Security and Privacy in Cloud Computing

Size: px
Start display at page:

Download "Security and Privacy in Cloud Computing"

Transcription

1 Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions

2 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges in Cloud Computing Data Security, Data Privacy Compliance Legal and Contractual Challenges faced by Cloud Providers Recommendations

3 3 Background & Objective DSCI has undertaken a study on Data Protection Challenges in Cloud Computing in partnership with Wipro with the objective to understand the security and privacy challenges and trends in Cloud Computing with respect to Indian IT environment As part of this study, DSCI along with Wipro conducted a survey to understand the perception of the security professionals on risks & challenges associated with Cloud Computing focusing on Security & Privacy

4 4 Study Methodology Primary research A survey across 48 organizations Survey was conducted by DSCI and Wipro Total of 71 professionals representing 48 organizations Secondary research, covering the following aspects vis-à-vis Cloud Computing: Different Cloud deployment models (Private, Public, Hybrid etc) Cloud Services Models (SaaS, PaaS, IaaS, etc.) Current Scenario and Future of Cloud Computing Reasons behind considering Cloud Computing Challenges in the adoption of Cloud Computing Criteria for Cloud service provider selection Challenges faced by Cloud service providers Role of NASSCOM-DSCI in Cloud Computing ecosystem

5 Cloud Computing in India World Cloud Services Revenue forecasted to reach $ 68.3 billion in 2010 and $148.8 billion in 2014 Cloud Computing market in India currently stands at USD 110 million and is expected to reach USD 1,084 million by 2015* Software-as-a-Service (SaaS) has witnessed the highest growth and it is likely to reach a mark of USD 650 million by 2015* 21% of the surveyed firms are planning to host IT services on the Cloud and pilot projects are initiated Cloud adoption in India 24% 15% 38% Not considering migration to Cloud Computing as of now 5 21% Already using Cloud Computing services Planning to initiate a pilot project or implement less critical services Planning a complete migration Will consider based on the industry / peer adoption trend

6 6 Cloud Deployment models and Adoption Private cloud. - Dedicated cloud infrastructure for an org. Self Managed or Third Party, On premise / Off Premise Public cloud. - Shared Cloud Infrastructure on a cost services model selling cloud services. Hybrid cloud. Cloud infrastructure composed of private, public and or community cloud that enables data & application portability (e.g., cloud bursting). Community cloud. Shared cloud infrastructure managed by the organizations or a third party and may exist on premise or off premise ORGANISATION PREFERENCE FOR ADOPTION OF CLOUD DEPLOYMENT MODELS Deployment Decision Matrix Cost Effectiveness Management Control Reliability Accountability Standardization Adoption Security Public Cloud 6% Private Cloud 29% 66% Hybrid Cloud or Community Cloud Large enterprises points toward exploring Public Clouds for hosting of non-business, non-critical, support applications only such as Document Management Systems hosted s, CRM and Learning Solutions, etc Critical Applications, that demand data to reside within organizational systems, because of regulatory/legal requirements, remain on the Private Cloud Organizations often adopt Public Cloud for services where users are not required to deal With any sensitive data

7 7 Cloud Deployment Models In a SaaS Model, the software is hosted at the cloud service provider s site 91% In a PaaS Model, the application framework is hosted at the cloud service provider s site 56% 53% In a IaaS Model, the compute, storage is available as a service

8 Security as a Service In a Security as a Service Model, the security functions are delivered as a service 53% Security as a Service 70% 57% 61% 43% 48% 35% Identity Management Threat Management Security Device Management Infrastructure Security Operations 8 Web Security Monitoring Vulnerability Assessment and Penetration Testing

9 9 Challenges in Cloud Computing Data Security and Privacy - a Major inhibitor to Cloud adoption 95% Challenge in meeting Compliance requirements Accountability and ownership of data in the Cloud Legal & Contractual Issues addressing geographical specific regulatory requirements especially in trans-border data flow and storage 80% 76% major challenges / concerns Data Security & Privacy 70% 25% 3% Compliance Issues 30% 50% 16% 4% Legal & Contractual Issues 39% 37% 21% 4% Challenges in migration 11% 2 38% 18% 11% Lack of clarity in pay per use Model 13% 15% 47% 24% Integration of Cloud based applications with legacy systems 2 33% 33% 8% 4% Critical Very Important Important Less Important Not Important

