SlideShare ist ein Scribd-Unternehmen logo

Selecting csp iapp_summit_2012 - 5-february

Als PPT, PDF herunterladen
S
scm24
TechnologieBusiness
1 von 37
Selecting a Cloud Service Provider (CSP) Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK, CompTIA Cloud Essentials Principal, nControl, LLC Adjunct Professor President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
Selecting a CSP • Presentation Overview – Cloud Overview – Selection Considerations, Criteria & Tools – Case Studies
Selecting a CSP • Cloud Overview – Why should you care about the “cloud”?
Cloud Computing Trends Numbers Numbers around CC are always impressive: 80% fortune companies 1000 will pay to use cloud computing services and 30% will pay for infrastructure. Gartner At this moment, the 5 major search engines together have 2.000.000 Market : computers 42 billon: IDC 95 billion: Merrill Lynch 33% of IT business will be in Cloud Computing Gartner Microsoft data centre in Chicago: 610.000 servers 8 8 Source: Open Group
Selecting a CSP • What is Cloud Computing? – Re-branded IT Business Model • Application Service Provider (ASP) • IT Outsourcing (ITO) – Confusion • Hosting • Virtualization • Service Provider
Selecting a CSP • Selection Considerations, Criteria & Tools – Risky Business – Security Guidance – Privacy & Data Protection Rules – Service Provider / Consumer Process Alignment – Portability / Interoperability – Contractual / Legal Agreements – Industry Tools & Tricks
Selecting a CSP • Partly Cloudy with a chance of risk! – The Cloud is perceived as risky business. • Lack of Control • Regulatory Compliance • Hacks, outages, disasters….oh my! Source: Youtube
Selecting a CSP • Security Guidance – Existing Certifications / Attestations • SAS 70 Type II / SSAE 16 / ISAE 3402 • ISO 27001 / 2 • ISO 27036 • BITS Shared Assessments • PCI DSS • HIPAA / HITECH – Guidance Specifically for the Cloud • Cloud Security Alliance (CSA) Guide v3.0 • CSA Security, Trust & Assurance Registry (STAR) • ENISA Cloud Computing Risk Assessment • NIST SP 800-144 Guidelines Security / Privacy for a Public Cloud
Selecting a CSP • Privacy & Data Protection Rules – Jurisdictions* • Regional: EU DPA • National: PIPEDA, GLBA, HIPAA / HITECH, COPPA, Safe Harbor • Statutory: Bavarian, CA SB 1386 / 24, MA 201 CMR 17, NV SB 227 – Data Flow & Jurisdictional Adherence • Backups • CSP Big Data: Traditional, Sensory (e.g. Logs, Metadata) & Social • Business / Organizational Ecosystem – Contract Clauses • European Model Contract Clauses • PCI DSS – Privacy Best Practices • Generally Accepted Privacy Principles (GAPP) * Not all inclusive.
Selecting a CSP • Svc Provider / Consumer Process Alignment – Change / Configuration Management • Process, process & some more process. • Automated configuration management? • Maturity Model – Vendor Loading / Off-loading • Provisioning / De-provisioning – Disaster Recovery • Business / Organizational Ecosystem • Maturity Model
Selecting a CSP • Svc Provider / Consumer Process Alignment – Incident Response • Computer Security Incident Response Team (CSIRT) – Digital Forensics • Legal Hold / Litigation Response / e-Discovery – Electronic Discovery Reference Model (EDRM) – Federal Rules of Civil Procedure (FRCP) 30(b)(6) – Records and Information Management (RIM) • Generally Accepted Recordkeeping Principles (GARP®) • Information Governance Reference Model (IGRM) • Information Lifecycle Management (ILM) • MIKE2.0
Selecting a CSP • Portability / Interoperability – Software – Data – Third Parties
Selecting a CSP • Contractual / Legal Agreements – Service Level Agreements (SLA) • Uptime • Data Ownership – Escrow Data – Include Sensory Data, Metadata • Exit Clause • Testing – Disaster Recovery – Incident Response – Legal Hold / Litigation Response / e-Discovery • Right to Audit – Vendor & Vendor’s Vendors – Privacy Impact Assessments (PIA) • Additional Clauses
Selecting a CSP
Selecting a CSP • Industry Tools & Tricks – Cloud Strategic Roadmap – Matrices & Software – Cloud Brokers
Selecting a CSP • Industry Tools & Tricks – Cloud (Consumer) Strategic Roadmap • Business Model Alignment – Centralized / Decentralized – Industry Vertical – Ecosystem Awareness (Customers, Partners, Vendors) • Project Portfolio Management (PPM) – Assimilate Cloud Projects » Involves many stakeholders (business, PMO, IT, etc.). • Phased Implementation Approach – PrivateHybridPublic – BasicAdvanced Services
Selecting a CSP • Industry Tools & Tricks – Cloud (Provider) Strategic Roadmap • Business Model / Product Line Scalability – e-Discovery, Authentication, Encryption, Scanning » Organic » Merger & Acquisition • Longevity / Sustainability • Industry / Jurisdiction Focus • Ecosystem Awareness • Technology / Enterprise Architecture (TOGAF, SABSA, ITIL)
Selecting a CSP • Industry Tools & Tricks – Matrices & Software • Matrices – Audit / Compliance Focused » CSA Consensus Assessments Initiative Questionnaire » CSA Cloud Controls Matrix » BITS Enterprise Cloud Self-Assessment • Software – VMware Cloud Readiness Self-Assessment (CRSA) – Bit Titan MigrationWiz – Gravitant cloudWiz
| cloudWizTM Step 1: Plan Capacity Capacity planning is a vital component of cloud computing adoption that involves understanding necessary resource requirements in order to meet the anticipated needs of customers and users. Companies who are able to predict their computing needs can reserve capacity and plan for their predicted usage based on their IT budgets. Other models allow organizations to utilize an on-demand, pay- per-use model which may be more economical. © Gravitant, Inc. All Rights Reserved. cloudMatrix Version 5.0
