Cloud Computing Thunder and Lightning on Your Horizon?



Similar documents
Identity Theft Prevention Program (FACTA Identity Theft Red Flags Rule)

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Cloud Computing; What is it, How long has it been here, and Where is it going?

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

White Paper on CLOUD COMPUTING

The Cloud at 30,000 feet. Art Ridgway Scripps Media Inc. Managing Director Newspaper IT Operations

IS PRIVATE CLOUD A UNICORN?

Pulling up the Roots: a Guide to Corporate Relocation

Encryption Security Recommendations

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Computing. What is Cloud Computing?

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar

Cloud Computing Advantages

SITUATION SOLUTION BENEFITS SUPPORT PRODUCTS

Auditing Cloud Computing and Outsourced Operations

Guardian365. Managed IT Support Services Suite

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Ruby on Rails Secure Coding Recommendations

Computing: Public, Private, and Hybrid. You ve heard a lot lately about Cloud Computing even that there are different kinds of Clouds.

Managing Cloud Computing Risk

Firewall Administration and Management

custom hosting for how you do business

Security & Trust in the Cloud

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

Federal Aviation Administration. efast. Cloud Computing Services. 25 October Federal Aviation Administration

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Making Sense of Cloud Computing in the Public Sector. By EVA OlSAKER

Cloud Computing Phillip Hampton LogicForce Consulting, LLC

Unified Threat Management, Managed Security, and the Cloud Services Model

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Clinical Trials in the Cloud: A New Paradigm?

AVeS Cloud Security powered by SYMANTEC TM

INNOVATE. MSP Services Overview SVEN RADEMACHER THROUGH MOTIVATION

Cloud Computing: Compliance and Client Expectations

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

INTRODUCING CLOUD POWER

Endpoint Protection Small Business Edition 2013?

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

How To Protect Your Cloud From Attack

Cloud Computing Safe Harbor or Wild West?

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Why You Should Consider Cloud- Based Archiving. A whitepaper by The Radicati Group, Inc.

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

Managed IT Secure Infrastructure Flexible Offerings Peace of Mind

An Introduction to Cloud Computing Concepts

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Using Cloud-Based Technologies in Clinical Trials by Niki Kutac, Director, Product Management

Trend Micro Healthcare Compliance Solutions

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

always on meet the it department PROPHET managed services ebook Business Group Meet the Always On IT Department

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Cloud Computing: Background, Risks and Audit Recommendations

The NIST Definition of Cloud Computing (Draft)

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Ensuring security the last barrier to Cloud adoption

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey


SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Altius IT Policy Collection Compliance and Standards Matrix

CLOUD COMPUTING. A Primer

How to Turn the Promise of the Cloud into an Operational Reality

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

Cloud Computing and Disaster Recovery

Seeing Though the Clouds

6 Cloud computing overview

Validating Cloud. June 2012 Merry Danley

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

Validating Enterprise Systems: A Practical Guide

Auditing Cloud Computing and Outsourced Operations

Security Issues in Cloud Computing

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Cloud Computing. Karan Saxena * & Kritika Agarwal**

Managed Services. Business Intelligence Solutions

BUSINESS MANAGEMENT SUPPORT

The Advantages of Security as a Service versus On-Premise Security

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

Enterprise Architecture Review Checklist

Sensitive Data Management: Current Trends in HIPAA and HITRUST

Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

The Elephant in the Room: What s the Buzz Around Cloud Computing?

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

CHAPTER 8 CLOUD COMPUTING

Cloud Security Introduction and Overview

Transcription:

Cloud Computing Thunder and Lightning on Your Horizon? Overview As organizations automate more and more of their manual processes, the Internet is increasingly becoming an important tool in the delivery of IT services. Several years ago, organizations purchased software on CD-ROMs and DVD media. Today, users have the choice of downloading software from the Internet or using their browser to access software that runs outside the organization on Internet servers. The use of external software on Internet servers is called Software as a Service (SAAS). Instead of writing software for a workstation, software developers are now writing software programs that run on Internet servers. This software may run on servers outside the organization on other companies data centers. Familiar examples include web sites such as Amazon.com and Salesforce.com. In the past, individual applications ran in the Internet cloud. Now, entire data centers are moving to the cloud, accessible by a wide range of users. Cloud computing describes a grouping of service offerings that includes application software, data storage, and computing. The computing can be delivered over the Internet (public cloud computing) or within an organization (private cloud computing). According to the National Institute of Standards and Technology, cloud computing is defined as A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Essential characteristics of cloud environment include: On-demand self-service Ubiquitous network access Location independent resource pooling Rapid elasticity Measured service Delivery models include software as a service, platform as a service, and infrastructure as a service. Deployment includes private clouds, community clouds, public clouds, and hybrid cloud models. 151 Kalmus Drive, Suite L-4 Costa Mesa, California 92626 (714) 442-6670 www.altiusit.com 1

Cloud advantages over desktop software Many SAAS applications are available at little to no cost. In addition to lower software costs, IT administration labor costs are reduced as software does not need to be installed and constantly patched. SAAS applications tend to be supported by paid advertisers, thus subsidizing the cost to the software user. Another benefit is group collaboration. In the past, software was loaded on many distributed devices. With the Internet cloud, software and data can be stored on centralized servers facilitating access to data by a large group of users. Cloud computing offers almost unlimited storage of applications and data. No longer must users and IT staff be concerned about collecting and archiving volumes of data. Mobile applications Employees want functionality and access to data from a number of different locations. The Internet cloud allows hand held Personal Digital Assistants (PDAs) and laptop users to access applications and data from a variety of locations. Internet cloud computing allows information to be accessed by a number of different devices (desktop, laptop, mobile phone, GPS, etc.) since the applications and data are stored at Internet data centers. Mobile computing will drive more applications to the Internet cloud. The cloud is an ideal way of supplying software and data to small computing devices that don t have the storage and processing power to hold volumes of applications and information. Application interfaces Internet applications leverage the power of end user devices by introducing to browsers features commonly found in the graphical interfaces on desktop applications. Better software development tools support applications that can run on a wide range of devices from desktop browsers to smart phones. Malware protection A cloud computing approach may offer better malware protection. Unlike traditional anti-virus and anti-spyware solutions installed on an organization s servers and desktops, cloud computing malware protection is delivered as a service. Cloud computing may offer better protection over traditional solutions: 1) No time lag between when a threat surfaces and when the malware service is updated to protect against the threat. 2) Cloud malware service offers real time protection by combining detection services from a number of different sources. By using a variety of malware protection engines (Symantec, McAfee, Trend Micro, etc.), the cloud service approach increases the ability to detect and prevent malware threats. In recent test, traditional solutions using only one anti- 151 Kalmus Drive, Suite L-4 Costa Mesa, California 92626 (714) 442-6670 www.altiusit.com 2

virus application were 83% successful at detecting risks. Success rates using cloud computing malware protection were as high as 98%. Pubic cloud computing risks As with any other form of technology, organizations must address a wide range of cloud computing risks: User traffic in the past, applications and data were stored locally. With Internet cloud information accessed via Internet lines, connectivity and bandwidth usage may become a critical issue if Internet users create Internet access bottlenecks. Internet connectivity connectivity to the Internet increases in importance. If Internet connectivity is down for an extended period of time, employee productivity will drop. Redundant high speed Internet lines may be needed to help mitigate this risk. Employee productivity applications and data that are stored on user hard drives tend to have fast response times with little impact on the employee. Internet applications may experience delays and not be able to manage volumes of data. Service Level Agreements (SLAs) with the cloud computing vendors can provide response time, throughput, and other metrics that help protect the organization. Lack of availability there are risks related to having a critical software application programmed and managed by an outside entity. If a vendor s software application ceases to function, the organization may experience financial losses as well as damage to its image and reputation. Confidentiality SAAS vendors may store data in a central repository. This repository may hold data from many different businesses, even competitors. The organization should determine if it is appropriate to store the type of information (client lists, pricing, intellectual property, etc.) on external servers. Integrity since data is stored on outside servers, the organization must ensure information integrity. Balancing controls, managing information stored on external servers, monitoring, and other controls must be used to protect the organization. Compliance information collected, stored, archived, and secured must meet regulatory requirements. Privacy issues In exchange for lower cost service delivery, users may have to provide personal information. This information is often used to deliver custom advertisements. The cloud model may require sharing of information with other marketing alliances in exchange for the convenience and low cost of using Internet cloud applications. Many SAAS vendors focus on one area of specialty, storage, e-mail applications, on-line backups, etc. Organizations must rely on the vendor s security solutions 151 Kalmus Drive, Suite L-4 Costa Mesa, California 92626 (714) 442-6670 www.altiusit.com 3

to protect their information. Unfortunately, for many SAAS vendors, their focus is on service functionality, not security. Private cloud computing Organization data centers adopting the technologies and practices of public cloud infrastructures can be considered private clouds. Private clouds are data centers within the corporate perimeter, within the firewall. Software applications can be designed for both the public and private cloud infrastructure. Tools such as systems management software, clusters, grid technology, and load balancing permit private clouds to employ utility like environments with computing resources and applications provisioned with greater efficiency. Cloud computing service delivery considerations IT managers should take professional care and due diligence when evaluating cloud computing applications: Service levels - your organization should determine if the outsourced provider has professional, high performance infrastructures that can guarantee levels of performance delivery. Support user and technical support must be determined up front. Will first level user support be provided by their staff or yours? Redundancy organizations should have redundant solutions that allow systems to continue operating even during single component failure. This includes the Internet software application as well as the organization s connectivity to the Internet. Contingency plans business continuity and disaster recovery plans must be updated and tested on a regular basis. Private clouds IT departments have the administration costs and responsibilities of acquiring, installing, managing, and securing data centers. Security public and private clouds must ensure information availability, confidentiality, and integrity. Summary While outsourcing software applications to the Internet cloud isn t for every organization, many firms have found that cloud computing can be a simple, reliable, and cost effective solution. Both the Internet cloud vendors (SAAS) and the organization should have audits performed on a periodic basis. SAAS vendors - audits help ensure system availability, information confidentiality, and data integrity. Organizations - audits ensure organization management that the firm is managing its cloud computing risks. 151 Kalmus Drive, Suite L-4 Costa Mesa, California 92626 (714) 442-6670 www.altiusit.com 4

Risk assessments and audits help organizations identify, manage, and reduce their risks. Publication and Author Information Jim Kelton is Managing Principal of Altius IT (www.altiusit.com), an IT security audit, security consulting, and risk management company based in Costa Mesa, California. Mr. Kelton has over 30 years of experience in the Information Technology industry and is recognized as a security expert. He is certified by the Information Systems Audit and Control Association (ISACA) as: Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Controls (CRISC) Certified in the Governance of Enterprise IT (CGEIT) He sits on the Board of Directors of the following associations and organizations: Association of Professional Consultants (APC) International Association of Professional Security Consultants (IAPSC) Technology Professionals Association (TPA) 151 Kalmus Drive, Suite L-4 Costa Mesa, California 92626 (714) 442-6670 www.altiusit.com 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information