulatory compliance requirements for the Company

29 Risks and audit strategies 2. Multi-tenancy audit strategy Inquire of the cloud service provider s method used to secure the Company s data from being accessed by other customers/third parties Review the cloud service provider s SLA to determine if the SLA addresses security of the Company s data Review independent audit report(s) related to the Cloud provider s security posture (i.e., security settings, data encryption methods, etc.) and/or exercise the Company s right-to-audit clause Gain access to cloud system(s) and perform limited auditing procedures from the Company s location

30 Risks and audit strategies 3. Data location risks The Company is not aware of all of the cloud service provider s physical location(s) The Company does not know where their data is physically or virtually stored The Cloud service provider moves company data to another location without informing the Company Company data is stored in international locations and falls under foreign business or national laws/regulations

31 Risks and audit strategies 3. Data location audit strategy Inquire of the cloud provider the specific physical and virtual location of the Company s data Work with the Company s legal group to fully understand the impact and potential risks of the Company s data residing in a foreign country Ensure regulatory compliance is maintained if data resides in multiple locations

32 Risks and audit strategies 4. Reliability risks The cloud service provider has quality of service standards which conflict with business requirements During peak system activity times, the cloud service provider experiences system performance issues that result in the following: - Company employees cannot access the Company s data when needed - Customers are unable to use the Company s systems (such as placing an order on the Company s web site) because of performance problems with the cloud provider

33 Risks and audit strategies 4. Reliability audit strategy Inquire of the cloud service provider to determine the controls in place to ensure the reliability of the cloud solution Obtain an SLA/contract from the cloud service provider which details the specific reliability agreement for the Company. Compare this information to actual performance Determine the times that the cloud provider performs system upgrades and/or patches to ensure data availability during peak business hours is not affected Review the Company s business continuity plan and determine if the plan addresses interruptions with the cloud systems used by the Company

34 Risks and audit strategies 5. Sustainability risks In the event the cloud service provider goes out of business, the Company might not be able to retrieve the Company s data. In addition, another third party might gain access/control of the Company s data The cloud service provider does not have appropriate system recovery procedures in place in the event of a disaster The Company s business continuity plan does not address the cloud s service offering being unavailable Company data is compromised as a result of a disaster

35 Risks and audit strategies 5. Sustainability audit strategy Inquire of the cloud service provider to determine if they have adequate controls in place to recover and protect the Company s data even in the event of a disaster Review the Company s business continuity plan and determine if the plan addresses interruptions with the cloud solution Inquire of the cloud service provider to determine how the Company would gain access to its data in the event the cloud service provider goes out of business

36 Risks and audit strategies 6. Scalability risks The cloud service provider s systems cannot scale to meet the Company s anticipated growth, both for a short-term spike and/or to meet a long-term strategy If the Company decides to migrate all or part of the Company s system and/or data back inhouse (or to another provider), the cloud service provider cannot (or will not) provide the data

37 Risks and audit strategies 6. Scalability audit strategy Determine if the cloud provider s system can scale to meet the Company s expected short-term spikes and/or growth over the next five years Determine if the Company has a contingency plan in the event the cloud provider s systems cannot scale to meet the Company s needs Determine who is the owner of the Company s data Determine if the cloud provider would allow the Company to move data back in house and/or to another provider. Determine the specific procedures and associated costs needed to perform this task

38 Risks and audit strategies Case study An energy solutions company is a leading provider of energy solutions with annual revenues in excess of $850 million for a payroll size of 400 employees Decision made by Senior Management to outsource their payroll system to a SaaS vendor cloud solution to allow for increased efficiency and cost savings Internal Audit identified payroll as a high-risk area since this was the Company s first use of a cloud computing solution Key Payroll data is transmitted on a bi-weekly basis to facilitate payment by the SaaS cloud provider

39 Risks and audit strategies Case study (cont'd) Company's Internal Audit department reviewed the cloud provider's Service Organization Report and did not note any exceptions Internal Audit also used existing user-ids to perform limited audit procedures and discovered they had access to view and edit another company's payroll information The Company discussed the findings with the cloud provider and determined the error occurred after a recent system upgrade

40 Agenda Introductions Cloud computing overview Risks and audit strategies Q&A

41 Q & A

42 Contact info Jeff Spivack Principal, Business Advisory Services T: E:

The Elephant in the Room: What s the Buzz Around Cloud Computing?

The Elephant in the Room: What s the Buzz Around Cloud Computing? The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton

More information

Cloud Computing Jenn CruverKibi, CPA July 27, 2016

Cloud Computing Jenn CruverKibi, CPA July 27, 2016 Pursuing the Profession While Promoting the Public Good Cloud Computing Jenn CruverKibi, CPA July 27, 2016 2016 Annual Non-Profit Seminar What we will cover 1 What we will cover: What is cloud computing?

More information

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

GETTING THE MOST FROM THE CLOUD. A White Paper presented by GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are

More information

BUSINESS MANAGEMENT SUPPORT

BUSINESS MANAGEMENT SUPPORT BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

The silver lining: Getting value and mitigating risk in cloud computing

The silver lining: Getting value and mitigating risk in cloud computing The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

Auditing Software as a Service (SaaS): Balancing Security with Performance

Auditing Software as a Service (SaaS): Balancing Security with Performance Auditing Software as a Service (SaaS): Balancing Security with Performance Goals for Today Defining SaaS (Software as a Service) and its importance Identify your company's process for managing SaaS solutions

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

Private vs. Public Cloud Solutions

Private vs. Public Cloud Solutions Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper

More information

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

CONSIDERATIONS BEFORE MOVING TO THE CLOUD CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part I By Debbie C. Sasso Principal When talking technology today, it s very rare that the word Cloud doesn t come up. The benefits

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com

Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com Cloud Security & Risk Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com Agenda About Compass Overcast - Cloud Overview Thunderheads - Risks in the Cloud The Silver Lining - Security Approaches

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

Cloud Computing. Bringing the Cloud into Focus

Cloud Computing. Bringing the Cloud into Focus Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice

More information

WHITE PAPER. How to choose and implement your cloud strategy

WHITE PAPER. How to choose and implement your cloud strategy WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.

More information

The Keys to the Cloud: The Essentials of Cloud Contracting

The Keys to the Cloud: The Essentials of Cloud Contracting The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb

More information

Securing Oracle E-Business Suite in the Cloud

Securing Oracle E-Business Suite in the Cloud Securing Oracle E-Business Suite in the Cloud November 18, 2015 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda The

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Whitepaper: Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider WHITEPAPER Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Requirements Checklist

More information

Presentation to the ACC Information Technology & Ecommerce Committee June 5, 2008

Presentation to the ACC Information Technology & Ecommerce Committee June 5, 2008 Cloud Computing: What to Ask When the Clouds Roll In Presentation to the ACC Information Technology & Ecommerce Committee June 5, 2008 Randall S. Parks and James A. Harvey, Partners and Co-Chairs, and

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

Tips For Buying Cloud Infrastructure

Tips For Buying Cloud Infrastructure 27 Tips For Buying Cloud Infrastructure A Comprehensive list of questions to ask yourself when reviewing potential cloud providers By Christopher Wilson @chrisleewilson Table of Contents Intro: Evaluating

More information

Cloud Computing are you ready?

Cloud Computing are you ready? Cloud Computing are you ready? Steven Krenz ITSM Practice Lead Agenda Introduction Presentation Topics The traditional Data Center: How it compares to The Cloud Cloud Computing and IT Service Management:

More information

Compliance and the Cloud: What You Can and What You Can t Outsource

Compliance and the Cloud: What You Can and What You Can t Outsource Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

More information

How cloud computing can transform your business landscape

How cloud computing can transform your business landscape How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not

More information

Cloud Computing Safe Harbor or Wild West?

Cloud Computing Safe Harbor or Wild West? IT Best Practices Series Cloud Computing Safe Harbor or Wild West? With IT expenditures coming under increasing scrutiny, the cloud is being sold as an oasis of practical solutions. It s true that many

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Cloud Computing Phillip Hampton LogicForce Consulting, LLC

Cloud Computing Phillip Hampton LogicForce Consulting, LLC Phillip Hampton LogicForce Consulting, LLC New IT Paradigm What is? Benefits of Risks of 5 What the Future Holds 7 Defined...model for enabling ubiquitous, it convenient, ondemand network access to a shared

More information

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Requirements Checklist for As the importance and value of corporate data grows, complex enterprise IT environments need

More information

Data Privacy and Security for Market Research in the Cloud

Data Privacy and Security for Market Research in the Cloud Data Privacy and Security for Market Research in the Cloud Peter Milla IIeX2015 NA Agenda Page 2 1. Background 2. Why the Cloud? 3. Data Privacy and Data Security in the Cloud 4. How do We Deal with It?

