Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Save this PDF as:

Size: px
Start display at page:

Download "Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin"

Transcription

1

2 Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director Statewide Office Information Security/Chief Information Security Officer NJOIT Operational Considerations for Cloud Computing Bernadette Kucharczuk CGCIO, Director of Information Technology, City of Atlantic City

3 Justin Heyman, CGCIO Information Technology Specialist Township of Franklin

4

5

6 Who currently uses the cloud? Application Services? Platform Services? Infrastructure Services?

7 Wikipedia Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility (like the electricity grid) over a network (typically the Internet). Cloud computing is a marketing term for technologies that provide computation, software, data access, and storage services that do not require end-user knowledge of the physical location and configuration of the system that delivers the services.

8 Gartner Defines cloud computing as "a style of computing in which massively scalable IT-related capabilities are provided 'as a service' using Internet technologies to multiple external customers. Network World The cloud is not really a technology by itself. Rather, it is an approach to building IT services that harnesses the rapidly increasing horsepower of servers as well as virtualization technologies that combine many servers into large computing pools and divide single servers into multiple virtual machines that can be spun up and powered down at will.

9 Any Computing/Network resource that physically resides somewhere off of the users network but is utilized locally.

10 This isn t anything new hosted systems have been around for many, many, many years!

11

12

13

14

15 Public Cloud Resources are provided to the general public over the internet. Self service basis via web applications or web services. Examples - Google Maps, Google Docs, Office 365

16 Private Cloud Infrastructure operated solely for a single organization. Managed and/or hosed internally or externally. Tend to lend themselves to larger organizations

17 Community Cloud Resources of one or more organizations are shared between several organizations. Organizations have common concerns (security, compliance, jurisdiction, etc.) Shared Services Anyone?

18 Hybrid cloud Composition of two or more clouds (private, community, public) Allows programs and data to be shared across cloud

19 Application Services or Software as a Service (SaaS) Platform Service or Platform as a Service (PaaS) Cloud Infrastructure or Infrastructure as a Service (IaaS)

20 Software and data are hosed centrally by a provider. Software is usually accessed via a web browser Other Methods of Delivery may include Remote Desktop or Native application Minimize or eliminate need to locally manage software or hardware.

21 Examples: Permits NJ (Web based, Community cloud) Some ADP Payroll services (thin client or web based) Vital Communications/MicroSystems MOD4/CAMA (Thin client, Private cloud or Web based, community cloud)

22 Examples (cont.): Electronic Death Registration System, EDRS (Web based, Community cloud) Google apps , Documents, Sites (Web based, Public Cloud or Community Cloud) Online Recreation Programs (Web based, Community cloud)

23

24

25

26 Is the delivery of a computing platform Developers to sustain cloud applications (internal & client services) Database integration Sharing data across multiple environment. Scalability Allowing for server, network & process expansion

27 Examples: Somerset County Interoperability System Share pertinent crime statistics across multiple Municipal systems GIS, Tax Collection, Tax Assessment Share parcel information between system Data Storage Offsite storage normal operation or disaster recovery Mobile apps for Android or Apple Develop and host applications

28 Network Essentials fully outsourced beyond the current physical network boundaries

29 Examples: system Microsoft Exchange environment DNS & Active Directory services IP and host name resolution How your systems are visible on your network Firewall or Security services Implement and/or management of security policies across your infrastructure Monitor and filter in/out-bound network traffic

30

31 Pro Access anytime, anywhere Low upfront cost of ownership Provider managed application & hardware Fast & simple implementation Con Increased internet bandwidth Monthly recurring service fees Provider managed updates (browser support) Data accessibility and management (Security & DR)

32 Pro No capital expenditures for hardware or licensing No additional facilities required (building, power, cooling) Provider managed hardware platform Shared resource across state/county/local agencies Con Increased internet bandwidth Monthly recurring licensing costs Data accessibility and management (Security & DR) Application performance

33 Pro No capital expenditures for hardware or licensing No additional facilities required (building, power, cooling) Provider managed hardware & applications platform Shared resource across state/county/local agencies Con Increased internet bandwidth Monthly recurring service fees Data accessibility and management (Security & DR) Application performance

34 Who currently uses the cloud? Application Services? Platform Services? Infrastructure Services?

35 John Essner, CISO Office of Information Technology State of New Jersey

36

37 Governance Compliance Trust Architecture Identity and Access Management Software Isolation Data Protection Availability Incident Response Recommendations

38 Governance implies control and oversight. Policies, procedures, and standards. Asset Classification. Application development and information technology service acquisition. Design, implementation, testing, use, and monitoring of deployed or engaged services. Audit mechanisms and tools to ensure organizational practices.

39 Compliance refers to an organization s responsibility. Operate in agreement with established laws, regulations, standards, and specifications. Security Requirements ISO HIPAA FISMA Payment Card Industry (PCI) State of NJ - Service Contract Requirements for the Performance of Service Contracts within the United States

40 Data Location - when information crosses borders, the governing legal, privacy, and regulatory regimes can be ambiguous and raise a variety of concerns. Electronic Discovery - involves the identification, collection, processing, analysis, and production of Electronically Stored Information (ESI) in the discovery phase of litigation.

41 Relinquishes direct control over many aspects of security and privacy. High level of trust onto the cloud provider. Responsibility to protect information and information systems. The risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction. Ensure that service arrangements have sufficient means to allow visibility into the security and privacy controls and processes.

42 Data Ownership - the organization s ownership rights over the data must be firmly established in the service contract to enable a basis for trust and privacy of data. Third Party - cloud services that use thirdparty cloud providers to outsource or subcontract some of their services should raise concerns, including the scope of control over the third party. Visibility - continuous monitoring of information security requires maintaining ongoing awareness of security controls, vulnerabilities, and threats to support risk management decisions.

43 Ancillary Data - while the focus of attention in cloud computing is mainly on protecting application data, cloud providers also hold significant details about the accounts of cloud consumers that could be compromised and used in subsequent attacks. Risk Management - is the process of identifying and assessing risk to organizational operations, organizational assets, or individuals resulting from the operation of an information system, and taking the necessary steps to reduce it to an acceptable level

44 The software and hardware used to deliver cloud services can vary significantly among cloud providers for any specific service model. The physical location of the infrastructure is determined by the cloud provider. The design and implementation of the reliability, resource pooling, scalability, and other logic needed in the support framework.

45 Attack Surface - the hypervisor or virtual machine monitor is an additional layer of software between an operating system and hardware platform that is used to operate multi-tenant virtual machines and is common to IaaS clouds. Virtual Network Protection. Most virtualization platforms have the ability to create softwarebased switches and network configurations as part of the virtual environment.

46 Virtual Machine Images - IaaS cloud providers and manufacturers of virtual machine products maintain repositories of virtual machine images. Client-Side Protection - a successful defense against attacks requires securing both the client and server side of cloud computing.

47 Safeguards are in place to secure authentication, authorization, and other identity and access management functions. An organizational identification and authentication may not naturally extend into a public cloud. Identity federation allows the organization and cloud provider to trust and share digital identities and attributes across both domains.

48 Authentication - is the process of establishing confidence in user identities. Assurance levels should be appropriate for the sensitivity of the application and information assets accessed and the risk involved. Authorization is the process to control role definition, user authorization, and other administrative tasks related to security. Access controls - are one means to keep data away from unauthorized users; encryption is another. Access controls are typically identitybased, which makes authentication of the user s identity an important issue in cloud computing.

49 Multi-tenancy - High degrees of multitenancy over large numbers of platforms are needed for cloud computing to achieve the envisioned flexibility of on-demand provisioning of reliable services and the cost benefits and efficiencies due to economies of scale. Attack Vectors - multi-tenancy in virtual machine-based cloud infrastructures, together with the subtleties in the way physical resources are shared between guest virtual machines, can give rise to new sources of threat

50 Shared environment - Data stored in a public cloud typically resides in a shared environment collocated with data from other customers. Sensitive and regulated Organizations must account for the means by which access to the data is controlled and the data is kept secure. Data controls - Data must be secured while at rest, in transit, and in use, and access to the data must be controlled.

51 Data Sanitization - the data sanitization practices that a cloud provider implements have obvious implications for security. Sanitization involves the expunging of data from storage media by overwriting, degaussing, or other means, or the destruction of the media itself, to prevent unauthorized disclosure of information.

52 In simple terms, availability is the extent to which an organization s full set of computational resources is accessible and usable. Availability can be affected temporarily or permanently, and a loss can be partial or complete. Data Backup and Recovery - the organization s contingency and continuity planning should address the recovery and restoration of disrupted cloud services and operations, using alternate services, equipment, and locations.

