Information Security Guideline: Cloud Computing Services. Information Security and Privacy Committee Draft version 8/1/2012

Size: px
Start display at page:

Download "Information Security Guideline: Cloud Computing Services. Information Security and Privacy Committee Draft version 8/1/2012"

Transcription

1 Information Security Guideline: Cloud Computing Services Information Security and Privacy Committee Draft version 8/1/2012

2 Table of Contents Introduction... 1 Purpose... 2 Scope... 2 Risks and Concerns Associated with Cloud Computing... 2 Guidelines for Using Cloud Computing Services at BYU... 3 Related Documents... 4 Appendix A... 5 i

3 Introduction Although use of third party computing services over the internet is not new, it has evolved into a category of computing now referred to as cloud computing. The United States National Institute of Standards and Technology defines cloud computing as: a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. 1 Cloud computing services (CCS) are often categorized as software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS), and are sometimes referred to as hosted applications, storage, or computing. See Appendix A for a taxonomy of cloud services and available solutions. Moreover, the definition and limits of the term cloud computing appear to be still evolving. Potential advantages of using cloud computing services include on-demand access to storage, potentially improved service capabilities, reduced cost of IT ownership, collaboration with individuals from anywhere across the globe, and access to a suite of applications and features that would normally require significant time and investment to develop. Examples of cloud computing services currently used by the university for both administrative and academic purposes include: university course management (Blackboard), , calendaring, and file storage such as those provided by Google, Microsoft, Yahoo, Dropbox, and others, backup services, travel management services, social media applications (Facebook, Blogspot), credit card processing, and web hosting. It is anticipated that use of CCS will continue to grow at the university. While there appears to be a tremendous upside potential to the use of CCS, there are also some significant business risks that need to be understood and managed when considering an IT service strategy involving CCS. Understanding these risks will help to assure that university business objectives involving IT services will continue to be achieved over time and the university will be in compliance with applicable laws, regulations, and contracts. 1 Mell, Peter; Timothy Grance; US National Institute of Standards and Technology (NIST) Special Publication (SP) (Draft), The NIST Definition of Cloud Computing, NIST, USA,

4 Purpose The purpose of this guideline is to help create awareness and understanding to the campus community of the specific business risks and concerns related to using CCSs and to provide guidelines for acquiring and using CCSs to help ensure the university is protected from financial loss or reputational harm. Scope This guideline applies to all administrative and academic units that are currently using or are considering the use of CCSs to store confidential or restricted university information 2 or to perform a critical 3 business process or service. This guideline is not intended to address academic use of CCSs for teaching and learning purposes. Guidance for this topic is discussed in Academic Use of Cloud Computing Services (currently under development). Risks and Concerns Associated with Cloud Computing The cloud computing model introduces some new business risks and concerns associated with management of information and IT services. These risks primarily stem from moving information services provisioned in house by the university to third party providers. Use of third party services fundamentally means loss of full control over data and IT service delivery processes and placing greater reliance on a third party service provider to assure the following information objectives continue to be met: availability, accessibility, confidentiality, and regulatory compliance. Availability of the data or service to conduct university business. If the service involves key business processes that are critical to operations, the service provider should demonstrate its ability to maintain business continuity and deliver services with minimal disruption and to ensure that the data is properly backed up. This should be specified in a service level agreement or contract with the service provider. Accessibility to the data or service. Should the CCS provider no longer be able to provide further service, provisions should be in place to ensure the university will be able to recover the data. 2 Confidential information is non-public sensitive information whose access must be protected due to proprietary, ethical, or privacy considerations. This classification applies even though there may not be a civil statute requiring this protection. (Examples: Date of Birth, Ethnicity, Donor Contact Information, Contracts). Restricted information is non-public sensitive information protected and/or regulated by statutes, policies, or regulations. It may also represent information for which an Information Trustee has exercised his or her right to restrict access. (Examples: Student Academic Record (FERPA), non-directory information, Social Security Number, Credit Card Number, Personal Health Information, Driver s License Number) (see Information Classification procedure at policy.byu.edu) 3 Critical information or services are those where not having access to the information when expected or where an unrecoverable loss of information occurs, would create a significant operational hardship or financial loss to the university. 2

5 Confidentiality of university information. The CCS provider must be able to ensure university information remains confidential. Information should be protected in accordance with university security policies and procedures and privacy laws such as FERPA, HIPAA, Gramm- Leach-Bliley Act (GLB), etc. CCS providers may not have adequate identity and access - management controls. With more sophisticated applications now available that provide access by enterprise users, partners, and clients; highly granular, least privilege-based user access tools are required. Compliance with laws and regulations In addition to the various data privacy laws described above, other laws and regulations may apply to information pertaining to nuclear materials, chemicals, bio hazards, and federal research. For example, if the university has information that is subject to federal export controls, the service provider must be prohibited from storing such information at sites located in other countries. Legal concerns. Several legal concerns are associated with the use of cloud computing. A cloud computing relationship is governed by contract law. Disputes over the terms of the contract could be costly and lengthy to resolve. Since cloud computing relationships are governed by contract, several items need to be considered prior to entering into any contract or agreement to use cloud computing services. These include, but are not limited to Data Definition and Use, Data Ownership, Service Level Expectations and Performance Metrics, General Data Protection Terms (FERPA, HIPAA, PCI, etc.), Compliance with Legal and Regulatory Requirements, and Termination of Service Terms. If a CCS provider will be storing or processing sensitive university information or delivering a critical IT service, a contract should be in place to ensure that the university is protected from liability or loss arising from data breaches or other problems with the service provider. Guidelines for Using Cloud Computing Services at BYU Acquiring Cloud Computing Services Departments wanting to acquire CCS solutions must ensure that the above concerns are addressed and that the university is not exposed to unnecessary risk or liability. Before pursuing any CCS solution, departments should first determine if any of the following conditions apply: Restricted university information will be stored or processed by the CCS provider, The information or service is critical to university operations, or Regulatory or contractual requirements exist that govern the use or protection of the information such as data privacy, export controls, or research dealing with human subjects. If any of these conditions apply, university units must follow the information security procedure Acquiring Cloud Computing Services. This procedure will guide departments through the CCS acquisition process and ensure a proper university contract exists with the CCS provider. 3

6 If none of the above conditions apply, no special provisions or procedures are required; however, university units are encouraged to use the Acquiring Cloud Computing Services procedure as a best practice guide. Departments should be aware that the university provides a variety of applications and services that support instructional, administrative, and research activities by faculty, staff and students. These applications and services should be considered before moving to a CCS solution. Additionally, the university may have agreements with specific CCS vendors or offer universityhosted solutions that may meet department needs. Operational Considerations Departments may need to revise operational business practices and procedures to ensure CCSs are properly managed and will continue to meet operational objectives. The types of operational activities that need to be in place will depend largely on the sensitivity and criticality of the service as described above. Some operational considerations include Roles and responsibilities for supporting the CCS service, User support processes and procedures, Security administration, Transaction monitoring, Service performance and availability monitoring; Data backup and recovery procedures, and Business continuity plans. Additional Information For more information about using cloud computing services at the university see infosec.byu.edu or contact the university Information Security Officer. Related Documents Information Governance: Data Classification Standard (policy.byu.edu) (currently under development) Information Security Program (infosec.byu.edu) Information Security Procedure: Acquiring Cloud Computing Services (infosec.byu.edu) Security and Appropriate Use of University Information Policy (policy.byu.edu) Signing of Legal Documents (policy.byu.edu) 4

7 Appendix A This is not intended to be a comprehensive list of Cloud products and services 5

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Evolving Technology Issues: Cloud Computing

Evolving Technology Issues: Cloud Computing Evolving Technology Issues: Cloud Computing Michael Bennett October 16, 2011 2011 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP Cloud Computing Does compliance with applicable laws fall to

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013 CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street

More information

Ø Externally Hosted Computing Services Appropriate Use Guidelines Ø Matrix for Appropriate Use

Ø Externally Hosted Computing Services Appropriate Use Guidelines Ø Matrix for Appropriate Use Ø Externally Hosted Cputing Services Ø Matrix for Appropriate Use 3/31/2015 1 Externally Hosted Cputing Services This overview is intended to provide information for faculty, staff and students about the

More information

The NIST Definition of Cloud Computing (Draft)

The NIST Definition of Cloud Computing (Draft) Special Publication 800-145 (Draft) The NIST Definition of Cloud Computing (Draft) Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

Digital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics

Digital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics Digital Forensics Lab 10: Cloud Computing & the Future of Digital Forensics Today's Topics Cloud Computing Overview Applications of Cloud Computing Impact of CC to Digital Forensics Future of Digital Forensics

More information

Research Support Council (RSC) - What Data is Sensitive and How

Research Support Council (RSC) - What Data is Sensitive and How Research Support Council (RSC) - What Data is Sensitive and How Do We Keep it Private? John L. Baines, AD IT Policy & Compliance Tuesday, May 14, 2013 9:00 am 9:30 am Witherspoon Student Center John_Baines@ncsu.edu

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society

More information

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 Perspectives on Moving to the Cloud Paradigm and the Need for Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 2 NIST Cloud Computing Resources NIST Draft Definition of

More information

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB Why Private Cloud? O P E R A T I O N S V I E W Nenad BUNCIC EPFL, SI-EXHEB 1 What Exactly Is Cloud? Cloud technology definition, as per National Institute of Standards and Technology (NIST SP 800-145),

More information

The Cloud Computing Revolution: Beyond the Hype

The Cloud Computing Revolution: Beyond the Hype The Cloud Computing Revolution: Beyond the Hype KEN ADLER Partner and Chair, Technology and Outsourcing Practice Group Loeb & Loeb LLP Outsourcing in Financial Services Program October 19, 2010 Overview

More information

Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University.

Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University. Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University P a g e 1 P a g e 2 Table of Contents Abstract... 3 Introduction... 3 Previous

More information

Cloud Computing and the Regulatory Compliance Labyrinth

Cloud Computing and the Regulatory Compliance Labyrinth Cloud Computing and the Regulatory Compliance Labyrinth About ERM About The Speaker Nick Shuman Information Security Consultant Bachelor of Science in Computer Science and Psychology - University of Miami

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

Data Privacy, Security, and Risk Management in the Cloud

Data Privacy, Security, and Risk Management in the Cloud Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK CLOUD SECURITY: CONTROLS AND ISSUES MR. AMIT D. CHAVHAN 1, MISS. PRANITA V. RATHOD

More information

What is Cloud Computing? Tackling the Challenges of Big Data. Tackling The Challenges of Big Data. Matei Zaharia. Matei Zaharia. Big Data Collection

What is Cloud Computing? Tackling the Challenges of Big Data. Tackling The Challenges of Big Data. Matei Zaharia. Matei Zaharia. Big Data Collection Introduction What is Cloud Computing? Cloud computing means computing resources available on demand Resources can include storage, compute cycles, or software built on top (e.g. database as a service)

More information

CLOUD COMPUTING. A Primer

CLOUD COMPUTING. A Primer CLOUD COMPUTING A Primer A Mix of Voices The incredible shrinking CIO CIO Magazine, 2004 IT Doesn t Matter, The cloud will ship service outside the institution and ship power from central IT groups to

More information

University of Alaska. Cloud Computing Guidelines

University of Alaska. Cloud Computing Guidelines University of Alaska Cloud Computing Guidelines Guidelines for the Use of 3 rd Party or Cloud Computing Services at the University of Alaska Why is this important to me? If you manage a service and plan

More information

The NIST Definition of Cloud Computing

The NIST Definition of Cloud Computing Special Publication 800-145 The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication 800-145 The NIST

More information

Virginia Commonwealth University Information Security Standard

Virginia Commonwealth University Information Security Standard Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,

More information

The HIPAA Security Rule: Cloudy Skies Ahead?

The HIPAA Security Rule: Cloudy Skies Ahead? The HIPAA Security Rule: Cloudy Skies Ahead? Presented and Prepared by John Kivus and Emily Moseley Wood Jackson PLLC HIPAA and the Cloud In the past several years, the cloud has become an increasingly

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

Cloud Computing and its Security in Higher Education

Cloud Computing and its Security in Higher Education Cloud Computing and its Security in Higher Education Samir Tout stout@emich.edu School of Technology Studies, Information Assurance Eastern Michigan University (EMU) William Sverdlik wsverdlik@emich.edu

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Information Technology Services Guidelines

Information Technology Services Guidelines Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization

More information

What Factors Determine Cloud Computing Adoption by Colleges and Universities? Bill Klug Instructor, BCIT

What Factors Determine Cloud Computing Adoption by Colleges and Universities? Bill Klug Instructor, BCIT What Factors Determine Cloud Computing Adoption by Colleges and Universities? Bill Klug Instructor, BCIT What Will Be Presented Today? My interest in cloud computing What is cloud computing? Who did I

More information

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government October 4, 2009 Prepared By: Robert Woolley and David Fletcher Introduction Provisioning Information Technology (IT) services to enterprises

More information

Contracting for Cloud Computing

Contracting for Cloud Computing Contracting for Cloud Computing Geofrey L Master Mayer Brown JSM Partner +852 2843 4320 geofrey.master@mayerbrownjsm.com April 5th 2011 Mayer Brown is a global legal services organization comprising legal

More information

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0 ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Quick guide: Using the Cloud to support your business

Quick guide: Using the Cloud to support your business Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses

More information

Insights into Cloud Computing

Insights into Cloud Computing This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:

More information

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory Perspectives on Cloud Computing and Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory Caveats and Disclaimers This presentation provides education on cloud technology and its benefits

More information

CLOUD IN HEALTHCARE EXECUTIVE SUMMARY 1/21/15

CLOUD IN HEALTHCARE EXECUTIVE SUMMARY 1/21/15 CLOUD IN HEALTHCARE CURRENT STATE AND STRATEGIES THAT IMPACT THE BOTTOM LINE EXECUTIVE SUMMARY As healthcare organizations struggle with competing priorities such as HITECH/ARRA, Meaningful Use, ICD-10,

More information

Enterprise Cloud-to-Cloud Backup and Recovery:

Enterprise Cloud-to-Cloud Backup and Recovery: White Paper Enterprise Cloud-to-Cloud Backup and Recovery: Data Protection for Cloud-Based Applications/Platforms Gartner predicts that more than 50% of enterprises will have some form of SaaS based application

More information

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors 1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance

More information

The cloud - ULTIMATE GAME CHANGER ===========================================

The cloud - ULTIMATE GAME CHANGER =========================================== The cloud - ULTIMATE GAME CHANGER =========================================== When it comes to emerging technologies, there is one word that has drawn more controversy than others: The Cloud. With cloud

More information

Information Security Policy

Information Security Policy Information Security Policy Introduction The purpose of the is policy is to protect Rider University information resources from accidental or intentional unauthorized access, modification, or damage and

More information

Review of Cloud Risks: What if

Review of Cloud Risks: What if Review of Cloud Risks: What if Availability of Data Ownership of Data Security of Information Privacy Controls there is no way to prevent Twitter from sharing your data (like when & where you tweeted from)

More information

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro Cloud definitions you've been pretending to understand Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro You keep using that word cloud. I do not think it means what you think it

More information

CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY

CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY 1 CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY Torrell Griffin 2 Cloud Technology Implementation/Risk Mitigation The purpose of this report, in essence, is to define cloud technology as well as describe some

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

How To Protect Research Data From Being Compromised

How To Protect Research Data From Being Compromised University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...

More information

GAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com

GAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com GAIN CLARITY CRITICAL ISSUES Your Data in the Cloud : Benefits & Risks berrydunn.com AGENDA Defining Cloud Services Benefits and Risks Core Requirements Myths about Clouds Is Your Data in the Cloud Secure?

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

A Survey on Cloud Security Issues and Techniques

A Survey on Cloud Security Issues and Techniques A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

Policy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE:

Policy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE: Policy No: TITLE: AP-AA-17.2 Data Classification and Data Security ADMINISTERED BY: Office of Vice President for Academic Affairs PURPOSE EFFECTIVE DATE: CANCELLATION: REVIEW DATE: August 8, 2005 Fall

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind

More information

6 Cloud computing overview

6 Cloud computing overview 6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS

CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS CCBE guidelines on the use of cloud computing services by lawyers TABLE OF CONTENTS I. INTRODUCTION... 3 1. Scope of the guidelines...

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

Strategies for Secure Cloud Computing

Strategies for Secure Cloud Computing WHITE PAPER Cloud Basics Strategies for Secure Cloud Computing An Introduction to Exploring the Cloud There is a lot of buzz these days about cloud computing and how it s going to revolutionize the way

More information

Making Sense of Cloud Computing in the Public Sector. By EVA OlSAKER

Making Sense of Cloud Computing in the Public Sector. By EVA OlSAKER Making Sense of Cloud Computing in the Public Sector By EVA OlSAKER Every other article or news clip about government Platform as a Service. PaaS allows customers to use hardware, operating systems, storage,

More information

Cloud Computing and HIPAA Privacy and Security

Cloud Computing and HIPAA Privacy and Security Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &

More information

Can Law Enforcement Agencies Risk the Move to Cloud Computing Technology? Lt. Matt Morgan Sacramento County Sheriff s Department 05/2010

Can Law Enforcement Agencies Risk the Move to Cloud Computing Technology? Lt. Matt Morgan Sacramento County Sheriff s Department 05/2010 Can Law Enforcement Agencies Risk the Move to Cloud Computing Technology? by Lt. Matt Morgan Sacramento County Sheriff s Department 05/2010 P.O.S.T. COMMAND COLLEGE CLASS #47 Morgan 1 The Command College

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8. micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5

More information

How To Deal With Cloud Computing

How To Deal With Cloud Computing A LEGAL GUIDE TO CLOUD COMPUTING INTRODUCTION Many companies are considering implementation of cloud computing services to decrease IT costs while providing the flexibility to scale usage on demand. The

More information

Secure Cloud Computing through IT Auditing

Secure Cloud Computing through IT Auditing Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the

More information

Cloud Computing: Background, Risks and Audit Recommendations

Cloud Computing: Background, Risks and Audit Recommendations Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For

More information

Cloud Computing: The Wave of the Future

Cloud Computing: The Wave of the Future Bernice Karn Cloud Computing: The Wave of the Future June 9, 2010 What is Cloud Computing? National Institute of Standards & Technology Definition*: 5 characteristics 3 service models 4 deployment models

More information

Component 4: Introduction to Information and Computer Science. Topic III: Cloud Computing. Distributed computing

Component 4: Introduction to Information and Computer Science. Topic III: Cloud Computing. Distributed computing Component 4: Introduction to Information and Computer Science Unit 10: Future of Computing Lecture 2 This material was developed by Oregon Health & Science University, funded by the Department of Health

More information

The Keys to the Cloud: The Essentials of Cloud Contracting

The Keys to the Cloud: The Essentials of Cloud Contracting The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb

More information

Myths of Cloud Computing Business Models, Security Issues and Insights from Empirical Surveys

Myths of Cloud Computing Business Models, Security Issues and Insights from Empirical Surveys Myths of Cloud Computing Business Models, Security Issues and Insights from Empirical Surveys 07.02.2012 Myths of Cloud Computing Prof. Dr. Peter Buxmann 1 Agenda Cloud Computing Basics Three Myths of

More information

Chapter 7: Trends in technology impacting SDLC... 2 7.1 Learning objective... 2 7.1 Introduction... 2 7.2 Technology Trends... 2 7.2.

Chapter 7: Trends in technology impacting SDLC... 2 7.1 Learning objective... 2 7.1 Introduction... 2 7.2 Technology Trends... 2 7.2. Chapter 7: Trends in technology impacting SDLC... 2 7.1 Learning objective... 2 7.1 Introduction... 2 7.2 Technology Trends... 2 7.2.1 Virtualization... 2 Characteristics of virtualizations affecting SDLC...

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

NORTH CAROLINA DEPARTMENT OF PUBLIC INSTRUCTION. Division of Data, Research and Federal Policy July 29, 2013

NORTH CAROLINA DEPARTMENT OF PUBLIC INSTRUCTION. Division of Data, Research and Federal Policy July 29, 2013 NORTH CAROLINA DEPARTMENT OF PUBLIC INSTRUCTION Transmitting Private Information Electronically Best Practices Guide for Communicating Personally Identifiable Information by Email, Fax or Other Electronic

More information

Data Security and Identity Management

Data Security and Identity Management Data Security and Identity Management Leading Change Data Pre-Conference June 16, 2014 Ed Jung Chief Technology Officer Arizona Department of Education DATA SECURITY Are you prepared Likelihood of a data

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Private vs. Public Cloud Solutions

Private vs. Public Cloud Solutions Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper

More information

Software as a Service (SaaS) Requirements

Software as a Service (SaaS) Requirements Introduction Software as a Service (SaaS) Requirements Software as a Service (SaaS) is a software service model where an application is hosted as a service provided to customers across the Internet. By

More information

Unified Communications and the Cloud

Unified Communications and the Cloud Unified Communications and the Cloud Abstract Much has been said of the term cloud computing and the role it will play in the communications ecosystem today. Undoubtedly it is one of the most overused

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

Week 1 Assignment. William Slater. CYBR 615 Cybersecurity Governance and Compliance. Bellevue University

Week 1 Assignment. William Slater. CYBR 615 Cybersecurity Governance and Compliance. Bellevue University The Roles of the Internal Audit Team in Cloud Computing 1 Week 1 Assignment William Slater CYBR 615 Cybersecurity Governance and Compliance Bellevue University The Roles of the Internal Audit Team in Cloud

More information

CLOUD COMPUTING TECHNOLOGY INFRASTRUCTURE TO SUPPORT THE KNOWLEDGE MANAGEMENT PROCESS (A CASE STUDY APPROACH)

CLOUD COMPUTING TECHNOLOGY INFRASTRUCTURE TO SUPPORT THE KNOWLEDGE MANAGEMENT PROCESS (A CASE STUDY APPROACH) CLOUD COMPUTING TECHNOLOGY INFRASTRUCTURE TO SUPPORT THE KNOWLEDGE MANAGEMENT PROCESS (A CASE STUDY APPROACH) RATNA SARI, YOHANNES KURNIAWAN Bina Nusantara University, Department of Information Systems,

More information

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges

More information

How To Understand Cloud Computing

How To Understand Cloud Computing CLOUD COMPUTING Jillian Raw Partner, Kennedys http://www.kennedys-law.com/jraw/ Cloud Computing- what they say about it the cloud will transform the information technology industry profoundly change the

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Cloud Computing. Karan Saxena * & Kritika Agarwal**

Cloud Computing. Karan Saxena * & Kritika Agarwal** Page29 Cloud Computing Karan Saxena * & Kritika Agarwal** *Student, Sir M. Visvesvaraya Institute of Technology **Student, Dayananda Sagar College of Engineering ABSTRACT: This document contains basic

More information