10 10 Data Security & Privacy Challenges Major Data Security Challenges in the Cloud 9 Data Segregation & Protection 80% Data Leak Prevention Other Important Considerations on Cloud Threat and Vulnerability Management 75% 7 Identity and Access Management

11 Compliance & Legal Contractual Challenges Compliance Considerations on Cloud 7 71% Ability of provider to demonstrate compliance Feasibility of Audit and Assessment of Applications Distribution of ownership between user organization and cloud provider Addressing Specific Compliance Requirements like HIPAA, GLBA, PCI Feasibility of Audit and assessment of applications and systems COMPLIANCE CHALLENGES 27% 26% 21% 41% 36% 50% 31% 34% 27% On demand availability of Log & Audit Trails 24% 44% 24% 8% Ability of provider to demonstrate compliance requirements of user 39% 33% 27% Critical Very Important Important Less Important Not Important Legal and Contractual Challenges in the Cloud 79% 74% Liability Sharing in case of data breaches and subsequent resource mechanism Ownership of Intellectual property of end users information End of Service Support Issues like retention & disposal of information, transfer of IPR Ownership of Intellectual Property of cloud based services, products and end user Information LEGAL & CONTRACTUAL CHALLENGES 34% 41% 30% 33% 3 2 4% 4% Liability sharing in case of data breaches and subsequent recourse mechanism 44% 35% 21% Critical Very Important Important Less Important Not Imporantt 11

12 12 Measures Adopted - Addressing Data Security Top 3 Measures adopted by Organizations 69% 58% 5 Including security & privacy clauses in the contractual agreement Periodically auditing the services of Cloud service provider Making Cloud service provider legally liable for data breach The emergence of security services on the cloud is yet to mature from the basic MSS models, which are currently prevalent. Strengthening the contracts and periodic audits are some of the basic measures that organizations are currently adopting. Measures adopted by organization Including data security and privacy clauses in the contract 69% Making the service provider legally liable for any data security & privacy breach 5 Auditing the service provider at a defined and mutually agreed frequency Service Provider providing third party audit reports to your organization on a regular basis Mandating service providers to implement technical and organizational safeguards Demanding transparency in information management practices through regular reporting Aligning existing security & privacy strategies to address new challenges Updating the norms of privacy specific user transactions to incorporate new challenges None 4% 33% 33% 31% 44% 4 58%

13 Selecting the Right Cloud Provider Security, Privacy and Compliance considerations for selecting a Cloud service provider 77% 73% 7 7 Demonstration of Data Security and Privacy Capabilities of Cloud service provider Ability to support BCP/ DR requirements Standardized security preparedness of Cloud service provider like ISO Certification Transparency in information practices followed by the Cloud service provider Reduced Investment in BCP/DR, a major cost-centre for business, is one of the major drivers for adoption of Cloud Computing Major Security & Privacy, Compliance considertion for selecting a cloud provider Standardized security preparedness of cloud provider like ISO certification 54% 18% 1 4% 1 Third Party Attestation or Seal for Privacy 21% 4 21% 15% Demonstration of data security and privacy capabilities by cloud provider 43% 34% 17% 4% Transparency in Information practices followed by the cloud provider 43% 29% 20% 6% No. of Data Security breaches in the past 41% 2 28% 4% 4% Service and Operation level agreements including Security Operations 4 19% 21% 17% Disaster Recovery capabilities 48% 25% 13% 6% 8% Compliance Demonstration Capabilities 38% 33% 16% 4% 9% Critical Very Important Important Less Important Not Important 13

14 14 Challenges faced by Cloud Providers Top 3 Challenges faced by Cloud providers 78% 59% 57% Technological limitation especially in Indian context where network bandwidth, latency and interoperability has been seen as a major challenge Meeting multiple regulatory compliance requirements, that vary considerably based on the type of data, geography and domain / industry. E.g. HIPAA for health records, GLBA for financial transactions, PCI DSS for credit card data, etc. Meeting multiple contractual requirements, especially when data protection requirements as well as data breach liabilities of different countries vary considerably Major challenges faced by cloud service providers Meeting multiple regulatory 59% Technological Limitations Meeting multiple contractual 57% Huge initial capital expenditure / 33% Inadequate Research and Development Alleviate negative perceptions about Unavailability of skilled resources Migration of services provided to client Technological Limitations (Indian 15% 19% 19% 24% 26% Enforcement of IT (Amendment) Act, 2008 will be a challenge as cloud computing Business benefits arising out of the use of cloud computing will influence the focus Under the Indian Telecom Licensing Policy, prohibition of data transfer outside the 78% Indian legal framework 38% 61% 63%

15 15 Role of NASSCOM DSCI in Cloud Computing Role of NASSCOM-DSCI in the Cloud computing ecosystem in India Promote data security and privacy in the evolving cloud based ecosystem Work closely with the government to create necessary policy environment for cloud computing 70% 68% Advise user organizations on the data security and privacy related aspects of cloud computing 48% Engage with the cloud providers to establish safe and secure cloud computing environment 55% Benchmark different cloud providers against their data security and privacy practices 45% This study is an important step for DSCI to chart out and drive the government policy initiatives for Cloud computing

16 16 Recommendations Security standards and certifications specific to Cloud environments need to be developed for successful implementation of Cloud services User organizations should involve Business, IT and legal team in framing of the contract provisions Cloud service providers - Transparency required with their processes, certifications, information security practices, and techniques Both User organizations and Cloud service providers should develop robust information security governance, regardless of the service or deployment model.

17 2010 Wipro Ltd - Confidential Thank you.

18 Wipro as an Originator and System Integrator of cloud Cloud Layer Solutions as an Originator System Integration Services BPaaS SaaS 1. Mortgage origination 2. HRO 1. Public Cloud solutions: Hospital software, Auto Dealer platform, E-commerce platform, Mortgage origination, Document Management 2. Vendor products offered on Wipro Cloud: Fidelity Banking software, MS Dynamics 1. Platform development 1. System Integration Services SFDC, Dynamic CRM, Oracle on Demand, Workday, SAP ByD, Netsuite, BPOS, Google Applications 2. SaaS enabling Independent software vendor applications PaaS IaaS No Originating solutions 1. Wipro Cloud data centers (USA/Europe/India) 2. Hosting for SaaS & BPaaS vendors 1. Lead developer on Azure, Force.com platforms 2. Hosted test platforms 3. Build Private PaaS platform (wsaas) 1. Build, Operate & manage Private cloud, Migration to public cloud 2. SI, test and manage public cloud Wipro Ltd - Confidential

19 Wipro services to cloud Originators and Enterprises Cloud Layer Services to Originators Services to Enterprises BPaaS 1. Platform development 1. Wipro BPaaS solutions- Mortgage origination SaaS PaaS IaaS 1. Dev & test support for SaaS ISV s 2. Enabling cloud services on devices (mobile) 1. Enabling devices (mobile) 1. Hosting for SaaS / BPaaS vendors 2. SI and test deployments for public cloud 1. System integration service for SFDC, Dynamic CRM, Oracle On Demand, Netsuite, BPOS, Google Apps, Workday, SAP ByD 2. Wipro solutions offered in Public Cloud: Hospital software, Auto Dealer platform, E commerce platform, Mortgage origination, Document Management 3. ISV products offered on Wipro Cloud: Fidelity Banking software, MS Dynamic CRM 1. Lead developer on Azure, Force.com 2. Test platforms on cloud 3. wsaas Private PaaS 1. Setting up Private cloud 2. Migration to public cloud 3. Wipro Cloud data centers (USA, Europe & India) Wipro Ltd - Confidential

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

Brochure More information from http://www.researchandmarkets.com/reports/3050461/

