Managing IT in a Cloudy World

Similar documents
Cloud Computing Legal Issues Practising Law institute 2015 San Francisco New York Chicago

Cloud Computing, SaaS and Outsourcing

Cloud Computing and Its Impact on Software Licensing

Fundamental Concepts and Models

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Public vs private cloud for regulated entities

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

University of Pittsburgh Security Assessment Questionnaire (v1.7)

DHS Cloud Strategy and Trade Nexus. May 2011

COMPLIANCE IN THE CLOUD

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

Data Security and Privacy Principles IBM Cloud Services

Cloud Computing: Making the Right Choice for Your Organization

Integrating Information Security Protections In Supplier Agreements: Guidance for Business and Technology Counsel

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

Journey to the Cloud. Jeff Hoehing, Principal Consultant

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

Intermedia s Private Cloud Exchange

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

10 Considerations for a Cloud Procurement. March 2017

Data Security: Public Contracts and the Cloud

Welcome & Introductions

VMware vcloud Air Accelerator Service

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

How to Establish Security & Privacy Due Diligence in the Cloud

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Cyber Security Law --- Are you ready?

Cloud Affinity Water Peter Rowland - CIO

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

How to avoid storms in the cloud. The Australian experience and global trends

Accelerating the HCLS Industry Through Cloud Computing

Cloud Computing - Reaping the Benefits and Avoiding the Pitfalls. Stuart James & Delizia Diaz. Intellectual Property & Technology Webinar

SERVERS / SERVICES AT DATA CENTER AND CO-LOCATION POLICY

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Staffordshire University

Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement

Practical Guide to Cloud Computing Version 2. Read whitepaper at

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

AUTHORIZATION TO ENTER INTO A CONTRACT WITH SOFTWAREONE, INC. FOR LICENSING OF MICROSOFT SOFTWARE

On-Premise, Cloud, Or Managed Service. Making The Most Of Information Management Technology & People

Virtual Machine Encryption Security & Compliance in the Cloud

BRINGING CLARITY TO THE CLOUD

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Security Models for Cloud

NYDFS Cybersecurity Regulations

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

Cloud Computing Overview. The Business and Technology Impact. October 2013

Building Trust in the Era of Cloud Computing

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

TXU Energy. Key Considerations for Managed & Cloud Services

Taking Government Cloud Adoption to the Next Level: In Brief. Quick tips & facts about cloud adoption from GovLoop

DATA CENTRES OPERATIONAL ISSUES AND THE CONTRACT. Anthony Day - Associate 20 March 2012

SUBJECT: REQUEST FOR PROPOSALS FOR HARBOR DEPARTMENT CLOUD COMPUTING SERVICES

TRACKVIA SECURITY OVERVIEW

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

PCI DSS Compliance and the Cloud

CCISO Blueprint v1. EC-Council

Best Practices in Securing a Multicloud World

Mitigating Risks with Cloud Computing Dan Reis

Granted: The Cloud comes with security and continuity...

NetApp AWS Worldwide Public Sector Summit Washington, D.C.

CLOUD COMPUTING PRIMER FOR EXECUTIVES

VMware BCDR Accelerator Service

Maintaining Security Parity in the Shift to Cloud and Mobile Applications. Jamie Yu, Clark Sessions Cisco Systems October 2016

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

Washington State Emergency Management Association (WSEMA) Olympia, WA

About the DISA Cloud Playbook

CLOUD SECURITY CRASH COURSE

locuz.com SOC Services

SOARING THROUGH THE CLOUDS IT S A BREEZE

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS

Hybrid Cloud Infrastructure-as-a-Service (IaaS)

SDL Privacy Policy Cloud Services

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

SCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E

Version 1/2018. GDPR Processor Security Controls

COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS

HPE GO4SAP Getting Orchestrated for SAP Automate SAP Basis Management Enterprise-scale end-to-end

NOTICE TO ALL PROSPECTIVE RESPONDENTS RFP 18-ITSS/CY. Addendum No. 1 issued September 7, RFI responses are in red bold print

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

CLOUD COMPUTING. A New Era of Business Opportunity. Matthew Maderios, CA Enterprise. IT Roadmap Conference & Expo San Jose, CA.

GOVERNMENT ICT STANDARDS

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

What is milcloud 2.0?

