Defining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012

Similar documents
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

United States Government Cloud Standards Perspectives

Cloud: A Matter of Perspective

1/10/2011. Topics. What is the Cloud? Cloud Computing

COMPLIANCE IN THE CLOUD

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

Compliance & Security in Azure. April 21, 2018

Cloud First Policy General Directorate of Governance and Operations Version April 2017

New Zealand Government IBM Infrastructure as a Service

Altius IT Policy Collection Compliance and Standards Matrix

The Challenge of Cloud Security

SoftLayer Security and Compliance:

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Altius IT Policy Collection Compliance and Standards Matrix

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Cloud Computing, SaaS and Outsourcing

Security Models for Cloud

Azure SQL Database Basics

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Sirius Security Overview

New Zealand Government IbM Infrastructure as a service

Protecting Sensitive Data in the Cloud. Presented by: Eric Wolff Thales e-security

ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast

Accelerate Your Enterprise Private Cloud Initiative

Auditing the Cloud. Paul Engle CISA, CIA

Securing Data in the Cloud: Point of View

Cisco Services: Towards Your Next Generation IT

Shaping the Cloud for the Healthcare Industry

Enterprise Networking Solutions, Inc.

Fundamental Concepts and Models

Patja IT services made easy

HCL GRC IT AUDIT & ASSURANCE SERVICES

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

Accelerating the HCLS Industry Through Cloud Computing

Cloud Computing Concepts, Models, and Terminology

Introduction To Cloud Computing

Enhanced Privacy ID (EPID), 156

BUSINESS CONTINUITY MANAGEMENT

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

Building Trust in the Era of Cloud Computing

CLOUD COMPUTING READINESS CHECKLIST

6/17/2017. Cloud Computing. Presented By: Mark Jordan. Agenda. Definition Structures Examples Which is Better? Future

December 2006 CMS HIPAA Security Guidance

Cloud Computing Introduction & Offerings from IBM

Vendor Security Questionnaire

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

UCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:

Cloud Computing and Its Impact on Software Licensing

THE HYBRID CLOUD. Private and Public Clouds Better Together

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Why the cloud matters?

Click to edit Master title style

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

Mitigating Risks with Cloud Computing Dan Reis

Driving Business Outcomes: Cisco Data Center Innovation and Solutions

A guide for IT professionals. implementing the hybrid cloud

Driving Cloud Governance and Avoiding Cloud Chaos

BRINGING CLARITY TO THE CLOUD

Ellie Bushhousen, Health Science Center Libraries, University of Florida, Gainesville, Florida

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

1-2-3 Webinar: Demystifying the Cloud

NE Infrastructure Provisioning with System Center Virtual Machine Manager

Cloud Computing An IT Paradigm Changer

CLOUD COMPUTING. Lecture 4: Introductory lecture for cloud computing. By: Latifa ALrashed. Networks and Communication Department

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

Data Security: Public Contracts and the Cloud

CHEM-E Process Automation and Information Systems: Applications

CIO Forum Maximize the value of IT in today s economy

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Healthcare IT Modernization and the Adoption of Hybrid Cloud

David Jenkins (QSA CISA) Director of PCI and Payment Services

NS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments. Hunter Downey, Cloud Solution Director

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

3/2/2012. Background on FISMA-Reheuser. NIST guidelines-cantor. IT security-huelseman. Federal Information Security Management Act

Best Practices in Healthcare IT Disaster Recovery Planning

Cloud Strategies for Addressing IT Challenges

Fast IT - Policy Driven Infrastructure for the Intercloud World

Telecommunications and Networks Work Group Charter (TNWG) July24, 2010 Version 2.0 Final

Cloud Transformation: Data center usage models driving Cloud computing innovation. Jake Smith, Advanced Server Technologies Data Center Group Intel

Service Provider Consulting

Cloud Computing Briefing Presentation. DANU

Part III: Evaluating the Business Value of the Hybrid Cloud

Protecting Your Cloud

Leveraging the Cloud & Managing Compliance HITRUST Alliance.

Cloud & Managed Server Hosting for Healthcare Professionals

NIST Cloud Computing Security Working Group

Introduction to Cloud Computing. [thoughtsoncloud.com] 1

The New Enterprise Network In The Era Of The Cloud. Rohit Mehra Director, Enterprise Communications Infrastructure IDC

Managing IT in a Cloudy World

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

Cybersecurity & Privacy Enhancements

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Government Data Center Modernization

Cloud Computing introduction

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

Best Practices in Securing a Multicloud World

Implementing Microsoft Azure Infrastructure Solutions

VMware, SQL Server and Encrypting Private Data Townsend Security

IT Attestation in the Cloud Era

All Aboard the HIPAA Omnibus An Auditor s Perspective

Transcription:

Defining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012

Today s Presenters Lesley Berkeyheiser, SPWG co-chair, moderator Lola Jordan, President, Companion Data Services Susan Miller, JD, SPWG co-chair

Agenda SPWG Introduction Technical Discussion of Cloud Computing First Cloud Computing White Paper Second Cloud Computing White Paper How to join the Cloud Computing Sub-workgroup Q & A

Introductions SNIP S&P Cloud Sub Work Group SNIP Security & Privacy Cloud Sub Work Group

Cloud Computing is a business choice, not a technology choice

IT Delivery Service Models Business Model Choice T h e B u s i n e s s The Business Perspective Application Management Customer s Organization Service Support Service Delivery ICT Infrastructure Management Security Management T h e T e c h n o l o g y IaaS PaaS SaaS BPaaS Hosted

IT as a Service Network Access Identifies type of network to be accessed through Reference standard protocols Architecture Customer Portal a solution set for a holistic consumer Interface which consolidates offerings into Business related Project items rather than technical Management related items thus providing a consumer s guide through the complex, confusing world of Cloud Computing Development Consulting Load Testing Computing Other Service Provisioning provides Catalog Elements Manager for: IBM pooled Identifies used zenterprise to infrastructure automate consolidated the resources provisioning offerings into of Intel to Business any service x86 item related multiple included items consumers in the rather Service using than Oracle/Sun a technical Catalog multi-tenant related model items Governance Adequate Contains The offering role System has based a Security scripting / consumer / based programming customization Consulting interface used as a A Common pay-as-you-use / Centralized service for automation usage be Is NOT monitored, (DBA, limited controlled, to Security) Cloud offerings and only reported development to allow tool the brings allocation source of costs Provides management back for to Application individual any to this offering type business that of work. a units company Management would like to make available to its consumer base in business terms; for example: OS/Middleware Management Seat Management Mobile Phones Workstations hardware / software Phones Security Labor Resources Disaster Recovery Service Management Healthcare Focused Internet Connectivity Private Network Connectivity Customer Portal Global Identity Management Global Global Provisioning Manager Government Data Centers External Service Providers Master Cloud Computing Reference Architecture Provisioning Manager Physical Data Center Element Provisioning Manager Physical Data Center Element Intel x86 Software as a Service Platform as a Service Infrastructure as a Service IBM zenterprise Provisioning Manager Physical Data Center Element Intel x86 Cloud-in-a-Box at Customer Facility Provisioning Manager Physical Data Center Element Provisioning Manager Physical Data Center Element Intel x86 Oracle/Sun Global Governance / Accounting / Charge Back Global Global Global

General Cloud Computing Reference Architecture Network Access Identifies type of network to be accessed through standard protocols Customer Portal used to identify Service Offerings required to fulfill a request for computing capabilities in technical terms such as servers, storage, etc., and Security. Software-as-a-Service (SaaS) Applications delivery Platform-as-a-Service (PaaS) Application development Infrastructure-as-a-Service (IaaS) Infrastructure Offering Internet Connectivity Private Network Connectivity Customer Portal Global Identity Management Global Global Provisioning Manager Software as a Service Platform as a Service Infrastructure as a Service Computing Elements Deals with X86 Intel based systems Identifies Servers, Storage, etc available to respond to a request for computing capabilities Provisioning Manager used to automate the provisioning of any item included in the Service Catalog Other provides for: pooled infrastructure resources to service multiple consumers using a multi-tenant model Adequate System Security A pay-as-you-use service for usage to be monitored, controlled, and reported to allow the allocation of costs back to individual business units Provisioning Manager Physical Data Center Element

IT as a Service Reference Architecture Project Management Development Consulting Load Testing Governance Consulting (DBA, Security) Application Management OS/Middleware Management Security Disaster Recovery Service Management Healthcare Focused Internet Connectivity Private Network Connectivity Customer Portal Global Identity Management Global Global Provisioning Manager Commercial Data Centers External Service Providers Master Cloud Computing Reference Architecture Provisioning Manager Physical Data Center Element Provisioning Manager Physical Data Center Element Intel x86 Software as a Service Platform as a Service Infrastructure as a Service IBM zenterprise Provisioning Manager Physical Data Center Element Intel x86 Cloud-in-a-Box at Customer Facility Provisioning Manager Physical Data Center Element Provisioning Manager Physical Data Center Element Intel x86 Oracle/Sun Global Governance / Accounting / Charge Back Global Global Global

MP3 Players Secure WEB Sites Secure Content Secure Secure Smart Phones Tablets ATMs Printers TVs

GRC Governance Risk Compliance DIACAP FISMA PCI HITECH What You Should Know About Your HIPAA Service Provider Encryption Network Multi- Tenant SSAE 16 Core Business Partnership Relationship Access Control

First White Paper Using PHI & Cloud Computing A Focus on the Intersection of Cloud Technology and Privacy/Security - Go to WEDI.org, Resources tab, Resource Documents tab, and then click on the S&P White paper link - also below) http://wedi.org/snip/public/articles/dis_publicdisplay.cfm?doctype=6&wptype=2 Let s Walk Through: How to access the white paper TOC / Background Purpose & Scope About the Cloud About Privacy & Security Survey Responses

Second White Paper Question: Is HIPAA Privacy and Security Different in a Cloud Environment? Standards beyond HIPAA Requirements: NIST Cloud Computing SP-800s The NIST Definition of Cloud Computing SP800-145.pdf Guidelines on Security and Privacy in Public Cloud Computing SP800-144.pdf Cloud Computing Synopsis and Recommendations SP800-146.pdf Definition of Cloud Computing Case Study of a cloud computing vendor HIPAA Security Risk Analysis HIPAA Privacy Gap Analysis Business Associate Documents NIST Cloud Security and Privacy Guidelines

Join the WEDI SPWG Cloud Computing SWG Contact: Sue Miller TMSAM@aol.com 978-369-2092

Q & A and Thank you for your participation!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback