CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Similar documents
CONSIDERATIONS BEFORE MOVING TO THE CLOUD

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement

Data Security: Public Contracts and the Cloud

Operational Network Security

MultiPlan Selects CyrusOne for Exceptional Colocation and Flexible Solutions

The simplified guide to. HIPAA compliance

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Moving Workloads to the Public Cloud? Don t Forget About Security.

DeMystifying Data Breaches and Information Security Compliance

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

EXECUTIVE REPORT. 4 Critical Steps Financial Firms Must Take for IT Uptime, Security, and Connectivity

Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators

HIPAA Technical Safeguards and (a)(7)(ii) Administrative Safeguards

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

You Might Know Us As. Copyright 2016 TierPoint, LLC. All rights reserved.

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC

Compliance in 5 Steps

CLOUD COMPUTING READINESS CHECKLIST

Oracle Database Vault

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Demonstrating Compliance in the Financial Services Industry with Veriato

Secure Esri Solutions in the AWS Cloud. CJ Moses, AWS Deputy CISO

CCISO Blueprint v1. EC-Council

SECURITY. The changing Face and Focus. UPDATED - May Sr. Advisor/Partner at PostMark 21 years in corporate IT P&G and RJ Reynolds

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

THREE COLOCATION MYTHS HEALTHCARE PROVIDERS SHOULD LEAVE BEHIND. Exploring Security, Compliance, and Performance in Healthcare IT

What can the OnBase Cloud do for you? lbmctech.com

incontact Open Cloud Platform Scalable, Reliable, Extensible, Powering Contact Centers of all Sizes.

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

Why Continuity Matters

efax Corporate for Independent Agent Offices

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Locking Down the Cloud Security is Not a Myth

Sales Training for DataMotion Products. March, 2014

PROFESSIONAL SERVICES (Solution Brief)

Cybersecurity in Higher Ed

Cloud & Managed Server Hosting for Healthcare Professionals

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

Administration and Data Retention. Best Practices for Systems Management

Accelerating the HCLS Industry Through Cloud Computing

Information Security in Corporation

SaaS as a Security Hazard The Google Apps example

Recommendations for Implementing an Information Security Framework for Life Science Organizations

Vendor Security Questionnaire

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Tracking and Reporting

HIPAA Compliance Checklist

Cloud Computing, SaaS and Outsourcing

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Five Key Considerations for Selecting Cloud Recovery Services

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

Securing Information Systems

Custom cloud hosting for your Sitecore Experience Platform.

IT your way - Hybrid IT FAQs

Information Security Risk Strategies. By

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

WHEN DOWNTIME TAKES A BITE OUT OF YOUR BUDGET

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

Disaster Recovery and Mitigation: Is your business prepared when disaster hits?

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Best Practices in Securing a Multicloud World

Cyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No

COMMENTARY. Information JONES DAY

WHY BUILDING SECURITY SYSTEMS NEED CONTINUOUS AVAILABILITY

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

PCI DSS Compliance. White Paper Parallels Remote Application Server

Why Implement Endpoint Encryption?

UNITRENDS CLOUD BACKUP FOR OFFICE 365

IT Disaster Recovery Planning: A Guide to Getting It Done

6 Tips to Find the Right Colocation Center for You

TRACKVIA SECURITY OVERVIEW

10 Considerations for a Cloud Procurement. March 2017

Security Model Overview. WHITE PAPER July 2012

ProCloud An Overview

VANGUARD POLICY MANAGERTM

HITRUST Common Security Framework - Are you prepared?

Oracle Database Vault

PCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security

ALERT LOGIC LOG MANAGER & LOG REVIEW

HIPAA / HITECH Overview of Capabilities and Protected Health Information

locuz.com SOC Services

IBM Security Intelligence on Cloud

Choosing a Secure Cloud Service Provider

POWERING NETWORK RESILIENCY WITH UPS LIFECYCLE MANAGEMENT

Enterprise SM VOLUME 1, SECTION 5.7: SECURE MANAGED SERVICE

IBM Case Manager on Cloud

peace of mind kit FAQ s Q: Is AccuPay bonded?

TOP 7 REASONS to Migrate Your Data Center to the Cloud

SARBANES-OXLEY (SOX) ACT

Maximizing IT Security with Configuration Management WHITE PAPER

Choosing the Right Cloud. ebook

Transcription:

CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part I By Debbie C. Sasso Principal When talking technology today, it s very rare that the word Cloud doesn t come up. The benefits touted with the cloud include ease of use, easy to deploy, scalability, reduced capital expenditures, and the list goes on. Cloud services include virtualization, storage, backup solutions, software-as-a-service, business continuity and more. And, whether your business is considering one solution or five, there are multiple factors that management needs to consider before going to the Cloud. In part one of this two-part guide; we will discuss the following areas: Organizational Compliance Data Center Location Service Levels Provider Shutdown