53 Involves an organized method for dealing with the consequences of an attack against the security of a computer system. Incident Response Plan the cloud provider s role is vital in performing incident response activities, including incident verification, attack analysis, containment, data collection and preservation, problem remediation, and service restoration.

54 Trust requires a carefully execute service agreement. It should include everything that has been covered this morning. Have it reviewed by your Information Technology Department and legal counsel. Have these discussions with IT at the table. If you don t have an IT department? Hire a Technology Consultant to ensure all areas are covered and that you are protecting your agency.

55 Identify security, privacy, and other requirements for cloud services. Common security requirements include coverage for the following areas: Personnel requirements, including clearances, roles, and responsibilities Regulatory requirements Service availability Problem reporting, review, and resolution Information handling and disclosure agreements and procedures

56 Physical and logical access controls Network access control, connectivity, and filtering Data protection System configuration and patch management Backup and recovery Data retention and sanitization Security and vulnerability scanning Risk management Incident reporting, handling, and response Continuity of operations Resource management Certification and accreditation Assurance levels Independent auditing of services

57 NIST SP Guidelines on Security and Privacy in Public Cloud Computing Federal Risk and Authorization Management Program (FedRAMP) Cloud Security Alliance NJINFOSECURE

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Secure Cloud Computing through IT Auditing

Secure Cloud Computing through IT Auditing Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

On Premise Vs Cloud: Selection Approach & Implementation Strategies

On Premise Vs Cloud: Selection Approach & Implementation Strategies On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

Electronic Records Storage Options and Overview

Electronic Records Storage Options and Overview Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

STATE OF NEW JERSEY Security Controls Assessment Checklist

STATE OF NEW JERSEY Security Controls Assessment Checklist STATE OF NEW JERSEY Security Controls Assessment Checklist Appendix D to 09-11-P1-NJOIT P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 Agency/Business (Extranet) Entity Response

More information

Cloud Security for Federal Agencies

Cloud Security for Federal Agencies Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference

More information

Security Considerations for the Cloud

Security Considerations for the Cloud June 6, 2012 Security Considerations for the Cloud Presented by: Mac McMillan CEO CynergisTek, Inc. Chair, HIMSS Privacy & Security Policy Task Force 1 2012 NIST/OCR Conference Agenda Threat Implications

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

Cloud Security. Western Michigan ISACA Edward Napoleon, CISSP, CISM CKO, Securely Yours LLC Edward.napoleon@securelyyoursllc.com October 30, 2013

Cloud Security. Western Michigan ISACA Edward Napoleon, CISSP, CISM CKO, Securely Yours LLC Edward.napoleon@securelyyoursllc.com October 30, 2013 Cloud Security Western Michigan ISACA Edward Napoleon, CISSP, CISM CKO, Securely Yours LLC Edward.napoleon@securelyyoursllc.com October 30, 2013 2 Agenda What is cloud computing? NIST definition Cloud

More information

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything

More information

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

More information

CLOUD COMPUTING SECURITY ISSUES

CLOUD COMPUTING SECURITY ISSUES CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Library Systems Security: On Premises & Off Premises

Library Systems Security: On Premises & Off Premises Library Systems Security: On Premises & Off Premises Guoying (Grace) Liu University of Windsor Leddy Library Huoxin (Michael) Zheng Castlebreck Inc. CLA 2015 Annual Conference, Ottawa, June 5, 2015 Information

More information

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

Hedge Funds & the Cloud: The Pros, Cons and Considerations

Hedge Funds & the Cloud: The Pros, Cons and Considerations Hedge Funds & the Cloud: The Pros, Cons and Considerations By Mary Beth Hamilton, Director of Marketing, Eze Castle Integration The increased use of cloud-based services is undeniable. Analyst firm Forrester

More information

Enterprise Governance and Planning

Enterprise Governance and Planning GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15,

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may

More information

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service Cloud Computing Although cloud computing is quite a recent term, elements of the concept have been around for years. It is the maturation of Internet. Cloud Computing is the fine end result of a long chain;

More information

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material

More information

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com The Magazine for IT Security May 2010 sör alex / photocase.com free digital version made in Germany issue 3 Luiz Fotolia.com Clouds or storm clouds? Cloud Computing Security by Javier Moreno Molinero Gradually,

More information

Cloud Infrastructure Security

Cloud Infrastructure Security Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and

More information

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

SECURE CLOUD COMPUTING

SECURE CLOUD COMPUTING Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Comprehensive Agentless Backup and Recovery Software for the Enterprise