| cloudWizTM Step 2: Compare Vendors Once a cloudWiz user has filled out their current resource utilization and projected demand, they can then compare vendors, side-by- side. Our inbuilt standardized vendor catalog allows cloud users to compare prices from multiple providers in an expedia-like interface and then optimize for the best vendor based on individual goals and constraints such as cost, QoS and best match. © Gravitant, Inc. All Rights Reserved. cloudMatrix Version 5.0
| cloudWizTM Step 3: Analyze ROI As a cloudWiz user compares vendors across cost, QoS and other constraints, they can also determine ROI Benefits to analyze the effects of selecting a particular provider. © Gravitant, Inc. All Rights Reserved. cloudMatrix Version 5.0
Selecting a CSP • Industry Tools & Tricks – Cloud Brokers • RightScale • CloudFloor • Skydera • enStratus
Cloud Computing • Case Study: Choosing a PaaS CSP – Background – Mid-sized Capital Management Firm – FINRA Regulated – Outsourced IT with hardware onsite. – Drivers – Cost – Compliance – Technologies – Microsoft Exchange / Office 365 Exchange Online – Onsite Symantec Enterprise Vault
Cloud Computing • Case Study: Choosing a PaaS CSP – Limitations – Budget – Skill-sets – Resources – Monitoring – Risks – System / Software Interoperability – Availability – Vendor Management: Contractual / SLA Omissions – Scope Creep – Data Ownership
Cloud Computing • Case Study: Choosing a PaaS CSP – Lessons Learned – Better Safe Than Sorry – Follow GLBA Safeguards – Many Moving (Technical) Parts – Use Existing Vendors – e-Discovery Helped – Onsite Journaling – Next Steps – Testing BCP / DR, Incident Response – System Architecture Upgrades
Cloud Computing • Case Study: Choosing an IaaS CSP – Background – Venture capital funded pharmacy service provider. – Small HIPAA / HITECH Business Associate – Level 4 PCI Service Provider – Drivers – Cost Savings – Core Competency Focus – Technologies – Open-source solutions at a co-location facility. – Leverages third party / upstream system providers.
Cloud Computing • Case Study: Choosing an IaaS CSP – Limitations – Buying / Negotiating Power – HIPAA / HITECH / PCI Requirements – Third Party Systems – Risks – Jurisdiction – Availability – Cloud / Third Party Ecosystem Reliance
Cloud Computing • Case Study: Choosing an IaaS CSP – Lessons Learned – Bigger is not better. – Standardize Technology – Ask for the documentation from attestations. – Sticker Shock – Next Steps – Work with the CSP – Conduct a PIA. – Test incident response plans.
Cloud Computing • Presentation Take Aways – There Are No Silver Bullets – Think Cloud Strategy & Business Ecosystem – You Are Not Alone – Leverage CSA, BITS & NIST’s Research – Leverage Industry Tools, Tips & Tricks – Compare Apples to Apples – Technology – Pricing – SLAs
Cloud Computing • References – ISO 27036: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=59648 – CSA CAIQ: https://cloudsecurityalliance.org/research/cai/ – CSA CCM: https://cloudsecurityalliance.org/research/ccm/ – CSA STAR: https://cloudsecurityalliance.org/star/ – CSA Guide: https://cloudsecurityalliance.org/research/security-guidance/ – BITS Enterprise Cloud Self-Assessment: http://sharedassessments.org/media/pdf-EnterpriseCloud-SA.pdf – ENISA Risk Assessment: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk- assessment – NIST SP 800-144: http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf – Core CloudInspect: https://www.corecloudinspect.com/microsite/index.html – McAfee Database Security Scanner (DSS): http://www.mcafee.com/us/products/security-scanner-for- databases.aspx – ARMA GARP: http://www.arma.org/GARP/ – IGRM: http://www.edrm.net/projects/igrm – EDRM: http://www.edrm.net/ – MIKE2.0: http://mike2.openmethodology.org/ – VMware CRSA: http://getcloudready.vmware.com/crsa/ – Bit Titan MigrationWiz: https://www.migrationwiz.com/Secure/Default.aspx – Gravitant cloudWiz: http://www.gravitant.com/cloudwiz-home.html – RightScale: http://www.rightscale.com/ – CloudFloor: http://www.cloudfloor.com/ – Skydera: http://www.skydera.com/ – enStratus: http://enstratus.com/
Cloud Computing • Personal References – ISACA Journal, “Auditing Your Non-Relational, Distributed Database System”: http://www.isaca.org/Journal/Current-Issue/Pages/default.aspx – ISACA Journal, "Testing Your Incident Response Plan": http://www.isaca.org/Journal/Current- Issue/Pages/default.aspx – PenTest Magazine, "Scanning Your Cloud Environment": http://pentestmag.com/client-side-exploits- pentest-082011/ – e-Discovery 2.0: In the Cloud: https://s3.amazonaws.com/nControl-Docs/CSA11_Session-SMarkey.ppt – Security in the Cloud: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Security.ppt – System Architecture & Engineering for the Cloud: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing-Architecture_Engineering.ppt – Cloud Computing Primer: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Basic.ppt – Cloud Computing - Authentication & Encryption: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_II.ppt – Cloud Computing - Application & Virtualization Security: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_III.ppt
• Questions? • Contact – Email: steve@ncontrol-llc.com – Twitter: @markes1, @casdelval2011 – LI: http://www.linkedin.com/in/smarkey

