SlideShare a Scribd company logo

Managing compliance in cloud computing: https://www.grin.com/document/416755

Download as PPTX, PDF
G
Green Gyaanam

Cloud computing is a promising technology where computational power is provided over internet as per users demand just like the supplies daily utilities of tap water, electricity and gas provided as pay per use. Here cloud computing and cloud compliance is discussed. An approach has been illustrated for managing compliance in cloud. market players and startups have been stated along with suggestions and key concerns.

Technology
1 of 30
Managing Compliance in Cloud Computing Dr. Manisha Kumari Deep GreenGyaanam www.greengyaanam.com
What is “Cloud”  ‘Cloud’ is a term borrowed from telephony  Cloud computing concept dates back to 1960, when John McCarthy opined that ‘computation may someday be organized as a public utility’.  Here ‘cloud’ is used as a metaphor for the Internet  Term cloud came into commercial use in the early 1990s  Used in context of large Asynchronous Transfer Mode (ATM) networks
Cloud Computing  Taken as a change in a fundamental model of events  Details are abstracted from the users  Abstraction simplifies control and conceals complexity  Typically involves the provision of dynamically scalable and often virtualized resources as a service over the Internet  Cloud computing customers do not own the physical infrastructure  Instead they avoid capital expenditure on hardware, software and services, by renting usage from a third-party provider
Cloud computing confusion Cloud computing is usually confused with:  Grid Computing- a form of distributed computing  Autonomic Computing- packaging of computing resources, such as computation and storage, as a metered service  Utility Computing- computer systems capable of self- management.
Why Cloud Computing?  Cost reduction  Limitless storage and data safety  Low maintenance cost  Provisioning on-demand, with no more waiting  IT as disposable infrastructure and not a luxury  New levels of collaborations with no geographical or corporate boundaries
Why Cloud Computing  For many of us it is a mature technology and can almost run all applications  Features of easy accessibility anywhere at any time and almost no burden of on-going operational expenses  Cloud environment covers services right from the core infrastructure to software like email at an individual user level.  By implementing cloud the organizations certainly gets the benefit of reduced capital investment, faster implementation cycle with net reduction in hardware- software procurement and installation
Cloud computing interpretations  First academic definition provided by ‘Ramnath K. Chellappa’ who called it ‘a computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits’ in 1997.
A form of standardized IT-based capability — such as Internet-based services, software, or IT infrastructure — offered by a service provider that is accessible via Internet protocols from any computer, is always available and scales automatically to adjust to demand, is either pay-per-use or advertising-based, has Web- or programmatic-based control interfaces, and enables full customer self-service. A style of computing in which massively scalable IT-enabled capabilities are delivered “as a service” to multiple customers using Internet technologies Self-service provisioning Shared resources/common versions Offsite third-party provided Access via the Internet Standard usage-based pricing Essential Characteristics On-demand self-service Ubiquitous network access Multi-tenant Elasticity Pay-per-use Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Which industries does this apply to? Product Offerings Security/ Regulatory Requirements Low BitsAtoms High • Music/video • Software/IT • News/Information • Financial services • Telecom • IT Services • Dell/electronics • Wal-Mart/retail • Commodities • Defense/aerospace • Utilities, energy • Pharma Mostly disruptive Potentially disruptiveLatent Mostly Sustaining
Compliance Management  Compliance is about being in accordance to specifications, guidelines or laws or in process of becoming  Compliance to regulation needs to keep security factors tight inorder to avoid risk  Compliance management ensures that IT processes, services and systems comply with organizations policies and legal requirements  Non-conformance to the regulation might attract huge penalties and in cases federal agencies can also revoke the organizations licence to operate
The Approach  Organizations need to have a compliance management policy implemented ahead of time  This policy should be one of the inputs for selecting the cloud service provider (CSP)  Information security becomes crucial and should be included in the compliance management policy (CMP)  The process flow and major steps of the approach for managing the compliance has been represented in the figure (An Approach for Managing Compliance in Cloud)  This approach is based on the Plan Do Check Act principle.
The Approach  This approach has six phases: focus area layout plan, implement, monitor, audit and feedback.
Focus Area  It covers applicable standards, regulations and even best practices in Industry  Focus Area should be aligned with organizations strategic plan, and should cover performance standards, privacy and security aspects  Compliance requirements of business process, business units and even employees of the organizations which are exposed on the cloud
Layout Plan  Responsibilities of parties involved (i.e. service provider, user, customer), the expectations, assumptions and also the frequency of audits for defined focus area is charted out  Emphasis here should be on drawing clear lines on the responsibility and expectations with cloud provider
