How do we define cloud computing?



Similar documents
Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Session 5. Mixing and matching Public, Private and Hybrid Clouds for maximum benefits

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

IS PRIVATE CLOUD A UNICORN?

Managing Cloud Computing Risk

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

The NIST Definition of Cloud Computing (Draft)

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government


Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Private Cloud 201 How to Build a Private Cloud

LEGAL ISSUES IN CLOUD COMPUTING

OVERVIEW Cloud Deployment Services

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing. Bringing the Cloud into Focus

6 Cloud computing overview

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Katerina Apostolaki, Marketing Manager

CLOUD COMPUTING DEMYSTIFIED

Cloud Computing; What is it, How long has it been here, and Where is it going?

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Technology & Business Overview of Cloud Computing

Cloud Computing Security Issues

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Strategies for Secure Cloud Computing

Orchestrating the New Paradigm Cloud Assurance

AskAvanade: Answering the Burning Questions around Cloud Computing

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Computing An Elephant In The Dark

NIST Cloud Computing Reference Architecture & Taxonomy Working Group

NIST Cloud Computing Reference Architecture

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Cloud Computing/ Semantic Web Initiatives & Tutorial

Cloud Models and Platforms

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

The NIST Definition of Cloud Computing

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

NCTA Cloud Architecture

DESIGN OF A PLATFORM OF VIRTUAL SERVICE CONTAINERS FOR SERVICE ORIENTED CLOUD COMPUTING. Carlos de Alfonso Andrés García Vicente Hernández

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition

Kent State University s Cloud Strategy

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Security Issues in Cloud Computing

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Clinical Trials in the Cloud: A New Paradigm?

Cisco Intercloud Fabric Security Features: Technical Overview

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

The Cloud Opportunity: Italian Market 01/10/2010

Every Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

Module 1: Facilitated e-learning

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Mind the gap: Top pitfalls to avoid when reaching for the cloud. A whitepaper byfatpipe, the specialist in WAN & Internet Connectivity Optimisation

Addressing Security for Hybrid Cloud

CSO Cloud Computing Study. January 2012

Cloud Computing: Background, Risks and Audit Recommendations

The HIPAA Security Rule: Cloudy Skies Ahead?

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service

All can damage or destroy your company s computers along with the data and applications you rely on to run your business.

SCADA Cloud Computing

Government of Canada (GC) Cloud Computing: Information Technology Shared Services (ITSS) Roadmap

Secure Data Transmission Solutions for the Management and Control of Big Data

Oracle Reference Architecture and Oracle Cloud

Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division

Dell Cloud Services. Services

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Enabling the SmartGrid through Cloud Computing

Flying into the Cloud: Do You Need a Navigator? Services. Colin R. Chasler Vice President Solutions Architecture Dell Services Federal Government

Chapter 2: Cloud Basics Chapter 3: Cloud Architecture

Transcription:

How do we define cloud computing? On Demand Self Service customer can provision computing resources without requiring interaction with the service provider. Broad Network Access computing resources are provided over the network and accessed through various platforms. Resource Pooling computing resources are pooled to serve multiple customers with resources dynamically assigned according to customer need. Rapid Elasticity resources can be rapidly provisioned to scale up or down based on real-time need. Measured Service resource usage can be monitored and controlled using a metering capability.

The service model used will determine security responsibilities Software as a Service use the provider s applications running on the provider s cloud infrastructure Provider is responsible for the highest amount of security and data protection under this model Customer will negotiate into the service contract with the provider Platform as a Service deploy customer-created or acquired applications created using programming languages and tools supported by the provider Security is a shared responsibility with the provider responsible for the underlying platform infrastructure, Customer is responsible for securing the applications developed on the platform Infrastructure as a Service provision processing, storage, networks, and other fundamental computing resources Customer is responsible for the highest amount of security and data protection under this model

The deployment models will also help to define how security is implemented Private cloud operated solely for a single organization Community cloud shared by several organizations and supports a specific community that has shared concerns Public cloud available to the general public or a large industry group and is owned by an organization selling cloud services Hybrid cloud a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability Risk to data varies in each model, private cloud typically being the lowest risk model, and public cloud being the highest risk model

There are substantial security concerns to be addressed with cloud computing Data is not stored in an agency-managed data center Agency must rely on the provider s security controls for protection Data is not transferred securely between the cloud provider and service consumer Interfaces to access FTI in a cloud environment, including authentication and authorization controls, may not be secured per customer requirements Data from multiple customers is potentially commingled in the cloud environment.

To address some risk, there are mandatory requirements Notification Requirement at least 45 days prior to transmitting FTI into a cloud environment Data Isolation Software, data, and services must be isolated within the environment so that other cloud customers sharing physical or virtual space cannot access other customer data or applications SLA The agency must establish security policies and procedures based on IRS Publication 1075 for how FTI is stored, handled, and accessed Data Encryption in Transit FTI must be encrypted in transit within the cloud environment

To address some risk, there are mandatory requirements (continued) Data Encryption at Rest FTI may need to be encrypted while at rest in the cloud, depending upon the security protocols inherent in the cloud Persistence of Data in Relieved Assets Storage devices where FTI has resided must be securely sanitized or destroyed using proper methods Risk Assessment: The agency must conduct an annual assessment of the security controls (including prior to introducing FTI into the environment) Security Control Implementation Customer-defined security controls (Publication 1075) must be identified, documented, and implemented

Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information