Brochure More information from http://www.researchandmarkets.com/reports/3050461/ Brochure More information from http://www.researchandmarkets.com/reports/3050461/ Global Cloud Computing Market Service (Software, Infrastructure, Platform)- Strategy, Overview, Size, Share, Global Trends,

More information

Cloud Computing in Banking

Cloud Computing in Banking Financial Services the way we see it Cloud Computing in Banking What banks need to know when considering a move to the cloud Contents 1 Overview 3 2 Why Cloud Computing for Banks? 4 2.1 Cost Savings and

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

Global Cloud Based BPO Market 2015-2019

Global Cloud Based BPO Market 2015-2019 Brochure More information from http://www.researchandmarkets.com/reports/3420456/ Global Cloud Based BPO Market 2015-2019 Description: About cloud-based BPO Over the years, enterprises worldwide have become

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Today s Speakers. A Conversation with Robbie Forkish, Forkish Consulting 9/1/2009. Webtorials Editorial/Analyst Division

Today s Speakers. A Conversation with Robbie Forkish, Forkish Consulting 9/1/2009. Webtorials Editorial/Analyst Division Security In The Cloud A Conversation with Robbie Forkish, Forkish Consulting Webtorials Editorial/Analyst Division Produced and distributed by: Today s Speakers Steven Taylor Co-Founder Editorial/Analyst

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for

More information

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014 IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security

More information

Cloud Computing Jenn CruverKibi, CPA July 27, 2016

Cloud Computing Jenn CruverKibi, CPA July 27, 2016 Pursuing the Profession While Promoting the Public Good Cloud Computing Jenn CruverKibi, CPA July 27, 2016 2016 Annual Non-Profit Seminar What we will cover 1 What we will cover: What is cloud computing?

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies

More information

Vormetric Data Security Securing and Controlling Data in the Cloud

Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric, Inc. Tel: 888.267.3732 Email: sales@vormetric.com www.vormetric.com Table of Contents Executive Summary.........................................................3

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Can security conscious businesses really adopt the Cloud safely?

Can security conscious businesses really adopt the Cloud safely? Can security conscious businesses really adopt the Cloud safely? January 2014 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Executive overview The varied Cloud security landscape How risk assessment

More information

HIPAA in the Cloud How to Effectively Collaborate with Cloud Providers

HIPAA in the Cloud How to Effectively Collaborate with Cloud Providers How to Effectively Collaborate with Cloud Providers Agenda Overview of Topics Covered Agenda Evolution of the Cloud Comparison of Private vs. Public Clouds Other Regulatory Frameworks Similar to HIPAA

More information

HYBRID CLOUD: The Next Frontier

HYBRID CLOUD: The Next Frontier HYBRID CLOUD: The Next Frontier This report is solely for the use of Zinnov Client and Zinnov Personnel. No Part of it may be quoted, circulated or reproduced for distribution outside the client organization

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

DATA SECURITY COUNCIL OF INDIA

DATA SECURITY COUNCIL OF INDIA Data Security Council of India (DSCI) is a section 25, not-for-profit company, setup by NASSCOM as an independent Self Regulatory Organization (SRO) to promote data protection, develop security and privacy

More information

Overview of Topics Covered

Overview of Topics Covered How to Effectively Collaborate with Cloud Providers Agenda Overview of Topics Covered Agenda Evolution of the Cloud Comparison of Private vs. Public Clouds Other Regulatory Frameworks Similar to HIPAA

More information

Cloud Service Rollout. Chapter 9

Cloud Service Rollout. Chapter 9 Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed

More information

Why You Should Consider the Cloud

Why You Should Consider the Cloud INTERSYSTEMS WHITE PAPER Why You Should Consider the Cloud In 2014, we ll see every major player make big investments to scale up Cloud, mobile, and big data capabilities, and fiercely battle for the hearts

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing Contents Introduction Why GRC Assessment Benefits of Cloud computing and Problem Statement Key Speculations & Problems faced by Cloud service user s in Today s time Threats, Vulnerabilities and related

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

The Elephant in the Room: What s the Buzz Around Cloud Computing?

The Elephant in the Room: What s the Buzz Around Cloud Computing? The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton

More information

Cloud Computing: Making the right choices

Cloud Computing: Making the right choices Cloud Computing: Making the right choices Kalpak Shah Clogeny Technologies Pvt Ltd 1 About Me Kalpak Shah Founder & CEO, Clogeny Technologies Passionate about economics and technology evolving through

More information

HIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers

HIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers How to Effectively Collaborate with Cloud Providers Speaker Bio Chad Kissinger Chad Kissinger Founder OnRamp Chad Kissinger is the Founder of OnRamp, an industry leading high security and hybrid hosting

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

Governing Changes in a Cloud, Cloud, World. EEI-AGA Accounting Leadership Conference. james.r.hanlon@us.pwc.com. New Orleans, Louisiana

Governing Changes in a Cloud, Cloud, World. EEI-AGA Accounting Leadership Conference. james.r.hanlon@us.pwc.com. New Orleans, Louisiana June 2012 www.pwc.com www.pwc.com www.pwc.com Governing Changes in a Cloud, Cloud, World EEI-AGA Accounting Leadership Conference New Orleans, Louisiana Jim Hanlon james.r.hanlon@us.pwc.com Partner, Utilities

More information

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Security in the Cloud: Visibility & Control of your Cloud Service Providers Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,

More information

ICANWK616A Manage security, privacy and compliance of cloud service deployment

ICANWK616A Manage security, privacy and compliance of cloud service deployment ICANWK616A Manage security, privacy and compliance of cloud service deployment Release 1 ICANWK616A Manage security, privacy and compliance of cloud service deployment Modification History Release Release

More information

CLOUD MIGRATION STRATEGIES

CLOUD MIGRATION STRATEGIES CLOUD MIGRATION STRATEGIES Faculty Contributor: Dr. Rahul De Student Contributors: Mayur Agrawal, Sudheender S Abstract This article identifies the common challenges that typical IT managers face while

More information

Platform as a Service (PaaS) (Public, Private and Hybrid Cloud) Market - Global Industry Analysis, Size, Share, Growth, Trends and Forecast 2014-2020

Platform as a Service (PaaS) (Public, Private and Hybrid Cloud) Market - Global Industry Analysis, Size, Share, Growth, Trends and Forecast 2014-2020 Brochure More information from http://www.researchandmarkets.com/reports/3060123/ Platform as a Service (PaaS) (Public, Private and Hybrid Cloud) Market - Global Industry Analysis, Size, Share, Growth,

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

Ensuring Cloud Security Using Cloud Control Matrix

Ensuring Cloud Security Using Cloud Control Matrix International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 3, Number 9 (2013), pp. 933-938 International Research Publications House http://www. irphouse.com /ijict.htm Ensuring

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

GETTING THE MOST FROM THE CLOUD. A White Paper presented by GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are

More information

In-House Counsel Day Priorities for 2012

In-House Counsel Day Priorities for 2012 In-House Counsel Day Priorities for 2012 Cloud Computing the benefits, potential risks and security for the future Presented by Anthony Willis Group Head IP and Technology Thursday 1 March 2012 WIN: What

More information

Molnet öppnar nya möjligheter för kostnadseffektiv IT

Molnet öppnar nya möjligheter för kostnadseffektiv IT Molnet öppnar nya möjligheter för kostnadseffektiv IT March 3 Magnus Arildsson, Cloud Leader, IBM Nordic 2015 IBM Corporation Market Shifts are creating a new era of IT Data is becoming the world s new

More information

Cloud Security Certification

Cloud Security Certification Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible

More information

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015 NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Quick guide: Using the Cloud to support your business

Quick guide: Using the Cloud to support your business Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses

More information

Healthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework

Healthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework Cloud 101 General Overview of Cloud Services January 21, 2015 Agenda Healthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework 2. 2014

More information

Transformational Benefits of the Cloud. Information & Communication technology October 2013

Transformational Benefits of the Cloud. Information & Communication technology October 2013 Transformational Benefits of the Cloud Information & Communication technology October 2013 Fifth Generation of Computing Cloud Mainframe 1970s Client Server 1980s Web 1990s 80% SOA 2000s 2010+ of new commercial

More information

2014 HIMSS Analytics Cloud Survey

2014 HIMSS Analytics Cloud Survey 2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Moving your enterprise systems to the cloud? What do you need to know to manage the risks? Jamie Levitt, Director

Moving your enterprise systems to the cloud? What do you need to know to manage the risks? Jamie Levitt, Director www.pwc.com Moving your enterprise systems to the cloud? What do you need to know to manage the risks? November 2015 Jamie Levitt, Director Disclaimer Certain matters reviewed today may represent services

More information

The growing demand for a centralized system for the management of academic processes is expected to drive the cloud computing in education market

The growing demand for a centralized system for the management of academic processes is expected to drive the cloud computing in education market Brochure More information from http://www.researchandmarkets.com/reports/3505246/ Cloud Computing in Education Market by Service Model (SaaS, PaaS, and IaaS), Deployment Model (Private Cloud, Public Cloud,

More information

CLOUD COMPUTING S IMPACT ON OUTSOURCING IT SAURABH SHARMA TUCK 12

CLOUD COMPUTING S IMPACT ON OUTSOURCING IT SAURABH SHARMA TUCK 12 CLOUD COMPUTING S IMPACT ON OUTSOURCING IT SAURABH SHARMA TUCK 12 CONTENTS Fundamentals of outsourcing are changing Capabilities Required and how outsourcing vendors are developing them Licensing models

More information

Leveraging the Private Cloud for Competitive Advantage

Leveraging the Private Cloud for Competitive Advantage Leveraging the Private Cloud for Competitive Advantage Introduction While it is universally accepted that organisations will leverage cloud solutions to service their IT needs, there is a lack of clarity

More information

Enterprise Cloud Computing. The war for enterprise software

Enterprise Cloud Computing. The war for enterprise software Enterprise Cloud Computing The war for enterprise software Manish Dalwadi 3/1/2012 Enterprise Cloud appears to be becoming more and more mainstream Top trending searches indicate adoption interest Cloud

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

Phone: +44 20 8123 2220 Fax: +44 207 900 3970 office@marketpublishers.com https://marketpublishers.com

Phone: +44 20 8123 2220 Fax: +44 207 900 3970 office@marketpublishers.com https://marketpublishers.com North American Healthcare Cloud Computing Market by Application (PACS, RCM, EMR), by Deployment (Private, Public), by Service (SaaS, PaaS), & by End-User (Providers, Payers, Life Sciences) - Analysis &

More information

Clo l ud d C ompu p tin i g

Clo l ud d C ompu p tin i g Oya Şanlı MCT Agenda What is cloud computing? What is its goal? Characteristics, service models, deployment models Why is cloud so different? What are the technologies behind it? Scenarios Which sectors

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Cloud Computing. Bringing the Cloud into Focus

Cloud Computing. Bringing the Cloud into Focus Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice

More information

Cloud Computing--Efficiency and Security

Cloud Computing--Efficiency and Security Cloud Computing--Efficiency and Security Mick Atton, VP & Chief Architect Thomson Reuters--Legal July 22, 2013 Thomson Reuters Thomson Reuters is the leading source of intelligent information for the world's

More information

ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs

ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs The security challenges cloud computing presents are formidable, including those

More information

WELCOME TO SECURE360 2013

WELCOME TO SECURE360 2013 WELCOME TO SECURE360 2013 Don t forget to pick up your Certificate of Attendance at the end of each day. Please complete the Session Survey front and back, and leave it on your seat. Are you tweeting?

More information

The Hybrid Cloud. Why One Size is Not a Fit for All Companies. By: Kyle Snyder, Tom Connolly June 19, 2016

The Hybrid Cloud. Why One Size is Not a Fit for All Companies. By: Kyle Snyder, Tom Connolly June 19, 2016 The Hybrid Cloud Why One Size is Not a Fit for All Companies By: Kyle Snyder, Tom Connolly June 19, 2016 Agenda Overview What is the Hybrid Cloud? Current Business Issues Cloud-based Solutions Hybrid Cloud

More information

Cloud Computing: Background, Risks and Audit Recommendations

Cloud Computing: Background, Risks and Audit Recommendations Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Security Officer s Checklist in a Sourcing Deal

Security Officer s Checklist in a Sourcing Deal Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.

