CONSIDERATIONS BEFORE MOVING TO THE CLOUD



Similar documents
Client Security Risk Assessment Questionnaire

Clinical Trials in the Cloud: A New Paradigm?

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

University of Pittsburgh Security Assessment Questionnaire (v1.5)

HIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers

CLOUD COMPUTING READINESS CHECKLIST

Whitepaper: 7 Steps to Developing a Cloud Security Plan

What You Should Know About Cloud- Based Data Backup

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO / HIPAA / SOX / CobiT / FIPS 199 Compliant

Why You Should Consider Cloud- Based Archiving. A whitepaper by The Radicati Group, Inc.

MASSIVE NETWORKS Online Backup Compliance Guidelines Sarbanes-Oxley (SOX) SOX Requirements... 2

2014 HIMSS Analytics Cloud Survey

Managing Cloud Computing Risk

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Is it Time to Look at an Ektron Managed Cloud Strategy? Copyright 2014 Ektron, Inc.

BMC s Security Strategy for ITSM in the SaaS Environment

SysAid IT On-Demand Architecture Including Security and Disaster Recovery Plan

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

7 Essential Benefits of Hybrid Cloud Backup

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

5 Essential Benefits of Hybrid Cloud Backup

Hosting Services VITA Contract VA AISN (Statewide contract available to any public entity in the Commonwealth)

DriveHQ Security Overview

Cloud Computing Trends, Examples & What s Ahead

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

Securing Oracle E-Business Suite in the Cloud

TOP 10 BEST REASONS FOR COLOCATION

Cloud Security and Managing Use Risks

Anypoint Platform Cloud Security and Compliance. Whitepaper

Legal Issues in the Cloud: A Case Study. Jason Epstein

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

The Elephant in the Room: What s the Buzz Around Cloud Computing?

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance

EARTHLINK BUSINESS. Simplify the Complex

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

How To Achieve Pca Compliance With Redhat Enterprise Linux

Security Controls What Works. Southside Virginia Community College: Security Awareness

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World

Intel Enhanced Data Security Assessment Form

Overcoming the Causes of Data Center Outages

Information Technology Solutions. Managed IT Services

This white paper describes the three reasons why backup is a strategic element of your IT plan and why it is critical to your business that you plan

custom hosting for how you do business

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses.

Things You Need to Know About Cloud Backup

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Benefits and risks of cloud computing

MANAGED EXCHANGE SOLUTIONS Secure, Scalable and Compliant Hosted Environments

WHITE PAPER USING ONLINE BACKUP AS A GATEWAY TO CLOUD SERVICES

Checklist for a Watertight Cloud Computing Contract

Self-Service SOX Auditing With S3 Control

Preventing Downtime from Data Loss and Server Failure

ALERT LOGIC LOG MANAGER & LOGREVIEW

Amazon Web Services: Risk and Compliance January 2011

Cloud Computing: Risks and Auditing

Private vs. Public Cloud Solutions

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

Matthias Machowinski, Directing Analyst for Enterprise Networks and Video, Infonetics Research, 20152

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Title: Number: Responsible Office: Last Revision:

Cloud Security Trust Cisco to Protect Your Data

Encryption Key Management for Microsoft SQL Server 2008/2014

kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR)

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

How To Protect Yourself From A Hacker Attack

Cloud Computing. What is Cloud Computing?

ADVANTAGES OF CLOUD ULTRA AN ULTRA COMMUNICATIONS WHITEPAPER CLOUD CONTACT CENTRE SOLUTIONS COMMUNICATIONS (0)

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

Cloud P ROVIDER CHOOSE A HOW TO. A White Paper presented by

Transcription:

CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part I By Debbie C. Sasso Principal When talking technology today, it s very rare that the word Cloud doesn t come up. The benefits touted with the cloud include ease of use, easy to deploy, scalability, reduced capital expenditures, and the list goes on. Cloud services include virtualization, storage, backup solutions, software-as-a-service, business continuity and more. And, whether your business is considering one solution or five, there are multiple factors that management needs to consider before going to the Cloud. In part one of this two-part paper; we will discuss the following areas: Organizational Compliance Data Center Location Service Levels Provider Shutdown

Organizational Compliance Related to Information Technology Many state and federal regulations apply to your business whether you are privately or publicly held. Regulations are always changing and you don t want to be caught off-guard. Making sure you meet regulatory requirements can be quite complicated and often times frustrating. Now, let s throw cloud computing into the mix. A lot of concern has been expressed around cloud computing, the security measures employed and meeting compliance requirements such as: Sarbanes-Oxley (SOX) Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standard (PCI DSS) essential for ecommerce Protection of Personal Information for Massachusetts Residents (201 CMR 17.00) Gramm-Leach-Bliley Act (GLBA) Compliance Audits In your review of cloud services providers, you ll want to inquire about where your data will be hosted to ensure they meet the specific compliance requirements for your business. For data centers to be compliant they need to pass a variety of audits based on what data will be hosted in the facility. For example, to be HIPAA compliant they need to pass an audit to guarantee the facility follows the Code of Federal Regulation (CFR) set by HIPAA inspectors. The inspectors will take a comprehensive look at the facility to make sure that all data stored is protected and only available to authorized users. Once complete, a report is generated documenting that the provider has the proper procedure and policies in place to provide HIPAA hosting solutions. According to a Symantec Study State of Cloud global Results January 2013, more than half of survey participants said they were concerned about being able to prove they have met cloud compliance requirements. And, 23% revealed they had been fined for cloud privacy violations. Other compliance audits include SSAE 16 (Statements on Standards for Attestation Engagements No. 16) formerly known as SAS 70, SOC 1, SOC 2, and SOC 3, and PCI DSS. For the Protection of Personal Information there are certain security measures that you need to ensure your third party vendor is adhering to such as encryption of data and access control measures. The following websites provide more detailed information on each of these compliance audits: http://www.aicpa.org/soc http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit https://www.pcisecuritystandards.org/security_standards/

Security Measures Data centers must provide ample security measures to protect the data of their clients to meet certain compliances. These security measures include: HTTPS and SSL Certificates For web-based access to information which is encrypted and secured to prevent unauthorized connections Encryption of data stored on servers A Secure Firewall - A secure firewall will prevent any unauthorized access to protected files. Remote VPN Access For authorized users to access the network using a remote computer. Disaster Recovery - A documented backup recovery plan in case of lost data or server malfunction Hosting Facility, Data Backup, and Infrastructure Backup Location(s) Hosting Facility Location Make sure the hosting facility location is not too close to your headquarters. Chances are if the two are close and a natural disaster damages or shuts down your corporate location, it could happen to the data center as well. You want to be close to your data, but not too close. Choose a facility away from flood zones and areas subject to hurricanes, tornadoes, earthquakes, as well as airports and power plants. This may seem easier said than done these days, but a reputable data center will have a well thought out location plan. During Superstorm Sandy, many data centers in New York City were down due to flood and power outages. These locations were in low lying areas in Manhattan and were susceptible to flooding. In many instances, the water flooded the generators preventing them from working. Airports and power plants typically have high electromagnetic interference or radio frequency interference. Because they are such large sources of interference they have the potential to impede the performance of the data center s servers and networking services.

Backup Locations When assessing a provider for cloud services, ask about backup locations. Are they located close enough that if the data center were to go down, the backup would be able to be accessed in a reasonable amount of time. If business operations needed to be switched from one data center to another, are the locations close enough that your business wouldn t experience a significant of downtime. And, as in choosing the hosting facility, make sure backup locations are far enough away that they are unlikely to be affected by the same disaster. Service Levels Service levels are defined in a Service Level Agreement also referred to as a SLA. Service levels include uptime, security, availability and much more depending on the nature of your business. How Much Downtime can Your Business Afford? Before discussing service levels, consider what is important to your business. Identify what your business requires in terms of your technology and processes. Do you have an e-commerce site? If so, it s important that your uptime is as close to 100% as possible since you want your customers to have access at any time to order your products. You will see a lot of providers offering 99.9%. Think about what would happen to your business if the hosting facility had a security breach or Internet access outage. What business processes would be interrupted? Operations, Customer Service, and Employee productivity could all come to a halt. Data is a crucial element of your business and its security needs to be a priority when considering a cloud service provider. Not all data is created equal. Financial information, employee information, and competitive data could all be considered data that needs a high service level in terms of security. How data will be protected should be laid out in your SLA*. If you find you need higher levels of service in terms of data protection, disaster recovery or any of the services above, these should be clearly identified in the SLA as well as what the consequences are if the agreed upon levels are not met. Once you identify the business requirements, you can decide what type of services you need. The result can also determine whether to consider a public, private, or hybrid cloud model. *In part II of this whitepaper we will address data security in the cloud.

Cloud Provider Shuts Down A cloud provider could shut down for a variety of reasons such as bankruptcy, an unrecoverable power outage, contract disputes, vendor issues, etc. Although it s rare for a provider to shut down immediately without warning, it can happen. Therefore, it s important to have a contingency plan in place that addresses how you will get your data back. If you are working directly with the data center, the data must be given back to the customer since they do not have the capability to transfer data to another provider. However, if you use an IT Managed Services provider for cloud services, they can take care of giving your data back to you or transferring it to another supplier. To avoid complications due to a shutdown or interruption in cloud services: Make sure the provider has a documented plan to give your data back including method of transportation and formatting in case of closure. In the SLA, clearly identify the ownership and control rights of all company data Assess the financial strength and check references of the provider The move to the cloud is a big decision. For more information on cloud services or any of the material covered in this whitepaper: Contact Us info@ceservices.com (508) 983-1990 Have a backup plan in place to protect your business and your data in case your cloud services provider goes out of business. Part II of this whitepaper will focus on data security, transmission of data, data breaches, and encryption. If you would like notification when Part II of this whitepaper is available, please email ces@ceservices.com.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information