ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs"

Transcription

1 ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs The security challenges cloud computing presents are formidable, including those faced by public clouds whose infrastructure and computational resources are owned and operated by an outside party that delivers services to the general public via a multi-tenant platform. National Institute of Standards and Technology (NIST) Special Publication Balancing the benefits of cloud computing against the security risks and privacy considerations is a challenge facing CIOs and Risk Managers everywhere. Underwriting stress points range from fears surrounding the tremendous aggregation of data and potential claims from a major data breach event, to the loss of control when responding to and managing a security incident. The purpose of this series is to take a closer, and hopefully balanced, look at the risks and benefits of cloud computing. This first article will introduce the topic of cloud computing, provide a glance at the growth of the cloud services market and discuss some of the upsides and downsides of cloud computing as outlined in NIST s Guidelines on Security and Privacy in Public Cloud Computing. The scope of the article will be small and midsize businesses (SMBs) and the public cloud market. We ll discuss large enterprise implementations of cloud in another article. Cloud computing has been defined by NIST as a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort. The cloud market is divided into three main service categories; Infrastructure as a Service, Platform as a Service and Software as a Service. Infrastructure as a Service (IaaS) providers are the owners of the hardware associated with a public cloud and include providers such as Amazon, Rackspace, and Terremark. Platform as a Service (PaaS) providers are common to the software development environment and provide not only the infrastructure but also the development environment to create applications, and in some cases, host them as well. Examples of PaaS providers are Force.com and Microsoft Azure.

2 Business processing platforms like Paypal are mentioned specifically by some as a sub category of Platform as a Service. The third and largest segment of the industry is Software as a Service. Examples of Software as a Service providers are Salesforce.Com, Microsoft Office 365 and Google Apps. It is estimated that Software as a Service accounts for ~75% of the market today and has the greatest potential for continued growth. NIST describes four different deployment models, as shows in the image above. For the purposes of this article we are focusing on public cloud deployments. In a public cloud the infrastructure is provisioned for open use by the general public. We will discuss the other deployment models in future articles.

3 Forrester s Sizing the Cloud report forecasts that the global market for cloud computing will grow from $40.7 billion in 2011 to more than $241 billion in Market forces responsible for this growth are: A volatile economy that puts a premium on the agility of business processes and IT systems. Over the coming years most economies will remain volatile resulting in CEOs and COOs continuing to focus their companies on core competencies and leaner, more flexible business operations. Demographic changes in the population of most countries will see a Digital Native generation dominate most workforce environments. Members of this generation will gravitate toward technologies that are provided in a flexible, self-service manner. Cloud and mobile services will experience significant growth and adoption with this generation. Company leaders are starting to recognize how technology such as sensors, business intelligence, Social Computing, and mobile can help build new, differentiated products and solutions for their clients. Cloud computing will be a core enabler for many of these new solutions. Current Analysis December 2011 Cloud Adoption Market Study surveyed over 800 large companies in the United States, Europe and Asian markets regarding current adoption and future adoption of cloud computing. The survey states that whether a business is already heavily invested in virtual services or just dabbling in cloud services, there are some universal concerns about migrating to an on-demand environment. Questions about security are top of mind, with 40% of respondents citing it as the number one obstacle in moving to the cloud. The lack of cloud-specific security standards isn t helping the situation as businesses and providers grapple with what protections are adequate to safeguard applications in a virtualized on-demand environment. We will discuss industry standards and best practices for evaluating cloud providers with respect to security and privacy in future posts. While security is a major concern, cloud computing can improve the overall security in some organizations. Many organizations, specifically small and midsize businesses (SMBs), have limited IT and security staff but have a true business need for economies of scale. Improved

4 security also benefits privacy and for many of these SMBs the move to the cloud results in improved security. Below are five areas where SMBs might improve security and privacy by making the transition to cloud computing: 1. Specialization: Cloud service providers (CSPs), due to their significant infrastructure, provide opportunities for the creation of strong, experienced teams that concentrate exclusively on privacy and security issues. Most companies do not have the ability to shed other duties and place the necessary emphasis on managing security and privacy. Interviews conducted with CSPs have shown a level of sophistication in dealing with threats across numerous attack vectors that might be difficult to achieve for SMB organizations with limited IT resources. 2. Infrastructure: Well-designed cloud computing services provide a high level of homogeneity, resulting in stronger platform hardening, automation of security management and controls employed to protect privacy. Additionally, security incident response activities benefit from homogenous environments as do patching and configuration control. It must be noted that a significant danger in a homogenous cloud environment is that a single flaw will be manifested throughout the entire infrastructure. 3. Compliance: Many cloud providers meet standards for operational compliance and certifications, such as HIPAA, ISO 27001, PCI DSS, and FISMA. These standards can be difficult to achieve and bog down IT resources in small organizations. 4. Scalability & Resource Availability: Cloud computing environments that have strong redundancy and disaster recovery capabilities, combined with on-demand resource capacity, can provide greater resilience when faced with increased service demands or distributed denial of service (DDoS) attacks. Attacks can be better contained and information gathered with greater detail while minimizing the impact on production. 5. Mobility & Cloud Storage: The proliferation of tablet and smartphone usage is staggering. Having data properly maintained and processed in a public cloud may present less of a risk to an organization with a mobile workforce than having the data dispersed on laptops, USB drives, and other portable media. The lost laptop is still one of the most common reasons for a data breach.

5 Keeping in mind that every glass that is half-full is also half-empty, let s examine five core concerns that exist with cloud computing. 1. Complexity: A public cloud is more complex than traditional data centers. Cloud services include additional layers that allow customers to self-manage systems and resources. These create a larger attack surface than a traditional data center and a more complex environment to maintain. Additionally, some cloud services are nested and layered within other cloud providers. For example, many Software as a Service implementations are hosted by another Infrastructure as a Service provider. This adds complexity in managing security as well as defining roles and responsibilities in responding to a security incident. 2. Shared Environment: Cloud computing is based on a multi-tenant environment. In a cloud environment multi-tenancy means that multiple clients share infrastructures, applications or databases in order to gain price and performance advantages. The shared environment creates opportunities for attacks from within the cloud (sometimes referred to as side-channel attacks). 3. Public Facing Access: Administrative functions that in traditional data centers are managed via the organization s private intranet are now managed via the public Internet. This creates a large and very attractive attack surface for malicious activities. 4. Loss of Control: Aside from security concerns, loss of control is the second largest barrier in the minds of CIOs to migrating to cloud computing. When a security incident occurs, who handles the discovery and forensic investigation? Who conducts the risk assessment? For businesses handling personal and/or sensitive information these are significant concerns. 5. Reliability: Highly publicized, high impact and recurring incidents of outages are raising concerns to the day to day stability of cloud services. Underwriting risk in today s cloud driven market is challenging. In some cases, companies that make a move to cloud computing are improving their risk profile while others are increasing risk due to larger attack surfaces and the loss of control. Overall, the cloud

6 computing market has been aggressively securing many of the attack surfaces and concerns we mentioned today. Security challenges provide opportunities for technology innovation and many appliances have been developed specifically to harden cloud environments. Cloud providers know that the number one issue they face is security and as a result place (or should) an emphasis on securing their environments. Our next article will focus on security risks for large enterprises implementing private and hybrid cloud environments. About the Author Vinny Sakore is ICSA Labs Program Manager for Cloud Security Services. He is credentialed in privacy and IT through the International Association for Privacy Professionals. About ICSA Labs ICSA Labs, an independent division of Verizon Business, offers third-party testing and certification of security and health IT products, as well as network-connected devices, to measure product compliance, reliability and performance for many of the world s top security vendors. Visit and for more information.

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Vormetric Data Security Securing and Controlling Data in the Cloud

Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric, Inc. Tel: 888.267.3732 Email: sales@vormetric.com www.vormetric.com Table of Contents Executive Summary.........................................................3

More information

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud? East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management

More information

CHAPTER 8 CLOUD COMPUTING

CHAPTER 8 CLOUD COMPUTING CHAPTER 8 CLOUD COMPUTING SE 458 SERVICE ORIENTED ARCHITECTURE Assist. Prof. Dr. Volkan TUNALI Faculty of Engineering and Natural Sciences / Maltepe University Topics 2 Cloud Computing Essential Characteristics

More information

Digital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics

Digital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics Digital Forensics Lab 10: Cloud Computing & the Future of Digital Forensics Today's Topics Cloud Computing Overview Applications of Cloud Computing Impact of CC to Digital Forensics Future of Digital Forensics

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB Why Private Cloud? O P E R A T I O N S V I E W Nenad BUNCIC EPFL, SI-EXHEB 1 What Exactly Is Cloud? Cloud technology definition, as per National Institute of Standards and Technology (NIST SP 800-145),

More information

Big Data & Its Bigger Possibilities In The Cloud

Big Data & Its Bigger Possibilities In The Cloud Big Data & Its Bigger Possibilities In The Cloud Chhavi Gupta Software Engineer, EMC Corporation Sai Pattem Professional MBA Candidate 2013 August 15 th, 9:30 10:30 AM Session 13860 Room 200 (Hynes Convention

More information

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled HEXAWARE Q & A E-BOOK ON CLOUD BI Layers Applications Databases Security IaaS Self-managed

More information

Cloud Computing An Elephant In The Dark

Cloud Computing An Elephant In The Dark Cloud Computing An Elephant In The Dark Amir H. Payberah amir@sics.se Amirkabir University of Technology (Tehran Polytechnic) Amir H. Payberah (Tehran Polytechnic) Cloud Computing 1394/2/7 1 / 60 Amir

More information

Managed Service Cloud Opportunity. Module 1: Introduction to Managed Services EXECUTIVE SUMMARY. Key Findings

Managed Service Cloud Opportunity. Module 1: Introduction to Managed Services EXECUTIVE SUMMARY. Key Findings Key Findings What do we mean by managed services & cloud services? Managed Service Cloud Opportunity Module 1: Introduction to Managed Services Top 10 research findings about the current MSP market SMB

More information

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Trust but Verify. Vincent Campitelli. VP IT Risk Management Trust but Verify Vincent Campitelli VP IT Risk Management McKesson Corporation Trust but Verify Cloud Security 3 Agenda Cloud Defined Cloud Opportunities Cloud Challenges What s Different? How to Verify

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Enhancing Operational Capacities and Capabilities through Cloud Technologies

Enhancing Operational Capacities and Capabilities through Cloud Technologies Enhancing Operational Capacities and Capabilities through Cloud Technologies How freight forwarders and other logistics stakeholders can benefit from cloud-based solutions 2013 vcargo Cloud Pte Ltd All

More information

TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF

TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF As interest in cloud computing increases, so does the confusion surrounding it. What is cloud computing? Can the technology

More information

Cloud Computing: The Next Computing Paradigm

Cloud Computing: The Next Computing Paradigm Cloud Computing: The Next Computing Paradigm Ronnie D. Caytiles 1, Sunguk Lee and Byungjoo Park 1 * 1 Department of Multimedia Engineering, Hannam University 133 Ojeongdong, Daeduk-gu, Daejeon, Korea rdcaytiles@gmail.com,

More information

Cloud Computing Phillip Hampton LogicForce Consulting, LLC

Cloud Computing Phillip Hampton LogicForce Consulting, LLC Phillip Hampton LogicForce Consulting, LLC New IT Paradigm What is? Benefits of Risks of 5 What the Future Holds 7 Defined...model for enabling ubiquitous, it convenient, ondemand network access to a shared

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

Healthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework

Healthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework Cloud 101 General Overview of Cloud Services January 21, 2015 Agenda Healthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework 2. 2014

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

Governing Changes in a Cloud, Cloud, World. EEI-AGA Accounting Leadership Conference. james.r.hanlon@us.pwc.com. New Orleans, Louisiana

Governing Changes in a Cloud, Cloud, World. EEI-AGA Accounting Leadership Conference. james.r.hanlon@us.pwc.com. New Orleans, Louisiana June 2012 www.pwc.com www.pwc.com www.pwc.com Governing Changes in a Cloud, Cloud, World EEI-AGA Accounting Leadership Conference New Orleans, Louisiana Jim Hanlon james.r.hanlon@us.pwc.com Partner, Utilities

More information

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com The Magazine for IT Security May 2010 sör alex / photocase.com free digital version made in Germany issue 3 Luiz Fotolia.com Clouds or storm clouds? Cloud Computing Security by Javier Moreno Molinero Gradually,

More information

How cloud computing can transform your business landscape

How cloud computing can transform your business landscape How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Cloud Computing 159.735 Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Table of Contents Introduction... 3 What is Cloud Computing?... 3 Key Characteristics...

More information

What Factors Determine Cloud Computing Adoption by Colleges and Universities? Bill Klug Instructor, BCIT

What Factors Determine Cloud Computing Adoption by Colleges and Universities? Bill Klug Instructor, BCIT What Factors Determine Cloud Computing Adoption by Colleges and Universities? Bill Klug Instructor, BCIT What Will Be Presented Today? My interest in cloud computing What is cloud computing? Who did I

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.

More information

Clearing the Clouds for Midmarket Businesses

Clearing the Clouds for Midmarket Businesses Clearing the Clouds for Midmarket Businesses Sponsored by EMC Laurie McCabe, Partner Sanjeev Aggarwal, Partner October 2012 1 SMB Group, Inc. CLEARING THE CLOUDS FOR MIDMARKET BUSINESSES In today s always-on,

More information

How cloud computing can transform your business landscape.

How cloud computing can transform your business landscape. How cloud computing can transform your business landscape. This whitepaper will help you understand the ways cloud computing can benefit your business. Introduction It seems like everyone is talking about

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything

More information

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

CLOUD COMPUTING. A Primer

CLOUD COMPUTING. A Primer CLOUD COMPUTING A Primer A Mix of Voices The incredible shrinking CIO CIO Magazine, 2004 IT Doesn t Matter, The cloud will ship service outside the institution and ship power from central IT groups to

More information

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION White Paper May 2012 Abstract Whether enterprises choose to use private, public or hybrid clouds, the availability of a broad range

More information

JDA Cloud Services We Keep Our Head In The Clouds. John Frazier January, 2012

JDA Cloud Services We Keep Our Head In The Clouds. John Frazier January, 2012 JDA Cloud Services We Keep Our Head In The Clouds John Frazier January, 2012 1 Gartner CIO IT Strategies 2011 IT strategies for 2011 strongly focus on creating infrastructure while streamlining costs and

More information

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014 IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com AGENDA General description of cloud Cloud Framework Top issues in cloud Cloud Security trend Cloud Security Infrastructure Cloud Security Advantages

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)

More information

Oracle Applications and Cloud Computing - Future Direction

Oracle Applications and Cloud Computing - Future Direction Oracle Applications and Cloud Computing - Future Direction February 26, 2010 03:00 PM 03:40 PM Presented By Subash Krishnaswamy skrishna@astcorporation.com Vijay Tirumalai vtirumalai@astcorporation.com

More information

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013 Cloud Computing in the Enterprise An Overview For INF 5890 IT & Management Ben Eaton 24/04/2013 Cloud Computing in the Enterprise Background Defining the Cloud Issues of Cloud Governance Issue of Cloud

More information

CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD. Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas

CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD. Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas PART 1 A brief Concept of cloud Issues in cloud Security Issues A BRIEF The Evolution Super

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

Where in the Cloud are You? Session 17032 Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Where in the Cloud are You? Session 17032 Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle) Where in the Cloud are You? Session 17032 Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle) Abstract The goal of this session is to understanding what is meant when we say Where in the

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

Cloud Computing: Background, Risks and Audit Recommendations

Cloud Computing: Background, Risks and Audit Recommendations Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For

More information

WHITE PAPER. How to choose and implement your cloud strategy

WHITE PAPER. How to choose and implement your cloud strategy WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.

More information

Dr Markus Hagenbuchner markus@uow.edu.au CSCI319. Introduction to Cloud Computing

Dr Markus Hagenbuchner markus@uow.edu.au CSCI319. Introduction to Cloud Computing Dr Markus Hagenbuchner markus@uow.edu.au CSCI319 Introduction to Cloud Computing CSCI319 Chapter 1 Page: 1 of 10 Content and Objectives 1. Introduce to cloud computing 2. Develop and understanding to how

More information

Cloud Computing. Jean-Claude DISPENSA IBM Distinguished Engineer

Cloud Computing. Jean-Claude DISPENSA IBM Distinguished Engineer Cloud Computing Jean-Claude DISPENSA IBM Distinguished Engineer Best Student Recognition Event July 6-8, 2011 EMEA IBM Innovation Center La Gaude, France Business needs are growing - IT costs are increasing

More information

NATO s Journey to the Cloud Vision and Progress

NATO s Journey to the Cloud Vision and Progress NATO s Journey to the Cloud Vision and Progress Dr Peter J. Lenk 2 Definitions of the Cloud A large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted,

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

Cloud Infrastructure as a Service Market Update, 2015. United States

Cloud Infrastructure as a Service Market Update, 2015. United States Cloud Infrastructure as a Service Market Update, 2015 United States March 2015 Contents Section Slide Numbers Executive Summary 5 Market Overview 7 Definitions & Study Scope 8-10 Market Drivers 12-14 Market

More information

NCTA Cloud Architecture

NCTA Cloud Architecture NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,

More information

Implementing Hybrid Cloud at Microsoft

Implementing Hybrid Cloud at Microsoft Implementing Hybrid Cloud at Microsoft Published September 2013 The following content may no longer reflect Microsoft s current position or infrastructure. This content should be viewed as reference documentation

More information

security in the cloud White Paper Series

security in the cloud White Paper Series security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),

More information

OVERVIEW Cloud Deployment Services

OVERVIEW Cloud Deployment Services OVERVIEW Cloud Deployment Services Audience This document is intended for those involved in planning, defining, designing, and providing cloud services to consumers. The intended audience includes the

More information

Hybrid Cloud Mini Roundtable. April 17, 2013. Expect Excellence. www.divihn.com

Hybrid Cloud Mini Roundtable. April 17, 2013. Expect Excellence. www.divihn.com Hybrid Cloud Mini Roundtable April 17, 2013 Expect Excellence www.divihn.com Today s Agenda What to expect today Introductions Plus, why are you here this evening? What is Hybrid Cloud? Why Hybrid Cloud?

More information

Intermedia s Dedicated Exchange

Intermedia s Dedicated Exchange Intermedia s Dedicated Exchange This is a practical guide to implementing Intermedia s Dedicated Hosted Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading

More information

Top 10 Cloud Risks That Will Keep You Awake at Night

Top 10 Cloud Risks That Will Keep You Awake at Night Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com

More information

Quick guide: Using the Cloud to support your business

Quick guide: Using the Cloud to support your business Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses

More information

Cloud and Data Center Security

Cloud and Data Center Security solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic

More information

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 Perspectives on Moving to the Cloud Paradigm and the Need for Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 2 NIST Cloud Computing Resources NIST Draft Definition of

More information

Cloud Computing--Efficiency and Security

Cloud Computing--Efficiency and Security Cloud Computing--Efficiency and Security Mick Atton, VP & Chief Architect Thomson Reuters--Legal July 22, 2013 Thomson Reuters Thomson Reuters is the leading source of intelligent information for the world's

More information

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages Ivan Zapevalov 2 Outline What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages 3 What is cloud computing? 4 What is cloud computing? Cloud computing is the

More information

Building Private & Hybrid Cloud Solutions

Building Private & Hybrid Cloud Solutions Solution Brief: Building Private & Hybrid Cloud Solutions WITH EGENERA CLOUD SUITE SOFTWARE Egenera, Inc. 80 Central St. Boxborough, MA 01719 Phone: 978.206.6300 www.egenera.com Introduction When most

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

A THINKstrategies Primer for CIOs

A THINKstrategies Primer for CIOs A THINKstrategies Primer for CIOs Making the Move to a Cloud-Based IT Service : Why the Time Is Right to Put Aside Your Fears & Capitalize on Today s Latest Innovations Published on Behalf of BMC Software

More information

Cloud Computing. Information Security and Privacy Considerations. April 2014

Cloud Computing. Information Security and Privacy Considerations. April 2014 Cloud Computing Information Security and Privacy Considerations April 2014 All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 1 Crown copyright. This copyright

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

Governance and Control in the Cloud. Infrastructure as a Service

Governance and Control in the Cloud. Infrastructure as a Service 1 Governance and Control in the Cloud Infrastructure as a Service Cows 2 The Triumph of the Utility 3 Our Discussion 4 How we ll talk about Governance and Controls today Not an IT-assurance methodology

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

Cloud Computing Paradigm Shift. Jan Šedivý

Cloud Computing Paradigm Shift. Jan Šedivý Cloud Computing Paradigm Shift Jan Šedivý Business expectations Improving business processes Reducing enterprise costs Increasing the use of information/analytics Improving enterprise workforce effectiveness

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

Cloud Based Solutions for Media and Entertainment

Cloud Based Solutions for Media and Entertainment Tech Forum 2012 Cloud Based Solutions for Media and Entertainment by Ron Clifton Globecomm Tech Forum 2012 Hauppauge, NY 7 August 2012 RWC Rev Page: 120804 1 The Program 10:30 Cloud Solutions Part 1: Cloud

More information

Leveraging the Cloud for Your Business

Leveraging the Cloud for Your Business Leveraging the Cloud for Your Business by CornerStone Telephone Company 2 Third Street Troy, NY 12180 As consumers, we enjoy the benefits of cloud services from companies like Amazon, Google, Apple and

More information

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:

More information

INTRODUCING CLOUD POWER

INTRODUCING CLOUD POWER INTRODUCING CLOUD POWER WHAT IF YOU COULD TAKE YOUR EXISTING IT INFRASTRUC- TURE AND MAKE IT MORE FLEXIBLE, MORE PRODUCTIVE, AND MORE POWERFUL ALL FOR LESS MONEY THAN YOU RE CUR- RENTLY SPENDING? Introducing

More information