How To Address Data Sovereignty In The Cloud

Size: px
Start display at page:

Download "How To Address Data Sovereignty In The Cloud"

Transcription

1 DATA SOVEREIGNTY & THE CLOUD Whitepaper

2 Data Sovereignty & The Cloud Organizations looking to benefit from the scalability, agility, and capital cost savings of cloud computing inevitably encounter the issues of data privacy and security. In the corporate data center, data security and privacy are mostly about protection from hackers and insiders. In the cloud, however public, community, hybrid, and sometimes even private-- they are also affected by where data resides and the impact of local, regional, and national regulations on the privacy of that data--an issue known as data sovereignty. The romantic image of the cloud is that of a nebulous place somewhere where data and applications float freely exactly where doesnʼt concern the user. The reality, however, is that cloud providers house infrastructure, platforms, data, and applications in data centers just like everyone else, and where those data centers reside affects which nation, state, or locality has legal sovereignty over and thus potential access to that data. Organizations looking to store any data or applications in the cloud, including via software as a service (SaaS), need to take these and other compliance concerns into account when deciding what to put in the cloud, what type of cloud to put it in, and what provider they intend to use.

3 THE DATA SOVEREIGNTY TANGLE One of the biggest catalysts for concerns about data sovereignty has been U.S. anti-terrorist legislation such as the Patriot Act, the Foreign Intelligence Surveillance Act (FISA), and extensions to the latter signed into law recently. These laws give U.S. intelligence and law enforcement agencies unprecedented leeway in requesting information held in U.S. data centers as part of terrorism investigations, including data held by foreign organizations in the U.S. Similar regulations exist in other countries, including Australia. There are also international treaties that affect the subpoena and surveillance of data belonging to U.S. and sometimes foreign organizations stored in data centers outside the U.S. The legal implications of these acts for foreign and domestic organizations are complex, evolving, and often not well understood. And perhaps worse, they sometimes conflict with data privacy legislation in the European Union and Australia requiring organizations to let users know who has access to their data. More recent European legislation has even required certain organizations to keep customer data within the country of origin. And of course there are other compliance issues that come up wherever data is located. Aside from anti-terrorist legislation, there are also Federal, state, and local tax laws that affect transactions taking place in U.S. data centers, including those of organizations based abroad. They are equally varied, complex and evolving. Finally, data stored in the U.S. may be subject to U.S. laws regarding data retention and discovery. And any disputes arising from U.S. based cloud services may fall under U.S. law. The same is true for foreign based services used by U.S. organizations. Data sovereignty has become a particularly important issue for organizations based outside the U.S., because most of the major cloud services, such as Amazon Web Services, Rackspace, and others, are U.S. based and host infrastructure and/or store data in U.S. data centers. Many of these services have data centers outside the U.S. as well, but standard cloud service contracts often give customers little to no control over where their data or the cloud infrastructure they make use of resides. ALL OR NOTHING? Under these circumstances many organizations choose to avoid housing any sensitive production data or applications in the cloud. However, such a move may limit their IT options and competitive position unnecessarily. It doesnʼt necessarily solve the problem either, as organizations may not be aware that their in-house developers run test beds or applications in the cloud that make use of sensitive data. In other cases an organization may already be using the public cloud during peak load periods. It may be using a cloud service for backup or disaster recovery. Or IT may not be aware that there are internal departments taking advantage of cloud services, including software as a service applications (SaaS) such as Salesforce.com, without ITʼs full knowledge or permission. Sensitive data stored internally but used externally by SaaS may be vulnerable and subject to data sovereignty concerns. So how does an organization looking to take advantage of the cloud address the risks and other issues of data sovereignty? Here are some basic steps to take when addressing the issue of data sovereignty in the cloud.

4 CLASSIFY DATA A good first step to addressing cloud data sovereignty issues is to do a risk analysis of any data and applications that either reside in the cloud today or may reside there at some time in the future. Classify which and how much data is high, medium, and low risk in terms of privacy and security. Some organizations classify data as either private, restricted, or public. IT cannot do this alone. Itʼs essential that representatives of the business and legal units be involved in the classification process as they often can best judge which data has which level of sensitivity. Compliance issues should be taken into account as well, which is why legal counsel should be involved. High-risk data usually includes any type of customer or client information, including names, addresses, numbers, addresses, and of course credit card information. The same goes for employee and other human resource information. Any financial records should be analyzed carefully both in terms of business and regulatory risk. And and other types of business records should be considered, not to mention any documents and other data that may involve intellectual property. IT should conduct discussions with members of the various business units to discover cloud services used by those departments and their employees as well. This may sound like a lot of effort. However, itʼs an essential step, not just for addressing data sovereignty, but for general IT security and compliance as well. Users may be unaware that the data involved may be vulnerable to attack or subject to regulations such as HIPAA. Finally, disaster recovery and software testing and development should be considered as well as these folks may be using recent sensitive data and the cloud as part of their testing or backup environment. EVALUATE CLOUD PROVIDERS Once IT has classified data according to high, medium, and low risk, a determination should be made as to how much high and medium risk data is either currently or likely to end up somewhere in the cloud at some time in the future. Itʼs important to consider not just data stored in the cloud, but data used by SaaS and software testing, as well as any applications you may be running in external data centers. If you have no intention of letting any sensitive data into the cloud and feel you can actually accomplish that goal, then it may not matter where your data is stored. Keep in mind, however, that by doing so you may be limiting important options could make your organization more agile and competitive. If it seems inevitable that some sensitive data will end up in the cloud, then you need to be very careful which cloud providers you choose to work with. There are many criteria to take into account when evaluating a cloud provider that have no bearing on data sovereignty. As part of your data sovereignty investigation, however, you should take into account these criteria.

5 A FOCUS ON ENTERPRISE SECURITY CONCERNS Any organization concerned about sensitive information should make sure the cloud providers itʼs considering are used to dealing with organizations with similar concerns. One way is to ask for some examples of existing customers likely to have similar concerns about data privacy and sovereignty as your organization. If the provider has large enterprise or government agency customers, thatʼs a good sign. Make sure the provider reacts the way it should to questions about data sovereignty. Are they familiar with the issue, used to those types of questions, and able to provide their own informed perspective and advice on ways to address data sovereignty issues? Where are the cloud provider data centers located? If youʼre a company based in the UK or Canada with concerns about data sovereignty, for example, which of your short list of cloud providers offers data centers in those countries? If the answer is none, or if all their data centers are located in one country or region, you may want to go elsewhere. Otherwise itʼs important to conduct a thorough analysis of the data sovereignty issues involved with their data center locations. How likely is it, based on national, regional and local regulations, that an intelligence or law enforcement entity would have the legal authority to monitor or request data stored in those locations? Itʼs important not to simply limit your consideration to whether you think itʼs likely your data would be monitored or requested. What are the tax implications, if any, of storing data or running transactions in those locations? There may be local, state, province, or other regulatory and tax implications as well. What treaties do those countries have with others regarding data sovereignty? LOCATION AND CONTRACT FLEXIBILITY Most likely an organization with data sovereignty concerns will not want a cloud provider that relies solely on standard contracts. Look for providers that are willing to negotiate with an understanding of your business and data sovereignty needs. Chief among your concerns will be finding a provider that not only lets you choose where you want your data or applications located, but has an established record of complying with those contract terms. In your negotiations try to get a feel for the providerʼs awareness of the data sovereignty aspects of their data center locations and what they might mean for your business. And make sure you ask questions about that providerʼs disaster recovery practices to ensure your sensitive data wonʼt be backed up, snapshot, or replicated to locations with other data sovereignty implications. Part of your contract should be a requirement for immediate notification if the provider plans to make any changes in data center and backup locations. And look into what will happen to your data if you discontinue the service. What measures will the service take to eradicate your data from their systems and storage?

6 TRANSPARENCY As Ronald Reagan liked to say, trust but verify. Having assurances that your data is stored in a particular location is not enough. You want to be able to verify this is the case. Work with a provider that is willing to be subject to an audit of where your information is stored, including backup and disaster recovery. Check if theyʼll allow you to visit the data centers that house your data and applications. Look for provider monitoring tools and portals that allow you to verify location and perhaps even APIʼs that allow you to plug in your own management tools for this and other purposes. ENCRYPTION For this and other security purposes you should strongly consider encrypting all your sensitive data in transit and at rest in the cloud. Check into the encryption options offered by the provider or consider the option of encrypting the data before it leaves your premises if possible. DON T FORGET DATA SECURITY This is pretty obvious but there are many other data security and compliance concerns besides data sovereignty that should be considered and wonʼt be discussed here. Suffice it to say that there are some providers that take enterprise level security more seriously than others. There are certainly risks to housing applications and data in the cloud, particularly when the provider is based abroad. However, the business advantages of cloud computing are too great to ignore for most organizations struggling with shrinking budgets, emerging technologies, and cloud enabled competitors. By taking a careful, methodical approach to analyzing risk and choosing a cloud provider, you can reap the benefits of cloud computing while bringing the risks down to an acceptable level. Media Contact Sarah Hawley Ubiquity PR firehost@ubiquitypublicrelations.com

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

TITUS Data Security for Cloud Email Identify and Control Sensitive Data Sent to the Cloud

TITUS Data Security for Cloud Email Identify and Control Sensitive Data Sent to the Cloud Business Brief TITUS Data Security for Cloud Email Identify and Control Sensitive Data Sent to the Cloud Nine out of 10 businesses cite security as the top obstacle for cloud adoption. - IDC Control Data

More information

Share Point 2010 in the Cloud

Share Point 2010 in the Cloud Share Point 2010 in the Cloud 30 November 2010 Brian Pereira Chief Executive The CN Group of Companies Structure of this Presentation What is the Cloud? Several Definitions for multiple situations SharePoint

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information

Enterprise level security, the Huddle way.

Enterprise level security, the Huddle way. Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network

More information

Whitepaper: Cloud Computing for Credit Unions

Whitepaper: Cloud Computing for Credit Unions Whitepaper: Cloud Computing for Credit Unions A new twist on an old strategy MYCU SERVICES December 29, 2011 Authored by: Lingle, Linda Table of Contents Introduction... 2 Cloud Providers... 3 Cloud Components...

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Kroll Ontrack VMware Forum. Survey and Report

Kroll Ontrack VMware Forum. Survey and Report Kroll Ontrack VMware Forum Survey and Report Contents I. Defining Cloud and Adoption 4 II. Risks 6 III. Challenging Recoveries with Loss 7 IV. Questions to Ask Prior to Engaging in Cloud storage Solutions

More information

4/30/2014. Avoiding no to cloud computing. What is the Cloud Data as a Driver Regulations Avoiding No. Cloud Computing

4/30/2014. Avoiding no to cloud computing. What is the Cloud Data as a Driver Regulations Avoiding No. Cloud Computing Avoiding no to cloud computing A Primer for Compliance Professionals Janet Himmelreich, CCEP, CCEP-I Head, Client Compliance Services Centre of Excellence BT Global Services Al Silipigni SVP, CHIEF PRIVACY

More information

The Data Melting Pot Computing in the Cloud. Becky Pinkard Manager, Security Operations Centres Research In Motion

The Data Melting Pot Computing in the Cloud. Becky Pinkard Manager, Security Operations Centres Research In Motion The Data Melting Pot Computing in the Cloud Becky Pinkard Manager, Security Operations Centres Research In Motion Notable Quotes January 2010, Mark Zuckerberg (Facebook founder): People have really gotten

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after

More information

AVAILABILITY SERVICES CLouD SECuRITY

AVAILABILITY SERVICES CLouD SECuRITY AVAILABILITY SERVICES CLouD SECuRITY Buyer Be aware There is one simple but golden tenet: security in the cloud is exactly the same as security in a physical shared environment and should be approached

More information

SafeMail April 2015. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres.

SafeMail April 2015. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres. SafeMail April 2015 Secure cloud solutions with guaranteed UK data sovereignty. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres. Detailing the

More information

Neoscope www.neoscopeit.com 888.810.9077

Neoscope www.neoscopeit.com 888.810.9077 Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your practice without IT. Today,

More information

Norwegian Data Inspectorate

Norwegian Data Inspectorate Norwegian Data Inspectorate Narvik kommune Postboks 64 8501 NARVIK Norway Your reference Our reference (please quote in any reply) Date 1111/1210-6/PEJA 11/00593-7/SEV 16 January 2012 Notification of decision

More information

Whitepaper. Disaster Recovery as a Service (DRaaS): A DR solution for all

Whitepaper. Disaster Recovery as a Service (DRaaS): A DR solution for all Whitepaper Disaster Recovery as a Service (DRaaS): A DR solution for all Disaster Recovery as a service: A DR solution for all Disaster Recovery (DR) is more important today than ever before. Why? Because

More information

HARNESSING THE POWER OF THE CLOUD

HARNESSING THE POWER OF THE CLOUD HARNESSING THE POWER OF THE CLOUD Demystifying Cloud Computing Everyone is talking about the cloud nowadays. What does it really means? Indeed, cloud computing is the current stage in the Internet evolution.

More information

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009 Legal Issues Associated with Cloud Computing Laurin H. Mills May 13, 2009 What Is Cloud Computing? The cloud is a metaphor for the Internet Leverages the connectivity of the Internet to optimize the utility

More information

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com

More information

The Business Value of a Comprehensive All-in-One Data Protection Solution for Your Organization

The Business Value of a Comprehensive All-in-One Data Protection Solution for Your Organization The Business Value of a Comprehensive All-in-One Data Protection Solution for Your Organization You have critical data scattered throughout your organization on back-office servers, desktops, mobile endpoints

More information

10 Hidden IT Risks That Threaten Your Financial Services Firm

10 Hidden IT Risks That Threaten Your Financial Services Firm Your firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your business without IT. Today,

More information

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption Whitepaper What You Need to Know About Infrastructure as a Service (IaaS) Encryption What You Need to Know about IaaS Encryption What You Need to Know About IaaS Encryption Executive Summary In this paper,

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

WhitePaper. Private Cloud Computing Essentials

WhitePaper. Private Cloud Computing Essentials Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Navigating The Cloud: A Primer For Understanding Cloud Computing. White Paper: 2012

Navigating The Cloud: A Primer For Understanding Cloud Computing. White Paper: 2012 Navigating The Cloud: A Primer For Understanding Cloud Computing White Paper: 2012 Cloud Computing: Modern Solutions for Today s Businesses What Do You See In The Cloud? For most people, looking up at

More information

Cloud in 2015: why Azure and AWS are taking a back seat to a more personal service

Cloud in 2015: why Azure and AWS are taking a back seat to a more personal service RESEARCH PAPER Cloud in 2015: why Azure and AWS are taking a back seat to a more personal service A discussion of how your business could benefit from a personalised hybrid-cloud solution versus off-the-shelf

More information

10 Hidden IT Risks That Threaten Your Practice

10 Hidden IT Risks That Threaten Your Practice (Plus 1 Fast Way to Find Them) Your practice depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine

More information

Using the Cloud: A Quick Guide for Small and Medium Businesses

Using the Cloud: A Quick Guide for Small and Medium Businesses Using the Cloud: A Quick Guide for Small and Medium Businesses Author: Ben McDougall (Greystone Consulting Ltd), November 2013 1 What is the Cloud? Although we have been hearing about The Cloud for the

More information

Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security

Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security Russ Dietz Vice President & Chief Technology Officer Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security By Russ Dietz Vice President & Chief

More information

Is Cloud Computing Inevitable for Lawyers?

Is Cloud Computing Inevitable for Lawyers? Is Cloud Computing Inevitable for Lawyers? by Sharon D. Nelson and John W. Simek 2015 Sensei Enterprises, Inc. Not a single day goes by when you don t hear something about cloud computing. It could be

More information

How to Go Paperless In Three Simple Steps: A Guide for Small Businesses

How to Go Paperless In Three Simple Steps: A Guide for Small Businesses How to Go Paperless In Three Simple Steps: A Guide for Small Businesses Page 1 Contents Why DocuWare... 3 Managing Information A Growing Problem for Businesses... 3 Step 1 Pick a business process... 4

More information

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access

More information

Table 1 Question Answer Explanation Next Question 1. Sensitive data?

Table 1 Question Answer Explanation Next Question 1. Sensitive data? The decision tree shown in Figure 1 is useful to facilitate the decision making process of a cloud deployment model. For each question in Figure 1, refer to the explanation in Table 1. While there are

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1 CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities

More information

10 Hidden IT Risks That Might Threaten Your Business

10 Hidden IT Risks That Might Threaten Your Business (Plus 1 Fast Way to Find Them) Your business depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine

More information

Backup and Data Protection for Hospitals

Backup and Data Protection for Hospitals Backup and Data Protection for Hospitals Backup and Data Protection for Hospitals The implementation of Electronic Medical Records for the US healthcare system has made the management of data more difficult

More information

Information Governance, Risk, Compliance

Information Governance, Risk, Compliance Information Governance, Risk, Compliance April White Paper By Galaxy Consulting A At Your Service Today Tomorrow We Appreciate The Privilege Of Serving You! Abstract May 2014 Information is the lifeblood

More information

Cloud Computing Backgrounder

Cloud Computing Backgrounder Cloud Computing Backgrounder No surprise: information technology (IT) is huge. Huge costs, huge number of buzz words, huge amount of jargon, and a huge competitive advantage for those who can effectively

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority

More information

Privacy in the Cloud A Microsoft Perspective

Privacy in the Cloud A Microsoft Perspective A Microsoft Perspective November 2010 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft

More information

Meeting Changing Information Management Needs with Next-Generation Email Archiving

Meeting Changing Information Management Needs with Next-Generation Email Archiving Whitepaper Sponsored by Written by Info-Tech Research Group Meeting Changing Information Management Needs with Next-Generation Email Archiving Introduction Email archiving is evolving beyond pure storage

More information

Protecting Your Data On The Network, Cloud And Virtual Servers

Protecting Your Data On The Network, Cloud And Virtual Servers Protecting Your Data On The Network, Cloud And Virtual Servers How SafeGuard Encryption can secure your files everywhere The workplace is never static. Developments include the widespread use of public

More information

A CIO s Cloud Decision and 7 Lessons Learned From Peers

A CIO s Cloud Decision and 7 Lessons Learned From Peers A CIO s Cloud Decision and 7 Lessons Learned From Peers Find out what advice Wisegate members gave their fellow CIO about moving core applications to the cloud WISEGATE COMMUNITY VIEWPOINTS Introduction

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for

More information

How To Choose A Cloud Computing Solution

How To Choose A Cloud Computing Solution WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

security in the cloud White Paper Series

security in the cloud White Paper Series security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),

More information

CLOUD IN HEALTHCARE EXECUTIVE SUMMARY 1/21/15

CLOUD IN HEALTHCARE EXECUTIVE SUMMARY 1/21/15 CLOUD IN HEALTHCARE CURRENT STATE AND STRATEGIES THAT IMPACT THE BOTTOM LINE EXECUTIVE SUMMARY As healthcare organizations struggle with competing priorities such as HITECH/ARRA, Meaningful Use, ICD-10,

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical

More information

Addressing Cloud Computing Security Considerations

Addressing Cloud Computing Security Considerations Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Cloud Computing. By the end of 2013, more than 75% of UK businesses will be using at least one type of cloud service. (Source: Cloud Industry Forum)

Cloud Computing. By the end of 2013, more than 75% of UK businesses will be using at least one type of cloud service. (Source: Cloud Industry Forum) Cloud Computing What if you could access all the computing power you need without actually owning it? That is the promise of cloud computing a new approach to IT for businesses large and small alike. Cloud

More information

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards Paul de Graaff Chief Strategy Officer Vanguard Integrity Professionals March 11, 2014 Session

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

CLOUD MIGRATION. Celina Alexandre M6807

CLOUD MIGRATION. Celina Alexandre M6807 CLOUD MIGRATION M6807 S Content 1. Introduction 2. Methodology 3. Requirements Definition Phase 3.1. Strategy 3.2. Knowledge 06/05/15 2 Content 4. Analysis Phase 4.1. Aplications and Systems 4.2. Development

More information

WHITE PAPER Email and Data Protection: Best Practice Guidelines for Europe

WHITE PAPER Email and Data Protection: Best Practice Guidelines for Europe Next Generation Email Archiving Appliances WHITE PAPER Best Practice Guidelines for Europe 8 Wellington Street East, Mezzanine Level, Toronto, Ontario, CANADA, M5E 1C5 Tel: 416.840.0418 1.888.JATHEON (1.888.528.4366)

More information

Security and Data Protection for Online Document Management Software

Security and Data Protection for Online Document Management Software Security and Data Protection for Online Document Management Software Overview As organizations transition documents and company information to Software as a Service (SaaS) applications that are no longer

More information

Question: 1 Which of the following should be the FIRST step in developing an information security plan?

Question: 1 Which of the following should be the FIRST step in developing an information security plan? 1 ISACA - CISM Certified Information Security Manager Exam Set: 1, INFORMATION SECURITY GOVERNANCE Question: 1 Which of the following should be the FIRST step in developing an information security plan?

More information

Ensuring security the last barrier to Cloud adoption

Ensuring security the last barrier to Cloud adoption Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It

More information

How To Store Emails On A Server Or On A Hard Drive

How To Store Emails On A Server Or On A Hard Drive WHITEPAPER Cloud, On-premise or Hybrid? Deciding Factors for Choosing your next Data Archiving Solution Cloud, On-premise or Hybrid Deciding factors for choosing your next data archive solution Executive

More information

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next

More information

Is cloud computing right for you?

Is cloud computing right for you? Is cloud computing right for you? Assess the options with Modern Networks. W: www.modern-networks.co.uk E: tellmemore@modern-networks.co.uk T: 02078717500 or 01462425600 The Cloud services companies of

More information

10 Hidden IT Risks That Might Threaten Your Law Firm

10 Hidden IT Risks That Might Threaten Your Law Firm (Plus 1 Fast Way to Find Them) Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine

More information

How To Manage Cloud Data Safely

How To Manage Cloud Data Safely Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

Do You Know Where Your Messages Are?

Do You Know Where Your Messages Are? Do You Know Where Your Messages Are? By Jason Sherry The need for message archiving In most organizations, an estimated 83 percent of all communications are electronic, with the vast majority of those

More information

Private vs. Public Cloud Solutions

Private vs. Public Cloud Solutions Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper

More information

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies

More information

The silver lining: Getting value and mitigating risk in cloud computing

The silver lining: Getting value and mitigating risk in cloud computing The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations

More information

TECHNICAL SPECIFICATION: LEGISLATION EXECUTING CLOUD SERVICES

TECHNICAL SPECIFICATION: LEGISLATION EXECUTING CLOUD SERVICES REALIZATION OF A RESEARCH AND DEVELOPMENT PROJECT (PRE-COMMERCIAL PROCUREMENT) ON CLOUD FOR EUROPE TECHNICAL SPECIFICATION: LEGISLATION EXECUTING CLOUD SERVICES ANNEX IV (D) TO THE CONTRACT NOTICE TENDER

More information

Why cloud backup? Top 10 reasons

Why cloud backup? Top 10 reasons Why cloud backup? Top 10 reasons HP Autonomy solutions Table of contents 3 Achieve disaster recovery with secure offsite cloud backup 4 Free yourself from manual and complex tape backup tasks 4 Get predictable

More information

An Acquirer s view: Payment security best practice and PCI DSS compliance. PCI London 23 January 2014

An Acquirer s view: Payment security best practice and PCI DSS compliance. PCI London 23 January 2014 An Acquirer s view: Payment security best practice and PCI DSS compliance PCI London 23 January 2014 Looking back over the years that the Barclaycard Payment Security team has presented at the PCI London

More information

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors Bringing the Cloud into Focus A Whitepaper by CMIT Solutions and Cadence Management Advisors Table Of Contents Introduction: What is The Cloud?.............................. 1 The Cloud Benefits.......................................

More information

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery ADVISORY Top 10 Reasons for Using Disk-based Online Server Backup and Recovery INTRODUCTION Backup of vital company information is critical to a company s survival, no matter what size the company. Recent

More information

How cloud computing can transform your business landscape

How cloud computing can transform your business landscape How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not

More information

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. In today s world the potential for ready access to data from virtually any device over any type of network connection creates

More information

How to Turn the Promise of the Cloud into an Operational Reality

How to Turn the Promise of the Cloud into an Operational Reality TecTakes Value Insight How to Turn the Promise of the Cloud into an Operational Reality By David Talbott The Lure of the Cloud In recent years, there has been a great deal of discussion about cloud computing

More information

The agile Cloud Brokerage approach. An innovative, business aligned and mature IT services delivery model!

The agile Cloud Brokerage approach. An innovative, business aligned and mature IT services delivery model! The agile Cloud Brokerage approach An innovative, business aligned and mature IT services delivery model! CLOUD BROKER DEFINITION as defined by the NIST A Cloud Broker is an entity That manages the selection,

More information

Matthew Howes Senior Vice President, Strategic Services inventiv Digital+Innovation Matthew.Howes@inVentivHealth.com

Matthew Howes Senior Vice President, Strategic Services inventiv Digital+Innovation Matthew.Howes@inVentivHealth.com WHITE PAPER Global Digital Security: The Human Element March 2014 Written by: Matthew Howes Senior Vice President, Strategic Services inventiv Digital+Innovation Matthew.Howes@inVentivHealth.com TABLE

More information

Cloud Computing. Bringing the Cloud into Focus

Cloud Computing. Bringing the Cloud into Focus Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice

More information

White Paper. 1 800 FASTFILE / www.ironmountain.ca Page 1

White Paper. 1 800 FASTFILE / www.ironmountain.ca Page 1 White Paper LIVEVAULT Top 10 Reasons for Using Online Server Backup and Recovery Introduction Backup of vital company information is critical to a company s survival, no matter what size the company. Recent

More information

Is your business secure in a hosted world?

Is your business secure in a hosted world? Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer

More information

Implications for Cloud Computing & Data Privacy

Implications for Cloud Computing & Data Privacy Implications for Cloud Computing & Data Privacy Diane Mueller Cloud Evangelist, ActiveState dianem@activestate.com http://www.activestate.com/stackato Founded 1997 2 million developers, 97% of Fortune

More information

Frequently Asked Questions about Cloud and Online Backup

Frequently Asked Questions about Cloud and Online Backup Frequently Asked Questions about Cloud and Online Backup With more companies realizing the importance of protecting their mission-critical data, we know that businesses are also evaluating the resiliency

More information

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Security in the Cloud: Visibility & Control of your Cloud Service Providers Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,

More information

ediscovery: The New Information Management Battleground Developments in the Law and Best Practices

ediscovery: The New Information Management Battleground Developments in the Law and Best Practices Sponsored by ediscovery: The New Information Management Battleground Developments in the Law and Best Practices Kahn Consulting Inc. (847) 266-0722 info@kahnconsultinginc.com Introduction The following

More information