Comprehensive Agentless Backup and Recovery Software for the Enterprise Brochure: Comprehensive Agentless Backup and Recovery Software for the Enterprise Comprehensive Agentless Backup and Recovery Software for the Enterprise BROCHURE Your company s single most valuable asset

More information

Commercial Software Licensing

Commercial Software Licensing Commercial Software Licensing CHAPTER 12: Prepared by DoD ESI January 2013 Chapter Overview Most software licenses today are either perpetual or subscription. Perpetual licenses involve software possession

More information

Making Sense of Cloud Computing in the Public Sector. By EVA OlSAKER

Making Sense of Cloud Computing in the Public Sector. By EVA OlSAKER Making Sense of Cloud Computing in the Public Sector By EVA OlSAKER Every other article or news clip about government Platform as a Service. PaaS allows customers to use hardware, operating systems, storage,

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

USING GENIE REMOTELY

USING GENIE REMOTELY USING GENIE REMOTELY This document outlines the available options for using Genie in offsite logging mode (Genie single user) or remotely in real-time via a remote desktop (terminal services) connection.

More information

PCI Compliance for Cloud Applications

PCI Compliance for Cloud Applications What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage

More information

Security from the Cloud

Security from the Cloud Security from the Cloud Achieving Security & Compliance in the Cloud Samer M. Omar, CISSP, CISA, CRISC, CISM Qualys Managing Director Middle East Al-Quds Open University, September 7 th, 2011 Agenda -

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

Information Security @ Blue Valley Schools FEBRUARY 2015

Information Security @ Blue Valley Schools FEBRUARY 2015 Information Security @ Blue Valley Schools FEBRUARY 2015 Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that

More information

Information Security Program Management Standard

Information Security Program Management Standard State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

WhitePaper. Private Cloud Computing Essentials

WhitePaper. Private Cloud Computing Essentials Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....

More information

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com SECURING HEALTH INFORMATION IN THE CLOUD Feisal Nanji, Executive Director, Techumen feisal@techumen.com Conflict of Interest Disclosure Feisal Nanji, MPP, CISSP Has no real or apparent conflicts of interest

More information

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after

More information

IS PRIVATE CLOUD A UNICORN?

IS PRIVATE CLOUD A UNICORN? IS PRIVATE CLOUD A UNICORN? With all of the discussion, adoption, and expansion of cloud offerings there is a constant debate that continues to rear its head: Public vs. Private or more bluntly Is there

More information

Top 10 Risks in the Cloud

Top 10 Risks in the Cloud A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question

More information

The cloud - ULTIMATE GAME CHANGER ===========================================

The cloud - ULTIMATE GAME CHANGER =========================================== The cloud - ULTIMATE GAME CHANGER =========================================== When it comes to emerging technologies, there is one word that has drawn more controversy than others: The Cloud. With cloud

More information

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014 Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

penelope athena software SOFTWARE AS A SERVICE INFORMATION PACKAGE case management software

penelope athena software SOFTWARE AS A SERVICE INFORMATION PACKAGE case management software penelope case management software SOFTWARE AS A SERVICE INFORMATION PACKAGE athena software "I've worked with major corporations and universities and I am really impressed with Athena's hosted server and

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - 45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART

More information

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public. Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM

More information

Introduction to Cloud Computing

Introduction to Cloud Computing 1 Introduction to Cloud Computing CERTIFICATION OBJECTIVES 1.01 Cloud Computing: Common Terms and Definitions 1.02 Cloud Computing and Virtualization 1.03 Early Examples of Cloud Computing 1.04 Cloud Computing

More information

Understanding Financial Cloud Services

Understanding Financial Cloud Services Understanding Financial Cloud Services A Complete Guide for Hedge Funds About RFA RFA (Richard Fleischman & Associates) has been a Financial Cloud and trusted technology partner to our financial services

More information

Data Storage Security in Cloud Computing

Data Storage Security in Cloud Computing Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

Cloud Backup and Recovery for Endpoint Devices

Cloud Backup and Recovery for Endpoint Devices Cloud Backup and Recovery for Endpoint Devices Executive Summary Armed with their own devices and faster wireless speeds, your employees are looking to access corporate data on the move. They are creating,

More information

Compliance and the Cloud: What You Can and What You Can t Outsource

Compliance and the Cloud: What You Can and What You Can t Outsource Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

The Elephant in the Room: What s the Buzz Around Cloud Computing?

The Elephant in the Room: What s the Buzz Around Cloud Computing? The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information