Organizational Compliance Related to Information Technology Many state and federal regulations apply to your business whether you are privately or publicly held. Regulations are always changing and you don t want to be caught off-guard. Making sure you meet regulatory requirements can be quite complicated and often times frustrating. Now, let s throw cloud computing into the mix. A lot of concern has been expressed around cloud computing, the security measures employed and meeting compliance requirements such as: Sarbanes-Oxley (SOX) Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standard (PCI DSS) essential for ecommerce Protection of Personal Information for Massachusetts Residents (201 CMR 17.00) Gramm-Leach-Bliley Act (GLBA) Compliance Audits In your review of cloud services providers, you ll want to inquire about where your data will be hosted to ensure they meet the specific compliance requirements for your business. For data centers to be compliant they need to pass a variety of audits based on what data will be hosted in the facility. For example, to be HIPAA compliant they need to pass an audit to guarantee the facility follows the Code of Federal Regulation (CFR) set by HIPAA inspectors. The inspectors will take a comprehensive look at the facility to make sure that all data stored is protected and only available to authorized users. Once complete, a report is generated documenting that the provider has the proper procedure and policies in place to provide HIPAA hosting solutions. According to a Symantec Study State of Cloud global Results January 2013, more than half of survey participants said they were concerned about being able to prove they have met cloud compliance requirements. And, 23% revealed they had been fined for cloud privacy violations. Other compliance audits include SSAE 16 (Statements on Standards for Attestation Engagements No. 16) formerly known as SAS 70, SOC 1, SOC 2, and SOC 3, and PCI DSS. For the Protection of Personal Information there are certain security measures that you need to ensure your third party vendor is adhering to such as encryption of data and access control measures. The following websites provide more detailed information on each of these compliance audits: http://www.aicpa.org/soc http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit https://www.pcisecuritystandards.org/security_standards/

Security Measures Data centers must provide ample security measures to protect the data of their clients to meet certain compliances. These security measures include: HTTPS and SSL Certificates For web-based access to information which is encrypted and secured to prevent unauthorized connections Encryption of data stored on servers A Secure Firewall - A secure firewall will prevent any unauthorized access to protected files. Remote VPN Access For authorized users to access the network using a remote computer. Disaster Recovery - A documented backup recovery plan in case of lost data or server malfunction Hosting Facility, Data Backup, and Infrastructure Backup Location(s) Hosting Facility Location Make sure the hosting facility location is not too close to your headquarters. Chances are if the two are close and a natural disaster damages or shuts down your corporate location, it could happen to the data center as well. You want to be close to your data, but not too close. Choose a facility away from flood zones and areas subject to hurricanes, tornadoes, earthquakes, as well as airports and power plants. This may seem easier said than done these days, but a reputable data center will have a well thought out location plan. During Superstorm Sandy, many data centers in New York City were down due to flood and power outages. These locations were in low lying areas in Manhattan and were susceptible to flooding. In many instances, the water flooded the generators preventing them from working. Airports and power plants typically have high electromagnetic interference or radio frequency interference. Because they are such large sources of interference they have the potential to impede the performance of the data center s servers and networking services.

Backup Locations When assessing a provider for cloud services, ask about backup locations. Are they located close enough that if the data center were to go down, the backup would be able to be accessed in a reasonable amount of time. If business operations needed to be switched from one data center to another, are the locations close enough that your business wouldn t experience a significant of downtime. And, as in choosing the hosting facility, make sure backup locations are far enough away that they are unlikely to be affected by the same disaster. Service Levels Service levels are defined in a Service Level Agreement also referred to as a SLA. Service levels include uptime, security, availability and much more depending on the nature of your business. How Much Downtime can Your Business Afford? Before discussing service levels, consider what is important to your business. Identify what your business requires in terms of your technology and processes. Do you have an e-commerce site? If so, it s important that your uptime is as close to 100% as possible since you want your customers to have access at any time to order your products. You will see a lot of providers offering 99.9%. Think about what would happen to your business if the hosting facility had a security breach or Internet access outage. What business processes would be interrupted? Operations, Customer Service, and Employee productivity could all come to a halt. Data is a crucial element of your business and its security needs to be a priority when considering a cloud service provider. Not all data is created equal. Financial information, employee information, and competitive data could all be considered data that needs a high service level in terms of security. How data will be protected should be laid out in your SLA*. If you find you need higher levels of service in terms of data protection, disaster recovery or any of the services above, these should be clearly identified in the SLA as well as what the consequences are if the agreed upon levels are not met. Once you identify the business requirements, you can decide what type of services you need. The result can also determine whether to consider a public, private, or hybrid cloud model.

Cloud Provider Shuts Down A cloud provider could shut down for a variety of reasons such as bankruptcy, an unrecoverable power outage, contract disputes, vendor issues, etc. Although it s rare for a provider to shut down immediately without warning, it can happen. Therefore, it s important to have a contingency plan in place that addresses how you will get your data back. If you are working directly with the data center, the data must be given back to the customer since they do not have the capability to transfer data to another provider. However, if you use an IT Managed Services provider for cloud services, they can take care of giving your data back to you or transferring it to another supplier. To avoid complications due to a shutdown or interruption in cloud services: Make sure the provider has a documented plan to give your data back including method of transportation and formatting in case of closure. In the SLA, clearly identify the ownership and control rights of all company data Assess the financial strength and check references of the provider The move to the cloud is a big decision. For more information on cloud services or any of the material covered in this whitepaper: Contact Us info@ceservices.com (508) 983-1990 Have a backup plan in place to protect your business and your data in case your cloud services provider goes out of business.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback