Defining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012
Today s Presenters Lesley Berkeyheiser, SPWG co-chair, moderator Lola Jordan, President, Companion Data Services Susan Miller, JD, SPWG co-chair
Agenda SPWG Introduction Technical Discussion of Cloud Computing First Cloud Computing White Paper Second Cloud Computing White Paper How to join the Cloud Computing Sub-workgroup Q & A
Introductions SNIP S&P Cloud Sub Work Group SNIP Security & Privacy Cloud Sub Work Group
Cloud Computing is a business choice, not a technology choice
IT Delivery Service Models Business Model Choice T h e B u s i n e s s The Business Perspective Application Management Customer s Organization Service Support Service Delivery ICT Infrastructure Management Security Management T h e T e c h n o l o g y IaaS PaaS SaaS BPaaS Hosted
IT as a Service Network Access Identifies type of network to be accessed through Reference standard protocols Architecture Customer Portal a solution set for a holistic consumer Interface which consolidates offerings into Business related Project items rather than technical Management related items thus providing a consumer s guide through the complex, confusing world of Cloud Computing Development Consulting Load Testing Computing Other Service Provisioning provides Catalog Elements Manager for: IBM pooled Identifies used zenterprise to infrastructure automate consolidated the resources provisioning offerings into of Intel to Business any service x86 item related multiple included items consumers in the rather Service using than Oracle/Sun a technical Catalog multi-tenant related model items Governance Adequate Contains The offering role System has based a Security scripting / consumer / based programming customization Consulting interface used as a A Common pay-as-you-use / Centralized service for automation usage be Is NOT monitored, (DBA, limited controlled, to Security) Cloud offerings and only reported development to allow tool the brings allocation source of costs Provides management back for to Application individual any to this offering type business that of work. a units company Management would like to make available to its consumer base in business terms; for example: OS/Middleware Management Seat Management Mobile Phones Workstations hardware / software Phones Security Labor Resources Disaster Recovery Service Management Healthcare Focused Internet Connectivity Private Network Connectivity Customer Portal Global Identity Management Global Global Provisioning Manager Government Data Centers External Service Providers Master Cloud Computing Reference Architecture Provisioning Manager Physical Data Center Element Provisioning Manager Physical Data Center Element Intel x86 Software as a Service Platform as a Service Infrastructure as a Service IBM zenterprise Provisioning Manager Physical Data Center Element Intel x86 Cloud-in-a-Box at Customer Facility Provisioning Manager Physical Data Center Element Provisioning Manager Physical Data Center Element Intel x86 Oracle/Sun Global Governance / Accounting / Charge Back Global Global Global
General Cloud Computing Reference Architecture Network Access Identifies type of network to be accessed through standard protocols Customer Portal used to identify Service Offerings required to fulfill a request for computing capabilities in technical terms such as servers, storage, etc., and Security. Software-as-a-Service (SaaS) Applications delivery Platform-as-a-Service (PaaS) Application development Infrastructure-as-a-Service (IaaS) Infrastructure Offering Internet Connectivity Private Network Connectivity Customer Portal Global Identity Management Global Global Provisioning Manager Software as a Service Platform as a Service Infrastructure as a Service Computing Elements Deals with X86 Intel based systems Identifies Servers, Storage, etc available to respond to a request for computing capabilities Provisioning Manager used to automate the provisioning of any item included in the Service Catalog Other provides for: pooled infrastructure resources to service multiple consumers using a multi-tenant model Adequate System Security A pay-as-you-use service for usage to be monitored, controlled, and reported to allow the allocation of costs back to individual business units Provisioning Manager Physical Data Center Element
IT as a Service Reference Architecture Project Management Development Consulting Load Testing Governance Consulting (DBA, Security) Application Management OS/Middleware Management Security Disaster Recovery Service Management Healthcare Focused Internet Connectivity Private Network Connectivity Customer Portal Global Identity Management Global Global Provisioning Manager Commercial Data Centers External Service Providers Master Cloud Computing Reference Architecture Provisioning Manager Physical Data Center Element Provisioning Manager Physical Data Center Element Intel x86 Software as a Service Platform as a Service Infrastructure as a Service IBM zenterprise Provisioning Manager Physical Data Center Element Intel x86 Cloud-in-a-Box at Customer Facility Provisioning Manager Physical Data Center Element Provisioning Manager Physical Data Center Element Intel x86 Oracle/Sun Global Governance / Accounting / Charge Back Global Global Global
MP3 Players Secure WEB Sites Secure Content Secure Secure Smart Phones Tablets ATMs Printers TVs
GRC Governance Risk Compliance DIACAP FISMA PCI HITECH What You Should Know About Your HIPAA Service Provider Encryption Network Multi- Tenant SSAE 16 Core Business Partnership Relationship Access Control
First White Paper Using PHI & Cloud Computing A Focus on the Intersection of Cloud Technology and Privacy/Security - Go to WEDI.org, Resources tab, Resource Documents tab, and then click on the S&P White paper link - also below) http://wedi.org/snip/public/articles/dis_publicdisplay.cfm?doctype=6&wptype=2 Let s Walk Through: How to access the white paper TOC / Background Purpose & Scope About the Cloud About Privacy & Security Survey Responses
Second White Paper Question: Is HIPAA Privacy and Security Different in a Cloud Environment? Standards beyond HIPAA Requirements: NIST Cloud Computing SP-800s The NIST Definition of Cloud Computing SP800-145.pdf Guidelines on Security and Privacy in Public Cloud Computing SP800-144.pdf Cloud Computing Synopsis and Recommendations SP800-146.pdf Definition of Cloud Computing Case Study of a cloud computing vendor HIPAA Security Risk Analysis HIPAA Privacy Gap Analysis Business Associate Documents NIST Cloud Security and Privacy Guidelines
Join the WEDI SPWG Cloud Computing SWG Contact: Sue Miller TMSAM@aol.com 978-369-2092
Q & A and Thank you for your participation!