SlideShare a Scribd company logo

Ast 0064255 strategies-for_assessing_cloud_security

Accenture
Accenture

The document provides strategies for assessing cloud security risks. It discusses the need to develop proper security controls for cloud implementations, as embracing cloud computing without adequate controls can place IT infrastructure at risk. The document recommends developing a strategic cloud security roadmap that involves defining business/IT strategy, identifying risks, documenting a plan, and assessing cloud security with IBM through a review of security programs and technical testing.

1 of 6
Download to read offline
IBM Global Technology Services November 2010 Thought Leadership White Paper Strategies for assessing cloud security
2 Securing the cloud: from strategy development to ongoing assessment Executive summary compliance. Even if IT workloads are transitioned to the Cloud computing provides flexible, cost-effective delivery of cloud, users are still responsible for compliance and data secu- business or consumer IT services over the Internet. Cloud rity. As a result, subscribers must establish trust relationships resources can be rapidly deployed and easily scaled, with all with their cloud providers and understand the risk posed by processes, applications, and services provisioned on demand, public and/or private cloud computing environments. regardless of the user location or device. As a result, cloud computing helps organizations improve service delivery, Security challenges in the cloud—the streamline IT management and better align IT services with need for a trusted third party evaluation dynamic business requirements. Cloud computing can also One of the most significant differences between cloud simultaneously support core business functions and provide security and traditional IT security stems from the sharing of capacity for new and innovative services. infrastructure on a massive scale. Users spanning different cor- porations and trust levels often interact with the same set of Both public and private cloud models, or a hybrid approach computing resources. And public cloud services are increas- using both models, are now in use. Available to anyone with ingly being offered by a chain of providers—all storing and Internet access, public clouds are acquired as a service and processing data externally in multiple unspecified locations. paid for on a per-usage basis or by subscription. Private clouds are owned and used by a single organization. They offer many Inside the cloud, it is difficult to physically locate where data is of the same benefits as public clouds, but give the owner stored. Security processes that were once visible are now hid- greater flexibility and control. den behind layers of abstraction. This lack of visibility can cause concerns about data exposure and compromise, service Although the benefits of cloud computing are clear, so is the reliability, ability to demonstrate compliance and meet SLAs, need to develop proper security for cloud implementations— and overall security management. whether public or private. Embracing cloud computing with- out adequate security controls can place the entire IT Visibility can be especially critical for compliance. The infrastructure at risk. Cloud computing introduces another Sarbanes-Oxley Act, the Health Insurance Portability and level of risk because essential services are often outsourced to Accountability Act (HIPAA), European privacy laws, and many a third party, making it harder to maintain data integrity and privacy, support data and service availability, and demonstrate
IBM Global Technology Services 3 other regulations require comprehensive auditing capabilities. Developing a strategic cloud security Many public clouds may indeed be a black box to the sub- roadmap with IBM scriber, thus clients may not be able to demonstrate compli- There is no one-size-fits-all model for security in the cloud. ance. (A private or hybrid cloud, on the other hand, can be Organizations have different security requirements that are configured to meet those requirements.) determined by the unique characteristics of the business work- load they intend to migrate to the cloud or the services they In addition, providers are sometimes required to support are providing from their cloud. It is important when evaluat- third-party audits, or support e-Discovery initiatives and ing risk in a cloud computing model, that a cloud security forensic investigations. This adds even more importance to strategy be developed. maintaining proper visibility into the cloud. Legal discovery of a co-tenant’s data may affect the confidentiality of other ten- By partnering with IBM, clients can benefit from proven ants’ data if the data is not properly segmented. This may assessment methodologies and best practices that help mean that some sensitive data may not be appropriate for cer- ensure consistent, reliable results. They can also leverage com- tain cloud environments. prehensive frameworks that address enterprise cloud strategy, implementation and management in a holistic approach that Organizations considering cloud-based services must under- maximizes the business value of cloud investments while mini- stand the associated risks and ensure appropriate visibility. mizing business risk. IBM guidelines for securing cloud implementations focus on the following areas: Defining business and IT strategy The first step to understanding security risks posed by a cloud ● Building a security program computing model is to analyze business and IT strategies. ● Confidential data protection What is the value of the information that will be stored, ● Implementing strong access and identity accessed and transmitted via the cloud? Is it business critical ● Application provisioning and de-provisioning and/or confidential? Is it subject to regulatory compliance? ● Governance audit management Clients must also consider availability requirements. After ● Vulnerability management determining the business and IT strategy and evaluating the ● Testing and validation data, clients can make a more informed, risk-based decision about which cloud computing model to pursue. Because cloud computing is available in several service models (and hybrids of these models), each presents different levels of responsibility for security management. Trusted third parties can help companies apply cloud security best practices to their specific business needs.
4 Securing the cloud: from strategy development to ongoing assessment Identifying the risks The IBM cloud security assessment reviews cloud architecture Each type of cloud—public, private and hybrid—carries a from a security standpoint, including policies and processes for different level of IT security risk. Security experts from data access and storage. IBM security experts assess the cur- IBM can help clients identify the vulnerabilities, threats and rent state of cloud security against best practices, and against other values at risk based on public, private or hybrid cloud providers’ own security objectives. Security requirements and architecture. From there, IBM will work with clients to design best practices criteria is based on unique characteristics of the initial mechanisms and controls to mitigate risk, and outline subject cloud, including workload, trust level of end users, the maintenance and testing procedures that will help ensure data protection requirements and more. For example, clouds ongoing risk mitigation. supporting email will have different security requirements than those supporting electronic Protected Health Documenting the plan Information (ePHI). IBM clients will benefit from a documented roadmap address- ing cloud security strategy. The plan should identify the types A gap assessment against security objectives and best practices of workloads or applications that are candidates for cloud will reveal strengths and weaknesses of the current security computing and should account for the legal, regulatory and architecture and processes. IBM experts will provide recom- security requirements. IBM will work with clients to plan for mendations for improvements and continuous security compensating controls to mitigate perceived risks, including measures to bridge the gaps. These can include the use of how to address identity and access management, and how to additional network security controls, modifications to existing balance security controls between the cloud provider and the security policies and procedures, implementation of new iden- subscriber. tity and access management controls, acquisition of managed security services for offloading critical security management Assessing cloud security with IBM tasks, or any number of other remediation steps. In addition to developing a strategy for cloud security, IBM can perform a cloud security assessment for public or In addition to a thorough review of the cloud security pro- private cloud offerings. This service can provide helpful due gram, IBM advises steady state technical testing of the cloud’s diligence for cloud providers, or help subscribers understand network infrastructure and supporting applications via remote the security posture of their provider’s cloud. penetration and application testing. This provides a “hacker’s eye” view of cloud components and provides insight into how cloud security weaknesses can significantly impact data and information protection.
IBM Global Technology Services 5 Why IBM? security services that enable a business-driven approach to To fully benefit from cloud computing, clients must ensure securing your cloud computing as well as your physical IT that data, applications and systems are properly secured so that environments. cloud infrastructure won’t expose the organization to risk. Cloud computing has the usual requirements of traditional IT IBM’s capabilities empower you to dynamically monitor and security, though it presents an added level of risk because of quantify security risks, enabling you to better: the external aspects of a cloud model. This can make it more difficult to maintain data integrity and privacy, support data ● Understand threats and vulnerabilities in terms of business and service availability, and demonstrate compliance. impact, ● Respond to security events with security controls that opti- Assessing the risks associated with cloud computing, such as mize business results, data integrity, recovery, privacy, and tenant isolation is critical ● Prioritize and balance your security investments. to the adoption of cloud technologies. These risks call for automated end-to-end security with a heavier emphasis on IBM also securely operates its own public clouds, including strong isolation, integrity and resiliency in order to provide IBM LotusLive™. IBM continuously invests in research and visibility, control and automation across the cloud computing development of stronger isolation at all levels of the network, infrastructure. server, hypervisor, process and storage infrastructure to sup- port massive multitenancy while mitigating risk. IBM helps clients put risk management strategies into action by transforming security from a cost of doing business to a Through world-class solutions that address risk across all way to improve the business. IBM draws from a broad portfo- aspects of your business, IBM is able to help you create an lio of consulting services, software and hardware and managed intelligent infrastructure that drives down costs, is secure, and is just as dynamic as today’s business climate. IBM cloud secu- rity solutions and services build on the strong foundation of the IBM security framework to extend benefits from tradi- tional IT environments to cloud computing environments.
For more information To learn more about the IBM Cloud Security Services, please contact your IBM marketing representative or IBM Business Partner, or visit the following website: ibm.com/cloud Additionally, financing solutions from IBM Global Financing © Copyright IBM Corporation 2010 Route 100 can enable effective cash management, protection from tech- Somers, NY 10589 U.S.A. nology obsolescence, improved total cost of ownership and Produced in the United States of America return on investment. Also, our Global Asset Recovery November 2010 Services help address environmental concerns with new, All Rights Reserved more energy-efficient solutions. For more information on IBM, the IBM logo, ibm.com and LotusLive are trademarks or IBM Global Financing, visit: ibm.com/financing registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. Please Recycle SEW03022-USEN-01

Recommended

Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challengesbornresearcher
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Symosis Security (Previously C-Level Security)
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the CloudEpoch Universal, Inc.
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET Journal
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIJIR JOURNALS IJIRUSA
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET Journal
 

More Related Content

What's hot

International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4sophiabelthome
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET Journal
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentIOSR Journals
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...IJIR JOURNALS IJIRUSA
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile securityJAYANT RAJURKAR
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingINFOGAIN PUBLICATION
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised ComputingIOSR Journals
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructureEricsson
 
An study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingAn study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingijsrd.com
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and ComplianceQuadrisk
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET Journal
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 

What's hot (19)

International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud Environment
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud Computing
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised Computing
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructure
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEW
 
An study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingAn study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computing
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and Compliance
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
 

Viewers also liked

Cscchealthcare110512
Cscchealthcare110512Cscchealthcare110512
Cscchealthcare110512Accenture
 
Case1 500 t to 5p
Case1 500 t to 5pCase1 500 t to 5p
Case1 500 t to 5pAccenture
 
Cloud agility-gap-whitepaper 9595
Cloud agility-gap-whitepaper 9595Cloud agility-gap-whitepaper 9595
Cloud agility-gap-whitepaper 9595Accenture
 
冰毒Ice drog
冰毒Ice drog冰毒Ice drog
冰毒Ice drogAccenture
 
Accelerate to your cloud seminar
Accelerate to your cloud seminarAccelerate to your cloud seminar
Accelerate to your cloud seminarAccenture
 
Enterprise cloudadoption
Enterprise cloudadoptionEnterprise cloudadoption
Enterprise cloudadoptionAccenture
 
Ak13 upgrade
Ak13 upgradeAk13 upgrade
Ak13 upgradeAccenture
 
Big data, big deal ms it168文库
Big data, big deal ms it168文库Big data, big deal ms it168文库
Big data, big deal ms it168文库Accenture
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
Statistically adaptive learning for a general class of..
Statistically adaptive learning for a general class of..Statistically adaptive learning for a general class of..
Statistically adaptive learning for a general class of..Accenture
 
Infochimps report 451 research impact report
Infochimps report 451 research impact reportInfochimps report 451 research impact report
Infochimps report 451 research impact reportAccenture
 
111302011 iw computing_economics_final_v2
111302011 iw computing_economics_final_v2111302011 iw computing_economics_final_v2
111302011 iw computing_economics_final_v2Accenture
 
04032012 iw ibm_webcast_series_part_3_performance_how_to_finetune_your_odm_so...
04032012 iw ibm_webcast_series_part_3_performance_how_to_finetune_your_odm_so...04032012 iw ibm_webcast_series_part_3_performance_how_to_finetune_your_odm_so...
04032012 iw ibm_webcast_series_part_3_performance_how_to_finetune_your_odm_so...Accenture
 
Emc big data
Emc big dataEmc big data
Emc big dataAccenture
 
Braking china
Braking chinaBraking china
Braking chinaAccenture
 
Data ontap 8.x 7 mode cook book v1 1
Data ontap 8.x 7 mode cook book v1 1Data ontap 8.x 7 mode cook book v1 1
Data ontap 8.x 7 mode cook book v1 1Accenture
 
Storage for cloud
Storage for cloudStorage for cloud
Storage for cloudAccenture
 
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...Accenture
 
Diplôme Universitaire de Technologie
Diplôme Universitaire de TechnologieDiplôme Universitaire de Technologie
Diplôme Universitaire de TechnologieFreddy Crozilhac
 

Viewers also liked (20)

Cscchealthcare110512
Cscchealthcare110512Cscchealthcare110512
Cscchealthcare110512
 
Case1 500 t to 5p
Case1 500 t to 5pCase1 500 t to 5p
Case1 500 t to 5p
 
Cloud agility-gap-whitepaper 9595
Cloud agility-gap-whitepaper 9595Cloud agility-gap-whitepaper 9595
Cloud agility-gap-whitepaper 9595
 
冰毒Ice drog
冰毒Ice drog冰毒Ice drog
冰毒Ice drog
 
Accelerate to your cloud seminar
Accelerate to your cloud seminarAccelerate to your cloud seminar
Accelerate to your cloud seminar
 
Enterprise cloudadoption
Enterprise cloudadoptionEnterprise cloudadoption
Enterprise cloudadoption
 
Ak13 upgrade
Ak13 upgradeAk13 upgrade
Ak13 upgrade
 
Big data, big deal ms it168文库
Big data, big deal ms it168文库Big data, big deal ms it168文库
Big data, big deal ms it168文库
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_security
 
Statistically adaptive learning for a general class of..
Statistically adaptive learning for a general class of..Statistically adaptive learning for a general class of..
Statistically adaptive learning for a general class of..
 
Infochimps report 451 research impact report
Infochimps report 451 research impact reportInfochimps report 451 research impact report
Infochimps report 451 research impact report
 
111302011 iw computing_economics_final_v2
111302011 iw computing_economics_final_v2111302011 iw computing_economics_final_v2
111302011 iw computing_economics_final_v2
 
04032012 iw ibm_webcast_series_part_3_performance_how_to_finetune_your_odm_so...
04032012 iw ibm_webcast_series_part_3_performance_how_to_finetune_your_odm_so...04032012 iw ibm_webcast_series_part_3_performance_how_to_finetune_your_odm_so...
04032012 iw ibm_webcast_series_part_3_performance_how_to_finetune_your_odm_so...
 
Emc big data
Emc big dataEmc big data
Emc big data
 
Braking china
Braking chinaBraking china
Braking china
 
Data ontap 8.x 7 mode cook book v1 1
Data ontap 8.x 7 mode cook book v1 1Data ontap 8.x 7 mode cook book v1 1
Data ontap 8.x 7 mode cook book v1 1
 
Storage for cloud
Storage for cloudStorage for cloud
Storage for cloud
 
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
 
guide_e-learning
guide_e-learningguide_e-learning
guide_e-learning
 
Diplôme Universitaire de Technologie
Diplôme Universitaire de TechnologieDiplôme Universitaire de Technologie
Diplôme Universitaire de Technologie
 

Similar to Ast 0064255 strategies-for_assessing_cloud_security

The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxcherry686017
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesIOSR Journals
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...AJASTJournal
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...AJASTJournal
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...IBM India Smarter Computing
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesIJCSIS Research Publications
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET Journal
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment reportAhmad El Tawil
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overviewsri_kanth0526
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overviewjaimehra05
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 

Similar to Ast 0064255 strategies-for_assessing_cloud_security (20)

The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docx
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and Services
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
cloud1_aggy.pdf
cloud1_aggy.pdfcloud1_aggy.pdf
cloud1_aggy.pdf
 
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust Issues
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital Forensic
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment report
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
3822424.ppt
3822424.ppt3822424.ppt
3822424.ppt
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overview
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overview
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
legal and ethical.ppt
legal and ethical.pptlegal and ethical.ppt
legal and ethical.ppt
 

More from Accenture

Certify 2014trends-report
Certify 2014trends-reportCertify 2014trends-report
Certify 2014trends-reportAccenture
 
Calabrio analyze
Calabrio analyzeCalabrio analyze
Calabrio analyzeAccenture
 
Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011Accenture
 
Perf stat windows
Perf stat windowsPerf stat windows
Perf stat windowsAccenture
 
Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...Accenture
 
NetApp system installation workbook Spokane
NetApp system installation workbook SpokaneNetApp system installation workbook Spokane
NetApp system installation workbook SpokaneAccenture
 
Migrate volume in akfiler7
Migrate volume in akfiler7Migrate volume in akfiler7
Migrate volume in akfiler7Accenture
 
Migrate vol in akfiler7
Migrate vol in akfiler7Migrate vol in akfiler7
Migrate vol in akfiler7Accenture
 
Data storage requirements AK
Data storage requirements AKData storage requirements AK
Data storage requirements AKAccenture
 
C mode class
C mode classC mode class
C mode classAccenture
 
Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012Accenture
 
Reporting demo
Reporting demoReporting demo
Reporting demoAccenture
 
Net app virtualization preso
Net app virtualization presoNet app virtualization preso
Net app virtualization presoAccenture
 
Providence net app upgrade plan PPMC
Providence net app upgrade plan PPMCProvidence net app upgrade plan PPMC
Providence net app upgrade plan PPMCAccenture
 
WSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutionsWSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutionsAccenture
 
50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deployment50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deploymentAccenture
 
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11Accenture
 
Snap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenarioSnap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenarioAccenture
 
Ref arch for ve sg248155
Ref arch for ve sg248155Ref arch for ve sg248155
Ref arch for ve sg248155Accenture
 

More from Accenture (20)

Certify 2014trends-report
Certify 2014trends-reportCertify 2014trends-report
Certify 2014trends-report
 
Calabrio analyze
Calabrio analyzeCalabrio analyze
Calabrio analyze
 
Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011
 
Perf stat windows
Perf stat windowsPerf stat windows
Perf stat windows
 
Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...
 
NetApp system installation workbook Spokane
NetApp system installation workbook SpokaneNetApp system installation workbook Spokane
NetApp system installation workbook Spokane
 
Migrate volume in akfiler7
Migrate volume in akfiler7Migrate volume in akfiler7
Migrate volume in akfiler7
 
Migrate vol in akfiler7
Migrate vol in akfiler7Migrate vol in akfiler7
Migrate vol in akfiler7
 
Data storage requirements AK
Data storage requirements AKData storage requirements AK
Data storage requirements AK
 
C mode class
C mode classC mode class
C mode class
 
Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012
 
NA notes
NA notesNA notes
NA notes
 
Reporting demo
Reporting demoReporting demo
Reporting demo
 
Net app virtualization preso
Net app virtualization presoNet app virtualization preso
Net app virtualization preso
 
Providence net app upgrade plan PPMC
Providence net app upgrade plan PPMCProvidence net app upgrade plan PPMC
Providence net app upgrade plan PPMC
 
WSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutionsWSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutions
 
50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deployment50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deployment
 
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
 
Snap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenarioSnap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenario
 
Ref arch for ve sg248155
Ref arch for ve sg248155Ref arch for ve sg248155
Ref arch for ve sg248155
 

Ast 0064255 strategies-for_assessing_cloud_security

  • 1. IBM Global Technology Services November 2010 Thought Leadership White Paper Strategies for assessing cloud security
  • 2. 2 Securing the cloud: from strategy development to ongoing assessment Executive summary compliance. Even if IT workloads are transitioned to the Cloud computing provides flexible, cost-effective delivery of cloud, users are still responsible for compliance and data secu- business or consumer IT services over the Internet. Cloud rity. As a result, subscribers must establish trust relationships resources can be rapidly deployed and easily scaled, with all with their cloud providers and understand the risk posed by processes, applications, and services provisioned on demand, public and/or private cloud computing environments. regardless of the user location or device. As a result, cloud computing helps organizations improve service delivery, Security challenges in the cloud—the streamline IT management and better align IT services with need for a trusted third party evaluation dynamic business requirements. Cloud computing can also One of the most significant differences between cloud simultaneously support core business functions and provide security and traditional IT security stems from the sharing of capacity for new and innovative services. infrastructure on a massive scale. Users spanning different cor- porations and trust levels often interact with the same set of Both public and private cloud models, or a hybrid approach computing resources. And public cloud services are increas- using both models, are now in use. Available to anyone with ingly being offered by a chain of providers—all storing and Internet access, public clouds are acquired as a service and processing data externally in multiple unspecified locations. paid for on a per-usage basis or by subscription. Private clouds are owned and used by a single organization. They offer many Inside the cloud, it is difficult to physically locate where data is of the same benefits as public clouds, but give the owner stored. Security processes that were once visible are now hid- greater flexibility and control. den behind layers of abstraction. This lack of visibility can cause concerns about data exposure and compromise, service Although the benefits of cloud computing are clear, so is the reliability, ability to demonstrate compliance and meet SLAs, need to develop proper security for cloud implementations— and overall security management. whether public or private. Embracing cloud computing with- out adequate security controls can place the entire IT Visibility can be especially critical for compliance. The infrastructure at risk. Cloud computing introduces another Sarbanes-Oxley Act, the Health Insurance Portability and level of risk because essential services are often outsourced to Accountability Act (HIPAA), European privacy laws, and many a third party, making it harder to maintain data integrity and privacy, support data and service availability, and demonstrate
  • 3. IBM Global Technology Services 3 other regulations require comprehensive auditing capabilities. Developing a strategic cloud security Many public clouds may indeed be a black box to the sub- roadmap with IBM scriber, thus clients may not be able to demonstrate compli- There is no one-size-fits-all model for security in the cloud. ance. (A private or hybrid cloud, on the other hand, can be Organizations have different security requirements that are configured to meet those requirements.) determined by the unique characteristics of the business work- load they intend to migrate to the cloud or the services they In addition, providers are sometimes required to support are providing from their cloud. It is important when evaluat- third-party audits, or support e-Discovery initiatives and ing risk in a cloud computing model, that a cloud security forensic investigations. This adds even more importance to strategy be developed. maintaining proper visibility into the cloud. Legal discovery of a co-tenant’s data may affect the confidentiality of other ten- By partnering with IBM, clients can benefit from proven ants’ data if the data is not properly segmented. This may assessment methodologies and best practices that help mean that some sensitive data may not be appropriate for cer- ensure consistent, reliable results. They can also leverage com- tain cloud environments. prehensive frameworks that address enterprise cloud strategy, implementation and management in a holistic approach that Organizations considering cloud-based services must under- maximizes the business value of cloud investments while mini- stand the associated risks and ensure appropriate visibility. mizing business risk. IBM guidelines for securing cloud implementations focus on the following areas: Defining business and IT strategy The first step to understanding security risks posed by a cloud ● Building a security program computing model is to analyze business and IT strategies. ● Confidential data protection What is the value of the information that will be stored, ● Implementing strong access and identity accessed and transmitted via the cloud? Is it business critical ● Application provisioning and de-provisioning and/or confidential? Is it subject to regulatory compliance? ● Governance audit management Clients must also consider availability requirements. After ● Vulnerability management determining the business and IT strategy and evaluating the ● Testing and validation data, clients can make a more informed, risk-based decision about which cloud computing model to pursue. Because cloud computing is available in several service models (and hybrids of these models), each presents different levels of responsibility for security management. Trusted third parties can help companies apply cloud security best practices to their specific business needs.
  • 4. 4 Securing the cloud: from strategy development to ongoing assessment Identifying the risks The IBM cloud security assessment reviews cloud architecture Each type of cloud—public, private and hybrid—carries a from a security standpoint, including policies and processes for different level of IT security risk. Security experts from data access and storage. IBM security experts assess the cur- IBM can help clients identify the vulnerabilities, threats and rent state of cloud security against best practices, and against other values at risk based on public, private or hybrid cloud providers’ own security objectives. Security requirements and architecture. From there, IBM will work with clients to design best practices criteria is based on unique characteristics of the initial mechanisms and controls to mitigate risk, and outline subject cloud, including workload, trust level of end users, the maintenance and testing procedures that will help ensure data protection requirements and more. For example, clouds ongoing risk mitigation. supporting email will have different security requirements than those supporting electronic Protected Health Documenting the plan Information (ePHI). IBM clients will benefit from a documented roadmap address- ing cloud security strategy. The plan should identify the types A gap assessment against security objectives and best practices of workloads or applications that are candidates for cloud will reveal strengths and weaknesses of the current security computing and should account for the legal, regulatory and architecture and processes. IBM experts will provide recom- security requirements. IBM will work with clients to plan for mendations for improvements and continuous security compensating controls to mitigate perceived risks, including measures to bridge the gaps. These can include the use of how to address identity and access management, and how to additional network security controls, modifications to existing balance security controls between the cloud provider and the security policies and procedures, implementation of new iden- subscriber. tity and access management controls, acquisition of managed security services for offloading critical security management Assessing cloud security with IBM tasks, or any number of other remediation steps. In addition to developing a strategy for cloud security, IBM can perform a cloud security assessment for public or In addition to a thorough review of the cloud security pro- private cloud offerings. This service can provide helpful due gram, IBM advises steady state technical testing of the cloud’s diligence for cloud providers, or help subscribers understand network infrastructure and supporting applications via remote the security posture of their provider’s cloud. penetration and application testing. This provides a “hacker’s eye” view of cloud components and provides insight into how cloud security weaknesses can significantly impact data and information protection.
  • 5. IBM Global Technology Services 5 Why IBM? security services that enable a business-driven approach to To fully benefit from cloud computing, clients must ensure securing your cloud computing as well as your physical IT that data, applications and systems are properly secured so that environments. cloud infrastructure won’t expose the organization to risk. Cloud computing has the usual requirements of traditional IT IBM’s capabilities empower you to dynamically monitor and security, though it presents an added level of risk because of quantify security risks, enabling you to better: the external aspects of a cloud model. This can make it more difficult to maintain data integrity and privacy, support data ● Understand threats and vulnerabilities in terms of business and service availability, and demonstrate compliance. impact, ● Respond to security events with security controls that opti- Assessing the risks associated with cloud computing, such as mize business results, data integrity, recovery, privacy, and tenant isolation is critical ● Prioritize and balance your security investments. to the adoption of cloud technologies. These risks call for automated end-to-end security with a heavier emphasis on IBM also securely operates its own public clouds, including strong isolation, integrity and resiliency in order to provide IBM LotusLive™. IBM continuously invests in research and visibility, control and automation across the cloud computing development of stronger isolation at all levels of the network, infrastructure. server, hypervisor, process and storage infrastructure to sup- port massive multitenancy while mitigating risk. IBM helps clients put risk management strategies into action by transforming security from a cost of doing business to a Through world-class solutions that address risk across all way to improve the business. IBM draws from a broad portfo- aspects of your business, IBM is able to help you create an lio of consulting services, software and hardware and managed intelligent infrastructure that drives down costs, is secure, and is just as dynamic as today’s business climate. IBM cloud secu- rity solutions and services build on the strong foundation of the IBM security framework to extend benefits from tradi- tional IT environments to cloud computing environments.
  • 6. For more information To learn more about the IBM Cloud Security Services, please contact your IBM marketing representative or IBM Business Partner, or visit the following website: ibm.com/cloud Additionally, financing solutions from IBM Global Financing © Copyright IBM Corporation 2010 Route 100 can enable effective cash management, protection from tech- Somers, NY 10589 U.S.A. nology obsolescence, improved total cost of ownership and Produced in the United States of America return on investment. Also, our Global Asset Recovery November 2010 Services help address environmental concerns with new, All Rights Reserved more energy-efficient solutions. For more information on IBM, the IBM logo, ibm.com and LotusLive are trademarks or IBM Global Financing, visit: ibm.com/financing registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. Please Recycle SEW03022-USEN-01