Implement, Monitor, Audit and Feedback  Implement, Monitor, Audit and Feedback should be followed as practiced in any standard quality management principle  The feedback is essential to close the findings of audits and observations while monitoring the processes  Feedback has to be sent to the layout planning stage as well as the focus area to make the process robust, error- free, and stable with scope for further improvement till perfection
Conflicting Aspects  Organizations may adopt different models and approach, however while designing a compliance management framework or system special emphasis should be given to the below mentioned conflicting aspects: 1. Data Collection Limitation and its usage 2. Retention and Destruction of data 3. Limitation of Private and Personal data usage and transfer 4. Transfer of data with permission and protection 5. Accountability
Suggestions  CSP must include compliance as a part of the operational process in order to ease global integration, avoid vendor conflicts, support transparency between users and providers, diverse regulations of countries, and to efficiently handle risks thus resulting in competitive advantage  With external parties involved to meet the compliance there is a need to have the expectations set and assessed  In fact cloud compliance policy (CCP) should be one of the inputs and considerations for the organizations for selecting the cloud service provider, while signing an agreement with the service provider
Key Concerns  Which cloud technology would best support the business strategy of the organization?  Which compliance management process to adopt and follow?  How much control should be abandoned for benefit and change?  Which service to purchase for right performance, security, reliability and customization?  Is it worth the risk and quality of service?  How will it affect the organizations management and corporate policies?  Major CCM hurdle is data location during audit.
Key Concerns  Maintaining proper control over systems and data access  Security and confidentiality of non-public confidential information  Application designing, security, disaster recovery mechanism, issues handling and monitoring process are important while choosing CSPs
Important Cloud Players  GOOGLE  MICROSOFT  AMAZON  CSC  HP-EDS  IBM  ORACLE  SUN  CISCO  DELL
Cloud Computing Startups to watch  VELOSTRATA  CoreOS  RAVELLO SYSTEMS  BRACKET COMPUTING  DIGITAL OCEAN
Future of Cloud Computing Editors at InfoWorld make two predictions about the future direction of cloud technology over the next 10 years:  pervasive cloud services standard for assembling business solutions  cloud-based data with context for better understanding data Important points to look for:  Large companies may move to cloud platform  Data and cloud
Future of Cloud Computing Important points to look for:  Easier hybrid cloud strategies  Productivity tools and proactive policies  New security standards to counteract data breech  More focus on Internet of Things (IoT)
Summarizing  Proper planning and migration services needed  Scaling up and down is easy  Security and monitoring achievable with planning and analysis  Hybrid cloud platform easier  Enterprise cloud may become obsolete  Cloud Computing has provided a platform to other businesses to leverage technology at a reasonable pricing.
Summarizing  Compliance management not only would come handy in meeting the regulatory requirements but will also help them in managing organizational risks  A well drafted compliance policy when implemented will create an environment of self-accountability and minimize risks thus enabling organizations to focus more towards end products and services resulting in a satisfied customer and improved business results.
References  http://www.hightech-highway.com/cloud-computing-2/cloud-computing- yesterday-today-and-tomorrow/  http://www.hightech-highway.com/cloud-computing-2/five-basics-of-cloud- computing/  http://searchcloudcomputing.techtarget.com/feature/Why-the-cloud-of-today- isnt-the-cloud-of-tomorrow  http://www.ijcce.org/papers/225-W0004.pdf  http://www.cio.com/article/3026527/cloud-computing/11-cloud-trends-that-will- dominate-2016.html  http://www.forbes.com/sites/joemckendrick/2015/12/21/my-one-big-fat-cloud- computing-prediction-for-2016/#19671244230a  http://searchcloudcomputing.techtarget.com/tip/Five-cloud-computing-startups- to-watch-heading-into-2016
References  http://www.cio.com/article/2901034/cloud-computing/your-guide-to- compliance-in-the-cloud.html  http://www.happiestminds.com/ComplianceVigil/  http://www.sourcinginnovation.com/glossary/ComplianceManagement.php
Also Read Also Read:  http://www.slideshare.net/GreenGyaanam/gree-computing-an- envi-nesecc  http://www.slideshare.net/GreenGyaanam/positive-quotes- 58408909  http://www.slideshare.net/GreenGyaanam/introduction-to- information-systems-58490890  http://www.slideshare.net/GreenGyaanam/green-dentistry- 58492754  http://www.slideshare.net/GreenGyaanam/mobile- governance-58491716  http://www.slideshare.net/GreenGyaanam/freedom-251- controversy-with-video  http://www.slideshare.net/GreenGyaanam/freedom-251- controversy-58502754
Also Read  http://www.slideshare.net/GreenGyaanam/budget-2015- 2016-58901332  http://www.slideshare.net/GreenGyaanam/project- writing-58591580  http://www.slideshare.net/GreenGyaanam/relationship- quotes-58645765  http://www.slideshare.net/GreenGyaanam/facebook- for-nonprofits-58550161  http://www.slideshare.net/GreenGyaanam/technical- writing-58490472
Thanks GreenGyaanam www.greengyaanam.com greengyaanaminfo@gmail.com

Recommended

Test Your Cloud Maturity Level: A Practical Guide to Self Assessment
Test Your Cloud Maturity Level: A Practical Guide to Self AssessmentTest Your Cloud Maturity Level: A Practical Guide to Self Assessment
Test Your Cloud Maturity Level: A Practical Guide to Self AssessmentDavid Resnic
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare pptMandy Suzanne
 
Forgiving in Love
Forgiving in LoveForgiving in Love
Forgiving in LoveGreen Gyaanam
 
Facebook data breach
Facebook data breachFacebook data breach
Facebook data breachGreen Gyaanam
 
Organic IT Infrastructure Planning And Implementation: https://www.amazon.in/...
Organic IT Infrastructure Planning And Implementation: https://www.amazon.in/...Organic IT Infrastructure Planning And Implementation: https://www.amazon.in/...
Organic IT Infrastructure Planning And Implementation: https://www.amazon.in/...Green Gyaanam
 
Digital Detox
Digital DetoxDigital Detox
Digital DetoxGreen Gyaanam
 
21 Point Social Media
21 Point Social Media21 Point Social Media
21 Point Social MediaGreen Gyaanam
 
Healthy Recipies
Healthy RecipiesHealthy Recipies
Healthy RecipiesGreen Gyaanam
 

Recommended

Test Your Cloud Maturity Level: A Practical Guide to Self Assessment
Test Your Cloud Maturity Level: A Practical Guide to Self AssessmentTest Your Cloud Maturity Level: A Practical Guide to Self Assessment
Test Your Cloud Maturity Level: A Practical Guide to Self AssessmentDavid Resnic
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare pptMandy Suzanne
 
Forgiving in Love
Forgiving in LoveForgiving in Love
Forgiving in LoveGreen Gyaanam
 
Facebook data breach
Facebook data breachFacebook data breach
Facebook data breachGreen Gyaanam
 
Organic IT Infrastructure Planning And Implementation: https://www.amazon.in/...
Organic IT Infrastructure Planning And Implementation: https://www.amazon.in/...Organic IT Infrastructure Planning And Implementation: https://www.amazon.in/...
Organic IT Infrastructure Planning And Implementation: https://www.amazon.in/...Green Gyaanam
 