Empfohlen

Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
Distinguishing, Evaluating, and Selecting Cloud Service Providers
Distinguishing, Evaluating, and Selecting Cloud Service ProvidersDistinguishing, Evaluating, and Selecting Cloud Service Providers
Distinguishing, Evaluating, and Selecting Cloud Service ProvidersGartnerJessica
 
Servizi Cloud Computing: Scenario, Strategia e Mercato Nicoletta Maggiore
Servizi Cloud Computing: Scenario, Strategia e Mercato Nicoletta MaggioreServizi Cloud Computing: Scenario, Strategia e Mercato Nicoletta Maggiore
Servizi Cloud Computing: Scenario, Strategia e Mercato Nicoletta MaggioreApulian ICT Living Labs
 
Asyma E3 2014 The Impact of Cloud Computing on SME's
Asyma E3 2014 The Impact of Cloud Computing on SME'sAsyma E3 2014 The Impact of Cloud Computing on SME's
Asyma E3 2014 The Impact of Cloud Computing on SME'sasyma
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
Vendor Landscape: Cloud IaaS
Vendor Landscape: Cloud IaaSVendor Landscape: Cloud IaaS
Vendor Landscape: Cloud IaaSOpSource
 

Empfohlen

Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
Distinguishing, Evaluating, and Selecting Cloud Service Providers
Distinguishing, Evaluating, and Selecting Cloud Service ProvidersDistinguishing, Evaluating, and Selecting Cloud Service Providers
Distinguishing, Evaluating, and Selecting Cloud Service ProvidersGartnerJessica
 
Servizi Cloud Computing: Scenario, Strategia e Mercato Nicoletta Maggiore
Servizi Cloud Computing: Scenario, Strategia e Mercato Nicoletta MaggioreServizi Cloud Computing: Scenario, Strategia e Mercato Nicoletta Maggiore
Servizi Cloud Computing: Scenario, Strategia e Mercato Nicoletta MaggioreApulian ICT Living Labs
 
Asyma E3 2014 The Impact of Cloud Computing on SME's
Asyma E3 2014 The Impact of Cloud Computing on SME'sAsyma E3 2014 The Impact of Cloud Computing on SME's
Asyma E3 2014 The Impact of Cloud Computing on SME'sasyma
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
Vendor Landscape: Cloud IaaS
Vendor Landscape: Cloud IaaSVendor Landscape: Cloud IaaS
Vendor Landscape: Cloud IaaSOpSource
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Brian K. Dickard
 
Cloud Security
Cloud Security Cloud Security
Cloud Security Hi-Tech College
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
The ABC of Private Clouds
The ABC of Private CloudsThe ABC of Private Clouds
The ABC of Private CloudsCTRLS
 
Capacity Managementand the Cloud
Capacity Managementand the CloudCapacity Managementand the Cloud
Capacity Managementand the Clouddannyq
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingSam Garforth
 
2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic Simon
2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic Simon2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic Simon
2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic SimonClub Alliances
 
2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...
2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...
2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...Club Alliances
 
Hybride Cloud Strategy
Hybride Cloud StrategyHybride Cloud Strategy
Hybride Cloud StrategyDekkinga, Ewout
 
The cloud talk
The cloud talkThe cloud talk
The cloud talkPethuru Raj PhD
 
Cloud security and adoption
Cloud security and adoptionCloud security and adoption
Cloud security and adoptionSudsanguan Ngamsuriyaroj
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏
Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏
Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏Tracy Chen
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicNetmagic Solutions Pvt. Ltd.
 
Government cloud computing_strategy
Government cloud computing_strategyGovernment cloud computing_strategy
Government cloud computing_strategyGovCloud Network
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?Jody Keyser
 
IBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Sverige
 
Host your Cloud – Netmagic Solutions
Host your Cloud – Netmagic SolutionsHost your Cloud – Netmagic Solutions
Host your Cloud – Netmagic SolutionsNetmagic Solutions Pvt. Ltd.
 
OpenNASA v2.0 Slideshare Large File
OpenNASA v2.0 Slideshare Large FileOpenNASA v2.0 Slideshare Large File
OpenNASA v2.0 Slideshare Large FileMegan Eskey
 
Maximizing your share_point_investment_final
Maximizing your share_point_investment_finalMaximizing your share_point_investment_final
Maximizing your share_point_investment_finalscm24
 
Cloud computing arma_nnj
Cloud computing arma_nnjCloud computing arma_nnj
Cloud computing arma_nnjscm24
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Brian K. Dickard
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
The ABC of Private Clouds
The ABC of Private CloudsThe ABC of Private Clouds
The ABC of Private CloudsCTRLS
 
Capacity Managementand the Cloud
Capacity Managementand the CloudCapacity Managementand the Cloud
Capacity Managementand the Clouddannyq
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingSam Garforth
 
2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic Simon
2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic Simon2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic Simon
2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic SimonClub Alliances
 
2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...
2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...
2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...Club Alliances
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏
Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏
Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏Tracy Chen
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicNetmagic Solutions Pvt. Ltd.
 
Government cloud computing_strategy
Government cloud computing_strategyGovernment cloud computing_strategy
Government cloud computing_strategyGovCloud Network
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?Jody Keyser
 
IBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Sverige
 
OpenNASA v2.0 Slideshare Large File
OpenNASA v2.0 Slideshare Large FileOpenNASA v2.0 Slideshare Large File
OpenNASA v2.0 Slideshare Large FileMegan Eskey
 

Was ist angesagt? (20)

Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 
The ABC of Private Clouds
The ABC of Private CloudsThe ABC of Private Clouds
The ABC of Private Clouds
 
Capacity Managementand the Cloud
Capacity Managementand the CloudCapacity Managementand the Cloud
Capacity Managementand the Cloud
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud Computing
 
2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic Simon
2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic Simon2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic Simon
2011.06.24. Cloud builder - Forum des Partenaires du Cloud IBM - Loic Simon
 
2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...
2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...
2011.06.24. - Cloud Services Solution Provider - Forum des Partenaires du Clo...
 
