Cloud Computing, SaaS and Outsourcing

Similar documents
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Auditing the Cloud. Paul Engle CISA, CIA

Cloud Computing and Its Impact on Software Licensing

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Building Trust in the Era of Cloud Computing

Privacy hacking & Data Theft

Third Party Cloud Services Its Adoption in the New Age

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

Introduction To Cloud Computing

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

CLOUD COMPUTING PRIMER FOR EXECUTIVES

CHEM-E Process Automation and Information Systems: Applications

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Data Security: Public Contracts and the Cloud

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

Public vs private cloud for regulated entities

NEXT GENERATION CLOUD SECURITY

Introduction to Cloud Computing. [thoughtsoncloud.com] 1

Clouds in the Forecast. Factors to Consider for In-House vs. Cloud-Based Systems and Services

CLOUD COMPUTING. Lecture 4: Introductory lecture for cloud computing. By: Latifa ALrashed. Networks and Communication Department

Best Practices in Securing a Multicloud World

How Credit Unions Are Taking Advantage of the Cloud

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

Why the cloud matters?

Danish Cloud Maturity Survey 2018

Programowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając

COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS

Cloud Computing Briefing Presentation. DANU

ECE Enterprise Storage Architecture. Fall ~* CLOUD *~. Tyler Bletsch Duke University

Introduction to Cloud Computing

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

Cloud Computing: Is it safe for you and your customers? Alex Hernandez DefenseStorm

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

How to Establish Security & Privacy Due Diligence in the Cloud

Security Models for Cloud

Cloud Computing Legal Issues Practising Law institute 2015 San Francisco New York Chicago

Migration to Cloud Computing: Roadmap for Success

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

Building your Castle in the Cloud for Flash Memory

Choosing the Right Cloud Computing Model for Data Center Management

hcloud Deployment Models

Cloud Computing Overview. The Business and Technology Impact. October 2013

Azure SQL Database Basics

Accelerating the HCLS Industry Through Cloud Computing

Choosing a Secure Cloud Service Provider

Altius IT Policy Collection Compliance and Standards Matrix

EY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

Data Security, Integrity and Accessibility in the Cloud

Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

Cloud Computing introduction

Managing IT in a Cloudy World

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

EY Norwegian Cloud Maturity Survey 2018

CLOUD COMPUTING WHAT HEALTH CARE INTERNAL AUDITORS NEED TO KNOW GABRIELA MERINO DIRECTOR BUSINESS ADVISORY SERVICES

THE DATA CENTER AS A COMPUTER

Choosing the Right Cloud. ebook

Cloud Computing and Service-Oriented Architectures

Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Hot Topics in Privacy

Hot Topics in Privacy

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Copyright 2011 EMC Corporation. All rights reserved.

COMPLIANCE IN THE CLOUD

10 Considerations for a Cloud Procurement. March 2017

Mitigating Risks with Cloud Computing Dan Reis

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

Cloud Computing - Reaping the Benefits and Avoiding the Pitfalls. Stuart James & Delizia Diaz. Intellectual Property & Technology Webinar

Securing the Cloud Today: How do we get there?

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

Google Cloud & the General Data Protection Regulation (GDPR)

Security, Compliance and Digital Transformation in Healthcare

ALERT LOGIC LOG MANAGER & LOG REVIEW

Government IT Modernization and the Adoption of Hybrid Cloud

Cloud Essentials for Architects using OpenStack

Cloud Customer Architecture for Securing Workloads on Cloud Services

Chapter. Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

Cloud computing the use of contracts as a means of governing networked computer services.

2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE

Agenda. What is Cloud/Azure Azure Services & Scenarios Security Pricing

Community Clouds And why you should care about them

Analytics in the Cloud Mandate or Option?

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Intermedia s Private Cloud Exchange

Study concluded that success rate for penetration from outside threats higher in corporate data centers

Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement

TRACKVIA SECURITY OVERVIEW

A sanity check on Cloud from a Benelux point of view. Is Cloud turning into Fast Food? Are we conscious of the health risks?