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

2014 HIMSS Analytics Cloud Survey

2014 HIMSS Analytics Cloud Survey 2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation

More information

Auditing Cloud Computing and Outsourced Operations

Auditing Cloud Computing and Outsourced Operations Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, 2012 3:30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls

More information

NCTA Cloud Architecture

NCTA Cloud Architecture NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,

More information

Everything You Need To Know About Cloud Computing

Everything You Need To Know About Cloud Computing Everything You Need To Know About Cloud Computing What Every Business Owner Should Consider When Choosing Cloud Hosted Versus Internally Hosted Software 1 INTRODUCTION Cloud computing is the current information

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Commercial Software Licensing

Commercial Software Licensing Commercial Software Licensing CHAPTER 12: Prepared by DoD ESI January 2013 Chapter Overview Most software licenses today are either perpetual or subscription. Perpetual licenses involve software possession

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS

CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS Copyright 2012 by the Construction Financial Management Association. All rights reserved. This article first appeared in CFMA Building Profits.

More information

Cloud Computing. Information Security and Privacy Considerations. April 2014

Cloud Computing. Information Security and Privacy Considerations. April 2014 Cloud Computing Information Security and Privacy Considerations April 2014 All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 1 Crown copyright. This copyright

More information

Cloud Computing Paradigm Shift. Jan Šedivý

Cloud Computing Paradigm Shift. Jan Šedivý Cloud Computing Paradigm Shift Jan Šedivý Business expectations Improving business processes Reducing enterprise costs Increasing the use of information/analytics Improving enterprise workforce effectiveness

More information

Understanding Financial Cloud Services

Understanding Financial Cloud Services Understanding Financial Cloud Services A Complete Guide for Hedge Funds About RFA RFA (Richard Fleischman & Associates) has been a Financial Cloud and trusted technology partner to our financial services

More information

Enhancing Operational Capacities and Capabilities through Cloud Technologies

Enhancing Operational Capacities and Capabilities through Cloud Technologies Enhancing Operational Capacities and Capabilities through Cloud Technologies How freight forwarders and other logistics stakeholders can benefit from cloud-based solutions 2013 vcargo Cloud Pte Ltd All

More information

THOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis

THOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis Journey to Cloud 9 Navigating a path to secure cloud computing Alastair Broom Solutions Director, Integralis March 2012 Navigating a path to secure cloud computing 2 Living on Cloud 9 Cloud computing represents

More information

Hosted ediscovery: Adoption, Use, and Results. September, 2011

Hosted ediscovery: Adoption, Use, and Results. September, 2011 Hosted ediscovery: Adoption, Use, and Results September, 2011 SaaS is a Delivery Model Of Cloud Computing Attitudes About SaaS Are Still Evolving Legal Community Embracing SaaS In general, are you leaning

More information

Time to Value: Successful Cloud Software Implementation

Time to Value: Successful Cloud Software Implementation Time to Value: Successful Cloud Software Implementation Cloud & Data Security 2015 Client Conference About the Presenter Scott Schimberg, CPA, CMA Partner, Consulting, Armanino Scott became a Certified

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

Master the Might of the Hybrid Cloud

Master the Might of the Hybrid Cloud Reach for the Sky Master the Might of the Hybrid Cloud WHITE PAPER As an IT decision maker at a global enterprise, you face unique challenges in managing a complex infrastructure with varied resources

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Cloud Computing: Compliance and Client Expectations

Cloud Computing: Compliance and Client Expectations Cloud Computing: Compliance and Client Expectations February 15, 2012 MOSS ADAMS LLP 1 TODAY S PRESENTERS Moderator Kevin Villanueva, CPA, CISA, CISM, CITP, CRISC Sr. Manager, Infrastructure and Security

More information

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses.

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses. Clarity in the Cloud Defining cloud services and the strategic impact on businesses. Table of Contents Executive Summary... 3 Cloud Services... 4 Clarity within the Cloud... 4 Public Cloud Solution...

More information

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access

More information

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:

More information

Cloud Computing Thunder and Lightning on Your Horizon?

Cloud Computing Thunder and Lightning on Your Horizon? Cloud Computing Thunder and Lightning on Your Horizon? Overview As organizations automate more and more of their manual processes, the Internet is increasingly becoming an important tool in the delivery

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

The Benefits of Cloud Computing to the E-Commerce Industry July 2011 A whitepaper on how hosting on a cloud platform can lower costs, improve

The Benefits of Cloud Computing to the E-Commerce Industry July 2011 A whitepaper on how hosting on a cloud platform can lower costs, improve The Benefits of Cloud Computing to the E-Commerce Industry July 2011 A whitepaper on how hosting on a cloud platform can lower costs, improve productivity and stability and remove issues around scalability.