Digital Detox
Digital DetoxDigital Detox
Digital DetoxGreen Gyaanam
 
21 Point Social Media
21 Point Social Media21 Point Social Media
21 Point Social MediaGreen Gyaanam
 
Healthy Recipies
Healthy RecipiesHealthy Recipies
Healthy RecipiesGreen Gyaanam
 
Project writing
Project writingProject writing
Project writingGreen Gyaanam
 
Facebook for non-profits
Facebook for non-profitsFacebook for non-profits
Facebook for non-profitsGreen Gyaanam
 
Freedom 251 controversy with video
Freedom 251 controversy with videoFreedom 251 controversy with video
Freedom 251 controversy with videoGreen Gyaanam
 
Freedom 251 controversy
Freedom 251 controversyFreedom 251 controversy
Freedom 251 controversyGreen Gyaanam
 
Green dentistry
Green dentistryGreen dentistry
Green dentistryGreen Gyaanam
 
Mobile governance
Mobile governanceMobile governance
Mobile governanceGreen Gyaanam
 
Technical Writing
Technical WritingTechnical Writing
Technical WritingGreen Gyaanam
 
Green computing: An environmental necessity.
Green computing: An environmental necessity.Green computing: An environmental necessity.
Green computing: An environmental necessity.Green Gyaanam
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

More Related Content

More from Green Gyaanam

Facebook for non-profits
Facebook for non-profitsFacebook for non-profits
Facebook for non-profitsGreen Gyaanam
 
Freedom 251 controversy with video
Freedom 251 controversy with videoFreedom 251 controversy with video
Freedom 251 controversy with videoGreen Gyaanam
 
Freedom 251 controversy
Freedom 251 controversyFreedom 251 controversy
Freedom 251 controversyGreen Gyaanam
 
Green computing: An environmental necessity.
Green computing: An environmental necessity.Green computing: An environmental necessity.
Green computing: An environmental necessity.Green Gyaanam
 

More from Green Gyaanam (8)

Project writing
Project writingProject writing
Project writing
 
Facebook for non-profits
Facebook for non-profitsFacebook for non-profits
Facebook for non-profits
 
Freedom 251 controversy with video
Freedom 251 controversy with videoFreedom 251 controversy with video
Freedom 251 controversy with video
 
Freedom 251 controversy
Freedom 251 controversyFreedom 251 controversy
Freedom 251 controversy
 
Green dentistry
Green dentistryGreen dentistry
Green dentistry
 
Mobile governance
Mobile governanceMobile governance
Mobile governance
 
Technical Writing
Technical WritingTechnical Writing
Technical Writing
 
Green computing: An environmental necessity.
Green computing: An environmental necessity.Green computing: An environmental necessity.
Green computing: An environmental necessity.
 

Recently uploaded

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Managing compliance in cloud computing: https://www.grin.com/document/416755

  • 1. Managing Compliance in Cloud Computing Dr. Manisha Kumari Deep GreenGyaanam www.greengyaanam.com
  • 2. What is “Cloud”  ‘Cloud’ is a term borrowed from telephony  Cloud computing concept dates back to 1960, when John McCarthy opined that ‘computation may someday be organized as a public utility’.  Here ‘cloud’ is used as a metaphor for the Internet  Term cloud came into commercial use in the early 1990s  Used in context of large Asynchronous Transfer Mode (ATM) networks
  • 3. Cloud Computing  Taken as a change in a fundamental model of events  Details are abstracted from the users  Abstraction simplifies control and conceals complexity  Typically involves the provision of dynamically scalable and often virtualized resources as a service over the Internet  Cloud computing customers do not own the physical infrastructure  Instead they avoid capital expenditure on hardware, software and services, by renting usage from a third-party provider
  • 4. Cloud computing confusion Cloud computing is usually confused with:  Grid Computing- a form of distributed computing  Autonomic Computing- packaging of computing resources, such as computation and storage, as a metered service  Utility Computing- computer systems capable of self- management.
  • 5. Why Cloud Computing?  Cost reduction  Limitless storage and data safety  Low maintenance cost  Provisioning on-demand, with no more waiting  IT as disposable infrastructure and not a luxury  New levels of collaborations with no geographical or corporate boundaries
  • 6. Why Cloud Computing  For many of us it is a mature technology and can almost run all applications  Features of easy accessibility anywhere at any time and almost no burden of on-going operational expenses  Cloud environment covers services right from the core infrastructure to software like email at an individual user level.  By implementing cloud the organizations certainly gets the benefit of reduced capital investment, faster implementation cycle with net reduction in hardware- software procurement and installation
  • 7. Cloud computing interpretations  First academic definition provided by ‘Ramnath K. Chellappa’ who called it ‘a computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits’ in 1997.
  • 8. A form of standardized IT-based capability — such as Internet-based services, software, or IT infrastructure — offered by a service provider that is accessible via Internet protocols from any computer, is always available and scales automatically to adjust to demand, is either pay-per-use or advertising-based, has Web- or programmatic-based control interfaces, and enables full customer self-service. A style of computing in which massively scalable IT-enabled capabilities are delivered “as a service” to multiple customers using Internet technologies Self-service provisioning Shared resources/common versions Offsite third-party provided Access via the Internet Standard usage-based pricing Essential Characteristics On-demand self-service Ubiquitous network access Multi-tenant Elasticity Pay-per-use Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
  • 9. Which industries does this apply to? Product Offerings Security/ Regulatory Requirements Low BitsAtoms High • Music/video • Software/IT • News/Information • Financial services • Telecom • IT Services • Dell/electronics • Wal-Mart/retail • Commodities • Defense/aerospace • Utilities, energy • Pharma Mostly disruptive Potentially disruptiveLatent Mostly Sustaining
  • 10. Compliance Management  Compliance is about being in accordance to specifications, guidelines or laws or in process of becoming  Compliance to regulation needs to keep security factors tight inorder to avoid risk  Compliance management ensures that IT processes, services and systems comply with organizations policies and legal requirements  Non-conformance to the regulation might attract huge penalties and in cases federal agencies can also revoke the organizations licence to operate
  • 11. The Approach  Organizations need to have a compliance management policy implemented ahead of time  This policy should be one of the inputs for selecting the cloud service provider (CSP)  Information security becomes crucial and should be included in the compliance management policy (CMP)  The process flow and major steps of the approach for managing the compliance has been represented in the figure (An Approach for Managing Compliance in Cloud)  This approach is based on the Plan Do Check Act principle.
  • 12. The Approach  This approach has six phases: focus area layout plan, implement, monitor, audit and feedback.
  • 13. Focus Area  It covers applicable standards, regulations and even best practices in Industry  Focus Area should be aligned with organizations strategic plan, and should cover performance standards, privacy and security aspects  Compliance requirements of business process, business units and even employees of the organizations which are exposed on the cloud
  • 14. Layout Plan  Responsibilities of parties involved (i.e. service provider, user, customer), the expectations, assumptions and also the frequency of audits for defined focus area is charted out  Emphasis here should be on drawing clear lines on the responsibility and expectations with cloud provider
  • 15. Implement, Monitor, Audit and Feedback  Implement, Monitor, Audit and Feedback should be followed as practiced in any standard quality management principle  The feedback is essential to close the findings of audits and observations while monitoring the processes  Feedback has to be sent to the layout planning stage as well as the focus area to make the process robust, error- free, and stable with scope for further improvement till perfection
  • 16. Conflicting Aspects  Organizations may adopt different models and approach, however while designing a compliance management framework or system special emphasis should be given to the below mentioned conflicting aspects: 1. Data Collection Limitation and its usage 2. Retention and Destruction of data 3. Limitation of Private and Personal data usage and transfer 4. Transfer of data with permission and protection 5. Accountability
  • 17. Suggestions  CSP must include compliance as a part of the operational process in order to ease global integration, avoid vendor conflicts, support transparency between users and providers, diverse regulations of countries, and to efficiently handle risks thus resulting in competitive advantage  With external parties involved to meet the compliance there is a need to have the expectations set and assessed  In fact cloud compliance policy (CCP) should be one of the inputs and considerations for the organizations for selecting the cloud service provider, while signing an agreement with the service provider
  • 18. Key Concerns  Which cloud technology would best support the business strategy of the organization?  Which compliance management process to adopt and follow?  How much control should be abandoned for benefit and change?  Which service to purchase for right performance, security, reliability and customization?  Is it worth the risk and quality of service?  How will it affect the organizations management and corporate policies?  Major CCM hurdle is data location during audit.
  • 19. Key Concerns  Maintaining proper control over systems and data access  Security and confidentiality of non-public confidential information  Application designing, security, disaster recovery mechanism, issues handling and monitoring process are important while choosing CSPs
  • 20. Important Cloud Players  GOOGLE  MICROSOFT  AMAZON  CSC  HP-EDS  IBM  ORACLE  SUN  CISCO  DELL
  • 21. Cloud Computing Startups to watch  VELOSTRATA  CoreOS  RAVELLO SYSTEMS  BRACKET COMPUTING  DIGITAL OCEAN
  • 22. Future of Cloud Computing Editors at InfoWorld make two predictions about the future direction of cloud technology over the next 10 years:  pervasive cloud services standard for assembling business solutions  cloud-based data with context for better understanding data Important points to look for:  Large companies may move to cloud platform  Data and cloud
  • 23. Future of Cloud Computing Important points to look for:  Easier hybrid cloud strategies  Productivity tools and proactive policies  New security standards to counteract data breech  More focus on Internet of Things (IoT)
  • 24. Summarizing  Proper planning and migration services needed  Scaling up and down is easy  Security and monitoring achievable with planning and analysis  Hybrid cloud platform easier  Enterprise cloud may become obsolete  Cloud Computing has provided a platform to other businesses to leverage technology at a reasonable pricing.
  • 25. Summarizing  Compliance management not only would come handy in meeting the regulatory requirements but will also help them in managing organizational risks  A well drafted compliance policy when implemented will create an environment of self-accountability and minimize risks thus enabling organizations to focus more towards end products and services resulting in a satisfied customer and improved business results.
  • 26. References  http://www.hightech-highway.com/cloud-computing-2/cloud-computing- yesterday-today-and-tomorrow/  http://www.hightech-highway.com/cloud-computing-2/five-basics-of-cloud- computing/  http://searchcloudcomputing.techtarget.com/feature/Why-the-cloud-of-today- isnt-the-cloud-of-tomorrow  http://www.ijcce.org/papers/225-W0004.pdf  http://www.cio.com/article/3026527/cloud-computing/11-cloud-trends-that-will- dominate-2016.html  http://www.forbes.com/sites/joemckendrick/2015/12/21/my-one-big-fat-cloud- computing-prediction-for-2016/#19671244230a  http://searchcloudcomputing.techtarget.com/tip/Five-cloud-computing-startups- to-watch-heading-into-2016
  • 28. Also Read Also Read:  http://www.slideshare.net/GreenGyaanam/gree-computing-an- envi-nesecc  http://www.slideshare.net/GreenGyaanam/positive-quotes- 58408909  http://www.slideshare.net/GreenGyaanam/introduction-to- information-systems-58490890  http://www.slideshare.net/GreenGyaanam/green-dentistry- 58492754  http://www.slideshare.net/GreenGyaanam/mobile- governance-58491716  http://www.slideshare.net/GreenGyaanam/freedom-251- controversy-with-video  http://www.slideshare.net/GreenGyaanam/freedom-251- controversy-58502754
  • 29. Also Read  http://www.slideshare.net/GreenGyaanam/budget-2015- 2016-58901332  http://www.slideshare.net/GreenGyaanam/project- writing-58591580  http://www.slideshare.net/GreenGyaanam/relationship- quotes-58645765  http://www.slideshare.net/GreenGyaanam/facebook- for-nonprofits-58550161  http://www.slideshare.net/GreenGyaanam/technical- writing-58490472