Hybride Cloud Strategy
Hybride Cloud StrategyHybride Cloud Strategy
Hybride Cloud Strategy
 
The cloud talk
The cloud talkThe cloud talk
The cloud talk
 
Cloud security and adoption
Cloud security and adoptionCloud security and adoption
Cloud security and adoption
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏
Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏
Cloud Computing,雲端運算-IBM資訊研發中心協理馬紹宏
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
 
Government cloud computing_strategy
Government cloud computing_strategyGovernment cloud computing_strategy
Government cloud computing_strategy
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
 
IBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureData
 
Host your Cloud – Netmagic Solutions
Host your Cloud – Netmagic SolutionsHost your Cloud – Netmagic Solutions
Host your Cloud – Netmagic Solutions
 
OpenNASA v2.0 Slideshare Large File
OpenNASA v2.0 Slideshare Large FileOpenNASA v2.0 Slideshare Large File
OpenNASA v2.0 Slideshare Large File
 

Andere mochten auch

Maximizing your share_point_investment_final
Maximizing your share_point_investment_finalMaximizing your share_point_investment_final
Maximizing your share_point_investment_finalscm24
 
Cloud computing arma_nnj
Cloud computing arma_nnjCloud computing arma_nnj
Cloud computing arma_nnjscm24
 
Cloud computing pmi-dvc-v3
Cloud computing pmi-dvc-v3Cloud computing pmi-dvc-v3
Cloud computing pmi-dvc-v3scm24
 
E discovery 2-cloud_v5
E discovery 2-cloud_v5E discovery 2-cloud_v5
E discovery 2-cloud_v5scm24
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmontscm24
 
Bd cloud v3
Bd cloud v3Bd cloud v3
Bd cloud v3scm24
 
Integrating garp e_discovery
Integrating garp e_discoveryIntegrating garp e_discovery
Integrating garp e_discoveryscm24
 
Cloud Migration - Cloud Computing Benefits & Issues
Cloud Migration - Cloud Computing Benefits & IssuesCloud Migration - Cloud Computing Benefits & Issues
Cloud Migration - Cloud Computing Benefits & IssuesArtizen, Inc.
 

Andere mochten auch (8)

Maximizing your share_point_investment_final
Maximizing your share_point_investment_finalMaximizing your share_point_investment_final
Maximizing your share_point_investment_final
 
Cloud computing arma_nnj
Cloud computing arma_nnjCloud computing arma_nnj
Cloud computing arma_nnj
 
Cloud computing pmi-dvc-v3
Cloud computing pmi-dvc-v3Cloud computing pmi-dvc-v3
Cloud computing pmi-dvc-v3
 
E discovery 2-cloud_v5
E discovery 2-cloud_v5E discovery 2-cloud_v5
E discovery 2-cloud_v5
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmont
 
Bd cloud v3
Bd cloud v3Bd cloud v3
Bd cloud v3
 
Integrating garp e_discovery
Integrating garp e_discoveryIntegrating garp e_discovery
Integrating garp e_discovery
 
Cloud Migration - Cloud Computing Benefits & Issues
Cloud Migration - Cloud Computing Benefits & IssuesCloud Migration - Cloud Computing Benefits & Issues
Cloud Migration - Cloud Computing Benefits & Issues
 

Ähnlich wie Selecting csp iapp_summit_2012 - 5-february

Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computingikanow
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Steve Markey
 
Cognizant Cloud for Utilities
Cognizant Cloud for UtilitiesCognizant Cloud for Utilities
Cognizant Cloud for UtilitiesSteve Lennon
 
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyMay 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyTim Harvey
 
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...IndicThreads
 
ShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxBabatundeAbioye2
 
MajorProject_AnilSharma
MajorProject_AnilSharmaMajorProject_AnilSharma
MajorProject_AnilSharmaAnil Sharma
 
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017Amazon Web Services
 
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValueThe Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValueRapidValue
 
Cloud Computing and Data Governance
Cloud Computing and Data GovernanceCloud Computing and Data Governance
Cloud Computing and Data GovernanceTrillium Software
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessAmazon Web Services
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessAmazon Web Services
 
Cloud Computing - Foundations, Perspectives & Challenges
Cloud Computing - Foundations, Perspectives & ChallengesCloud Computing - Foundations, Perspectives & Challenges
Cloud Computing - Foundations, Perspectives & ChallengesPrasad Chitta
 
Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...IndicThreads
 
Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...IndicThreads
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Cw13 cloud computing & big data by ahmed aamer
Cw13 cloud computing & big data by ahmed aamerCw13 cloud computing & big data by ahmed aamer
Cw13 cloud computing & big data by ahmed aamerinevitablecloud
 

Ähnlich wie Selecting csp iapp_summit_2012 - 5-february (20)

Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1
 
Cognizant Cloud for Utilities
Cognizant Cloud for UtilitiesCognizant Cloud for Utilities
Cognizant Cloud for Utilities
 
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyMay 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
 
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...
 
ShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxShareResponsibilityModel.pptx
ShareResponsibilityModel.pptx
 
MajorProject_AnilSharma
MajorProject_AnilSharmaMajorProject_AnilSharma
MajorProject_AnilSharma
 
Csa dlp
Csa dlpCsa dlp
Csa dlp
 
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
 
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValueThe Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
 
Cloud Computing and Data Governance
Cloud Computing and Data GovernanceCloud Computing and Data Governance
Cloud Computing and Data Governance
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
Cloud Computing - Foundations, Perspectives & Challenges
Cloud Computing - Foundations, Perspectives & ChallengesCloud Computing - Foundations, Perspectives & Challenges
Cloud Computing - Foundations, Perspectives & Challenges
 
Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...
 
Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Cw13 cloud computing & big data by ahmed aamer
Cw13 cloud computing & big data by ahmed aamerCw13 cloud computing & big data by ahmed aamer
Cw13 cloud computing & big data by ahmed aamer
 

Kürzlich hochgeladen

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Selecting csp iapp_summit_2012 - 5-february

  • 1. Selecting a Cloud Service Provider (CSP) Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK, CompTIA Cloud Essentials Principal, nControl, LLC Adjunct Professor President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
  • 2. Selecting a CSP • Presentation Overview – Cloud Overview – Selection Considerations, Criteria & Tools – Case Studies
  • 3. Selecting a CSP • Cloud Overview – Why should you care about the “cloud”?
  • 4. Cloud Computing Trends Numbers Numbers around CC are always impressive: 80% fortune companies 1000 will pay to use cloud computing services and 30% will pay for infrastructure. Gartner At this moment, the 5 major search engines together have 2.000.000 Market : computers 42 billon: IDC 95 billion: Merrill Lynch 33% of IT business will be in Cloud Computing Gartner Microsoft data centre in Chicago: 610.000 servers 8 8 Source: Open Group
  • 5. Selecting a CSP • What is Cloud Computing? – Re-branded IT Business Model • Application Service Provider (ASP) • IT Outsourcing (ITO) – Confusion • Hosting • Virtualization • Service Provider
  • 6.
  • 7.
  • 8. Selecting a CSP • Selection Considerations, Criteria & Tools – Risky Business – Security Guidance – Privacy & Data Protection Rules – Service Provider / Consumer Process Alignment – Portability / Interoperability – Contractual / Legal Agreements – Industry Tools & Tricks
  • 9. Selecting a CSP • Partly Cloudy with a chance of risk! – The Cloud is perceived as risky business. • Lack of Control • Regulatory Compliance • Hacks, outages, disasters….oh my! Source: Youtube
  • 10. Selecting a CSP • Security Guidance – Existing Certifications / Attestations • SAS 70 Type II / SSAE 16 / ISAE 3402 • ISO 27001 / 2 • ISO 27036 • BITS Shared Assessments • PCI DSS • HIPAA / HITECH – Guidance Specifically for the Cloud • Cloud Security Alliance (CSA) Guide v3.0 • CSA Security, Trust & Assurance Registry (STAR) • ENISA Cloud Computing Risk Assessment • NIST SP 800-144 Guidelines Security / Privacy for a Public Cloud
  • 11. Selecting a CSP • Privacy & Data Protection Rules – Jurisdictions* • Regional: EU DPA • National: PIPEDA, GLBA, HIPAA / HITECH, COPPA, Safe Harbor • Statutory: Bavarian, CA SB 1386 / 24, MA 201 CMR 17, NV SB 227 – Data Flow & Jurisdictional Adherence • Backups • CSP Big Data: Traditional, Sensory (e.g. Logs, Metadata) & Social • Business / Organizational Ecosystem – Contract Clauses • European Model Contract Clauses • PCI DSS – Privacy Best Practices • Generally Accepted Privacy Principles (GAPP) * Not all inclusive.
  • 12. Selecting a CSP • Svc Provider / Consumer Process Alignment – Change / Configuration Management • Process, process & some more process. • Automated configuration management? • Maturity Model – Vendor Loading / Off-loading • Provisioning / De-provisioning – Disaster Recovery • Business / Organizational Ecosystem • Maturity Model
  • 13. Selecting a CSP • Svc Provider / Consumer Process Alignment – Incident Response • Computer Security Incident Response Team (CSIRT) – Digital Forensics • Legal Hold / Litigation Response / e-Discovery – Electronic Discovery Reference Model (EDRM) – Federal Rules of Civil Procedure (FRCP) 30(b)(6) – Records and Information Management (RIM) • Generally Accepted Recordkeeping Principles (GARP®) • Information Governance Reference Model (IGRM) • Information Lifecycle Management (ILM) • MIKE2.0
  • 14. Selecting a CSP • Portability / Interoperability – Software – Data – Third Parties
  • 15. Selecting a CSP • Contractual / Legal Agreements – Service Level Agreements (SLA) • Uptime • Data Ownership – Escrow Data – Include Sensory Data, Metadata • Exit Clause • Testing – Disaster Recovery – Incident Response – Legal Hold / Litigation Response / e-Discovery • Right to Audit – Vendor & Vendor’s Vendors – Privacy Impact Assessments (PIA) • Additional Clauses
  • 17. Selecting a CSP • Industry Tools & Tricks – Cloud Strategic Roadmap – Matrices & Software – Cloud Brokers
  • 18. Selecting a CSP • Industry Tools & Tricks – Cloud (Consumer) Strategic Roadmap • Business Model Alignment – Centralized / Decentralized – Industry Vertical – Ecosystem Awareness (Customers, Partners, Vendors) • Project Portfolio Management (PPM) – Assimilate Cloud Projects » Involves many stakeholders (business, PMO, IT, etc.). • Phased Implementation Approach – PrivateHybridPublic – BasicAdvanced Services
  • 19. Selecting a CSP • Industry Tools & Tricks – Cloud (Provider) Strategic Roadmap • Business Model / Product Line Scalability – e-Discovery, Authentication, Encryption, Scanning » Organic » Merger & Acquisition • Longevity / Sustainability • Industry / Jurisdiction Focus • Ecosystem Awareness • Technology / Enterprise Architecture (TOGAF, SABSA, ITIL)
  • 20. Selecting a CSP • Industry Tools & Tricks – Matrices & Software • Matrices – Audit / Compliance Focused » CSA Consensus Assessments Initiative Questionnaire » CSA Cloud Controls Matrix » BITS Enterprise Cloud Self-Assessment • Software – VMware Cloud Readiness Self-Assessment (CRSA) – Bit Titan MigrationWiz – Gravitant cloudWiz
  • 21.
  • 22.
  • 23. | cloudWizTM Step 1: Plan Capacity Capacity planning is a vital component of cloud computing adoption that involves understanding necessary resource requirements in order to meet the anticipated needs of customers and users. Companies who are able to predict their computing needs can reserve capacity and plan for their predicted usage based on their IT budgets. Other models allow organizations to utilize an on-demand, pay- per-use model which may be more economical. © Gravitant, Inc. All Rights Reserved. cloudMatrix Version 5.0
  • 24. | cloudWizTM Step 2: Compare Vendors Once a cloudWiz user has filled out their current resource utilization and projected demand, they can then compare vendors, side-by- side. Our inbuilt standardized vendor catalog allows cloud users to compare prices from multiple providers in an expedia-like interface and then optimize for the best vendor based on individual goals and constraints such as cost, QoS and best match. © Gravitant, Inc. All Rights Reserved. cloudMatrix Version 5.0
  • 25. | cloudWizTM Step 3: Analyze ROI As a cloudWiz user compares vendors across cost, QoS and other constraints, they can also determine ROI Benefits to analyze the effects of selecting a particular provider. © Gravitant, Inc. All Rights Reserved. cloudMatrix Version 5.0
  • 26. Selecting a CSP • Industry Tools & Tricks – Cloud Brokers • RightScale • CloudFloor • Skydera • enStratus
  • 27.
  • 28. Cloud Computing • Case Study: Choosing a PaaS CSP – Background – Mid-sized Capital Management Firm – FINRA Regulated – Outsourced IT with hardware onsite. – Drivers – Cost – Compliance – Technologies – Microsoft Exchange / Office 365 Exchange Online – Onsite Symantec Enterprise Vault