More information

Cloud Computing: Background, Risks and Audit Recommendations

Cloud Computing: Background, Risks and Audit Recommendations Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For

More information

Strategies for Secure Cloud Computing

Strategies for Secure Cloud Computing WHITE PAPER Cloud Basics Strategies for Secure Cloud Computing An Introduction to Exploring the Cloud There is a lot of buzz these days about cloud computing and how it s going to revolutionize the way

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Introduction to Cloud Computing

Introduction to Cloud Computing 1 Introduction to Cloud Computing CERTIFICATION OBJECTIVES 1.01 Cloud Computing: Common Terms and Definitions 1.02 Cloud Computing and Virtualization 1.03 Early Examples of Cloud Computing 1.04 Cloud Computing

More information

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch SSAE 16 for Transportation & Logistics Companies Chris Kradjan Kim Koch 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind,

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Cloud Computing Trends, Examples & What s Ahead

Cloud Computing Trends, Examples & What s Ahead Cloud Computing Trends, Examples & What s Ahead Mike Klein President, Online Tech June 21, 2010 Cloud Computing Defined One Definition: On-Demand Computing Elastic & Scalable Rapidly Provisioned Virtualized

More information

Connecting Your Business to the Cloud. Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom

Connecting Your Business to the Cloud. Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom Connecting Your Business to the Cloud Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom Agenda What is the Cloud? Top Cloud Apps How Do I Get Started? Examples Business Benefits Migration

More information

Cloud Computing: Risks and Auditing

Cloud Computing: Risks and Auditing IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG

More information

Title: Number: Responsible Office: Last Revision:

Title: Number: Responsible Office: Last Revision: Title: Number: Responsible Office: Last Revision: Cloud Computing: Opportunities Used Safely G4 004D Information Security and Privacy Office July 2011 The following guidance was developed and published

More information

Cloud Computing An Internal Audit Perspective. Heather Paquette, Partner Tom Humbert, Manager

Cloud Computing An Internal Audit Perspective. Heather Paquette, Partner Tom Humbert, Manager Cloud Computing An Internal Audit Perspective Heather Paquette, Partner Tom Humbert, Manager March10 2011 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything

More information

What is the Cloud, and why should it matter?

What is the Cloud, and why should it matter? 391 12 What is the Cloud, and why should it matter? 23 Everyone seems to be asking about it. No one seems to know exactly what it is, what they need, and where to find it. 4 A Philosophy of Design and

More information

Dispelling the vapor around Cloud Security

Dispelling the vapor around Cloud Security Dispelling the vapor around Cloud Security The final barrier to adopting cloud computing is security of their data and applications in the cloud. The last barrier to cloud adoption This White Paper examines

More information

Cloud Computing. Introductions 10/20/2010

Cloud Computing. Introductions 10/20/2010 Cloud Computing An In-Depth Discussion Introductions Nathaniel Gates President of Cloud49, Anchorage AK Nathaniel Gates is a lifelong Alaskan who understands the unique challenges businesses face operating

More information

Cloud P ROVIDER CHOOSE A HOW TO. A White Paper presented by

Cloud P ROVIDER CHOOSE A HOW TO. A White Paper presented by Cloud HOW TO CHOOSE A P ROVIDER A White Paper presented by Introduction THE COMING OF AGE OF THE CLOUD More and more organizations are turning to cloud computing to augment or replace their in-house IT

More information

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Trust but Verify. Vincent Campitelli. VP IT Risk Management Trust but Verify Vincent Campitelli VP IT Risk Management McKesson Corporation Trust but Verify Cloud Security 3 Agenda Cloud Defined Cloud Opportunities Cloud Challenges What s Different? How to Verify

More information

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

More information

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges

More information

THE BLUENOSE SECURITY FRAMEWORK

THE BLUENOSE SECURITY FRAMEWORK THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program

More information

Cloud Computing and the SME Prosper on the cloud. Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Cloud Computing and the SME Prosper on the cloud. Wally Kowal, President and Founder Canadian Cloud Computing Inc. Cloud Computing and the SME Prosper on the cloud Wally Kowal, President and Founder Canadian Cloud Computing Inc. Today s Agenda Defining cloud computing The benefits of cloud computing The state of the

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Leveraging the Cloud for Business Efficiency

Leveraging the Cloud for Business Efficiency Leveraging the Cloud for Business Efficiency vcio Lunch and Learn July 16, 2015 Adam Granquist Director of Cloud & Enterprise Services dataprise.com Agenda Leveraging the Cloud for Business Efficiency Cloud

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Wikipedia defines cloud computing as Internet-based computing, whereby shared

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

SaaS, PaaS & TaaS. By: Raza Usmani

SaaS, PaaS & TaaS. By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani SaaS - Introduction Software as a service (SaaS), sometimes referred to as "on-demand software. software and its associated data are hosted centrally (typically in the

More information