More information

CRISIL Young Thought Leader 2014 CLOUD COMPUTING. MALADI SRINIVAS PAVAN 2 nd year student of PGDM INDIAN INSTITUTE OF MANAGEMENT CALCUTTA

CRISIL Young Thought Leader 2014 CLOUD COMPUTING. MALADI SRINIVAS PAVAN 2 nd year student of PGDM INDIAN INSTITUTE OF MANAGEMENT CALCUTTA CRISIL Young Thought Leader 2014 CLOUD COMPUTING How will cloud computing transfo rm technology? Wha t is the futu re outlo ok for cloud computing? Submitted by MALADI SRINIVAS PAVAN 2 nd year student

More information

Cloud Application Marketplace 2012-2017

Cloud Application Marketplace 2012-2017 Brochure More information from http://www.researchandmarkets.com/reports/2237770/ Cloud Application Marketplace 2012-2017 Description: The global cloud applications marketplace is driven largely by the

More information

Realizing the Value Proposition of Cloud Computing

Realizing the Value Proposition of Cloud Computing Realizing the Value Proposition of Cloud Computing CIO s Enterprise IT Strategy for Cloud Jitendra Pal Thethi Abstract Cloud Computing is a model for provisioning and consuming IT capabilities on a need

More information

POWER PROTECT PROMOTE. Information Governance In The Cloud

POWER PROTECT PROMOTE. Information Governance In The Cloud Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

White paper Reaping Business Value from a Hybrid Cloud Strategy

White paper Reaping Business Value from a Hybrid Cloud Strategy White paper Fujitsu Hybrid Cloud Services White paper Reaping Business Value from a Hybrid Cloud Strategy How to embrace a hybrid cloud model to maximize the benefits of public and private cloud services

More information

BUSINESS MANAGEMENT SUPPORT

BUSINESS MANAGEMENT SUPPORT BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing

More information

Cloud Computing in a Regulated Environment

Cloud Computing in a Regulated Environment Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2

More information

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net Buyer s Guide to Secure Cloud Buyer s Guide to Secure Cloud An executive guide to outsourcing IT infrastructure and data storage using Private Cloud as the foundation. Executives derive much confidence

More information

Cloud Computing Readiness - Background

Cloud Computing Readiness - Background IT Best Practices Audit Cloud Computing Readiness - Background Cloud based offerings are maturing and finally taking off after a long period (e.g. Software as a Service offerings have been available for

More information

Inside the Cloud The Supporting Architecture of Cloud Computing. Jack Hanison Jack.Hanison@capgemini.com

Inside the Cloud The Supporting Architecture of Cloud Computing. Jack Hanison Jack.Hanison@capgemini.com Inside the Cloud The Supporting Architecture of Cloud Computing Jack Hanison Jack.Hanison@capgemini.com What is Cloud Computing? 2 http://www.flickr.com/photos/galego/3131005845/ Is Cloud Computing these

More information

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Trust but Verify. Vincent Campitelli. VP IT Risk Management Trust but Verify Vincent Campitelli VP IT Risk Management McKesson Corporation Trust but Verify Cloud Security 3 Agenda Cloud Defined Cloud Opportunities Cloud Challenges What s Different? How to Verify

More information

Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare

Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare WHITEPAPER Executive Summary As healthcare organizations struggle with competing priorities such as HITECH/ARRA, Meaningful option

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

Cloud Computing and the Regulatory Compliance Labyrinth

Cloud Computing and the Regulatory Compliance Labyrinth Cloud Computing and the Regulatory Compliance Labyrinth About ERM About The Speaker Nick Shuman Information Security Consultant Bachelor of Science in Computer Science and Psychology - University of Miami

More information