Single-Tenant vs. Multi-Tenant Enterprise Software

1-2-3 Webinar: Demystifying the Cloud

INFS 214: Introduction to Computing

SDL Privacy Policy Cloud Services

Altius IT Policy Collection Compliance and Standards Matrix

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Transcription:

Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital

Agenda Introduction to the Cloud What exactly is cloud computing? SaaS Characteristics Comparisons to traditional outsourcing Benefits and Risks of SaaS Gating Questions for SaaS Contracting SaaS Contracts What s negotiable? Key Standards

Introduction to the Cloud Parallels to the creation of early 20th century electrical utilities (Nicholas Carr) Efficiencies of moving data processing from behind customers firewalls to a shared set of computing resources Major implications and disruption for both consumers and providers of data processing Promises and Trade-offs of the Cloud

Types of Cloud Offerings least to most comprehensive Infrastructure as a Service (IaaS) Vendor handles processing, storage and networking. Customer responsible for OS and Application Layer, e.g. AWS, Microsoft Azure, Google Cloud Platform as a Service (PaaS) Vendor handles IAAS plus the OS. Customer responsible for Application Layer, e.g. Amazon E2, Salesforce App Cloud Software as a Service (SaaS) SaaS combines IaaS and PaaS plus the Application Layer, with no Customer responsibilities at any layer. Examples include Salesforce, Dropbox, Workday, Gmail

Cloud Deployment Public Cloud -- Resources, such as applications and storage, available to the general public (outside customer s firewall) over the Internet Private Cloud -- Generally behind a Customer s firewall, having attributes of both on-premises software and taking advantage of some of the advantages of a cloud offering Hybrid Cloud -- Cloud offerings located both inside and outside a Customer s firewall

SaaS Characteristics Delivered as a Subscription Service SaaS is truly a service offering, not software On Demand/Self Service Self-provisioning and scaling usage and fees Broad Network Access Available over a network and accessed by use of heterogeneous client platforms Resource Pooling Provider s computing resources are pooled to serve multiple customers using a multi-tenant model with dynamic provisioning

SaaS Characteristics Rapid Elasticity Capabilities can be rapidly scaled up and down Measured Service Metering tracks use and helps optimize services Common Service all users typically using the same instance of the software

Comparison to Traditional Outsourcing Services provided by actual third party resources rather than a pre-packaged offering Ability to customize to accommodate customer needs and specifications Customer control over data processor either through contract or ability to direct activity Long Term relationship with exit plans and change of control provisions vs. walk away Often Dedicated Infrastructure, sometimes built by customer inhouse and then moved out vs. shared multi-tenant environment

SaaS Advantages/Opportunities Cost reduced for customer due to savings on human capital, physical space, electricity and support. Cost shifts to vendor/provider. Opex rather than Capex Security is considered more robust in part because customer environments are often complex and hard to fully control, but vendor dependent Maintenance applications do not need to be installed on each user's computer and vendor can apply updates and upgrades universally and at scale Reliability well-designed cloud computing suitable for business continuity and disaster recovery

SaaS Advantages/Opportunities Access is much faster. Software is essentially already installed and running Device and location independence improves, enabling users to access systems using a web browser regardless of their location or what device they are using Big Data Analytics collection of anonymized meta data and metering can improve service and lead to important insights into customer base

SaaS Disadvantages/Risks Uniformity of Offering limited flexibility to configure Security need to make sure vendor has appropriate controls if data is sensitive Cost Over Time may be higher Data Localization country by country or customer by customer Control of Data to ensure data is accurate, breach notice, deletion of data all should be addressed in contract

Gating Questions for SaaS Contracting Importance of SaaS Customer and Vendor understanding each other Form Agreements The Nature of Service and Sensitivity of Data Matter Customer-form Security Addendum vs. Vendor Security Policy

SaaS Contracts What s negotiable? Security Service Organization Controls (SOC) Certifications Security, Availability, Processing Integrity, confidentiality of privacy controls covered by SOC 2 Access to certification but not actual SOC 2 report Outside auditor review Audit rights Encryption in transit vs at rest

SaaS Contracts What s negotiable? Data Protection and Use Understand Business Continuity and Disaster Recovery capabilities Recovery Point Objective for data loss Portability of data after exit Data destruction Vendor data use Limitation of Liability and Indemnities LOL typically a multiple of trailing revenues for SaaS 3 rd party infringement indemnity standard Special Indemnities rarer

SaaS Contracts What s negotiable? Service Levels Uptime requirements for the service Potential credit or termination remedies Heavily dependent on the nature of the SaaS and its mission criticality Subcontractors Vendor passing on obligations to subcontractors Subcontractor consent right?

SaaS Contracts What s negotiable? Privacy Often governed by statutes and regulations Breach notification provisions understanding where data stored and processed compliance with regulatory regimes EU Privacy Shield and General Data Protection Regulation (GDPR coming May 2018)

Key Standards SSAE-16 SOC 1, 2, 3 NIST Cybersecurity Framework ISO 27001 By Industry Vertical: FedRAMP US Federal Government Payment Card Industry (PCI) HIPAA/HITECH, HITRUST Health Care GLBA -- Banking

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback