Public vs private cloud for regulated entities

Size: px
Start display at page:

Download "Public vs private cloud for regulated entities"

Transcription

1 Public vs private cloud for regulated entities

2 DC2: Restricted use The cloud is for everyone but not for everything 2

3 Opportunity enabler DC2: Restricted use Flexibility SAAS Public Accessibility Agility Private PAAS Cohosting Dynamic Low Maintenance Colocation IAAS Hybrid Low/No CAPEX 3

4 Rights concerns challenges DC2: Restricted use Stability? SAAS Public Seizure? Confidentiality? Ownership? Private PAAS Cohosting Location? Auditability? Colocation IAAS Hybrid Access? 4

5 Is regulation slowing you down? DC2: Restricted use 5

6 Many regulated sectors, Many Authorities Common principles DC2: Restricted use Banking Investment services Insurance Remote Gaming Health Pharmaceuticals Telecommunications MFSA MGA The professions (Legal; Engineering; Accounting and Audit; ) 6

7 Many regulated sectors, Many Authorities Common principles DC2: Restricted use Does not impair the supervision of the authority Compliance with the regulations must not be undermined None of the conditions to which the Licensed Entity is subject must be removed or modified Senior management does not delegate its responsibility The relationship and obligations towards clients must not be altered Capability to resume direct control over an outsourced activity, in extremis 7

8 Today, cloud is not a novelty DC2: Restricted use improved disaster recovery better performance for global users superior infrastructure manageability and flexibility Public Cloud Private Cloud Hybrid Cloud Percentages of US enterprises using public, private and hybrid clouds. (Source: Evaluator Group Cloud Trends Analysis based on publicly available survey data. 8

9 DC2: Restricted use Private hosted cloud for better control? Main resistance to cloud computing: Security Regulation Data protection Generally security is shared: host and tenant are responsible for different parts of the stack Actually, cloud service providers often enhance overall security TENANT Application Platform Infrastructure Operating System Hypervisor Hardware + network HOST 9

10 Security An improvement or a concern? DC2: Restricted use 67% Hosted private cloud adopters listed improved security or ability to meet compliance as its top driver but also as its top concern 10

11 DC2: Restricted use Safeguards Recognise that no form of outsourcing is risk free and that risk is carried by the outsourcing entity Due diligence in choosing cloud provider Certifications Location Monitor performance and stability Implement and test contingency plans Consultation with the authority what alternative measures could adequately mitigate the risks involved 11

12 DC2: Restricted use Contractual tips Exit management (planned + unplanned) Data portability Performance measures/service levels Confidentiality/secrecy/data protection Chain-outsourcing obligations Data breach notification obligations Supervisory authority and auditor rights [data + premises] Change in structure/ownership triggers 12

13 DC2: Restricted use Branded Trust 13

14 Forecast: Mostly cloudy This presentation has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. Copyright 2017 PricewaterhouseCoopers. All rights reserved. refers to the Malta member firm, and may sometimes refer to the network. Each member firm is a separate legal entity. Please see for further details.

Enterprise resilience and the role of Standards

Enterprise resilience and the role of Standards www.pwc.co.uk Enterprise resilience and the role of Standards Why do we have Standards? Globalisation Consistency Quality Supply chain and outsourcing Marketing value Slide 2 Stakeholder value Ultimately,

More information

Making trust evident Reporting on controls at Service Organizations

Making trust evident Reporting on controls at Service Organizations www.pwc.com Making trust evident Reporting on controls at Service Organizations 1 Does this picture look familiar to you? User Entity A User Entity B User Entity C Introduction and background Many entities

More information

50% 45% 40% 25% 20% 15%

50% 45% 40% 25% 20% 15% 40% 50% 35% 45% 30% 40% 35% 25% 30% 20% 25% 15% 20% 10% 15% 10% 5% 5% 0% Global reward issues Cost of living/salary budgets Management information/ analytics Reward in emerging territories Millennials/

More information

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad

More information

Cloud Computing, SaaS and Outsourcing

Cloud Computing, SaaS and Outsourcing Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud

More information

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson Presentation to AGA April 20, 2017 Mike Teller Steve Wilson Agenda: What is cloud computing? What are the potential benefits of cloud computing? What are some of the important issues agencies need to consider

More information

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing

More information

Moving from Prevention to Detection March 2017

Moving from Prevention to Detection March 2017 www.pwc.com Moving from Prevention to Detection Le Tran Hai Minh Manager Cyber Security 29 Agenda Slide Cyber Security Statistics 3 How to Stay Confidence 8 Contact 19 2 Cyber Security Statistics 3 Cyber

More information

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.

More information

NYDFS Cybersecurity Regulations

NYDFS Cybersecurity Regulations SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors

Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors www.pwc.co.uk Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors Dr. Richard Horne Cyber Security Partner PwC January 2017 Board governance is often

More information

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,

More information

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9

More information

Cyber Threat Landscape April 2013

Cyber Threat Landscape April 2013 www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve

More information

Data Processing Clauses

Data Processing Clauses Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.

More information

2017 RIMS CYBER SURVEY

2017 RIMS CYBER SURVEY 2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the

More information

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media

More information

Fundamental Concepts and Models

Fundamental Concepts and Models Fundamental Concepts and Models 1 Contents 1. Roles and Boundaries 2. Cloud Delivery Models 3. Cloud Deployment Models 2 1. Roles and Boundaries Could provider The organization that provides the cloud

More information

IT Attestation in the Cloud Era

IT Attestation in the Cloud Era IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction

More information

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the

More information

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

Danish Cloud Maturity Survey 2018

Danish Cloud Maturity Survey 2018 Danish Cloud Maturity Survey 2018 Current and planned adoption of cloud services Danish Cloud Maturity Survey 2018 1 Early days for cloud adoption with concerns for security and expertise, and complexity

More information

in Transition to the Cloud David A. Chapa, CTE EVault, a Seagate Company

in Transition to the Cloud David A. Chapa, CTE EVault, a Seagate Company PRESENTATION Data Protection TITLE GOES HERE in Transition to the Cloud David A. Chapa, CTE EVault, a Seagate Company SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA

More information

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013 Future Shifts in Enterprise Architecture Evolution IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013 Agenda Terminology & Definitions Evolution to Cloud Cloud Adoption Appendix 2013

More information

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements

More information

Best Practices in Securing a Multicloud World

Best Practices in Securing a Multicloud World Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers

More information

GDPR compliance: some basics & practical to do list

GDPR compliance: some basics & practical to do list GDPR compliance: some basics & practical to do list Philippe LAURENT independent full service business law firm located in Brussels May 2017 Personal data processing = any operation or set of operations

More information

2017 SaaS Security Study ABSTRACT

2017 SaaS Security Study ABSTRACT 2017 SaaS Security Study ABSTRACT Data security is a key element of selecting any SaaS provider. Qualtrics surveyed over 200 SaaS security and privacy officers to understand which security and privacy

More information

Contents. Navigating your way to the cloud

Contents. Navigating your way to the cloud Contents Navigating your way to the cloud Moving to the digital economy 4 Four essential steps to a successful cloud adoption and deployment 5 Step 1: Full, informed stakeholder involvement 6 Step 2: Targeted

More information

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS Jane R. Circle Manager, Red Hat Global Cloud Provider Program and Cloud Access Program June 28, 2016 WHAT WE'LL DISCUSS TODAY Hybrid clouds and multi-cloud

More information

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise Disruptive Technologies Legal and Regulatory Aspects 16 May 2017 Investment Summit - Swiss Gobal Enterprise Legal and Regulatory Framework in Switzerland Legal and regulatory Framework: no laws or provisions

More information

ISACA Cincinnati Chapter March Meeting

ISACA Cincinnati Chapter March Meeting ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview

More information

Version 1/2018. GDPR Processor Security Controls

Version 1/2018. GDPR Processor Security Controls Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in

More information

EY Norwegian Cloud Maturity Survey 2018

EY Norwegian Cloud Maturity Survey 2018 EY Norwegian Cloud Maturity Survey 2018 Current and planned adoption of cloud services EY Norwegian Cloud Maturity Survey 2018 1 It is still early days for cloud adoption in Norway, and the complexity

More information

Cloud Computing and Its Impact on Software Licensing

Cloud Computing and Its Impact on Software Licensing Cloud Computing and Its Impact on Software Licensing By Gretchen Kwashnik & Jim Cecil January 25, 2012 What is Cloud Computing? Cloud computing is a model for enabling: on-demand network access to a shared

More information

Privacy hacking & Data Theft

Privacy hacking & Data Theft Privacy hacking & Data Theft Cloud Computing risks & the Patricia A RoweSeale CIA, CISA, CISSP, CRISC, CRMA The IIA (Barbados Chapter) Internal Audit Portfolio Director CIBC FirstCaribbean Objectives Cloud

More information

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:

More information

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

Business Technology Briefing: Fear of Flying, And How You Can Overcome It Business Technology Briefing: Fear of Flying, And How You Can Overcome It Joseph Tobloski Senior Director for Data & Platforms R&D Accenture Technology Labs Fear of Flying And How You Can Overcome It May

More information

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Cloud First Policy General Directorate of Governance and Operations Version April 2017 General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...

More information

SAS 70 SOC 1 SOC 2 SOC 3. Type 1 Type 2

SAS 70 SOC 1 SOC 2 SOC 3. Type 1 Type 2 SAAABA Changes in Reports on Service Organization Controls April 18, 2012 Changes in Reports on Service Organization Controls (formerly SAS 70) April 18, 2012 Duane M. Reyhl, CPA Andrews Hooper Pavlik

More information

Cyber Security Law --- Are you ready?

Cyber Security Law --- Are you ready? Cyber Security Law --- Are you ready? Xun Yang Of Counsel, Commercial IP and Technology 9 May 2017 1 / B_LIVE_APAC1:2207856v1 Content Overview of Cyber Security Law Legislative Development Key Issues in

More information

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

PPS is Private Practice Software as developed and produced by Rushcliff Ltd. Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and

More information

The Cyber Savvy CEO Getting to grips with today s growing cyber-threats

The Cyber Savvy CEO Getting to grips with today s growing cyber-threats www.pwc.co.uk/informationsecurity The Cyber Savvy CEO Getting to grips with today s growing cyber-threats Unprecedented opportunities The cyber domain is a world of opportunity yet media coverage of attacks

More information

Angela McKay Director, Government Security Policy and Strategy Microsoft

Angela McKay Director, Government Security Policy and Strategy Microsoft Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au

More information

Top Five Privacy and Data Security Issues for Nonprofit Organizations

Top Five Privacy and Data Security Issues for Nonprofit Organizations Top Five Privacy and Data Security Issues for Nonprofit Organizations Julia K. Tama, Esq. Jeffrey S. Tenenbaum, Esq. Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit MAY

More information

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action 2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action April 11, 2018 Contact Information Casie D. Collignon Partner Denver 303.764.4037 ccollignon@bakerlaw.com

More information

How to avoid storms in the cloud. The Australian experience and global trends

How to avoid storms in the cloud. The Australian experience and global trends How to avoid storms in the cloud The Australian experience and global trends Discussion Topics 1. Understanding Cloud and Benefits 2. KPMG research The Australian Experience and Global Trends 3. Considerations

More information

Minimum Requirements For The Operation of Management System Certification Bodies

Minimum Requirements For The Operation of Management System Certification Bodies ETHIOPIAN NATIONAL ACCREDITATION OFFICE Minimum Requirements For The Operation of Management System Certification Bodies April 2011 Page 1 of 11 No. Content Page 1. Introduction 2 2. Scope 2 3. Definitions

More information

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology 8 December 2016 The Matrix (1999) 1 / L_LIVE_APAC1:5433168v1 World Internet

More information

Cloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA

Cloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA Cloud Computing: A European Perspective Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA Overview Cloud Universe Definitions Cloud Risks in Europe Governance, Risk and Compliance

More information

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

HIPAA COMPLIANCE AND DATA PROTECTION Page 1 HIPAA COMPLIANCE AND DATA PROTECTION info@resultstechnology.com 877.435.8877 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and RESULTS Cloud

More information

How Secure is Blockchain? June 6 th, 2017

How Secure is Blockchain? June 6 th, 2017 How Secure is Blockchain? June 6 th, 2017 Before we get started... This is a 60 minute webcast For better viewing experience, close all other applications For better sound quality, please use headphones

More information

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation

More information

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document

More information

Cloud solution consultant

Cloud solution consultant Cloud solution consultant Role brief Directorate Jisc technologies Base location Harwell or Bristol Grade B Level 18 Job family Professional services Date November 2017 Reports to Cloud services group

More information

HIPAA Privacy, Security and Breach Notification

HIPAA Privacy, Security and Breach Notification HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance

More information

CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information

CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information CLOUD COMPUTING The Old Ways Are New Again Jeff Rowland, Vice President, USAA IT/Security Audit Services Public Information Who We Are Our Mission The mission of the association is to facilitate the financial

More information

Cloud Computing Overview. The Business and Technology Impact. October 2013

Cloud Computing Overview. The Business and Technology Impact. October 2013 Cloud Computing Overview The Business and Technology Impact October 2013 Cloud Computing offers new types of IT services and models On-demand self-service Rapid elasticity Pay per use Increase Agility

More information

Building Trust in the Era of Cloud Computing

Building Trust in the Era of Cloud Computing Building Trust in the Era of Cloud Computing ICMC 2017 Conference May 17, 2017 v1.0 David Gerendas Group Product Manager TRUST A FIRM belief in the! Reliability! Truth! Ability of someone or something.

More information

Chapter 4. Fundamental Concepts and Models

Chapter 4. Fundamental Concepts and Models Chapter 4. Fundamental Concepts and Models 4.1 Roles and Boundaries 4.2 Cloud Characteristics 4.3 Cloud Delivery Models 4.4 Cloud Deployment Models The upcoming sections cover introductory topic areas

More information

Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017

Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017 Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017 Presenter Colin Wallace, CPA/CFF, CFE, CIA, CISA Partner Colin has provided management consulting and internal

More information

Outsourcing und Data Protection

Outsourcing und Data Protection Outsourcing und Data Protection Clara-Ann Gordon IAPP Workshop on Outsourcing, 9 May 2017 Subject Matter Outsourcing: depending on area different meaning and requirements However always personal data are

More information

Disaster recovery strategic planning: How achievable will it be?

Disaster recovery strategic planning: How achievable will it be? April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategic planning: How achievable will it be? Prudence Marasigan Ernst & Young Advisory Services, Senior Manager prudence.marasigan@ey.com

More information

Managing IT in a Cloudy World

Managing IT in a Cloudy World 10:30 12:10 May 7, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Allison E. Bradsher (Moderator) Chief Financial Officer, City of Raleigh, NC Phil

More information

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs

More information

Mind your Business We manage your IT

Mind your Business We manage your IT ASP Mind your Business We manage your IT Because we believe that great service comes from heart, we are driven by passion to excel. MANAGE HOSTING SOLUTIONS Transform your business with our diverse hosting

More information

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group Leveraging the Cloud for Law Enforcement Richard A. Falkenrath, PhD Principal, The Chertoff Group Law Enforcement Information Management Training Conference & Technology Exposition May 21,2013 Outline

More information

How Credit Unions Are Taking Advantage of the Cloud

How Credit Unions Are Taking Advantage of the Cloud 2013 CliftonLarsonAllen LLP How Credit Unions Are Taking Advantage of the Cloud CUNA Technology Council Conference September 2013 CLAconnect.com Randy Romes, CISSP, CRISC, MCP, PCI-QSA Principal, Information

More information

Data Security: Public Contracts and the Cloud

Data Security: Public Contracts and the Cloud Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?

More information

Cloud solution consultant

Cloud solution consultant Cloud solution consultant Role brief Directorate Jisc technologies Base location Harwell or Bristol Grade B Job level 18 Job family Professional services Date 23/10/2017 Reports to Cloud services group

More information

Clarity on Cyber Security. Media conference 29 May 2018

Clarity on Cyber Security. Media conference 29 May 2018 Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26

More information

Data Security, Integrity and Accessibility in the Cloud

Data Security, Integrity and Accessibility in the Cloud Data Security, Integrity and Accessibility in the Cloud Shared Responsibility Principles for Financial Services Institutions & Cloud Service Providers Introduction This document presents principles intended

More information

HPE DATA PRIVACY AND SECURITY

HPE DATA PRIVACY AND SECURITY ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection

More information

HIPAA / HITECH Overview of Capabilities and Protected Health Information

HIPAA / HITECH Overview of Capabilities and Protected Health Information HIPAA / HITECH Overview of Capabilities and Protected Health Information August 2017 Rev 1.8.9 2017 DragonFly Athletics, LLC 2017, DragonFly Athletics, LLC. or its affiliates. All rights reserved. Notices

More information

10 Cloud Myths Demystified

10 Cloud Myths Demystified 10 Cloud s Demystified The Realities for Digital Healthcare Transformation It s a challenging time for the healthcare industry, with changing regulations, consolidation and the consumerization of healthcare

More information

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international

More information

How to Establish Security & Privacy Due Diligence in the Cloud

How to Establish Security & Privacy Due Diligence in the Cloud How to Establish Security & Privacy Due Diligence in the Cloud Presentation: Cloud Computing Expo 2015, Santa Clara, California Maria C. Horton, CISSP, ISSMP, Cloud Essentials, IAM CEO, EmeSec Incorporated

More information

Cloud & Managed Server Hosting for Healthcare Professionals

Cloud & Managed Server Hosting for Healthcare Professionals Cloud & Managed Server Hosting for Healthcare Professionals HIPAA AICPA SOC aicpa.org/soc4so SOC for Service Organizations Service Organizations Cloud & Managed Server Hosting for Healthcare Professionals

More information

1 The intersection of IAM and the cloud

1 The intersection of IAM and the cloud 1 The intersection of IAM and the cloud Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Theory, practice, pros and cons with a focus on enterprise deployments of IAM and cloud

More information

Integrating HIPAA into Your Managed Care Compliance Program

Integrating HIPAA into Your Managed Care Compliance Program Integrating HIPAA into Your Managed Care Compliance Program The First National HIPAA Summit October 16, 2000 Mark E. Lutes, Esq. Epstein Becker & Green, P.C. 1227 25th Street, N.W., Suite 700 Washington,

More information

Cyber security and awareness for non-financial services. 24/25 May 2017

Cyber security and awareness for non-financial services. 24/25 May 2017 Cyber security and awareness for non-financial services 24/25 May 2017 Agenda Robert Kirkby (Jsy) / Linda Johnson (Gsy): Introduction Sion Lloyd-Jones: Cyber Security The need for a cunning plan Teijo

More information

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10 GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data

More information

HIPAA Compliance Checklist

HIPAA Compliance Checklist HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.

More information

Cloud Computing Legal Issues Practising Law institute 2015 San Francisco New York Chicago

Cloud Computing Legal Issues Practising Law institute 2015 San Francisco New York Chicago Cloud Computing Legal Issues Practising Law institute 2015 San Francisco New York Chicago Peter J. Kinsella 303/291-2328 Agenda Introduction and overview of cloud computing technologies Frequently raised

More information

Security Models for Cloud

Security Models for Cloud Security Models for Cloud Kurtis E. Minder, CISSP December 03, 2011 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer

More information

Mitigating Risks with Cloud Computing Dan Reis

Mitigating Risks with Cloud Computing Dan Reis Mitigating Risks with Cloud Computing Dan Reis Director of U.S. Product Marketing Trend Micro Agenda Cloud Adoption Key Characteristics The Cloud Landscape and its Security Challenges The SecureCloud Solution

More information

HIPAA Regulatory Compliance

HIPAA Regulatory Compliance Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health

More information

Is Your Compliance Strategy Putting Your Business at Risk?

Is Your Compliance Strategy Putting Your Business at Risk? Is Your Compliance Strategy Putting Your Business at Risk? January 20, 2015 2015 NASDAQ-LISTED: EGHT Today s Speakers Michael McAlpen Exec. Dir. of Security & Compliance, 8x8, Inc. David Leach Business

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

GDPR: A QUICK OVERVIEW

GDPR: A QUICK OVERVIEW GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance

More information

Achieving third-party reporting proficiency with SOC 2+

Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Today s organizations do business within a broad ecosystem. Customers, partners, agents,

More information

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization Cloud Computing: The Next Wave Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization The Starting Point For Me www.af.mil www.af.mil Source: www.cartoonstock.com 2 Possibilities

More information

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice PREPARING FOR SOC CHANGES AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice On May 1, 2017, SSAE 18 went into effect and superseded SSAE 16. The following information is here

More information

The Challenge of Cloud Security

The Challenge of Cloud Security The Challenge of Cloud Security Dr. Ray Klump Chair, Mathematics & Computer Science Director, MS in Information Security Lewis University Poll Question #1: What type of cloud service are you

More information

Cloud Affinity Water Peter Rowland - CIO

Cloud Affinity Water Peter Rowland - CIO Cloud Computing @ Affinity Water Peter Rowland - CIO 1 Copyright 2015 Tata Consultancy Services Limited Intro The global technology revolution presents our business with the opportunity to: Be more innovative.more

More information

Choosing the Right Cloud Computing Model for Data Center Management

Choosing the Right Cloud Computing Model for Data Center Management Choosing the Right Cloud Computing Model for Data Center Management www.nsi1.com NETWORK SOLUTIONS INCOPORATED NS1.COM UPDATING YOUR NETWORK SOLUTION WITH CISCO DNA CENTER 1 Section One Cloud Computing

More information

CLOUD COMPUTING BY DENNIS KENNEDY

CLOUD COMPUTING BY DENNIS KENNEDY BY DENNIS KENNEDY A recent Gartner report forecasts a growth of 18% in spending on public clouds across all businesses for 2017, similar to that in 2016. Other surveys show that the use of cloud computing

More information

Security Management Models And Practices Feb 5, 2008

Security Management Models And Practices Feb 5, 2008 TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related

More information