CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1
|
|
- Maud Smith
- 8 years ago
- Views:
Transcription
1 CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1
2 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities are delivered as a service to external customers using Internet technologies Cloud computing is a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (e.g. network, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. 11 December 2013 TOWNSHIP OF KING TATTA 2
3 10 internet technologies 1. Video and Podcasting-YouTube, Teacher stube, EduTube etc. 2. Presentation tools-slideshare, Vuvox etc. 3. Collaboration & Brainstorming-Mindmap, Bubbl.us etc. 4. Blogs & Blogging-Blogger, Wordpress etc. 5. Wikis-Wetpaint etc. 6. Social Networking-Facebook, Myspace etc. 7. IM-Meebo etc. 8. Twitter 9. Virtual Worlds-Secondlife etc. 10. RSS Feeds 11 December 2013 TOWNSHIP OF KING TATTA 3
4 characteristics Scalability Elasticity Resource pooling Service 11 December 2013 TOWNSHIP OF KING TATTA 4
5 Cloud solutions Software as a Service (SaaS): The software is owned and/or managed remotely by one or more providers and accessed by users with web browsers over the internet. Software as a Service (SaaS) solutions generally use resource pooling and are often built on cloud infrastructure Hosted Applications: The application infrastructure is dedicated on an organization by organization basis 11 December 2013 TOWNSHIP OF KING TATTA 5
6 Cloud benefits Contd Benefits: Cost Savings It is a metered service (organization can often pay actual usage) Expenditures are operational and do not require all the cost to be spent up-front Scalability and elasticity- the needed capacity can expand and shrink, often on demand IT development costs can be eliminated as the application has already been developed Better cost control and faster implementation 11 December 2013 TOWNSHIP OF KING TATTA 6
7 Cloud benefits Value Creation Application development could be feasible if it done in the cloud Organization can launch new services for internal or external use and then increase or decrease scope as needed Since the capital outlay is zero Low cost experimentation and even project failure in a way that does not waste significant time and/or money Failing small in the cloud and learning from the experience can speed development cycles and increase efficiencies in future projects 11 December 2013 TOWNSHIP OF KING TATTA 7
8 Cloud risks Contd Need to be mitigated prior to outsourcing Accessibility Data security Data location Data segregation Data integrity Data ownership 11 December 2013 TOWNSHIP OF KING TATTA 8
9 Cloud risks Contd Need to be mitigated prior to outsourcing Accessibility Providers may state they have 24/7- no guarantee Find out what the provider is doing to prevent access outages, e.g. mirroring of servers at different locations, alternate internet routing outages, etc. 11 December 2013 TOWNSHIP OF KING TATTA 9
10 Cloud risks Contd Need to be mitigated prior to outsourcing Data Security- the security of the organization s data and access to the application is completely dependent on the service provider s policies, controls and staff Determine what these controls are and if they are as good as or better than internal controls would be Must have a protocol and agreement with the provider to lock down the data (initiate a legal hold) in the face of an obligation to preserve it to avoid spoliation issues and unwanted sanctions-legal documents 11 December 2013 TOWNSHIP OF KING TATTA 10
11 Cloud risks Contd Need to be mitigated prior to outsourcing Data Location- sharing resources can mean, in the worst case scenario The data and applications are not in a specific physically identifiable location (many cloud providers are global enterprises-have the ability to share resources and data in physical locations around the world) Strict data protection and privacy regulations forbidding data transfer beyond specific borders e.g. European Union Countries 11 December 2013 TOWNSHIP OF KING TATTA 11
12 Cloud risks Contd Need to be mitigated prior to outsourcing Data Segregation- When multiple organizations are sharing an application and resource e.g. the same server It is critical to know and understand the methods used to segregate and protect each organization s data from the others Commingling of data can make subsequent segregation problematic and confidential data could be inadvertently shared with others 11 December 2013 TOWNSHIP OF KING TATTA 12
13 Cloud risks Contd Need to be mitigated prior to outsourcing Data Integrity- Back up and recovery of the entire application, not jut the data, should be included in the provider s services. From records perspective, it is equally important that backup data is destroyed when required by retention schedules Audit trails are also needed to prove the integrity of electronic record s creation, change, and destruction 11 December 2013 TOWNSHIP OF KING TATTA 13
14 Cloud risks Need to be mitigated prior to outsourcing Data Ownership- Most organizations assume they own their data, but that is not always the case or not necessarily straight-forward. What if A contract canceled or not renewed, does the organization get its data back and how quickly? There is a contract dispute, can the service provider hold the organization s data hostage? The provider goes bankrupt or is acquired by another organization? Separating the data and the application, without application context, is the data still understandable or usable? 11 December 2013 TOWNSHIP OF KING TATTA 14
15 RETENTION AND DISPOSITION It does not relieve an organization of its information retention and management obligation Cloud service providers are focused on the storage and retrieval of information as needed for the particular application-not on records management Vendors may not familiar with records management standards and best practices Vendors will probably be more prepared to hold information indefinitely than to ensure its timely and permanent destruction 11 December 2013 TOWNSHIP OF KING TATTA 15
16 Technology issues Contd Application Interface to Records Management Virtual Storage Most of the organizations change from dedicated servers and repositories to virtualized environments, clustered storage or private clouds for their information management Virtualization portends opportunities for cost cutting and more efficient use of resources as well as flexibility for the organization 11 December 2013 TOWNSHIP OF KING TATTA 16
17 Technology issues Virtual Storage It is possible to store records with a third party service providers in the cloud and feel confident that records are secure Care must be taken to ensure that the records are appropriately safe guarded and access is controlled The largest concern is that the management of the records is out of the organization s direct control It is vital that all parties understand their respective responsibilities as they relate to retention, access, security, destruction and exception management 11 December 2013 TOWNSHIP OF KING TATTA 17
18 Legal considerations Contd Records preservation for litigation Ephemeral Data Organizations using cloud technology should understand which ephemeral data might potentially warrant preservation in the event of litigation and how the service provider would enable such retention 11 December 2013 TOWNSHIP OF KING TATTA 18
19 Legal considerations Contd The Transnational Problem Organizations exporting data to the cloud may find that the data becomes subject to privacy or confidentiality rules of foreign countries EX: European Union Data may be subject to blocking -France 11 December 2013 TOWNSHIP OF KING TATTA 19
20 Recommendation to mitigate legal risks-contd Establish clear rules for employee use of corporate information systems that include use of systems outsourced to the cloud, including access to the employee s personal accounts The organization should monitor employee use and take appropriate disciplinary action when the rules are violated Social networking sites provide examples of the cloud being used for both personal and business purposes; using these types of sites for business purposes may allow information to be compromised unless specific policies and protection are in place 11 December 2013 TOWNSHIP OF KING TATTA 20
21 Recommendation to mitigate legal risks-contd Establish ownership of data and include language in any cloud provider s service contracts that addresses the organization s ownership. Prohibit subcontracting by the cloud provider or at least limit the number and location of subcontractors. This prohibition should contribute to data security by reassuring the organization that the party it contracted with is the only service provider. This can minimize or eliminate data transfers, in particular, cross-border data transfers 11 December 2013 TOWNSHIP OF KING TATTA 21
22 Recommendation to mitigate legal risks-contd Limit the location (s) where data are stored Data security Restrict data transfers and cross-borders Establish a mechanism with the cloud provider for communicating and implementing legal holds Make it clear in the service contract what the cloud provider s obligation is for implementing, and possibly managing legal holds 11 December 2013 TOWNSHIP OF KING TATTA 22
23 Recommendation to mitigate legal risks-contd Establish how data will be stored and segregated from or commingled with other organization s data-storage Storage confidential or vital records should be handled with their unique requirements in mind Storing such data in a separate location from anyone else s data or even other types of data from within the organization 11 December 2013 TOWNSHIP OF KING TATTA 23
24 Recommendation to mitigate legal risks-contd Establish access rights to data hosted by cloud providers This eliminates or at least reduce additional costs the cloud provider might impose for unusual access When an organization must produce data in response to a request for information, subpoena, or discovery request 11 December 2013 TOWNSHIP OF KING TATTA 24
25 Recommendation to mitigate legal risks-contd Establish the allocation of liability for loss or wrongful disclosure of data, preferably as part of the contract However, courts will likely hold the organization owning the data responsible for the event the owning organization will want the ability to hold the cloud provider liable for what it did (or failed to do) The service provider will usually seek to contractually reduce or eliminate any liability 11 December 2013 TOWNSHIP OF KING TATTA 25
26 Recommendation to mitigate legal risks Establish appropriate security and confidentiality measures to be taken by the cloud provider Including a communication plan for notification to the organization in the event of a breach By an unauthorized party of the provider s technology, even if it is believed that the organization s data was not effected Establish appropriate procedures and protocols for data disposition, which may include multi level approvals and audit trails 11 December 2013 TOWNSHIP OF KING TATTA 26
27 Vendor-related considerations-contd Information management practices It is possible for the vendor to replicate information to redundant systems both within its facility and elsewhere Where information will be stored Where information could be stored Vendor s policies concerning data backup and archiving 11 December 2013 TOWNSHIP OF KING TATTA 27
28 Vendor-related considerations-contd Audit Policies An organization external auditor may want to audit the vendor s facility and its practices relating to the security and management of records and information Security for cloud application is the point of integration In the past-the integration is always behind the firewall Cloud computing-integration is outside the firewall of the purchasing organization 11 December 2013 TOWNSHIP OF KING TATTA 28
29 Vendor-related considerations-contd Access Interruptions Internet access Internet service providers downtime Damage to cables Weather interference with satellite access at either vendor s or organization Part of any disaster recovery or business continuity plan should include how the organization will operate in the event the cloud providers services are not accessible 11 December 2013 TOWNSHIP OF KING TATTA 29
30 Vendor-related considerations-contd Privacy Organization must obtain, read, and understand the vendor s privacy policy Where organizations and vendor s policies conflict, additional contract negotiation will be required Vendor should be asked to identify how many and what type of personnel will have such access Vendor should be asked about its hiring and employee screening practices 11 December 2013 TOWNSHIP OF KING TATTA 30
31 Vendor-related considerations-contd Sub-Contracting To offer uninterrupted access, scalability and elasticity Need to have infrastructure and hardware in diverse global locations or depend on third parties for services such as storage mirroring or back up Do they have same security and privacy policies that vendor has? How is the information protected as it is transmitted between the vendor and its sub-contractors 11 December 2013 TOWNSHIP OF KING TATTA 31
32 Vendor-related considerations-contd Multi-Tenancy Multi tenancy model is where multiple clients or organizations store their information in a single instance of an application on the same server and/or in the same data store or repository Security-is the biggest challenge Is the multi-tenancy covered in the organizations own privacy and security policies? If not, formal understanding and guidance on this issue will be addressed and should involve input from IT,RIM and Legal departments 11 December 2013 TOWNSHIP OF KING TATTA 32
33 Vendor-related considerations-contd Public Cloud Allows open access in that anyone can contract for the services Public has little if any control over how the services are implemented Public can access services wherever there is an internet connection It may not be appropriate when information is covered under specific regulatory environments- Private cloud is the best substitute 11 December 2013 TOWNSHIP OF KING TATTA 33
34 Vendor-related considerations-contd Private Cloud It allows the customer to control how the service is supplied It allows data to be easily moved between the internal data centre and private cloud Access security is frequently controlled on the private cloud through organizations internal system It is protected by firewall The right to use and access is provided through the authentication and authorization of users 11 December 2013 TOWNSHIP OF KING TATTA 34
35 Vendor-related considerations-contd Hybrid Cloud It would be appropriate when there is a solution requiring ongoing exchange and connection between public users and private application With a hybrid cloud, integration at all layers (data, process, management and security) is essential Example: would be an externally facing customer relationship management (CRM) program that links to proprietary organizational data source. 11 December 2013 TOWNSHIP OF KING TATTA 35
36 Vendor-related considerations-contd Issues to be considered chose among Public, and Private How sophisticated is the solution and does it require complex integration between public and private? What is the security requirements for the type of information being managed? What if the information stored and managed deemed to be low-risk? What if the virtualized environment is prohibited? 11 December 2013 TOWNSHIP OF KING TATTA 36
37 Vendor-related considerations-contd Data Location Identify the location of the provider s repositories Identify where the provider may store the data Identify any third party providers the vendors may use and note the physical location of their operations Compliance with all applicable laws should be assured During contract negotiations, ensure the vendor is obligated by contract to store information where required, and validate that privacy issues are addressed 11 December 2013 TOWNSHIP OF KING TATTA 37
38 Vendor-related considerations-contd Data Backup and Recovery External service providers should offer demonstrative proof of backup data It is important to review the vendor s policy and practices for backing up th data prior to contract finalization Is the information being backed up to another system for redundancy-location What type of controls does the vendor have in place regarding access to the information Periodic tests should be performed to ensure that the backup recovery systems and process are working as specified in the contract or service level agreement 11 December 2013 TOWNSHIP OF KING TATTA 38
39 Vendor-related considerations-contd Data Retention If information is stored on virtual machines and can be spread among multiple locations and countries Each country s regulation can impact the retention time for that data Retention issues becomes more complicated The contract language should address the concerns The contract language needs to have provisions for the destruction of records on all media (including backups) when the retention period ends and for retaining information past the retention period in the event of legal hold 11 December 2013 TOWNSHIP OF KING TATTA 39
40 Vendor-related considerations-contd Physical Security The cloud provider s data centre must be evaluated for its geographical location and physical security features, including management of secured, authorized access There should be sign-in and sign-out sheets especially for any visitors Background checks should be performed on employees Contract terms should reflect all of these physical security requirements Allow the customer to conduct periodic facility audit 11 December 2013 TOWNSHIP OF KING TATTA 40
41 Vendor-related considerations-contd Environmental Conditions To ensure that no environmental issues exist Proximity to existing or potential environmental or industrial hazards The internal environment should be reviewed Proper temperature and humidity controls are in place Include appropriate language regarding environmental condition within the contract 11 December 2013 TOWNSHIP OF KING TATTA 41
42 Vendor-related considerations-contd Network Access Contract terms should address the network requirements Review the compatibility of the vendors architecture with the organizations Network saturation and bandwidth capacities should be investigated 11 December 2013 TOWNSHIP OF KING TATTA 42
43 Uptime Vendor-related considerations-contd No matter where information is stored System uptime must be a consideration Uninterrupted access to information is key to business operations Uptime requirements should be clearly defined and negotiated with the vendor 11 December 2013 TOWNSHIP OF KING TATTA 43
44 Vendor-related considerations-contd Vendor Continuity Review and validation of the vendor s credit worthiness should be performed by the organization to assess the vendor s long term viability The organizations contract should document the application, data, and platform migration strategies that will be used in the event that a vendor goes out of business or is acquired 11 December 2013 TOWNSHIP OF KING TATTA 44
45 Vendor-related considerations-contd Vendor Continuity During the negotiating process, the organization should devise contractual terms to provide flexibility in accessing data and define how the organizations information will continue to accessible during any migration The geopolitical climate needs to be assessed, as information could be compromised due to destabilization of the location Conduct a thorough risk assessment and review of the hosting country s current social, political, and economic conditions What strategies the vendor have in place Example: a mirror or backup in another country, to accommodate these concerns 11 December 2013 TOWNSHIP OF KING TATTA 45
46 summary Decision Making Process Weighing the benefits and risks of outsourcing records storage to the cloud Operational and cost concerns are paramount Appropriate protection for records and information must be in place as well RIM, IT, and Legal department staff should work together Checklist provide direction from a variety of perspectives-technology, Legal and Vendor related 11 December 2013 TOWNSHIP OF KING TATTA 46
47 Thank you TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 47
Guideline for Outsourcing Records Storage to the Cloud
A R M A I N T E R N A T I O N A L Guideline for Outsourcing Records Storage to the Cloud Guideline for Outsourcing Records Storage to the Cloud An ARMA International Guideline Consulting Editor: Cynthia
More informationHow To Manage Cloud Data Safely
Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationRetention & Disposition in the Cloud Do you really have control?
InterPARES Trust Retention & Disposition in the Cloud Do you really have control? Franks Patricia, San Jose State University, San Jose, USA and Alan Doyle, University of British Columbia, Canada October
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationPrivate vs. Public Cloud Solutions
Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationCLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationHow not to lose your head in the Cloud: AGIMO guidelines released
How not to lose your head in the Cloud: AGIMO guidelines released 07 December 2011 In brief The Australian Government Information Management Office has released a helpful guide on navigating cloud computing
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationElectronic Records Storage Options and Overview
Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for
More informationWhy You Should Consider Cloud- Based Email Archiving. A whitepaper by The Radicati Group, Inc.
. The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Why You Should Consider Cloud- Based
More informationLegal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009
Legal Issues Associated with Cloud Computing Laurin H. Mills May 13, 2009 What Is Cloud Computing? The cloud is a metaphor for the Internet Leverages the connectivity of the Internet to optimize the utility
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationEXIN Cloud Computing Foundation
Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing
More informationClarity in the Cloud. Defining cloud services and the strategic impact on businesses.
Clarity in the Cloud Defining cloud services and the strategic impact on businesses. Table of Contents Executive Summary... 3 Cloud Services... 4 Clarity within the Cloud... 4 Public Cloud Solution...
More informationLAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)
CHARLES LUCE S LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) A. Cloud Computing Defined: n. A loosely defined term for any system providing access
More informationCloud Computing and HIPAA Privacy and Security
Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationWednesday, January 16, 2013
Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago, IL 60654 312.832.4500 Wednesday,
More informationBusiness white paper Top 10 reasons to choose Cloud-based Archiving
Business white paper Top 10 reasons to choose Cloud-based Archiving Table of contents 3 Reason 1: Equal or better security 4 Reason 2: Lower risk 4 Reason 3: Cost savings 5 Reason 4: Greater data access
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationConsiderations for Outsourcing Records Storage to the Cloud
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
More informationSecure Cloud Computing through IT Auditing
Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the
More informationModule 1: Facilitated e-learning
Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationUNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C
UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information
More informationCLOUD COMPUTING GUIDELINES FOR LAWYERS
INTRODUCTION Legal practices are increasingly using cloud storage and software systems as an alternative to in-house data storage and IT programmes. The cloud has a number of advantages particularly flexibility
More informationWhat s the Path? Information Life-cycle part of Vendor Management
Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationThe Business Case for Cloud: Critical Legal, Business & Diligence Considerations
The Business Case for Cloud: Critical Legal, Business & Diligence Considerations Presented by Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com (678) 823-6611 Janine Anthony Bowen, Esq., CIPP/US
More informationLegal Challenges for U.S. Healthcare Adopters of Cloud Computing
Legal Challenges for U.S. Healthcare Adopters of Cloud Computing by Kevin Erdman and Nigel Stark of Baker & Daniels LLP 1 ABSTRACT U.S. Healthcare companies have begun experimenting with taking business-critical
More informationThings You Need to Know About Cloud Backup
Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing
More informationEnterprise Architecture Review Checklist
Enterprise Architecture Review Checklist Software as a Service (SaaS) Solutions Overview This document serves as Informatica s Enterprise Architecture (EA) Review checklist for Cloud vendors that wish
More informationHow cloud computing can transform your business landscape
How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not
More informationKeeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?
Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationThe Elephant in the Room: What s the Buzz Around Cloud Computing?
The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationWHY YOU SHOULD CONSIDER CLOUD BASED EMAIL ARCHIVING.
WHY YOU SHOULD CONSIDER CLOUD BASED EMAIL ARCHIVING. INTRODUCTION A vast majority of information today is being exchanged via email. In 2011, the average corporate user will send and receive about 112
More informationBOWMAN SYSTEMS SECURING CLIENT DATA
BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered
More informationTERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL
TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL INTRODUCTION WHAT IS A RECORD? AS ISO 15489-2002 Records Management defines a record as information created,
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationSession 11 : (additional) Cloud Computing Advantages and Disadvantages
INFORMATION STRATEGY Session 11 : (additional) Cloud Computing Advantages and Disadvantages Tharaka Tennekoon B.Sc (Hons) Computing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Cloud
More informationProtecting Official Records as Evidence in the Cloud Environment. Anne Thurston
Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after
More informationRECORD AND INFORMATION MANAGEMENT FRAMEWORK FOR ONTARIO SCHOOL BOARDS/AUTHORITIES
PURPOSE Records and information are important strategic assets of an organization and, like other organizational assets (people, capital and technology), must be managed to maximize their value. Information
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More information7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS
7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS ExecutiveBrief P a g e 1 Executive Brief 7 Questions You Need to Ask Before Choosing a Colocation Facility for Your Business Choosing
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationHow To Manage Records In A Cloud
Retention & Disposition of Records Residing in a Public Cloud: A Risk Management Approach Patricia C. Franks, PhD, IGP, CA, CRM International Symposium October 17, 2014 to mitigate risk Not all information
More informationSoftware as a Service Decision Guide and Best Practices
Software as a Service Decision Guide and Best Practices Purpose of this document Software as a Service (SaaS) is software owned, delivered and managed remotely by one or more providers [Gartner, SaaS Hype
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationCLOUD COMPUTING READINESS CHECKLIST
CLOUD COMPUTING READINESS VOLKER RATH VOLKER RATH 1 CONTENTS HOW SHOULD THIS GUIDE BE USED? 2 WILL MY COMPANY BENEFIT FROM 2 TRANSITIONING SERVICES TO THE CLOUD? CLOUD READINESS OVERVIEW 3 SECURITY CONCERNS
More informationDocument Version. January 2013
Service and Technical Description Vendor Access Network Providers (VAN) January 2013 Contents Vendor Access Network Providers (VAN)... 1 Contents... 2 Document Version... 3 1. Introduction... 4 1.1. Purpose
More informationIs Cloud Computing Inevitable for Lawyers?
Is Cloud Computing Inevitable for Lawyers? by Sharon D. Nelson and John W. Simek 2015 Sensei Enterprises, Inc. Not a single day goes by when you don t hear something about cloud computing. It could be
More informationCloud Computing in a Government Context
Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important
More informationCloud Service Contracts: An Issue of Trust
Cloud Service Contracts: An Issue of Trust Marie Demoulin Assistant Professor Université de Montréal École de Bibliothéconomie et des Sciences de l Information (EBSI) itrust 2d International Symposium,
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationGETTING THE MOST FROM THE CLOUD. A White Paper presented by
GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are
More informationRequirements for Technology Outsourcing
Requirements for Technology Outsourcing Table of Contents Revision History... 3 Overview... 4 Service Provider Selection... 5 Service Delivery Models... 5 Legal Considerations... 5 Security Assessments...
More informationIT Forum 2-11-2013 UW-Madison Records Management Program. UW Archives and Records Management
IT Forum 2-11-2013 UW-Madison Records Management Program Records facilitate and sustaining day-to-day university operations. Records support organizational activities such as student admissions, research
More informationAnatomy of a Cloud Computing Data Breach
Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations
More information2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks 14 September 2011 Presenters Alistair Maughan Morrison & Foerster
More informationMain Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications
Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications Suggested Reference : Senft, Sandra; Gallegos, Frederick., 2009.
More informationWhich is Better: Virtualization or Cloud IaaS?
A White Paper Which is Better: Virtualization or Cloud IaaS? Which is Better: Virtualization or Cloud IaaS? Why should I consider Virtualization or Cloud IaaS at all? Simply put, they can save you money.
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationHedge Funds & the Cloud: The Pros, Cons and Considerations
Hedge Funds & the Cloud: The Pros, Cons and Considerations By Mary Beth Hamilton, Director of Marketing, Eze Castle Integration The increased use of cloud-based services is undeniable. Analyst firm Forrester
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationWebrecs IT infrastructure. The Webrecs IT backend explained and how we store, backup, protect and deliver your documents to you
Webrecs IT infrastructure The Webrecs IT backend explained and how we store, backup, protect and deliver your documents to you Sunday, April 21, 2013 Contents Introduction... 3 Data storage... 3 Data Centres...
More informationThe Top 10 Things to Look for When Choosing One
Why you need an Infrastructure Provider- The Top 10 Things to Look for When Choosing One CONTENTS Introduction...1 State of the Market: Factors Driving Corporate Choices...2 VAR Business Models Undergo
More informationSecurity Whitepaper: ivvy Products
Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security
More informationNAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC
Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access
More informationCONSIDERATIONS BEFORE MOVING TO THE CLOUD
CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part I By Debbie C. Sasso Principal When talking technology today, it s very rare that the word Cloud doesn t come up. The benefits
More informationBenefits and risks of cloud computing
Stephen Turner Known-Quantity.com and Holy Family University ABSTRACT Cloud computing vendors maintain data away from the facilities of their customers. This is compelling because it enables companies
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationTop 10 Risks in the Cloud
A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question
More informationA Checklist for Software as a Service (SaaS) Vendors and Application Service Providers
A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers This checklist is a longer version of a SaaS Checklist that appeared in the July 2009 issue of LAWPRO Magazine at
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationSelecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns
Selecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns by Sharon D. Nelson, Esq. and John W. Simek 2013 Sensei Enterprises, Inc. It seems like everybody is talking about the
More informationsecurity in the cloud White Paper Series
security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),
More informationEvery Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World
Every Cloud Has A Silver Lining Protecting Privilege Data In A Hosted World May 7, 2014 Introduction Lindsay Stevens Director of Software Development Liquid Litigation Management, Inc. lstevens@llminc.com
More information