08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Cloud computing arma_nnj
1. Cloud Computing
Steven C. Markey,MSIS,PMP, CISSP,CIPP, CISM,CISA,STS-EV,CCSK
Principal, nControl, LLC
Adjunct Professor
President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
2. Cloud Computing
• Presentation Overview
– Cloud Overview
• General
• Business Case for Cloud Computing
• Security Guidance
• Selecting a Cloud Service Provider (CSP)
• Records & Info Management (RIM) in the Cloud
– Case Studies
• e-Discovery IN the Cloud
4. Cloud Computing Trends
Numbers
Numbers around CC are always impressive:
80% fortune companies 1000 will pay
to use cloud computing services and
30% will pay for infrastructure.
Gartner
At this moment, the 5
major search engines
together have 2.000.000 Market :
computers 42 billon: IDC
95 billion: Merrill Lynch
33% of IT business will be in
Cloud Computing
Gartner
Microsoft data centre in Chicago:
610.000 servers
8
8 Source: Open Group
5. Cloud Computing
• What is Cloud Computing?
– Re-Branded IT Business Model
• Application Service Provider (ASP)
• IT Outsourcing (ITO)
– Formal Characteristics
• Resource Pooling
• Rapid Elasticity
– Confusion
• Hosting
• Virtualization
• Service Provider
15. Cloud Computing
• Business Case for Cloud Computing
– Time-to-Market
– Global Presence
– Focus on Core Competency
– Elasticity
– Cost-Benefit Analysis (CBA)
16. Cloud Computing
• Partly Cloudy with a Chance of Risk!
– The Cloud is Perceived as Risky Business
• Lack of Control
• Regulatory Compliance
• Hacks, Outages, Disasters….Oh My!
Source: Youtube
17. Cloud Computing
• Security Guidance
– Existing Certifications/Attestations
• SAS 70 Type II/SSAE 16/ISAE 3402
• ISO 27001/2, 27036, 15489
• BITS Shared Assessments
• PCI DSS
• HIPAA/HITECH
– Guidance Specifically for the Cloud
• CSA Guide v3.0
• ENISA Cloud Computing Risk Assessment
• NIST SP 800-144 Guidelines Security/Privacy for a Public Cloud
18. Cloud Computing
• Selecting a CSP
– Service Provider/Consumer Process Alignment
– Portability/Interoperability
– Contractual/Legal Agreements
– Industry Tools
19. Cloud Computing
• Service Provider/Consumer Process Alignment
– Change/Configuration Management
– Loading/Offloading
– Disaster Recovery
– Incident Response
– Legal Hold/Litigation Response/e-Discovery
• Electronic Discovery Reference Model (EDRM)
– Records and Information Management (RIM)
• Generally Accepted Recordkeeping Principles (GARP)
• Information Governance Reference Model (IGRM)
• Information Lifecycle Management (ILM)
30. Cloud Computing
• RIM in the Cloud
– Process
• Self-Service Provisioning
• CSP Brokerage, Monitoring & Metering
• CSP Information Governance
• CSP Adherence to Standards
– NIST
» SP 800-92: Log Management
– ISO
» 15489: Records Management
» 23081: Records Metadata
» 15386: Digital Archive
» 30300/303001: RIM Management System
» 17024: Conformity Assessment
32. Cloud Computing
• RIM in the Cloud
– People
• More Empowered: Shadow IT, Consumerized IT
– Millenials Expect Autonomy
– Bring Your Own Device (BYOD)
– Less Office Time, But Always On
• Increased Roles & Responsibilities
• Additional Tech/Analytical Skill-Sets Required
– Technology
• Commoditized
• CSP Metadata
• New Technologies: Non-Relational Database Architectures
• New Paradigms: Big Data (Data Lakes & Cloud)
33.
34. Cloud Computing
• Case Study: e-Discovery FROM the Cloud
– Background
– Drivers
– Technologies
– Limitations
– Risks
– Lessons Learned
– Next Steps
35. Cloud Computing
• Case Study: e-Discovery FROM the Cloud
– Background
• Financial Services SMB
– Capital Management (PA)
• Recent Project: 2010
• IT: Managed Service Provider/Operations, Director
– Drivers
• Cost
• Compliance
– Technologies
• Email: Exchange Server 2007, 2010/Office 365
• Discovery: Symantec Enterprise Vault (EV) v8.0/v9.0
36. Cloud Computing
• Case Study: e-Discovery FROM the Cloud
– Limitations
• Budget
• Skill-Sets
• Resources
– Risks
• Software/System Interoperability
• Vendor Management: Contractual/SLA Omissions
• Disaster Recovery: Datacom
• Legacy Email Availability, No More Archiving
• Scope Creep
37. Cloud Computing
• Case Study: e-Discovery FROM the Cloud
– Lessons Learned
• Limited Cost Savings
– On-Site Exchange Box for Journaling
– Upgrade to EV v9.0 to Support Exchange 2010
– Exchange Hosted Encryption (EHE)
– Forefront Online Protection for Exchange (FOPE)
• Exchange Journaling From the Cloud, Complicated
– Microsoft Federation Gateway (MFG)
• Leverage Interim Solution for BlackBerry Services
– Shutdown BlackBerry Enterprise Server (BES)
– Leverage AstraSync (Exchange ActiveSync)
38. Cloud Computing
• Case Study: e-Discovery FROM the Cloud
– Next Steps
• Upgrade to EV v10.0
– Incorporate Social Media
• Test BCP/DR e-Discovery Functionality
• BlackBerry Office 365
– Looking at BES Balance (“Data Boxing”)
• Leverage Office 365 for SharePoint, iOS & Android
– Nix AstraSync, Reviewing Hosted AirWatch & MobileIron for MDM
• Reviewing Cloud e-Discovery SaaS Solutions
– Symantec Enterprise Vault.cloud
– Microsoft Exchange Online Archiving (EOA)
39. Cloud Computing
• Presentation Take Aways
– Cloud = Re-Branded Business Model
–With New Bells & Whistles (Big Data, etc.)
– Paradigm Shift Towards Empowerment
– Strategy & Due Diligence Are VERY Important
–Must Consider the Business Ecosystem