White paper. Secure Cloud Services: An Integrated Approach



Similar documents
EXIN Foundation in IT Service Management based on ISO/IEC 20000

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000

Preparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000

Preparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000

-Blue Print- The Quality Approach towards IT Service Management

EXIN Information Security Management Advanced

EXIN IT Service Management Foundation based on ISO/IEC 20000

ISO/IEC Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1

Procuring Penetration Testing Services

Foundation Bridge in IT Service Management (ITSM) according to ISO/IEC Specification Sheet. ISO/IEC Foundation Bridge TÜV SÜD Akademie

Preparation Guide Content. EXIN Cloud. 1. Overview 4 2. Exam Requirements 6 3. List of Basic Concepts 9 4. Exam Literature 13. Computing Foundation

Preparation Guide. EXIN Cloud Computing Foundation

ITIL Service Lifecycle Design

Information Security Management Expert based on ISO/IEC 27002

Name: Lynda Cooper Date: November 24th. Revising ISO/IEC to fit the future of service management

EXIN Cloud Computing Foundation

Information Security Risk Management

Fujitsu Cloud IaaS Trusted Public S5. shaping tomorrow with you

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

Preparation Guide. IT Service Management Foundation Bridge based on ISO/IEC 20000

ISO/IEC Part 1 the next edition

The ITIL Story. Pink Elephant. The contents of this document are protected by copyright and cannot be reproduced in any manner.

Certified Big Data Science Professional (CBDSP)

ITIL Asset and Configuration. Management in the Cloud

International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education.

SC7-ISO20000 Alignment issues Aligning ITIL to existing ISO JTC1- SC7 Software Engineering Standards

Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity

The ITIL Story White Paper

Brochure Service Design SPO

ITIL Service Lifecycle Operation

ITIL V3 Service Operation Certification Program

HYBRID CLOUDS DEFINING A SUSTAINABLE STRATEGY DR. RAGHU P. PUSHPAKATH KRISHNAKUMAR GOPINATHAN SACHIN KANOTH MADAKKARA

Consultants Alliance LLC. Professional Development Programs

Frameworks for IT Management

COBIT Helps Organizations Meet Performance and Compliance Requirements

Information Security Specialist Training on the Basis of ISO/IEC 27002

ITIL Event Management in the Cloud

Cloud Computing. Key Initiative Overview

The Information Security Management System According ISO The Value for Services

ITIL Service Lifecycle Transition

ERP. Key Initiative Overview

Integrated service management and cloud computing:

Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Global Strategic Sourcing Services

Preparation Guide. EXIN IT Service Management Executive Consultant/Manager based on ISO/IEC 20000

White Paper. Comparison of ISO/IEC with ASL and BiSL

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST

The Clear Path to ITIL Certification

Project Management and ITIL Transitions

Sample Exam. IT Service Management Foundation based on ISO/IEC 20000

Appendix B. Syllabus. Syllabus

Hyper-V Private Cloud Virtualization & Optimization

Guideline for Roles & Responsibilities in Information Asset Management

CYBER SECURITY, A GROWING CIO PRIORITY

Document management concerns the whole board. Implementing document management - recommended practices and lessons learned

ISO/IEC Information & ICT Security and Governance Standards in practice. Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT

DEVELOPING AN IT SERVICE MANAGEMENT TRAINING STRATEGY & PLAN. Version : 1.0 Date : April 2009 : Pink Elephant

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

IBM and the IT Infrastructure Library.

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

List of courses offered by Marc Taillefer

Why SAAS makes sense: The benefits of Cloud Computing for Archiving

Information Management

Developing SAP Enterprise Cloud Computing Strategy

This document is a preview generated by EVS

The HP OpenView Approach to Change and Configuration Management. White Paper. Change is good, but you go first

Jenny Obee, Head of Information Management Tel: Micailah Fleming, IT Director

Information Security Awareness Training

ISO20000: What it is and how it relates to ITIL v3

MSc Cyber Security UKPASS P Course 1 Year Full-Time, 2-3 Years Part-Time

Contract management roles and responsibilities

White Paper: AlfaPeople ITSM This whitepaper discusses how ITIL 3.0 can benefit your business.

Cloud computing insights from 110 implementation projects

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

IT Service Management

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

10964C: Cloud & Datacenter Monitoring with System Center Operations Manager

ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

Sage ERP X3 I White Paper

Roles within ITIL V3. Contents

Transcription:

White paper Secure Cloud Services: An Integrated Approach Edition October 2013

Whitepaper Information Management Secure Cloud Services: An Integrated Approach Edition October 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing system or circulated in any form by print, photo print, microfilm or any other means without written permission by EXIN. ITIL is a Registered Trade Mark of AXELOS Limited. 2

Introduction Cloud Computing is changing the way IT services are developed, procured and delivered. Amidst all the hype about Cloud, this much is as clear as a bell. Many IT roles will change radically, or even may be eliminated completely, but new opportunities will also arise for professionals with business expertise, a broad understanding of IT developments and the skills necessary to integrate specializations and bring specialists together. For professionals willing to seize these opportunities, there are many courses and certifications available to provide them with knowledge in one of the relevant fields or prepare them for a specific role in the development and delivery of Secure Cloud Services. What has been missing is training and a certification based on the integration of the main subjects related to selecting and delivering Secure Cloud Services, a program based on the most important principles that is focused on their interconnection. In this White Paper, EXIN presents such a program: the EXIN Certified Integrator in Secure Cloud Services. 3

The EXIN Certified Integrator in Secure Cloud Services Cloud Computing is an example of a clear trend where organizations are regaining control over their information management, supported (and no longer being led) by IT. This is creating a new wave of professionalism, as was elucidated in the EXIN White Paper on Information Management, Building great organizations through Information Management: The People Factor. The future lies in developing individuals and providing them with the skills and the essential mindset for building great organizations. The next generation of professionals in Information Management, including those defining their roles as IT experts, will need a non-it-centric approach and a capacity to exploit the opportunities offered by IT. They will need the right knowledge, skills and attitude to ensure a more efficient and effective performance by their organization, to explore possibilities of new ways of conducting business, and to establish new businesses. Looking at the skillset of this EXIN Certified Integrator in Secure Cloud Services, there is a quite generic starting point: knowledge and understanding of how IT can support and transform the business. It is important that such knowledge and understanding is not confined to a specific job role or framework, but shared amongst a large group of professionals, on the business side, in the IT department and in IT service provider organizations. This requires a common understanding of the most essential principles, practices and techniques, the basis for professional cooperation and communication. There is a need for an integrated approach, starting at a foundational level, where business challenges, IT practices and new technological developments are brought together. The EXIN Certified Integrator in Secure Cloud Services meets exactly this need, combining business concerns (Information Security), with new technological developments (Cloud) and best practices (Service Management). As Prakash MS, Vice-president of HP s IT Infrastructure Services stated in a recent interview: Cloud, Information Management and Security will have a big role to play in the next 5 to 7 years, and the binding factor for all of this will continue to be Service Management. 4

Secure Cloud Service Cloud Computing, providing IT related services through the Internet, allows flexible IT solutions to support the business, based on clear service arrangements. Technically speaking, Cloud Computing is more an evolution than a revolution. It is a combination of technical developments that has led to a new way of dealing with data, applications and services that is making fundamental changes to the relationship between IT and business. Such changes tend to generate hype, blurring the difference between promises and reality. But companies no longer need to own their hardware and software. People have access to their workplace or personal documents, music and photos wherever they are: this is the reality of today. Cloud Computing is the state-of-the-art way to provide and use IT services. Cloud-based services involve a lot more than just contracting the use of an application hosted in a datacenter connected to the web. As with all other services, they need management, monitoring and support. Most of all, they need clear arrangements between customers and suppliers. When considering Cloud Services, two major issues stand out: information security and service quality. Security and reliability have been identified as the main reason organizations are reluctant to turn to Cloud-based IT services. To address these issues, a wealth of best practices and standards can be mobilized, but application of these practices and standards requires an understanding of both their essentials and the principles of Cloud Computing. 5

Service Management Whereas understanding Cloud Computing is based on the knowledge of how IT services are built and delivered, knowledge of Service Management is necessary for understanding the processes required to manage availability, security and continuity of these services. In dealing with Cloud Services provided by third parties, Service Level Agreements play a major role, especially in ensuring that changes, incidents and problems are dealt with appropriately. Without going into too much technical detail, the international standard for IT Service Management, ISO/IEC 20000, is an excellent starting point for getting a grip on these often-complex issues. IT Service Providers can also leverage their certification against this standard to reassure their customers that they are in control of their Service Management and that their Service Management System is being independently audited on a regular basis. The ISO standard for IT Service Management can be used to identify the core of good Service Management, without diluting principles to textbook recipes. For Cloud Services in particular, it is important to remember that services are based on agreements with customers and hence on alignment of service provision with business needs. To deliver such services, other agreements with suppliers have to be in place in order to underpin the service levels agreed with the customer. Deployment of the service should be controlled, e.g., using the change management process, and services must be supported as well. The ISO/IEC 20000 guidance for IT Service Management focuses on the support and control of all these necessary steps in the design and delivery of services by the management system. This quality approach enables organizations to learn from their experience, adjust and improve in ever changing circumstances. This approach changes Service Management into a journey toward success as opposed to becoming the next failing project. One thing is for sure, in implementing Cloud Services as well: there will be mistakes and failures, so you need to be prepared to learn from them. 6

Information Security Management A recurring nightmare for many CIOs is sensitive data and software being stolen or corrupted by hackers. Introducing Cloud Computing does not seem to automatically ensure that they can sleep. Securing Cloud Services requires a combination of understanding Cloud Computing and the principles of Information Security Management. Such principles can be found in the international standard for Information Security Management, ISO/IEC 27001. Certification of the service provider against ISO/IEC 27001 should be a major consideration in the selection of a Cloud Service supplier. Information Security and Service Management are tightly interlinked and Cloud Computing makes a seamless integration even more urgent. The approach of the ISO standards for Information Security Management and Service Management, both based on the continual improvement cycle of Plan, Do, Check and Act, greatly facilitate such an integration. Migrating services into the Cloud and thus outside the company s security perimeter, raises many new security and privacy issues. Extensions of the ISO/IEC 27000 series to address Cloud security and privacy are in preparation, showing how to best apply the principles of the ISO/IEC 27001 standard to the latest technology for service provision. One lesson learned from Cloud Service deployment in recent years is that information security professionals need to be involved. In one study on the security of server virtualization, Gartner found that in 60% of the cases, the virtualized servers were less secure than the original ones; 40% of the organizations had not bothered to involve security specialists in their projects. Not that Cloud Computing is inherently insecure but, as Neil MacDonald, Gartner fellow and vice president, put it: "Most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants." 7

The People Factor Bringing Cloud Computing, Information Security and Service Management together in processes and tools is one thing, but it is people that make it all happen. At every conference on Service Management, Information Security or Cloud Computing, practitioners presenting their experience warn the audience that getting people on board was the most important and most difficult aspect of their initiative. Getting people on board, getting the organization to benefit from their experience, professionalism and creativity is often defined as communication. But communication without a shared understanding and common language is bound to fail. The EXIN Certified Integrator in secure Cloud Services is designed to overcome the barriers of misunderstanding between professionals, especially where new technologies or process innovations need to be implemented. It provides a foundation of common knowledge and mutual understanding of vocabulary. Each of the EXIN Foundation programs has been developed and kept up to date in cooperation with international experts in their specific field. The Foundation programs cover the essential principles and basic concepts, while paying extra attention to the relationship with peripheral subjects. Foundation training accredited by EXIN is interactive, contains practical examples, and pays attention to the issues brought up by the attendees. The EXIN Certificates ensure that the intended learning outcomes have been thoroughly tested and achieved. If you want to have your organization certified, you definitively want to have your staff certified. 8

The EXIN Certified Integrator in Secure Cloud Services For the EXIN Certified Integrator in Secure Cloud Services, EXIN has developed a program around the foundations of Cloud Computing, Information Security and Service Management which covers the building, management and securing of modern IT services. Combining these three foundation modules offers a range of advantages: Combined training offers an opportunity to bring together representatives from all three disciplines Cloud Computing is a rich source of excellent state-of-the-art examples of Information Security and Service Management issues In-depth review of the interconnection between the three subjects The combination of certificates for each of the three subjects adds value to each individual subject. The target audience for the EXIN Certified Integrator in Secure Cloud Services includes business and IT managers, project/program managers, service designers, IT architects and/or planners, IT consultants, IT auditors and IT security staff. 9

The EXIN Cloud Computing Foundation The syllabus of EXIN s Cloud Computing Foundation covers: The Concept of Cloud Computing Including the technical evolution toward Cloud Computing, the main delivery and service models and architectures and the drivers and limitations of Cloud Computing Implementing and Managing Cloud Computing Including the main components of Cloud Services, their relationships and the Service Management principles that apply for Cloud Computing Using the Cloud Including the different ways users access the Cloud, how Cloud Services can be used by the business and how service providers can use the Cloud Information Security and Compliance Including risk management and managing identity and privacy in the Cloud Evaluation of Cloud Computing Including the business case for Cloud Computing and evaluating Cloud Computing implementations The subjects of Implementing and Managing Cloud Computing and Information Security and Compliance have a clear link to the other two modules in the EXIN Certified Integrator in Secure Cloud Services: Information Security and Service Management. In combination with the EXIN Cloud Computing Foundation, these modules help to provide a deeper understanding of the Service Management and Information Security issues in delivering Cloud Services. 10

The EXIN It Service Management Foundation The IT Service Management Foundation syllabus describes the key information and concepts for IT Service Management based on ISO/IEC 20000 as well as its relationships with other areas of information management. This course builds the fundamental skills and knowledge enabling one to participate in organizational teams working within Service Management. Emphasis is on the Service Management System (SMS) and Service Management processes, specifically the core concepts and basic terminology of IT Service Management based on ISO/IEC 20000:2011. The syllabus of the IT Service Management Foundation module includes: Core concepts of Service Management and quality frameworks Including the principles of process-based Service Management and the role of quality frameworks The Service Management System (SMS) and the value and application of the PDCA cycle Including the objectives, roles and governance principles associated with the management system and the application of continual improvement principles to Service Management High-level concepts around service design and transition Including the planning, design and transition of new or changed services Including the objectives, quality requirements, activities and practical application of the main IT Service Management processes The focus on the quality approach and the Service Management System provides a natural link to Information Security based on ISO/IEC 27001. Both modules can be used in combination to increase quality awareness, provide a better understanding of the quality approach and emphasize the commonalities in managing services and Information Security. The subject of the Service Management processes is ideal for using real world practical examples illustrating how quality requirements and activities of the Service Management processes will be affected by implementing Cloud Computing and Information Security measures. The EXIN IT Service Management Foundation is also part of the EXIN IT Service Management certification program based on ISO/IEC 20000. The EXIN IT Service Management Foundation certificate provides the basic knowledge required in the rest of the program (e.g., the Auditor, Manager and Executive Consultant certificates). For more details please refer to our website www.exin.com. 11

The EXIN Information Security Foundation One of the objectives of the EXIN Information Security Foundation is to raise the awareness that information is valuable and vulnerable, and to learn which measures are necessary to protect information. This module provides the basic concepts and principles of Information Security and the organizational arrangements (the management system) that should be in place to secure the confidentiality, integrity and availability of an organization s information. The syllabus of the EXIN Information Security Management Foundation includes: Information and security Including basic concepts of information and its value Threats and risks Including the relationship between threats, risks and the reliability of information Security policy and the set-up of Information Security Including the components of security policy, security organization and the management of (security) incidents Security measures Including physical, technical and organizational measures Legislation and regulations Including examples of legislation, regulations and possible security measures Several subjects in this syllabus offer opportunities to discuss Cloud Computing-related issues and point out the relationship with IT Service Management processes. The EXIN Information Security Foundation is also part of the EXIN Information Security certification program based on ISO/IEC 27002. The EXIN Information Security Foundation certificate provides the basic knowledge required in the rest of the program (e.g., the Advanced and Expert certificates). For more details please refer to our website www.exin.com. 12

An Integrated Approach Each of the three EXIN Foundation modules will contribute to the better understanding of how to provide Secure Cloud Services, however an integrated approach will also exploit the full potential of the EXIN Certified Integrator in Secure Cloud Services. In studying Cloud Computing, Service Management and Information Security in their shared context, students get a better understanding of their relationships. Using the links and suggestions described in this White Paper, students and trainers will be able to provide examples and real world case studies to illustrate how the emerging technologies in Cloud Computing can be utilized to achieve secure and reliable service to the benefit of their organization. Acknowledgements EXIN would like to thank its customers, partners and champions for their input, which has helped form EXIN s overall vision on the EXIN Certified Integrator in Secure Cloud Services. In particular EXIN would like to thank the following people for their contribution to this White Paper: Lynda Cooper, Director, Service 20000 Ltd. Pierre Bernard, CTDP, ITIL Expert 13

Contact EXIN Website: www.exin.com 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information