Cloud Computing - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

Cloud Computing

Description:

... Generally Accepted Recordkeeping Principles (GARP ... Exit Clause Testing Disaster Recovery Incident Response Legal Hold/Litigation Response/e ... – PowerPoint PPT presentation

Number of Views:546
Avg rating:3.0/5.0
Slides: 43
Provided by: mtr49
Category:

less

Transcript and Presenter's Notes

Title: Cloud Computing


1
Cloud Computing
  • Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM,
    CISA, STS-EV, CCSK
  • Principal, nControl, LLC
  • Adjunct Professor
  • President, Cloud Security Alliance Delaware
    Valley Chapter (CSA-DelVal)

2
Cloud Computing
  • Presentation Overview
  • Cloud Overview
  • General
  • Business Case for Cloud Computing
  • Security Guidance
  • Selecting a Cloud Service Provider (CSP)
  • Records Info Management (RIM) in the Cloud
  • Case Studies
  • e-Discovery IN the Cloud

3
Cloud Computing
  • General Overview
  • Why should you care about the cloud?

4
Cloud Computing Trends
Source Open Group
5
Cloud Computing
  • What is Cloud Computing?
  • Re-Branded IT Business Model
  • Application Service Provider (ASP)
  • IT Outsourcing (ITO)
  • Formal Characteristics
  • Resource Pooling
  • Rapid Elasticity
  • Confusion
  • Hosting
  • Virtualization
  • Service Provider

6
(No Transcript)
7
Service Delivery Models
Source Swain Techs
8
Responsibility
Source Matthew Gardiner, Computer Associates
9
SaaS Providers
10
PaaS Providers
11
IaaS Providers
12
Private Cloud
  • Dedicated Clouds
  • Usually Hosted Internally
  • Use Chargeback/Shared Services Model
  • External Private Clouds Exist

13
Hosting Providers
14
Third Parties
15
Cloud Computing
  • Business Case for Cloud Computing
  • Time-to-Market
  • Global Presence
  • Focus on Core Competency
  • Elasticity
  • Cost-Benefit Analysis (CBA)

16
Cloud Computing
  • Partly Cloudy with a Chance of Risk!
  • The Cloud is Perceived as Risky Business
  • Lack of Control
  • Regulatory Compliance
  • Hacks, Outages, Disasters.Oh My!

Source Youtube
17
Cloud Computing
  • Security Guidance
  • Existing Certifications/Attestations
  • SAS 70 Type II/SSAE 16/ISAE 3402
  • ISO 27001/2, 27036, 15489
  • BITS Shared Assessments
  • PCI DSS
  • HIPAA/HITECH
  • Guidance Specifically for the Cloud
  • CSA Guide v3.0
  • ENISA Cloud Computing Risk Assessment
  • NIST SP 800-144 Guidelines Security/Privacy for a
    Public Cloud

18
Cloud Computing
  • Selecting a CSP
  • Service Provider/Consumer Process Alignment
  • Portability/Interoperability
  • Contractual/Legal Agreements
  • Industry Tools

19
Cloud Computing
  • Service Provider/Consumer Process Alignment
  • Change/Configuration Management
  • Loading/Offloading
  • Disaster Recovery
  • Incident Response
  • Legal Hold/Litigation Response/e-Discovery
  • Electronic Discovery Reference Model (EDRM)
  • Records and Information Management (RIM)
  • Generally Accepted Recordkeeping Principles
    (GARP)
  • Information Governance Reference Model (IGRM)
  • Information Lifecycle Management (ILM)

20
Cloud Computing
  • Portability/Interoperability
  • Software
  • Data
  • Third Parties

21
Cloud Computing
  • Contractual/Legal Agreements
  • Service Level Agreements (SLA)
  • Up-Time
  • Jurisdiction
  • Data Ownership
  • Escrow Data
  • Include Metadata
  • Exit Clause
  • Testing
  • Disaster Recovery
  • Incident Response
  • Legal Hold/Litigation Response/e-Discovery

22
Cloud Computing
  • Contractual/Legal Agreements
  • Service Level Agreements (SLA)
  • Right to Audit
  • Vendor Vendors Vendors
  • GARP-Specific

23
Cloud Computing
  • Industry Tools
  • Selection
  • Gravitant CloudWiz
  • VMware Cloud Readiness Self-Assessment Tool
  • Brokerage/Management
  • RightScale
  • CloudFloor
  • Skydera
  • enStratus

24
Cloud Computing
  • Industry Tools
  • Migration
  • Bit Titan MigrationWiz
  • Layer 2 SharePoint Cloud Connector
  • Metalogix StoragePoint
  • AvePoint DocAve Migrator

25
(No Transcript)
26
(No Transcript)
27
Source Metalogix StoragePoint
28
Source Metalogix StoragePoint
29
Source AvePoint DocAve Migrator
30
Cloud Computing
  • RIM in the Cloud
  • Process
  • Self-Service Provisioning
  • CSP Brokerage, Monitoring Metering
  • CSP Information Governance
  • CSP Adherence to Standards
  • NIST
  • SP 800-92 Log Management
  • ISO
  • 15489 Records Management
  • 23081 Records Metadata
  • 15386 Digital Archive
  • 30300/303001 RIM Management System
  • 17024 Conformity Assessment

31
Source Flickr
32
Cloud Computing
  • RIM in the Cloud
  • People
  • More Empowered Shadow IT, Consumerized IT
  • Millenials Expect Autonomy
  • Bring Your Own Device (BYOD)
  • Less Office Time, But Always On
  • Increased Roles Responsibilities
  • Additional Tech/Analytical Skill-Sets Required
  • Technology
  • Commoditized
  • CSP Metadata
  • New Technologies Non-Relational Database
    Architectures
  • New Paradigms Big Data (Data Lakes Cloud)

33
(No Transcript)
34
Cloud Computing
  • Case Study e-Discovery FROM the Cloud
  • Background
  • Drivers
  • Technologies
  • Limitations
  • Risks
  • Lessons Learned
  • Next Steps

35
Cloud Computing
  • Case Study e-Discovery FROM the Cloud
  • Background
  • Financial Services SMB
  • Capital Management (PA)
  • Recent Project 2010
  • IT Managed Service Provider/Operations, Director
  • Drivers
  • Cost
  • Compliance
  • Technologies
  • Email Exchange Server 2007, 2010/Office 365
  • Discovery Symantec Enterprise Vault (EV)
    v8.0/v9.0

36
Cloud Computing
  • Case Study e-Discovery FROM the Cloud
  • Limitations
  • Budget
  • Skill-Sets
  • Resources
  • Risks
  • Software/System Interoperability
  • Vendor Management Contractual/SLA Omissions
  • Disaster Recovery Datacom
  • Legacy Email Availability, No More Archiving
  • Scope Creep

37
Cloud Computing
  • Case Study e-Discovery FROM the Cloud
  • Lessons Learned
  • Limited Cost Savings
  • On-Site Exchange Box for Journaling
  • Upgrade to EV v9.0 to Support Exchange 2010
  • Exchange Hosted Encryption (EHE)
  • Forefront Online Protection for Exchange (FOPE)
  • Exchange Journaling From the Cloud, Complicated
  • Microsoft Federation Gateway (MFG)
  • Leverage Interim Solution for BlackBerry Services
  • Shutdown BlackBerry Enterprise Server (BES)
  • Leverage AstraSync (Exchange ActiveSync)

38
Cloud Computing
  • Case Study e-Discovery FROM the Cloud
  • Next Steps
  • Upgrade to EV v10.0
  • Incorporate Social Media
  • Test BCP/DR e-Discovery Functionality
  • BlackBerry Office 365
  • Looking at BES Balance (Data Boxing)
  • Leverage Office 365 for SharePoint, iOS Android
  • Nix AstraSync, Reviewing Hosted AirWatch
    MobileIron for MDM
  • Reviewing Cloud e-Discovery SaaS Solutions
  • Symantec Enterprise Vault.cloud
  • Microsoft Exchange Online Archiving (EOA)

39
Cloud Computing
  • Presentation Take Aways
  • Cloud Re-Branded Business Model
  • With New Whistles (Big Data, etc.)
  • Paradigm Shift Towards Empowerment
  • Strategy Due Diligence Are VERY Important
  • Must Consider the Business Ecosystem

40
Cloud Computing
  • References
  • CSA Guide https//cloudsecurityalliance.org/resea
    rch/security-guidance/
  • BITS Enterprise Cloud Self-Assessment
    http//sharedassessments.org/media/pdf-EnterpriseC
    loud-SA.pdf
  • ENISA Risk Assessment http//www.enisa.europa.eu/
    act/rm/files/deliverables/cloud-computing-risk-ass
    essment
  • NIST SP 800-144 http//csrc.nist.gov/publications
    /drafts/800-144/Draft-SP-800-144_cloud-computing.p
    df
  • IGRM http//www.edrm.net/projects/igrm
  • EDRM http//www.edrm.net/
  • MIKE2.0 http//mike2.openmethodology.org/
  • VMware CRSA http//getcloudready.vmware.com/crsa/
  • Bit Titan MigrationWiz https//www.migrationwiz.c
    om/Secure/Default.aspx
  • Gravitant cloudWiz http//www.gravitant.com/cloud
    wiz-home.html
  • RightScale http//www.rightscale.com/
  • CloudFloor http//www.cloudfloor.com/
  • Skydera http//www.skydera.com/
  • enStratus http//enstratus.com/
  • Layer 2 http//www.layer2.de/en/products/Pages/Cl
    oud-Connector-for-SharePoint-2010-Office365.aspx
  • Metalogix StoragePoint http//www.metalogix.com/P
    roducts/StoragePoint.aspx
  • AvePoint DocAve http//www.avepoint.com/sharepoin
    t-to-sharepoint-migration-docave/

41
Cloud Computing
  • Personal References
  • PenTest Magazine, "Scanning Your Cloud
    Environment" http//pentestmag.com/client-side-ex
    ploits-pentest-082011/
  • ISACA Journal, "Testing Your Incident Response
    Plan" http//www.isaca.org/Journal/Current-Issue/
    Pages/default.aspx
  • e-Discovery 2.0 In the Cloud https//s3.amazonaw
    s.com/nControl-Docs/CSA11_Session-SMarkey.ppt
  • Security in the Cloud https//s3.amazonaws.com/nC
    ontrol-Docs/Cloud_Computing-Security.ppt
  • System Architecture Engineering for the Cloud
    https//s3.amazonaws.com/nControl-Docs/Cloud_Compu
    ting-Architecture_Engineering.ppt
  • Cloud Computing Primer https//s3.amazonaws.com/n
    Control-Docs/Cloud_Computing-Basic.ppt
  • Cloud Computing - Authentication Encryption
    https//s3.amazonaws.com/nControl-Docs/Cloud_Compu
    ting_Security-Session_II.ppt
  • Cloud Computing - Application Virtualization
    Security https//s3.amazonaws.com/nControl-Docs/C
    loud_Computing_Security-Session_III.ppt
  • Securing Your ESI https//s3.amazonaws.com/nContr
    ol-Docs/Securing_Your_ESI_v2.ppt

42
  • Questions?
  • Contact
  • Email steve_at_ncontrol-llc.com
  • Twitter _at_markes1, _at_csdadelval2011
  • LI http//www.linkedin.com/in/smarkey
  • CSA-DelVal http//www.csadelval.org/
Write a Comment
User Comments (0)
About PowerShow.com