Information Security Guideline: Cloud Computing Services. Information Security and Privacy Committee Draft version 8/1/2012
|
|
- Charleen Claribel Blair
- 8 years ago
- Views:
Transcription
1 Information Security Guideline: Cloud Computing Services Information Security and Privacy Committee Draft version 8/1/2012
2 Table of Contents Introduction... 1 Purpose... 2 Scope... 2 Risks and Concerns Associated with Cloud Computing... 2 Guidelines for Using Cloud Computing Services at BYU... 3 Related Documents... 4 Appendix A... 5 i
3 Introduction Although use of third party computing services over the internet is not new, it has evolved into a category of computing now referred to as cloud computing. The United States National Institute of Standards and Technology defines cloud computing as: a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. 1 Cloud computing services (CCS) are often categorized as software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS), and are sometimes referred to as hosted applications, storage, or computing. See Appendix A for a taxonomy of cloud services and available solutions. Moreover, the definition and limits of the term cloud computing appear to be still evolving. Potential advantages of using cloud computing services include on-demand access to storage, potentially improved service capabilities, reduced cost of IT ownership, collaboration with individuals from anywhere across the globe, and access to a suite of applications and features that would normally require significant time and investment to develop. Examples of cloud computing services currently used by the university for both administrative and academic purposes include: university course management (Blackboard), , calendaring, and file storage such as those provided by Google, Microsoft, Yahoo, Dropbox, and others, backup services, travel management services, social media applications (Facebook, Blogspot), credit card processing, and web hosting. It is anticipated that use of CCS will continue to grow at the university. While there appears to be a tremendous upside potential to the use of CCS, there are also some significant business risks that need to be understood and managed when considering an IT service strategy involving CCS. Understanding these risks will help to assure that university business objectives involving IT services will continue to be achieved over time and the university will be in compliance with applicable laws, regulations, and contracts. 1 Mell, Peter; Timothy Grance; US National Institute of Standards and Technology (NIST) Special Publication (SP) (Draft), The NIST Definition of Cloud Computing, NIST, USA,
4 Purpose The purpose of this guideline is to help create awareness and understanding to the campus community of the specific business risks and concerns related to using CCSs and to provide guidelines for acquiring and using CCSs to help ensure the university is protected from financial loss or reputational harm. Scope This guideline applies to all administrative and academic units that are currently using or are considering the use of CCSs to store confidential or restricted university information 2 or to perform a critical 3 business process or service. This guideline is not intended to address academic use of CCSs for teaching and learning purposes. Guidance for this topic is discussed in Academic Use of Cloud Computing Services (currently under development). Risks and Concerns Associated with Cloud Computing The cloud computing model introduces some new business risks and concerns associated with management of information and IT services. These risks primarily stem from moving information services provisioned in house by the university to third party providers. Use of third party services fundamentally means loss of full control over data and IT service delivery processes and placing greater reliance on a third party service provider to assure the following information objectives continue to be met: availability, accessibility, confidentiality, and regulatory compliance. Availability of the data or service to conduct university business. If the service involves key business processes that are critical to operations, the service provider should demonstrate its ability to maintain business continuity and deliver services with minimal disruption and to ensure that the data is properly backed up. This should be specified in a service level agreement or contract with the service provider. Accessibility to the data or service. Should the CCS provider no longer be able to provide further service, provisions should be in place to ensure the university will be able to recover the data. 2 Confidential information is non-public sensitive information whose access must be protected due to proprietary, ethical, or privacy considerations. This classification applies even though there may not be a civil statute requiring this protection. (Examples: Date of Birth, Ethnicity, Donor Contact Information, Contracts). Restricted information is non-public sensitive information protected and/or regulated by statutes, policies, or regulations. It may also represent information for which an Information Trustee has exercised his or her right to restrict access. (Examples: Student Academic Record (FERPA), non-directory information, Social Security Number, Credit Card Number, Personal Health Information, Driver s License Number) (see Information Classification procedure at policy.byu.edu) 3 Critical information or services are those where not having access to the information when expected or where an unrecoverable loss of information occurs, would create a significant operational hardship or financial loss to the university. 2
5 Confidentiality of university information. The CCS provider must be able to ensure university information remains confidential. Information should be protected in accordance with university security policies and procedures and privacy laws such as FERPA, HIPAA, Gramm- Leach-Bliley Act (GLB), etc. CCS providers may not have adequate identity and access - management controls. With more sophisticated applications now available that provide access by enterprise users, partners, and clients; highly granular, least privilege-based user access tools are required. Compliance with laws and regulations In addition to the various data privacy laws described above, other laws and regulations may apply to information pertaining to nuclear materials, chemicals, bio hazards, and federal research. For example, if the university has information that is subject to federal export controls, the service provider must be prohibited from storing such information at sites located in other countries. Legal concerns. Several legal concerns are associated with the use of cloud computing. A cloud computing relationship is governed by contract law. Disputes over the terms of the contract could be costly and lengthy to resolve. Since cloud computing relationships are governed by contract, several items need to be considered prior to entering into any contract or agreement to use cloud computing services. These include, but are not limited to Data Definition and Use, Data Ownership, Service Level Expectations and Performance Metrics, General Data Protection Terms (FERPA, HIPAA, PCI, etc.), Compliance with Legal and Regulatory Requirements, and Termination of Service Terms. If a CCS provider will be storing or processing sensitive university information or delivering a critical IT service, a contract should be in place to ensure that the university is protected from liability or loss arising from data breaches or other problems with the service provider. Guidelines for Using Cloud Computing Services at BYU Acquiring Cloud Computing Services Departments wanting to acquire CCS solutions must ensure that the above concerns are addressed and that the university is not exposed to unnecessary risk or liability. Before pursuing any CCS solution, departments should first determine if any of the following conditions apply: Restricted university information will be stored or processed by the CCS provider, The information or service is critical to university operations, or Regulatory or contractual requirements exist that govern the use or protection of the information such as data privacy, export controls, or research dealing with human subjects. If any of these conditions apply, university units must follow the information security procedure Acquiring Cloud Computing Services. This procedure will guide departments through the CCS acquisition process and ensure a proper university contract exists with the CCS provider. 3
6 If none of the above conditions apply, no special provisions or procedures are required; however, university units are encouraged to use the Acquiring Cloud Computing Services procedure as a best practice guide. Departments should be aware that the university provides a variety of applications and services that support instructional, administrative, and research activities by faculty, staff and students. These applications and services should be considered before moving to a CCS solution. Additionally, the university may have agreements with specific CCS vendors or offer universityhosted solutions that may meet department needs. Operational Considerations Departments may need to revise operational business practices and procedures to ensure CCSs are properly managed and will continue to meet operational objectives. The types of operational activities that need to be in place will depend largely on the sensitivity and criticality of the service as described above. Some operational considerations include Roles and responsibilities for supporting the CCS service, User support processes and procedures, Security administration, Transaction monitoring, Service performance and availability monitoring; Data backup and recovery procedures, and Business continuity plans. Additional Information For more information about using cloud computing services at the university see infosec.byu.edu or contact the university Information Security Officer. Related Documents Information Governance: Data Classification Standard (policy.byu.edu) (currently under development) Information Security Program (infosec.byu.edu) Information Security Procedure: Acquiring Cloud Computing Services (infosec.byu.edu) Security and Appropriate Use of University Information Policy (policy.byu.edu) Signing of Legal Documents (policy.byu.edu) 4
7 Appendix A This is not intended to be a comprehensive list of Cloud products and services 5
Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD
Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National
More informationEvolving Technology Issues: Cloud Computing
Evolving Technology Issues: Cloud Computing Michael Bennett October 16, 2011 2011 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP Cloud Computing Does compliance with applicable laws fall to
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationCLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
More informationØ Externally Hosted Computing Services Appropriate Use Guidelines Ø Matrix for Appropriate Use
Ø Externally Hosted Cputing Services Ø Matrix for Appropriate Use 3/31/2015 1 Externally Hosted Cputing Services This overview is intended to provide information for faculty, staff and students about the
More informationThe NIST Definition of Cloud Computing (Draft)
Special Publication 800-145 (Draft) The NIST Definition of Cloud Computing (Draft) Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationCloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationDigital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics
Digital Forensics Lab 10: Cloud Computing & the Future of Digital Forensics Today's Topics Cloud Computing Overview Applications of Cloud Computing Impact of CC to Digital Forensics Future of Digital Forensics
More informationResearch Support Council (RSC) - What Data is Sensitive and How
Research Support Council (RSC) - What Data is Sensitive and How Do We Keep it Private? John L. Baines, AD IT Policy & Compliance Tuesday, May 14, 2013 9:00 am 9:30 am Witherspoon Student Center John_Baines@ncsu.edu
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationTop 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World
Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society
More informationPerspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009
Perspectives on Moving to the Cloud Paradigm and the Need for Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 2 NIST Cloud Computing Resources NIST Draft Definition of
More informationWhy Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB
Why Private Cloud? O P E R A T I O N S V I E W Nenad BUNCIC EPFL, SI-EXHEB 1 What Exactly Is Cloud? Cloud technology definition, as per National Institute of Standards and Technology (NIST SP 800-145),
More informationThe Cloud Computing Revolution: Beyond the Hype
The Cloud Computing Revolution: Beyond the Hype KEN ADLER Partner and Chair, Technology and Outsourcing Practice Group Loeb & Loeb LLP Outsourcing in Financial Services Program October 19, 2010 Overview
More informationInformation Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University.
Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University P a g e 1 P a g e 2 Table of Contents Abstract... 3 Introduction... 3 Previous
More informationCloud Computing and the Regulatory Compliance Labyrinth
Cloud Computing and the Regulatory Compliance Labyrinth About ERM About The Speaker Nick Shuman Information Security Consultant Bachelor of Science in Computer Science and Psychology - University of Miami
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationData Privacy, Security, and Risk Management in the Cloud
Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK CLOUD SECURITY: CONTROLS AND ISSUES MR. AMIT D. CHAVHAN 1, MISS. PRANITA V. RATHOD
More informationWhat is Cloud Computing? Tackling the Challenges of Big Data. Tackling The Challenges of Big Data. Matei Zaharia. Matei Zaharia. Big Data Collection
Introduction What is Cloud Computing? Cloud computing means computing resources available on demand Resources can include storage, compute cycles, or software built on top (e.g. database as a service)
More informationCLOUD COMPUTING. A Primer
CLOUD COMPUTING A Primer A Mix of Voices The incredible shrinking CIO CIO Magazine, 2004 IT Doesn t Matter, The cloud will ship service outside the institution and ship power from central IT groups to
More informationUniversity of Alaska. Cloud Computing Guidelines
University of Alaska Cloud Computing Guidelines Guidelines for the Use of 3 rd Party or Cloud Computing Services at the University of Alaska Why is this important to me? If you manage a service and plan
More informationThe NIST Definition of Cloud Computing
Special Publication 800-145 The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication 800-145 The NIST
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationThe HIPAA Security Rule: Cloudy Skies Ahead?
The HIPAA Security Rule: Cloudy Skies Ahead? Presented and Prepared by John Kivus and Emily Moseley Wood Jackson PLLC HIPAA and the Cloud In the past several years, the cloud has become an increasingly
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine
More informationCloud Computing and its Security in Higher Education
Cloud Computing and its Security in Higher Education Samir Tout stout@emich.edu School of Technology Studies, Information Assurance Eastern Michigan University (EMU) William Sverdlik wsverdlik@emich.edu
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationInformation Technology Services Guidelines
Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization
More informationWhat Factors Determine Cloud Computing Adoption by Colleges and Universities? Bill Klug Instructor, BCIT
What Factors Determine Cloud Computing Adoption by Colleges and Universities? Bill Klug Instructor, BCIT What Will Be Presented Today? My interest in cloud computing What is cloud computing? Who did I
More informationThe Hybrid Cloud: Bringing Cloud-Based IT Services to State Government
The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government October 4, 2009 Prepared By: Robert Woolley and David Fletcher Introduction Provisioning Information Technology (IT) services to enterprises
More informationContracting for Cloud Computing
Contracting for Cloud Computing Geofrey L Master Mayer Brown JSM Partner +852 2843 4320 geofrey.master@mayerbrownjsm.com April 5th 2011 Mayer Brown is a global legal services organization comprising legal
More informationADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0
ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright
More informationCloud Computing Technology
Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationQuick guide: Using the Cloud to support your business
Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS
ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information
More informationRunning head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1
Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:
More informationPerspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory
Perspectives on Cloud Computing and Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory Caveats and Disclaimers This presentation provides education on cloud technology and its benefits
More informationCLOUD IN HEALTHCARE EXECUTIVE SUMMARY 1/21/15
CLOUD IN HEALTHCARE CURRENT STATE AND STRATEGIES THAT IMPACT THE BOTTOM LINE EXECUTIVE SUMMARY As healthcare organizations struggle with competing priorities such as HITECH/ARRA, Meaningful Use, ICD-10,
More informationEnterprise Cloud-to-Cloud Backup and Recovery:
White Paper Enterprise Cloud-to-Cloud Backup and Recovery: Data Protection for Cloud-Based Applications/Platforms Gartner predicts that more than 50% of enterprises will have some form of SaaS based application
More informationWrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors
1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance
More informationThe cloud - ULTIMATE GAME CHANGER ===========================================
The cloud - ULTIMATE GAME CHANGER =========================================== When it comes to emerging technologies, there is one word that has drawn more controversy than others: The Cloud. With cloud
More informationInformation Security Policy
Information Security Policy Introduction The purpose of the is policy is to protect Rider University information resources from accidental or intentional unauthorized access, modification, or damage and
More informationReview of Cloud Risks: What if
Review of Cloud Risks: What if Availability of Data Ownership of Data Security of Information Privacy Controls there is no way to prevent Twitter from sharing your data (like when & where you tweeted from)
More informationCloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro
Cloud definitions you've been pretending to understand Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro You keep using that word cloud. I do not think it means what you think it
More informationCLOUD TECHNOLOGY IMPLEMENTATION/SECURITY
1 CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY Torrell Griffin 2 Cloud Technology Implementation/Risk Mitigation The purpose of this report, in essence, is to define cloud technology as well as describe some
More informationCloud Computing Security Issues
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,
More informationHow To Protect Research Data From Being Compromised
University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...
More informationGAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com
GAIN CLARITY CRITICAL ISSUES Your Data in the Cloud : Benefits & Risks berrydunn.com AGENDA Defining Cloud Services Benefits and Risks Core Requirements Myths about Clouds Is Your Data in the Cloud Secure?
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationA Survey on Cloud Security Issues and Techniques
A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com
More informationCloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu
Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the
More informationPolicy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE:
Policy No: TITLE: AP-AA-17.2 Data Classification and Data Security ADMINISTERED BY: Office of Vice President for Academic Affairs PURPOSE EFFECTIVE DATE: CANCELLATION: REVIEW DATE: August 8, 2005 Fall
More informationSecurity Considerations for Public Mobile Cloud Computing
Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of
More informationPrivate & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012
Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind
More information6 Cloud computing overview
6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationCCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS
CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS CCBE guidelines on the use of cloud computing services by lawyers TABLE OF CONTENTS I. INTRODUCTION... 3 1. Scope of the guidelines...
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationStrategies for Secure Cloud Computing
WHITE PAPER Cloud Basics Strategies for Secure Cloud Computing An Introduction to Exploring the Cloud There is a lot of buzz these days about cloud computing and how it s going to revolutionize the way
More informationMaking Sense of Cloud Computing in the Public Sector. By EVA OlSAKER
Making Sense of Cloud Computing in the Public Sector By EVA OlSAKER Every other article or news clip about government Platform as a Service. PaaS allows customers to use hardware, operating systems, storage,
More informationCloud Computing and HIPAA Privacy and Security
Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &
More informationCan Law Enforcement Agencies Risk the Move to Cloud Computing Technology? Lt. Matt Morgan Sacramento County Sheriff s Department 05/2010
Can Law Enforcement Agencies Risk the Move to Cloud Computing Technology? by Lt. Matt Morgan Sacramento County Sheriff s Department 05/2010 P.O.S.T. COMMAND COLLEGE CLASS #47 Morgan 1 The Command College
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationHow To Deal With Cloud Computing
A LEGAL GUIDE TO CLOUD COMPUTING INTRODUCTION Many companies are considering implementation of cloud computing services to decrease IT costs while providing the flexibility to scale usage on demand. The
More informationSecure Cloud Computing through IT Auditing
Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationCloud Computing: The Wave of the Future
Bernice Karn Cloud Computing: The Wave of the Future June 9, 2010 What is Cloud Computing? National Institute of Standards & Technology Definition*: 5 characteristics 3 service models 4 deployment models
More informationComponent 4: Introduction to Information and Computer Science. Topic III: Cloud Computing. Distributed computing
Component 4: Introduction to Information and Computer Science Unit 10: Future of Computing Lecture 2 This material was developed by Oregon Health & Science University, funded by the Department of Health
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationMyths of Cloud Computing Business Models, Security Issues and Insights from Empirical Surveys
Myths of Cloud Computing Business Models, Security Issues and Insights from Empirical Surveys 07.02.2012 Myths of Cloud Computing Prof. Dr. Peter Buxmann 1 Agenda Cloud Computing Basics Three Myths of
More informationChapter 7: Trends in technology impacting SDLC... 2 7.1 Learning objective... 2 7.1 Introduction... 2 7.2 Technology Trends... 2 7.2.
Chapter 7: Trends in technology impacting SDLC... 2 7.1 Learning objective... 2 7.1 Introduction... 2 7.2 Technology Trends... 2 7.2.1 Virtualization... 2 Characteristics of virtualizations affecting SDLC...
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationNORTH CAROLINA DEPARTMENT OF PUBLIC INSTRUCTION. Division of Data, Research and Federal Policy July 29, 2013
NORTH CAROLINA DEPARTMENT OF PUBLIC INSTRUCTION Transmitting Private Information Electronically Best Practices Guide for Communicating Personally Identifiable Information by Email, Fax or Other Electronic
More informationData Security and Identity Management
Data Security and Identity Management Leading Change Data Pre-Conference June 16, 2014 Ed Jung Chief Technology Officer Arizona Department of Education DATA SECURITY Are you prepared Likelihood of a data
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationPrivate vs. Public Cloud Solutions
Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper
More informationSoftware as a Service (SaaS) Requirements
Introduction Software as a Service (SaaS) Requirements Software as a Service (SaaS) is a software service model where an application is hosted as a service provided to customers across the Internet. By
More informationUnified Communications and the Cloud
Unified Communications and the Cloud Abstract Much has been said of the term cloud computing and the role it will play in the communications ecosystem today. Undoubtedly it is one of the most overused
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationWeek 1 Assignment. William Slater. CYBR 615 Cybersecurity Governance and Compliance. Bellevue University
The Roles of the Internal Audit Team in Cloud Computing 1 Week 1 Assignment William Slater CYBR 615 Cybersecurity Governance and Compliance Bellevue University The Roles of the Internal Audit Team in Cloud
More informationCLOUD COMPUTING TECHNOLOGY INFRASTRUCTURE TO SUPPORT THE KNOWLEDGE MANAGEMENT PROCESS (A CASE STUDY APPROACH)
CLOUD COMPUTING TECHNOLOGY INFRASTRUCTURE TO SUPPORT THE KNOWLEDGE MANAGEMENT PROCESS (A CASE STUDY APPROACH) RATNA SARI, YOHANNES KURNIAWAN Bina Nusantara University, Department of Information Systems,
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges
More informationHow To Understand Cloud Computing
CLOUD COMPUTING Jillian Raw Partner, Kennedys http://www.kennedys-law.com/jraw/ Cloud Computing- what they say about it the cloud will transform the information technology industry profoundly change the
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationCloud Computing. Karan Saxena * & Kritika Agarwal**
Page29 Cloud Computing Karan Saxena * & Kritika Agarwal** *Student, Sir M. Visvesvaraya Institute of Technology **Student, Dayananda Sagar College of Engineering ABSTRACT: This document contains basic
More information