  • 29. Cloud Computing • Case Study: Choosing a PaaS CSP – Limitations – Budget – Skill-sets – Resources – Monitoring – Risks – System / Software Interoperability – Availability – Vendor Management: Contractual / SLA Omissions – Scope Creep – Data Ownership
  • 30. Cloud Computing • Case Study: Choosing a PaaS CSP – Lessons Learned – Better Safe Than Sorry – Follow GLBA Safeguards – Many Moving (Technical) Parts – Use Existing Vendors – e-Discovery Helped – Onsite Journaling – Next Steps – Testing BCP / DR, Incident Response – System Architecture Upgrades
  • 31. Cloud Computing • Case Study: Choosing an IaaS CSP – Background – Venture capital funded pharmacy service provider. – Small HIPAA / HITECH Business Associate – Level 4 PCI Service Provider – Drivers – Cost Savings – Core Competency Focus – Technologies – Open-source solutions at a co-location facility. – Leverages third party / upstream system providers.
  • 32. Cloud Computing • Case Study: Choosing an IaaS CSP – Limitations – Buying / Negotiating Power – HIPAA / HITECH / PCI Requirements – Third Party Systems – Risks – Jurisdiction – Availability – Cloud / Third Party Ecosystem Reliance
  • 33. Cloud Computing • Case Study: Choosing an IaaS CSP – Lessons Learned – Bigger is not better. – Standardize Technology – Ask for the documentation from attestations. – Sticker Shock – Next Steps – Work with the CSP – Conduct a PIA. – Test incident response plans.
  • 34. Cloud Computing • Presentation Take Aways – There Are No Silver Bullets – Think Cloud Strategy & Business Ecosystem – You Are Not Alone – Leverage CSA, BITS & NIST’s Research – Leverage Industry Tools, Tips & Tricks – Compare Apples to Apples – Technology – Pricing – SLAs
  • 35. Cloud Computing • References – ISO 27036: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=59648 – CSA CAIQ: https://cloudsecurityalliance.org/research/cai/ – CSA CCM: https://cloudsecurityalliance.org/research/ccm/ – CSA STAR: https://cloudsecurityalliance.org/star/ – CSA Guide: https://cloudsecurityalliance.org/research/security-guidance/ – BITS Enterprise Cloud Self-Assessment: http://sharedassessments.org/media/pdf-EnterpriseCloud-SA.pdf – ENISA Risk Assessment: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk- assessment – NIST SP 800-144: http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf – Core CloudInspect: https://www.corecloudinspect.com/microsite/index.html – McAfee Database Security Scanner (DSS): http://www.mcafee.com/us/products/security-scanner-for- databases.aspx – ARMA GARP: http://www.arma.org/GARP/ – IGRM: http://www.edrm.net/projects/igrm – EDRM: http://www.edrm.net/ – MIKE2.0: http://mike2.openmethodology.org/ – VMware CRSA: http://getcloudready.vmware.com/crsa/ – Bit Titan MigrationWiz: https://www.migrationwiz.com/Secure/Default.aspx – Gravitant cloudWiz: http://www.gravitant.com/cloudwiz-home.html – RightScale: http://www.rightscale.com/ – CloudFloor: http://www.cloudfloor.com/ – Skydera: http://www.skydera.com/ – enStratus: http://enstratus.com/
  • 36. Cloud Computing • Personal References – ISACA Journal, “Auditing Your Non-Relational, Distributed Database System”: http://www.isaca.org/Journal/Current-Issue/Pages/default.aspx – ISACA Journal, "Testing Your Incident Response Plan": http://www.isaca.org/Journal/Current- Issue/Pages/default.aspx – PenTest Magazine, "Scanning Your Cloud Environment": http://pentestmag.com/client-side-exploits- pentest-082011/ – e-Discovery 2.0: In the Cloud: https://s3.amazonaws.com/nControl-Docs/CSA11_Session-SMarkey.ppt – Security in the Cloud: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Security.ppt – System Architecture & Engineering for the Cloud: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing-Architecture_Engineering.ppt – Cloud Computing Primer: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Basic.ppt – Cloud Computing - Authentication & Encryption: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_II.ppt – Cloud Computing - Application & Virtualization Security: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_III.ppt
  • 37. • Questions? • Contact – Email: steve@ncontrol-llc.com – Twitter: @markes1, @casdelval2011 – LI: http://www.linkedin.com/in/smarkey