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

1/10/2011. Topics. What is the Cloud? Cloud Computing

Updated December 12, Chapter 10 Service Description IBM Cloud for Government

ISACA Cincinnati Chapter March Meeting

Council, 8 February 2017 Information Technology Report Executive summary and recommendations

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Migrating Applications to the Cloud

CompTIA Cloud Essentials Certification Exam Objectives EXAM NUMBER: CLO-001

Transcription:

10:30 12:10 May 7, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Allison E. Bradsher (Moderator) Chief Financial Officer, City of Raleigh, NC Phil Bertolini (Speaker) CIO/Deputy County Executive, Oakland County, MI Samantha Sturgis (Speaker) Partner, Perkins Coie LLP Managing IT in a Cloudy World www.gfoa.org #GFOA2018

Hip to be Square Managing IT in a Cloudy World Presented by, Phil Bertolini, Deputy County Executive & CIO bertolinip@oakgov.com 2018

The Cloud! Procuring the Cloud What makes sense Having the right people RFPs Contracting the Cloud Legal wrangling Terms and conditions Exit strategies Benefitting from the Cloud Cost savings Speed of change Consuming what you need Discussing the Cloud Numerous issues Educating stakeholders Lets talk!

Cloud Contracting

Creating a Cloud Strategy www.g2gmarket.com Key Considerations: Data Attributes where you would look at sensitivity, privacy, volume and volatility Disaster Recovery and Business Continuity including your return to service objectives Costs including software licensing, connection fees and usage fees Application Readiness Security and Compliance Features such as CJIS, HIPAA, PCI, FIPS and others

Cloud Journey Timeline Strategy Execution and Implementation Sept 2016: Cloud Strategy Approved Jan 2017: Cloud Execution presented to Steering Aug 2017: Capacity Constraint creates more cloud migrations Sep Dec 2017: Security consultants engaged to validate and enhance design 9/16 Nov 2016: Cloud Strategy Rolled Out Feb 2017: Alternate Approach Taken; Cloud Design Project Launched Aug 2017: Initial Cloud Design presented Toda y 6

Design Principles Design without reliance on Oakland County on premise infrastructure and services Use core AWS services as much as possible and fill in any gaps by SaaS services. Design with the most current technologies and solutions Automation of infrastructure builds Least Privilege access

Technical Debt Opportunities Shared Instances Network Connectivity Citrix IAM Needed Redefined and removal of shared instances for stand alone options in the cloud Impacts Simplifies cloud migrations Creates flexibility for application changes, updates and maintenance Needed VPN Optimization Direct Connect Pipe Create a read only copy of our AD in AWS Impacts CAMS Court Videos Clarity WatchGuard Jail Video Any systems requiring real time connection to on premise systems Needed An upgraded environment on premise or in the cloud Or migrate to an AWS solution and remove Citrix Impacts CAMS BSA Debt Manager Investment Manager Any OS upgrades for applications using Citrix Needed A way to implement Okta for the Cloud Impacts CAMS BSA Laserfiche elearning Clarity www.g2gmarket.com 8

Application Migration Options

Application Decision Tree

The Cloud Take Aways! Procuring cloud computing can have it s challenges Challenges come from inside and outside Educating stakeholders early in the process is a necessity Cloud contracts must be carefully crafted Legal professionals must be trained on the cloud Exit strategies must be well defined

The Cloud Take Aways! There are numerous benefits to cloud computing Business cases and ROI should accompany a cloud request Consuming can be a cost savings over owning The cloud is secure! This stuff can be hard so persevere!

Thank You for Attending Phil Bertolini Oakland County, Michigan Deputy County Executive/CIO Email: bertolinip@oakgov.com

Managing IT in a Cloudy World May 7, 2018 Samantha Sturgis, Partner (303) 291-2329 Perkins Coie LLP

Agenda IT/Cloud Overview Selected Contract Issues 15 Perkins Coie LLP PerkinsCoie.com

Hardware 16 Perkins Coie LLP PerkinsCoie.com

Software 17 Perkins Coie LLP PerkinsCoie.com

What is Cloud Computing? Although each vendor has different definitions, in general, typically the resources used to provide the cloud services: are pooled can be rapidly adjusted are location independent are widely accessible In many cloud service arrangements, the customer pays for the resources that are used 18 Perkins Coie LLP PerkinsCoie.com

Some Ways to Categorize Cloud Services Single-Tenant vs. Shared Multi-Tenant CaaS (including DaaS) vs. SaaS vs. PaaS vs. IaaS Public vs. Private vs. Hybrid Note: Different categorization schemes may overlap (e.g., Shared Multi-Tenant vs. Public) 19 Perkins Coie LLP PerkinsCoie.com

Single vs. Shared Multi-Tenant Single-Tenant Software/Service is administered on a customer by customer basis (e.g., patches could be applied as required by each customer) Model is costly and lacks scalability Shared Multi-Tenant Software/Service uses a single integrated code base that is delivered to multiple customers (e.g., each customer gets the same thing) 20 Perkins Coie LLP PerkinsCoie.com

Different Types of Cloud Computing Services Content as a Service (CaaS) Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Note: Other Categories Exist (e.g., DaaS Data as a Service) 21 Perkins Coie LLP PerkinsCoie.com

Content as a Service (CaaS) The cloud offers a multitude of services that provide a wide variety of content, data and other services. 22 Perkins Coie LLP PerkinsCoie.com

Software as a Service (SaaS) Allows a user to use a software application over the internet, thereby eliminating the need to install and run the software application on the user's computer. 23 Perkins Coie LLP PerkinsCoie.com

Software as a Service (SaaS) 24 Perkins Coie LLP PerkinsCoie.com

Platform as a Service (PaaS) A category of cloud computing that provides a platform (e.g. software tools) allowing customers to develop, run and manage applications. 25 Perkins Coie LLP PerkinsCoie.com

Platform as a Service (PaaS) 26 Perkins Coie LLP PerkinsCoie.com

Example of PaaS 27 Perkins Coie LLP PerkinsCoie.com

Infrastructure as a Service (IaaS) Allows customers to rent computer processing services (e.g., servers) and storage 28 Perkins Coie LLP PerkinsCoie.com

Selected Contract Issues Differences between Services and Software Software Licenses vs. Services Models Vendor Obligations (Software vs. Services) Data Ownership and Security 29 Perkins Coie LLP PerkinsCoie.com

Goods/Software vs. Services Models Software licenses are governed by the UCC while pure service agreements are not UCC imposes implied warranties on delivered software No such warranties in a pure services contract Contract Acceptance - Mirror Image Rule Requires that acceptance be on precisely the same terms as the offer The Uniform Commercial Code ( UCC ) rejects common law mirror image rule, as valid contracts between merchants can be formed without all terms matching. 30 Perkins Coie LLP PerkinsCoie.com

Common Vendor Product/Service Duties Installation Services On-boarding Delivery of Software/Services Improvements/modifications Training Maintenance and Support/ Service Level Agreement Compare Software vs. Service 31 Perkins Coie LLP PerkinsCoie.com

Service/Software Evolution What is the process for changing the platform, operating system or application? Can the customer refuse or delay a change? (typically only applies to software) How much notification needs to be given? Different notice periods for routine vs. emergency changes? Will a test environment be provided prior to implementing a change? How does pricing work? Compare Software vs. Service 32 Perkins Coie LLP PerkinsCoie.com

Data and Security Data and Moving to the Cloud Data Ownership/Use of Analytics Security 33 Perkins Coie LLP PerkinsCoie.com

Data Ownership/Analytics Who owns data? Express assignment of any data that is created for customer How can the vendor use customer data? 34 Perkins Coie LLP PerkinsCoie.com

Security Agreements may distinguish between "Security Issues" and "Security Incidents" and provide different rights, obligations and remedies for each category. Security Issues issues that could give rise to a security breach Security Incidents actual breach of security 35 Perkins Coie LLP PerkinsCoie.com

Security Issues How are security issues defined? Objective vs. subjective definition Are issues in the vendor's control and those in the control of its subcontractors differentiated? Does every problem need to be investigated? Does every problem need to be fixed? What is the process for fixing the issue? Is there a specified time frame? How is the time frame adjusted for fixes that take longer to implement? 36 Perkins Coie LLP PerkinsCoie.com

Security Incident Notice requirement to other party Remediation efforts Who does what? Who pays for the remediation efforts? Does the breach require end-user notification? Who has legal liability for the incident? May want to address liability caused by third parties (e.g., hackers) 37 Perkins Coie LLP PerkinsCoie.com

Data Protection Agreements/ Addendums Data Protection Agreements/Addendums (DPAs) have been a fairly routine part of cross border data agreements for many years DPAs have traditionally been limited to protection of personally identifiable information (PII) New Trends.. It is becoming more common to see DPAs in U.S. based deals DPAs now frequently cover all data not just PII 38 Perkins Coie LLP PerkinsCoie.com

Common DPA Elements Security/Data policy requirements (security officer/cio) Personnel training and screening Scope and Disclosure of Data Technical security measures - such as: authorization, identification, authentication, access controls, management of media etc Record Keeping Logs Testing/Audit of security obligations Procedures for fixing issues Breach notification and remediation obligations 39 Perkins Coie LLP PerkinsCoie.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback