Secure Cloud Computing through IT Auditing

Size: px
Start display at page:

Download "Secure Cloud Computing through IT Auditing"

Transcription

1 Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA ABSTRACT In this paper we discuss the origin of cloud computing and framework for providing secure cloud computing through IT auditing. It involves checklists which are based on the cloud deployment models and cloud services models. This paper emphasizes on implication of cloud computing and defines secure cloud computing via IT auditing in spite of proposing a new technology to secure cloud computing. Keywords: Cloud, Cloud Service, Cloud Computing. 1. INTRODUCTION Cloud computing is an advanced technology that provides resources over the Internet and they act as extremely informative services to those who use the service. With this cloud, subscribers can access relevant business applications by using a web browser. Their data and the related software are stored on an off-site server. It ensures economic benefits by providing computing resources and applications to all customers. These services may include computing software services, storage, development and deployment platform, infrastructure and desktop services etc. It represents a different way to maintain data and applications by the use of internet and central remote servers. Consumers and businesses can easily use applications without installation and access their personal files at any computer with internet access. This efficient technology centralizes storage, memory, processing and bandwidth. In the cloud computing, a thin client interacts with remote cloud operating system to get virtual desktop with a chosen virtual local operating to access virtual data storage and implement these applications from anywhere and at anytime. In the current scenario, IT has reached a critical point. The information is driving 54% growth in storage. So, large scientific calculation such as weather forecasting, new medicine and healthcare informatics demands faster processing capabilities. Whereas in real terms, around 85% of computing capacity is idle. On an average, near about 70% of the IT budget is spent on managing IT infrastructure rather than adding new capabilities to the existing technologies. Alongwith this, the connectivity cost keeps on falling. So an off-site cloud computing infrastructure is provided by a third party who requires less technological skills for the user s in-house implementation. Although centralized data storage approach is implemented, but possible security risks should be considered along with loss of access and control. Users of cloud computing can easily achieve location and device independence. They can also use a web browser to access various systems from any site with various devices. Customers can manage and interact with the cloud services through APIs. Service Providers must ensure that security is integrated into their service models, and users must be aware of security risks in the use, implementation, management, and monitoring of those services. The risks may include limited monitoring capabilities, inflexible access controls, reusable passwords, clear-text authentication and improper authorizations. Figure 1

2 76 Businesses are running all kinds of applications in the cloud like Human Resource (HR), Customer Relationship Management (CRM), accounting and many others. Best IT Companies moved their applications to the cloud after clearly testing the security and reliability of the infrastructure. In this paper, we focus on the security issues for information assurance. That is, we can secure cloud computing by using the IT auditing policy. IT auditing under cloud computing provide benefit of building strategic plan for the enterprise in addition to the traditional auditing role. For this we make master checklists framework that can specify cloud deployment models. 2. ORIGIN OF CLOUD COMPUTING In 1960, John McCarthy stated about cloud computing that- Computation may someday be organized as a public utility. [1] Other scholars have shown that cloud computing s roots go all the way back to the 1950s when scientist Herb Grosch claimed that the entire world would operate on dumb terminals powered by about 15 large data centers. The term cloud comes from telephony in that telecommunications companies offers Virtual Private Network (VPN) services to customers with comparable quality of service (QoS) but at comparable less cost. The cloud computing symbol was used to specify the boundary between the responsibility of the service provider and the responsibility of the end user. Cloud computing covers aspects of servers and the network infrastructure. Amazon also played a key role in the development of cloud computing by equipting their data centers like other computer networks, which uses only 10% of their capacity at any one time. Amazon found that the new cloud architecture resulted in significant improvements whereby small teams could add new features faster and more easily. So it admitted a new product development effort to provide cloud computing to the external customers, and thus launched utility computing based Amazon Web Service (AWS) in WHY BUSINESSES NEED CLOUD COMPUTING? The supercomputers can perform complex tasks such as analyzing climate change, ensuring national security and solving medical problems. These are preferred by the universities, government agencies, military and research laboratories. As compared to the 3 billion computations per second processed by a powerful desktop PC, Cloud computing makes trillions of calculations per second and can provide similar power. Users can easily analyze sales data by using Internet, to estimate the risk in businesses ventures, store patients medical information and perform other essential tasks for their organizations was a milestone year for the implementation of Cloud Computing Services. Companies are increasingly finding that SaaS (Software-as-a-Service) is a safe and secure service for maintaining flexibility. SaaS is extremely well and simplifies IT planning. Thousands of users can be instantly assigned resources on the fly. It can be done either on a button click, or even automatically. This eliminates unnecessary maintenance costs and hardware upgrades. Different Companies like the idea of SaaS because it allows them to access company systems from any point. Employees can work from the head office, the remote sales office, their home, or even from a laptop while the road. 4. GLIMPSE OF CLOUD COMPUTING NIST has defined cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. [2] [3] The cloud computing model has five essential characteristics broad network access, resource pooling, on-demand self service, measured Service and rapid elasticity. It includes three service models SaaS (Software-as-a service) PaaS (Platform-as-a-service) and IaaS (Infrastructureas-a-Service). These services offer different benefits according to requirements of customers. Figure 2: Types of Cloud Services The cloud computing symbol includes four deployment models Public Cloud, Private Cloud, Community Cloud and Hybrid Cloud. The influence of cloud computing on security, privacy and compliance is a working progress. The major issues include trust, multi-tenancy, encryption and compliance such as FISMA, GLBA, HIPAA, SOX, PCI and SAS 70 Audits. Figure 3: Cloud computing types

3 77 At the end of 2008, Cloud security alliance released its second version of Security Guidance for Critical Areas of Focus in Cloud Computing. In 2009 five governance domains and seven operational domains were established. In the domain of IT audit, it raises cloud computing issues for regulatory applicability and for the division of compliance responsibilities between providers and users. It also made 13 recommendations which are audit rights, legal and contract team involvement, compliance scope, contractual understanding, impact of regulations on data security, relevant partners and services providers review, provider infrastructure configuration review, policies and procedures analysis, cloud providers SAS 70 Type II status, and ISO/IEC 27001/27002 roadmap and scoping, evidence preparation, auditor qualification and selection. The biggest challenge for cloud computing is that there s no standard or single architectural method. Therefore, it is more appropriate to view cloud architectures as a set of approaches, each with its own examples and capabilities. Open Security Architecture Group offers various Cloud Computing Patterns and specific Controls. In this paper, we focus on IT Audit to assure a secure cloud computing. The main aim is to design a well equipped framework with master check list so that both internal and external auditors get a reference when they have to audit this new and dynamic cloud computing territory. 5. CLOUD DATA LIFE CYCLE Cloud computing makes the world more vapid. Public cloud providers can use their computing resources both locally or globally. Cloud users do not require information about the location of computing resources because they are all virtualized. In general, the data life cycle includes collection, storage, transferring and destruction.[4] The data collection includes both raw data and derived data. Derived data, also called information, is produced from raw data to deliver intelligence. The data storage includes active data storage and inactive storage. For example, former employee data can be considered as inactive. Its storage procedure may be different from the active employee data. It is not necessary that data processing and data storage lie under the same location in the cloud environment. Therefore data transferring is a common activity. The destruction of data is to destroy data permanently, no backup should be left somewhere either in the user side or the provider side. The cloud data life cycle presents many distinct features. Data can cross different security domain and regulations and constantly moves due to the nature of data storage provided by a third party. Information assurance is the advanced area which provide new dimension via contracts among cloud users and cloud providers. They need to establish formal agreement. Service Level Agreement (SLA) can be borrowed, since we now need to add crossing domain compliance clauses that can be implementable. 6. CHECKLIST FOR PUBLIC CLOUD Public Cloud Computing provides scalable and easy access to computing resources and IT services. It is implemented where several organizations have similar requirements and share infrastructure so as to understand the benefits of cloud computing. It offers higher level of privacy, security, and/or policy compliance. Along with this, it can be economically attractive as the storage and workstations utilized and shared in the community are already in use. Cloud computing is cheaper which benefits many users. Public cloud is based on the standard cloud computing model, in which applications and storage are available to the general public over the Internet. These services may be free or offered on pay basis. The base of Public cloud lies in Google, Amazon, and Microsoft etc. Enterprise basically uses public cloud to emphasize on its core business and cut the cost. Cloud concept can integrate various computing resources from different departments and agencies into a manageable format. Therefore making a connected government is a reality. IT auditing in public cloud can have different focus based on different service models- Infrastructure as a Service (IaaS) and Software as a Service (SaaS). 6.1 IaaS Infrastructure as a Service (IaaS) is a popular service model that provides computing resources to cloud users. So that they can utilize operating systems and run their applications on top of it. It can also be used as a archive or as a storage medium. In IT auditing, location, geopolitics, data owner and regulatory issues are not virtualized. The checklist of Public cloud emphasize on the following issues Cloud IT Technique Rationale: IT auditing techniques need to refine to reflect the change. IT auditing is challenging toward public cloud because the IT infrastructure offered by the third party may not provide direct access to the agreement auditors. What: The techniques should include wired and wireless connection, database, data center, cloud operating system like VMware, hardware dependencies. How: IT auditors must verify the agreement with the help of third party cloud provider. They should know how far it can go and test and what kind of tools it can use. Data ownership aware Rationale: Data owner in public cloud is always a issue between providers and users. Cloud users can assume that

4 78 they are the owners of their data. This assumption should be presented in an agreement format. When it comes to move data out of the cloud, cloud users should know if data are destroyed completely and how. No backup should be there when data is supposed to destroy. What: The agreement clearly states on data ownership on data life cycle. It also included the data destroy and verification process. How: It is necessary to discuss with cloud coordinators about the data ownership and data life cycle management. Data Protection Plan and Best Practice Rationale: Clearly defined data protection plan as the part of data life cycle is important part of agreement among all parties, users, providers and affected. In addition to written agreement, actual practice is also important to data protection. What: Data protection plan should include clear procedure and practice in each phase of data life cycle such as collection, storage, transferring and destruction. How: Auditors must be able to differentiate between essential and non-essential data. IT auditors must advise various controls for every phase of data life cycle. Data Processing Isolation Rationale: Data can also be leaked during the data processing in a shared cloud environment. In order to isolate data processing we have to check that no other applications can access the data during the processing. What: Clear procedure should be applied to make sure data processing does not leak data. How: IT auditors must read the document in written but also follow certain procedures. Cloud Disaster Recovery Plan Rationale: Cloud disaster recovery plan play an important for the business recovery from any disaster. What: Cloud disaster recovery plan must include how to get crucial data back. So it must contain disaster recovery plan from cloud providers. How: IT administrators must do proper documentation and checked if it is being properly tested and updated. Cloud Business Continuity Rationale: Business continuity manages damage minimization. It should include business continuity plans of cloud providers with its own business continuity plan. What: Cloud business continuity should include all the documentation from inside and outside. How: IT administrators should provide proper documentation. They should test business continuity plan. Overall IT Projects Cost Rationale: Actual cost structure using public cloud should be known and how much it saves as compared to traditional IT model.[5] 6.2 SaaS It is a popular cloud service model in which many checklist items are similar to those from IaaS. Data Activity Surrender Rationale: SaaS providers should kept data within the national boundaries so that government agencies can access them when needed. It must keep all the customer data that can be accessed under court order. So SaaS users must be aware if there is a possibility that can avoid the cases of intrusion. How: IT auditors should be able to understand the local law and regulation on data service providers such as phone records, utility bills, etc. They should ask about what kind of information cloud providers keep. This documented policy should be properly viewed on site. Data Format Rationale: If freely available readers like adobe, work, open office and notepad can read the data, SaaS users can avoid pay extra software usage. What: It must check available data format from the software service. How: Auditors should check if these format can be accessed by general reader applications. They should talk to users to find out reasons that specific format being used or not used. Disaster Recovery and Continuity Plan Rationale: Disaster recovery plan must follow the procedure like public cloud. The IT team and management should work together to change the existing disaster plan to fit the cloud scenario. What: The plan should include data different location backup. It should also include how to get crucial data back and how quickly. How: IT administrators should properly check the documentation. 7. CONCLUDING REMARKS: SHAPING OPPORTUNITY In this paper, we have defined a framework of checklist of IT auditing cloud computing that assure the secure cloud computing. It focuses more on Cloud rather than emphasizing on the complete list of IT Auditing for secure Cloud computing. IT auditors whether internal or external should pertain the basic requirements for IT auditing.

5 79 The checklist of the IT auditing also references to those who want to step into cloud computing wave and a questionnaire to answer if cloud computing is good for the current business applications in long run. PaaS service model is an important aspect for the future work as feasibility for PaaS business model is still going on. The future of cloud computing is expected to see many technological advancements for changing the world. It uses applications which will extract entire potential of the cloud which can be known only when it is used with Internet that has higher bandwidth rates and can be accessed at faster speeds. It is because many public places like educational institutions now have wireless internet facilitating hotspots. The Cloud computing future also shows that the extra overhead of client s computer to maintain the software will be negligible. Because there is no requirement to install the software application on their computer. So there will no need for the end user to emphasize on any type of maintenance issues. The clouds, different services, and various service-oriented architectures are technologies that will be necessary for twentyfirst-century corporations successfully to navigate the changes that they now face. The use of cloud hosting services will began either as an alternative to self-hosting, or as an alternative to other current day third party hosting arrangements will began. The companies that require the implementation results and management of a service-oriented architecture will have to re-architect the current platforms to leverage/implement cloud computing and the possible need to formalize the way the policy is used to manage IT platforms within and across service grid boundaries. Future of cloud computing guarantees that with the reduced usage of hardware, the probability of entry of viruses in the system will be very less since everything will be operated over the network and using web browser. It shows scope in many areas fields which requires high bandwidth internet and need larger storage space like medicine, education and space, which might be difficult if the system does not use cloud computing. Cloud computing cuts down the cost and risks of having storage area and also can have the data stored readily with backup which does not have to be done manually. REFERENCES [1] NIST Definition of Cloud Computing v15, accessed on 4/15/2010, cloud-def-v15.doc [2] Will Forrest, Clearing the Air on Cloud Computing, Discussion Document from McKinsey and Company, March [3] Luis M. Vaquero, et al., A. Breaks in the Clouds: Toward the Definitions, ACM SIGCOMM Computer Communication Review, V39 No1, January, 2009, pp [4] FISMA: pdf [5] Gramm-Leach-Bliley Act (GLBA, the Financial Management.

Secure Cloud by IT Auditing

Secure Cloud by IT Auditing Vol.1, Issue.2, pp-332-337 ISSN: 2249-6645 Secure Cloud by IT Auditing CHIPURUPALLI SEKHAR 1, U. NANAJI 2 1 (Department of CSE, St.Theresa Institute of Engg. & Technology, Garividi, Vizayanagaram, (A.P.),

More information

Investigation of IT Auditing and Checklist Generation Approach to Assure a Secure Cloud Computing Framework

Investigation of IT Auditing and Checklist Generation Approach to Assure a Secure Cloud Computing Framework Investigation of IT Auditing and Checklist Generation Approach to Assure a Secure Cloud Computing Framework Rajni Maheshwari M.Tech (Computer) College of Engineering, Bharati Vidyapeeth Deemed University

More information

How cloud computing can transform your business landscape

How cloud computing can transform your business landscape How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages Ivan Zapevalov 2 Outline What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages 3 What is cloud computing? 4 What is cloud computing? Cloud computing is the

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

How cloud computing can transform your business landscape.

How cloud computing can transform your business landscape. How cloud computing can transform your business landscape. This whitepaper will help you understand the ways cloud computing can benefit your business. Introduction It seems like everyone is talking about

More information

BUSINESS MANAGEMENT SUPPORT

BUSINESS MANAGEMENT SUPPORT BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

20 th Year of Publication. A monthly publication from South Indian Bank. www.sib.co.in

20 th Year of Publication. A monthly publication from South Indian Bank. www.sib.co.in To kindle interest in economic affairs... To empower the student community... Open YAccess www.sib.co.in ho2099@sib.co.in A monthly publication from South Indian Bank 20 th Year of Publication Experience

More information

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service Cloud Computing Although cloud computing is quite a recent term, elements of the concept have been around for years. It is the maturation of Internet. Cloud Computing is the fine end result of a long chain;

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

Presented by Mike Jennings President BEI

Presented by Mike Jennings President BEI Presented by Mike Jennings President BEI Cloud Computing Defined Benefits of Cloud Computing Risks of Cloud Computing When and How to Utilize Cloud Computing Recommendations 2 Cloud Computing Defined 3

More information

NCTA Cloud Architecture

NCTA Cloud Architecture NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,

More information

EDC Collaboration White Paper Cloud Companion SM IT Services Delivery Transformation

EDC Collaboration White Paper Cloud Companion SM IT Services Delivery Transformation EDC Collaboration IT Delivery Transformation By W. Fred Rowell Vice President and Chief Technology Officer Companion Data, LLC IT Delivery Transformation Contents Introduction... 1 Cloud DNA... 1 Through

More information

Contents. What is Cloud Computing? Why Cloud computing? Cloud Anatomy Cloud computing technology Cloud computing products and market

Contents. What is Cloud Computing? Why Cloud computing? Cloud Anatomy Cloud computing technology Cloud computing products and market Cloud Computing Contents What is Cloud Computing? Why Cloud computing? Cloud Anatomy Cloud computing technology Cloud computing products and market What is Cloud Computing? Definitions: Cloud computing

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Cloud Computing. Bringing the Cloud into Focus

Cloud Computing. Bringing the Cloud into Focus Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

Cloud Computing. Karan Saxena * & Kritika Agarwal**

Cloud Computing. Karan Saxena * & Kritika Agarwal** Page29 Cloud Computing Karan Saxena * & Kritika Agarwal** *Student, Sir M. Visvesvaraya Institute of Technology **Student, Dayananda Sagar College of Engineering ABSTRACT: This document contains basic

More information

Fundamental Concepts and Models

Fundamental Concepts and Models Chapter 4: Fundamental Concepts and Models Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

6 Cloud computing overview

6 Cloud computing overview 6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

CLOUD COMPUTING IN HIGHER EDUCATION

CLOUD COMPUTING IN HIGHER EDUCATION Mr Dinesh G Umale Saraswati College,Shegaon (Department of MCA) CLOUD COMPUTING IN HIGHER EDUCATION Abstract Technology has grown rapidly with scientific advancement over the world in recent decades. Therefore,

More information

CLOUD COMPUTING INTRODUCTION HISTORY

CLOUD COMPUTING INTRODUCTION HISTORY 1 CLOUD COMPUTING INTRODUCTION 1. Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

Electronic Records Storage Options and Overview

Electronic Records Storage Options and Overview Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for

More information

1 Introduction. 2 What is Cloud Computing?

1 Introduction. 2 What is Cloud Computing? 1 Introduction Table of Contents 1 Introduction 2 What is Cloud Computing? 3 Why is Cloud Computing important? 4 Why Cloud deployments fail? 5 Holistic Approach to cloud computing implementation 6 Conclusion

More information

How to Turn the Promise of the Cloud into an Operational Reality

How to Turn the Promise of the Cloud into an Operational Reality TecTakes Value Insight How to Turn the Promise of the Cloud into an Operational Reality By David Talbott The Lure of the Cloud In recent years, there has been a great deal of discussion about cloud computing

More information

Understanding The Cloud

Understanding The Cloud Understanding The Cloud Benefits and Considerations for Fund Managers Backstop Solutions Group www.backstopsolutions.com Executive Summary Today, cloud computing pervades nearly every aspect of our digital

More information

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com IJCSIT, Volume 1, Issue 5 (October, 2014) e-issn: 1694-2329 p-issn: 1694-2345 A STUDY OF CLOUD COMPUTING MODELS AND ITS FUTURE Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India

More information

A STUDY OF OPEN INNOVATION IN CLOUD COMPUTING

A STUDY OF OPEN INNOVATION IN CLOUD COMPUTING A STUDY OF OPEN INNOVATION IN CLOUD COMPUTING Grozdalina Grozeva 1, Yordan Dimitrov 2 1 Department of Management, Technical University, Bulgaria, E-mail: grozeva77@abv.bg 2 Department of Management, Technical

More information

Architectural Implications of Cloud Computing

Architectural Implications of Cloud Computing Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

custom hosting for how you do business

custom hosting for how you do business custom hosting for how you do business 24775 League Island Boulevard Philadelphia PA 19112 gibraltarit.com 866.410.4427 Gibraltar s replicated cloud architecture and PCI/HIPAA compliant data centers provide

More information

Certified Cloud Computing Professional Sample Material

Certified Cloud Computing Professional Sample Material Certified Cloud Computing Professional Sample Material 1. INTRODUCTION Let us get flashback of few years back. Suppose you have some important files in a system at home but, you are away from your home.

More information

Grid Computing Vs. Cloud Computing

Grid Computing Vs. Cloud Computing International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 3, Number 6 (2013), pp. 577-582 International Research Publications House http://www. irphouse.com /ijict.htm Grid

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE H.Madhusudhana Rao* Md. Rahmathulla** Dr. B Rambhupal Reddy*** Abstract: This paper targets on the productivity of cloud computing technology in healthcare

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

TECHNOLOGY GUIDE THREE. Emerging Types of Enterprise Computing

TECHNOLOGY GUIDE THREE. Emerging Types of Enterprise Computing TECHNOLOGY GUIDE THREE Emerging Types of Enterprise Computing TECHNOLOGY GU IDE OUTLINE TG3.1 Introduction TG3.2 Server Farms TG3.3 Virtualization TG3.4 Grid Computing TG3.5 Utility Computing TG3.6 Cloud

More information

EDC COLLABORATION WHITE PAPER Cloud Computing IT Services Delivery Transformation

EDC COLLABORATION WHITE PAPER Cloud Computing IT Services Delivery Transformation EDC COLLABORATION WHITE PAPER Cloud Computing IT Delivery Transformation By W. Fred Rowell Vice President and Chief Technology Officer Companion Data, LLC APRIL, 2011 Table of Contents and List of Figures

More information

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

GETTING THE MOST FROM THE CLOUD. A White Paper presented by GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are

More information

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Cloud Computing 159.735 Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Table of Contents Introduction... 3 What is Cloud Computing?... 3 Key Characteristics...

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Cloud Computing Paradigm Shift. Jan Šedivý

Cloud Computing Paradigm Shift. Jan Šedivý Cloud Computing Paradigm Shift Jan Šedivý Business expectations Improving business processes Reducing enterprise costs Increasing the use of information/analytics Improving enterprise workforce effectiveness

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Where in the Cloud are You? Session 17032 Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Where in the Cloud are You? Session 17032 Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle) Where in the Cloud are You? Session 17032 Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle) Abstract The goal of this session is to understanding what is meant when we say Where in the

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Robert Bohn, PhD Advanced Network Technologies Division Cloud FS Americas 2015 New York,

More information

Credit Unions and The Cloud. By: Chris Sachse

Credit Unions and The Cloud. By: Chris Sachse Credit Unions and The Cloud By: Chris Sachse Agenda! Introduction.! Definition of the cloud.! Discuss cloud popularity.! Look at the use of the cloud.! Discuss cloud management.! Discuss cloud security.!

More information

CLOUD COMPUTING SECURITY ISSUES

CLOUD COMPUTING SECURITY ISSUES CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights

More information

Leveraging Technology New Horizons Computer Learning Center of Memphis

Leveraging Technology New Horizons Computer Learning Center of Memphis New Horizons Computer Learning Center of Memphis Presents Leveraging Technology Presenter: Charles B. Watkins, Sr. Technical Instructor New Horizons Computer Learning Center of Memphis About Me: Agenda:

More information

FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS

FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS International Journal of Computer Engineering and Applications, Volume VIII, Issue II, November 14 FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS Saju Mathew 1, Dr.

More information

Cloud Computing: The Next Computing Paradigm

Cloud Computing: The Next Computing Paradigm Cloud Computing: The Next Computing Paradigm Ronnie D. Caytiles 1, Sunguk Lee and Byungjoo Park 1 * 1 Department of Multimedia Engineering, Hannam University 133 Ojeongdong, Daeduk-gu, Daejeon, Korea rdcaytiles@gmail.com,

More information

ANALYSIS OF CLOUD VENDORS IN INDIAN ENVIORNMENT

ANALYSIS OF CLOUD VENDORS IN INDIAN ENVIORNMENT ANALYSIS OF CLOUD VENDORS IN INDIAN ENVIORNMENT Mrs. Jeena Thomas Asst. Professor, Department of Computer Science St.Joseph s College of Engineering & Technology, Palai, Kerala,(India) ABSTRACT Grid Computing

More information

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar Cloud Computing Guide & Handbook SAI USA Madhav Panwar Background 2010 WGITA approved the cloud computing project with SAI USA as lead and Canada & India as members 2011 A status report was presented and

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

Cloud Computing. Following the American Psychological Association s Guidelines. Dustin Self. The University of North Texas

Cloud Computing. Following the American Psychological Association s Guidelines. Dustin Self. The University of North Texas Running Head: CLOUD COMPUTING 1 Cloud Computing Following the American Psychological Association s Guidelines Dustin Self The University of North Texas 2 Cloud Computing by Dustin Self ABSTRACT According

More information

The Cloud. IIA Seminar, York April 30 th 2015. www.bakertilly.co.uk

The Cloud. IIA Seminar, York April 30 th 2015. www.bakertilly.co.uk The Cloud IIA Seminar, York April 30 th 2015 www.bakertilly.co.uk Introduction David Morris Technology Services Director with Baker Tilly Qualified Internal Auditor Based in Manchester Baker Tilly is an

More information

CLOUD COMPUTING. A Primer

CLOUD COMPUTING. A Primer CLOUD COMPUTING A Primer A Mix of Voices The incredible shrinking CIO CIO Magazine, 2004 IT Doesn t Matter, The cloud will ship service outside the institution and ship power from central IT groups to

More information

CLOUD COMPUTING. Keywords: Cloud Computing, Data Centers, Utility Computing, Virtualization, IAAS, PAAS, SAAS.

CLOUD COMPUTING. Keywords: Cloud Computing, Data Centers, Utility Computing, Virtualization, IAAS, PAAS, SAAS. CLOUD COMPUTING Mr. Dhananjay Kakade CSIT, CHINCHWAD, Mr Giridhar Gundre CSIT College Chinchwad Abstract: Cloud computing is a technology that uses the internet and central remote servers to maintain data

More information

CLOUD COMPUTING OVERVIEW

CLOUD COMPUTING OVERVIEW CLOUD COMPUTING OVERVIEW http://www.tutorialspoint.com/cloud_computing/cloud_computing_overview.htm Copyright tutorialspoint.com Cloud Computing provides us a means by which we can access the applications

More information

Cloud Computing - Advantages and Disadvantages

Cloud Computing - Advantages and Disadvantages Could Computing: Concepts and Cost Considerations Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC arlene.minkiewicz@pricesystems.com Optimize tomorrow today. 1 If computers of the kind I have advocated

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

EXIN Cloud Computing Foundation

EXIN Cloud Computing Foundation Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

Cloud Computing Services

Cloud Computing Services Cloud Computing Services Thinking About Moving to the Cloud? How you get to the cloud is as important as being there, because being in the cloud isn t enough. Your access needs to be synced with your overall

More information

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

Cloud computing: the state of the art and challenges. Jānis Kampars Riga Technical University

Cloud computing: the state of the art and challenges. Jānis Kampars Riga Technical University Cloud computing: the state of the art and challenges Jānis Kampars Riga Technical University Presentation structure Enabling technologies Cloud computing defined Dealing with load in cloud computing Service

More information

Prof. Luiz Fernando Bittencourt MO809L. Tópicos em Sistemas Distribuídos 1 semestre, 2015

Prof. Luiz Fernando Bittencourt MO809L. Tópicos em Sistemas Distribuídos 1 semestre, 2015 MO809L Tópicos em Sistemas Distribuídos 1 semestre, 2015 Introduction to Cloud Computing IT Challenges 70% of the budget to keep IT running, 30% available to create new value that needs to be inverted

More information

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:

More information

Cloud Computing - Architecture, Applications and Advantages

Cloud Computing - Architecture, Applications and Advantages Cloud Computing - Architecture, Applications and Advantages 1 Arun Mani Tripathi 2 Rizwan Beg NIELIT Ministry of C&I.T., Govt. of India 2 Prof. and Head, Department 1 of Computer science and Engineering,Integral

More information

Research Paper Available online at: www.ijarcsse.com A COMPARATIVE STUDY OF CLOUD COMPUTING SERVICE PROVIDERS

Research Paper Available online at: www.ijarcsse.com A COMPARATIVE STUDY OF CLOUD COMPUTING SERVICE PROVIDERS Volume 2, Issue 2, February 2012 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: A COMPARATIVE STUDY OF CLOUD

More information

DEFINING CLOUD COMPUTING: AN ATTEMPT AT GIVING THE CLOUD AN IDENTITY. adnan_khalid56@hotmail.com

DEFINING CLOUD COMPUTING: AN ATTEMPT AT GIVING THE CLOUD AN IDENTITY. adnan_khalid56@hotmail.com DEFINING CLOUD COMPUTING: AN ATTEMPT AT GIVING THE CLOUD AN IDENTITY Adnan Khalid* a,dr. Muhammad Shahbaz b, Dr. Athar Masood c d Department of Computer Science, Government College University Lahore, Pakistan,

More information

High Performance Computing Cloud Computing. Dr. Rami YARED

High Performance Computing Cloud Computing. Dr. Rami YARED High Performance Computing Cloud Computing Dr. Rami YARED Outline High Performance Computing Parallel Computing Cloud Computing Definitions Advantages and drawbacks Cloud Computing vs Grid Computing Outline

More information

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services Ronnie D. Caytiles and Byungjoo Park * Department of Multimedia Engineering, Hannam University

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information

Student's Awareness of Cloud Computing: Case Study Faculty of Engineering at Aden University, Yemen

Student's Awareness of Cloud Computing: Case Study Faculty of Engineering at Aden University, Yemen Student's Awareness of Cloud Computing: Case Study Faculty of Engineering at Aden University, Yemen Samah Sadeq Ahmed Bagish Department of Information Technology, Faculty of Engineering, Aden University,

More information

Enterprise Governance and Planning

Enterprise Governance and Planning GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15,

More information

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Wikipedia defines cloud computing as Internet-based computing, whereby shared

More information