Whitepaper. Canopy Security. Simplicity, Agility, Transparency. An Atos company. Powered by EMC 2 and VMware
|
|
- Dayna Gordon
- 8 years ago
- Views:
Transcription
1 Whitepaper Canopy Security Simplicity, Agility, Transparency
2 2 Whitepaper Summary Introduction While business is turning to the cloud to save costs and improve agility, for many enterprises security is still a big barrier to the adoption of cloud services. Canopy s founders, Atos, EMC and VMware, have addressed security from the outset with their Enterprise Application Store, Canopy s SaaS implementation. Canopy has strengthened its information security management and has committed to the principles of simplicity, agility and transparency in order to meet the security challenges of large-scale cloud environments. These principles are adhered to through all Canopy s processes, right down to technical implementation. This means that Canopy can offer flexible cloud solutions and also support extensive security management, so that security can be managed even at account and server level. The Canopy Cloud Canopy implements all of the essential characteristics of the well-known NIST model. Resource pooling Broad network access Rapid elasticity Measured service On-demand self-service Universally, information security concerns override all others when businesses consider moving data to the cloud, as demonstrated by a study from the CSA and ISACA. Canopy s formation Atos, EMC and VMware formed Canopy last year specifically to address the current barriers to cloud adoption. RSA is a leading brand in IT security, addressing security actively by design, and part of EMC. VMware is the market-leading provider of Virtualisation technologies, offering best-of-breed security already built in. Atos is Europe s largest provider of IT services, a leader in secure and efficient enterprise computing. Last Year, Atos managed the IT system security at the Olympic Games. We can liken the ascendance of cloud computing to the industrial revolution of the 19th century when mass production took over from artisans and small workshops.
3 Whitepaper 3 Cloud security challenges Outsourcing and cloud computing relationships may feature similar sorts of contracts, but they are very different in both business perspective and technical implementation. The advantages of cloud computing economies of scale, agility and time to market are themselves challenges to the implementation of security, which is designed to be static and to ring-fence data. This contradiction needs to be resolved so that customers can realise the benefits of cloud computing and know that their data is secure. We can liken the ascendance of cloud computing to the industrial revolution of the 19th century when mass production took over from artisans and small workshops. In the same way, the IT industry is moving away from special application environments maintained by dedicated teams to large standardised cloud environments. Canopy s response to different risk environments is to strengthen the management of information security accordingly, and align security with the movement and consumption of client data. The next section explains how Canopy s security management principles reduce the risk for the customer. Table 4 Positive and negative influences on Cloud Adoption and Innovation Positive influence on Cloud Adoption/Innovation Mean Score Rank Negative influence on Cloud Adoption/Innovation Mean Score Cost management Information security Agility Data ownership/custodian responsibilities Rank Time to market Legal and contractual issues Efficiency Regulatory compliance Productivity Information assurance Business unit demand Longevity of suppliers Resilience Contract lock-in New technology Performance standards Customer demand Disaster recovery/business continuity Technical resources Performance monitoring New markets Technology stability Summary mean 3.56 Summary mean 3.62 Figure 1 Information Security is top barrier to market adoption of cloud (from 2012 Cloud Computing Market Maturity Study Results, published by CSA and ISACA)
4 4 Whitepaper Canopy Security principles Simplicity As mentioned above, traditional security management, with its reliance on static methods, does not deliver adequate protection for the information assets of many enterprises. The shortcomings in traditional security management are often successfully hidden until a security incident becomes publicly known and causes a crisis in confidence with the provider. To bridge the gaps in the traditional ways of maintaining security, Canopy adheres to three abiding principles. Simplicity, Agility, Transparency By adhering to these principles, Canopy allows its customers to perform meaningful risk management with their contracted services. Canopy acknowledges that the customer is probably bearing the greatest risk and has a legitimate interest in minimising that risk. Canopy s commitment to keeping security simple manifests itself in the systematic re-use of successful standards wherever possible. Canopy aims to pass on the benefits of this approach to its customer base via its Enterprise Application Store (EAS). By ordering from a catalogue of standard applications from ISVs the customer can simplify software acquisition. Through all layers of service, from hardware to application management, Canopy uses standard components with well-understood behaviour. Canopy uses Vblock as its hardware platform. Vblock integrates processor, network and storage so that Canopy operations can manage many pieces of uniform hardware with standardised processes. All management is performed from one console; regular tasks can be performed without co-ordination between different departments. Canopy uses VMware products for virtual resource management. Canopy uses templates to standardise deployment. Templates include simultaneous configuration for processor, network and storage. This significantly speeds up deployment across all layers of the virtual infrastructure and reduces the error rate in deployments. Businesses have to be increasingly agile to deal with ever-changing environments, and information security needs to support this. The evolving landscape, with constantly changing threats, itself demands more agile security models.
5 Whitepaper 5 Agility Transparency As a result, the following processes in security management are simplified, delivering a number of security benefits: Vulnerability Management has to consider only a small number of target types with few variations, which helps in maintaining a small attack surface. Canopy performs patch management on the images via deployment templates under centralised management. Because all images and templates are managed centrally, Canopy can easily investigate patch state and enforce patch policy through direct control, if needed. VCE, which patches the Vblock, covers patch management on the infrastructure. At the customer-facing layer, Canopy offers standardised components: The customer can simplify acquisition of standard software by the Enterprise Application Store. Canopy s Enterprise Application Store sets a common standard for application use. It contains mandatory security checks in the form of penetration tests, and additional source code scans, if the application source code is available. Lifecycle management can be further simplified by standardised release and patch management cycles, which keep software up-to-date. The management of information security for both customer and Canopy is simplified by using a general ISMS (Information Security Management System) as a baseline for security. Specific controls are tailored to the requirements of the application. Businesses have to be increasingly agile to deal with ever-changing environments, and information security needs to support this. The evolving landscape, with constantly changing threats, itself demands more agile security models. With the help from partner RSA, Canopy s security architecture includes the following components: Security dashboard Security dashboards give customers a quick overview of the current state of compliance, with underlying KPI (Key Performance Indicators) collected automatically. Active risk management The changing landscape on the internet shows again and again that preventive security measures are no longer enough. To limit the damage, the threat window from break-in to detection must be reduced to the minimum. Security operations Centre Canopy is part of Atos SOC (Security Operations Centre), which operates 24x7, with dedicated staff independent of application management teams. Duty officers are authorised to execute pre-agreed plans based on defined conditions. Staff also perform regular duties, including log monitoring, which are often neglected. Security incident management Canopy implements a staggered response to security incidents. At the first level the virtual infrastructure responds automatically when a breakin is detected by automatic compliance checks. At the next level, the incident is treated according to the asset register and acceptable risk levels. Security incidents are raised by the SOC and are treated separately from regular incidents. The alerts are forwarded to the customer only, via previously agreed communications channels. In most cloud scenarios, the customer bears most of the risk because cloud applications support the customer s business. Canopy realises this is a major barrier for many businesses and is adopting a transparent approach to enable joint risk management between provider and customer. This approach is supported by the following implementations: Shared knowledge Canopy has a shared repository with each of its customers, where all relevant information is collected. Everyone authorised by the customer has access to it. This practice aligns with Atos strategy of zero- . Security control set The control objectives and implementation required for ISO are shared with all customers. For controls where Canopy relies on other providers, particularly Atos for building and network infrastructure, Canopy may only be allowed to disclose certain information. Security KPIs Canopy delivers an indication of the relative performance of each individual control. The information is kept current appropriate to the execution frequency of the control. If possible, it is supported by automatic compliance monitoring. Independent audits Canopy provides the assurance of independent audits. Atos auditors, who are independent of Canopy, perform internal audits. ISO audits are performed annually by accredited certification organisations. Third-party auditors (in 2012 this was Ernst & Young) perform ISAE 3402 audits annually for physical and infrastructure security and can be extended to application security at the customers request.
6 6 Whitepaper Canopy Security implementation Hardware Canopy s hardware consists of Vblock systems from VCE which integrate compute, network and storage technologies. Vblock Systems can be managed as a single entity with a common interface. VCE is partially owned by VMware and addresses security in its product design, an advantage to cloud systems assembled from standard, off-the-shelf components. Canopy has implemented VCE s guidance on multi-tenant implementations. Virtualisation software Canopy uses Virtualisation software from VMware, a Gartner magic quadrant leader for x86 Server Virtualisation infrastructure. The security of VMware products is arguably the best on the market. Canopy implements many of VMware s leading technologies, including: vsphere for Virtualisation (version 5.1 as of February 2013). vcloud Networking and Security for network separation. vcloud Director for administrative separation through assigning each customer its own virtual data centre. Canopy s robust isolation mechanisms help to safeguard the data of those customers with high security requirements from threats introduced by fellow tenants with different risk profiles. Enterprise Application Store Canopy s Enterprise Application Store (EAS) provides a large number of applications as a service, following the SaaS delivery model. To counteract rogue application use within organisations, Canopy implements the following safeguards: 1. Before listing the application in the EAS, Canopy performs a due-diligence process on the application, including mandatory security tests. 2. The customer selects which applications should be used for its organisation, evaluates fulfilment of the security requirements of the organisation and orders the service from Canopy. 3. The customer then assigns authorisation to individual users, who are the only ones with access to the application. This process is repeated for additional users. Security management functionality Canopy s security management builds on the functionality of its Enterprise Application Store platform. The Enterprise Application Store enables Canopy, with its customers, to manage security at an account and application level. Established security management processes from Atos While Canopy manages all cloud-specific processes, other processes are linked back to its parent Atos. Atos has all the extensive resources and experience necessary for enterprise computing support. It can, for example, react to business continuity management and disaster recovery emergencies, including crisis management. In most cloud scenarios, the customer bears most of the risk because cloud applications support the customer s business. Canopy realises this is a major barrier for many businesses and is adopting a transparent approach to enable joint risk management between provider and customer. Infrastructure and networking Atos provides Canopy with all data centre infrastructure and external network connectivity. As a world-class provider, Atos guarantees the highest standards, suitable for the largest enterprises. The internal networking of the cloud systems is fully contained in the Vblock, and Canopy has full insight into all networking elements.
7 Whitepaper 7 Canopy compliance Regulatory compliance is a time-consuming issue for organisations, occupying ever-increasing amounts of management resource. Regulations can frequently overlap in scope so that the same issue may need to be dealt with several times in a different context. Canopy can help customers when it comes to IT compliance. Firstly, Canopy implements best practice for all its services, assuring a common basis for compliance. Additionally, the usual compliance requirements from the application s domain (e.g. payment, healthcare) are evaluated and mapped to the application, creating a vertical compliant application. The implementation is performed as part of application management. Customers can inform Canopy of any specific requirements so that they can be mapped to the implementation and Canopy can alert the customer to any possible gaps. Compliance standards ISO 27001: This is the generally accepted standard for information security. Our parent company Atos, from whom Canopy buys the majority of its services, has been ISO certified for over 10 years. Canopy acquires its own ISO certification in ISAE 3402/SSAE 16: Companies, or their financial auditors, may decide that an application managed by Canopy requires internal control over financial reporting under the terms of the Sarbanes-Oxley Act (SOX), or similar laws in Europe or Japan. In this case, the customer should inform Canopy of the SOX relevance of the application and the required reporting period. Canopy can then organise the necessary audits specific for the application and deliver the corresponding ISAE 3402 report (SOC-1). Services contracted from Atos are audited annually. CSA CCM: An increasingly popular standard is the Cloud Controls Matrix (CCM) from the Cloud Security Alliance (CSA), which Canopy has also adopted. There is no formal CCM certification; Canopy can supply implementation details on request. Compliance monitoring Canopy maintains all policies in the RSA Archer central database. Monitoring is performed automatically wherever possible. In all other cases, workflows are defined in Archer to organise manual checks and ensure timely feedback. Compliance dashboard Canopy provides its customers with a security dashboard, which gives a quick overview of the current state of compliance for their applications. This means any blind spot on the compliance map, for example arising from new installations or organisational changes, is quickly detected and corrected. The security dashboard empowers the customer to perform active risk management, as the information about the control can be traced back via the control objective to the risk it is meant to reduce.
8 Abbreviations CCM COSO CSA EAS IaaS ICFR ISACA Cloud Controls Matrix, a control set from CSA Committee of Sponsoring Organisations of the Treadway Commission Cloud Security Alliance, Enterprise Application Store, Canopy s SaaS offering Infrastructure as a Service, one of the three cloud delivery models Internal Control over Financial Reporting formerly: Information Systems Audit and Control Association ISAE 3402 International Standard on Assurance Engagements No. 3402, new auditing standard, which replaced the SAS-70 standard. ISMS Information Security Management System, standardised in ISO KPI PaaS SaaS SOC Key Performance Indicator Platform as a Service, one of the three cloud delivery models Software as a Service, one of the three cloud delivery models Security Operations Centre SOC-1 report Report on Service Organisation Controls over ICFR (as ISAE 3402); There are also SOC-2 (privacy) and SOC-3 (Trust Services) reports SOX SSAE 16 TAI Sarbanes-Oxley Act Statement on Standards for Attestation Engagements No. 16, largely synonymous to ISAE 3402 with focus on USA. Trusted Agile Infrastructure, the Atos cloud platform 1 Peter Mell and Timothy Grance, The NIST Definition of Cloud Computing, NIST Special Publication , as retrieved from nistpubs/ /sp pdf 2 CSA and ISACA: 2012 Cloud Computing Market Maturity Study Results Knowledge-Centre/Research/ResearchDeliverables/ Pages/2012-Cloud-Computing-Market-Maturity-Study- Results.aspx 3 VCE website is 4 VCE website, Vblock systems security and compliance 5 VCE website: Vblock solution for trusted multitenancy: Design Guide 6 Gartner Magic Quadrant for x86 Server Virtualisation Infrastructure, by Thomas J. Bittman, George J. Weiss, Mark A. Margevicius, Philip Dawson, June 11, 2012, as cited in VMware Named a Leader in Magic Quadrant for x86 Server Virtualisation Infrastructure 7 VMware website: vcloud Networking and Security, 8 VMware website: VMware vcloud Director overview.html 9 Cloud Security Alliance, Cloud Controls Matrix, with download of v1.3 available at cloudsecurityalliance.org/research/ccm/ Contact: Mail: Canopy Ltd info@canopy-cloud.com +44 (0) Triton Square, Regents Place London NW 3HG
Information Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationGerman IT-Grundschutz Cloud Management
German IT-Grundschutz Cloud Management Workshop Certification, InteRnationalisation and standardization in cloud Security Cooperation with Dominic Mylo Introduction Dominic Mylo 3 Atos Cloud Competencies
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationOpen Certification Framework. Vision Statement
Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption
More informationEXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources
EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationCloud Computing in a Regulated Environment
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
More informationG-Cloud Service Definition. Canopy Unmanaged Enterprise Private Cloud (IL3 Capable) IaaS
G-Cloud Service Definition Canopy Unmanaged Enterprise Private Cloud (IL3 Capable) IaaS Canopy Unmanaged Enterprise Private Cloud IaaS Canopy Unmanaged Enterprise Private Cloud delivers the efficiencies,
More informationIT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.
IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationSecurity in the Cloud: Visibility & Control of your Cloud Service Providers
Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationMANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS
VCE Word Template Table of Contents www.vce.com MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS January 2012 VCE Authors: Changbin Gong: Lead Solution Architect Michael
More informationVMware Vision Accelerating the Journey to Your Cloud
VMware Vision Accelerating the Journey to Your Cloud Ralf von Gunten Sr. Systems Engineer 2010 VMware Inc. All rights reserved VMware is the Customer-Proven Market Leader Company Overview > $2.6 billion
More informationUnderstanding ISO 27018 and Preparing for the Modern Era of Cloud Security
Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Presented by Microsoft and Foley Hoag LLP s Privacy and Data Security Practice Group May 14, 2015 Proposal or event name (optional)
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationKeyLock Solutions Security and Privacy Protection Practices
KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationHow To Understand Cloud Computing
Cloud Computing Information Security and Privacy Considerations April 2014 All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 1 Crown copyright. This copyright
More informationPCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:
PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On
More informationSecuring The Cloud With Confidence. Opinion Piece
Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery
More informationInformation Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
More informationEnsuring security the last barrier to Cloud adoption
Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationThe NREN s core activities are in providing network and associated services to its user community that usually comprises:
3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of
More informationA Comprehensive Cloud Management Platform with Vblock Systems and Cisco Intelligent Automation for Cloud
WHITE PAPER A Comprehensive Cloud Management Platform with Vblock Systems and Cisco Intelligent Automation for Cloud Abstract Data center consolidation and virtualization have set the stage for cloud computing.
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationIT Services. Capita Private Cloud. Cloud potential unleashed
IT Services Capita Private Cloud Cloud potential unleashed Cloud computing at its best Cloud is fast becoming an integral part of every IT strategy. It reduces cost and complexity, whilst bringing freedom,
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationAn example ITIL -based model for effective Service Integration and Management. Kevin Holland. AXELOS.com
An example ITIL -based model for effective Service Integration and Management Kevin Holland AXELOS.com White Paper April 2015 Contents Introduction to Service Integration and Management 4 An example SIAM
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationHYBRID CLOUD SERVICES HYBRID CLOUD
SERVICES SOLUTION SUMMARY SEIZE THE ADVANTAGE From the workplace to the datacenter, the enterprise cloud footprint is growing. It delivers on-demand development resources. It accommodates new digital workloads.
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationNSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015
NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au
More informationThe RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief
The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief The RSA Solution for Cloud Security and Compliance enables end-user
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More information10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015
10 Considerations for a Cloud Procurement Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015 www.lbmctech.com info@lbmctech.com Purpose: Cloud computing provides public sector organizations
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationA Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey
A Comparison of IT Governance & Control Frameworks in Cloud Computing Jack D. Becker ITDS Department, UNT & Elana Bailey ITDS Department, UNT MS in IS AMCIS 2014 August, 2014 Savannah, GA Presentation
More informationService Definition Document
Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)
More informationLeveraging the Private Cloud for Competitive Advantage
Leveraging the Private Cloud for Competitive Advantage Introduction While it is universally accepted that organisations will leverage cloud solutions to service their IT needs, there is a lack of clarity
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationEMA Radar for Private Cloud Platforms: Q1 2013
EMA Radar for Private Cloud Platforms: Q1 2013 By Torsten Volk ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) Radar Report March 2013 BMC Software EMA Radar for Private Cloud Platforms: Q1 2013 (IaaS, PaaS, SaaS)
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationPaxata Security Overview
Paxata Security Overview Ensuring your most trusted data remains secure Nenshad Bardoliwalla Co-Founder and Vice President of Products nenshad@paxata.com Table of Contents: Introduction...3 Secure Data
More informationThe Need for Service Catalog Design in Cloud Services Development
The Need for Service Catalog Design in Cloud Services Development The purpose of this document: Provide an overview of the cloud service catalog and show how the service catalog design is an fundamental
More informationCan PCI DSS Compliance Be Achieved in a Cloud Environment?
royal holloway Can Compliance Be Achieved in a Cloud Environment? Organisations are considering whether to run -based systems in a cloud environment. The security controls in the cloud may be sufficient
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationBUSINESS MANAGEMENT SUPPORT
BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing
More informationAmazon Web Services: Risk and Compliance May 2011
Amazon Web Services: Risk and Compliance May 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers
More informationData Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture
Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction
More informationProtecting your brand in the cloud Transparency and trust through enhanced reporting
Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationHans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
More informationHow does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
More informationGRC Stack Research Sponsorship
GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary
More informationKey Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing
Contents Introduction Why GRC Assessment Benefits of Cloud computing and Problem Statement Key Speculations & Problems faced by Cloud service user s in Today s time Threats, Vulnerabilities and related
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationWALKME WHITEPAPER. WalkMe Architecture
WALKME WHITEPAPER WalkMe Architecture Introduction WalkMe - the Enterprise Class Guidance and Engagement Platform - drives users to action as they use software or websites. WalkMe is used by Enterprises
More informationwww.pwc.com/mt Internal Audit Takes On Emerging Technologies
www.pwc.com/mt In Internal Audit Takes On Emerging Technologies Contents Introduction 2 Cloud Computing & Internal Audit 3 Smart Devices/ Technology & Internal Audit 6 Social Media & Internal Audit 8 Cyber
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationEnsuring Cloud Security Using Cloud Control Matrix
International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 3, Number 9 (2013), pp. 933-938 International Research Publications House http://www. irphouse.com /ijict.htm Ensuring
More informationUsing Cloud Computing to Drive Innovation: Technological Opportunities and
Using Cloud Computing to Drive Innovation: Technological Opportunities and Management Challenges Edgar A. Whitley Based on work with Leslie P Willcocks and Will Venters MSc Management, Information Systems
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationCloud and Regulations: A match made in heaven, or the worst blind date ever?
Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationTrusted Geolocation in The Cloud Technical Demonstration
Trusted Geolocation in The Cloud Technical Demonstration NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation Trusted Geolocation in the Cloud Business Business
More informationCloud Security Alliance: Industry Efforts to Secure Cloud Computing
Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Jim Reavis, Executive Director September, 2010 Cloud: Dawn of a New Age Art Coviello - the most overhyped, underestimated phenomenon
More informationAdding value as a Cloud Broker. Nick Hyner Director Cloud Services EMEA Twitter - @nickhyner. Dell.com/Cloud
Adding value as a Cloud Broker Nick Hyner Director Cloud Services EMEA Twitter - @nickhyner Dell.com/Cloud Overview A. Added Value Brokers in all industries in Digital Era B. Experience of Cloud Marketplace
More informationINTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS
INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing
More informationSOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS
SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationCreating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services
Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services Managing Governance, Risk, and Compliance for Cloud Information Security Introduction Businesses today are
More informationWhy Plan B DR? Benefits of Plan B Disaster Recovery Service:
Benefits of Plan B Disaster Recovery Service: Very Fast Recovery your critical systems back in around 30 minutes. Very simple to set-up it only takes about 20 minutes to install the Plan B DR appliance
More informationHow RSA has helped EMC to secure its Virtual Infrastructure
How RSA has helped EMC to secure its Virtual Infrastructure A new solution, the RSA solution for Cloud Security and Compliance, has been developed and is now available to all of our customers. Luciano
More informationAccelerate private cloud with Data#3 and IBM
Accelerate private cloud with Data#3 and IBM Integrated, cloud accelerated solutions Nick Day, IBM: Chris Farrow, Data#3: sbcday@au1.ibm.com chris_farrow@data3.com.au Agenda Why are Australian organisations
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationCloud Computing What Auditors need to know
Cloud Computing What Auditors need to know This presentation is provided solely for educational purposes and, in developing and presenting these materials, Deloitte is not providing accounting, business,
More informationDatacenter Management and Virtualization. Microsoft Corporation
Datacenter Management and Virtualization Microsoft Corporation June 2010 The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationPublic Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More information