eChallenges_e2011_JS

•Download as PPT, PDF•

1 like•65 views

This document summarizes a presentation on auditing issues for cloud-based business services. The presentation covers fundamentals of cloud computing, compliance and auditing. It discusses challenges around cloud compliance related to data locality, multi-tenancy and data retention. The presentation aims to ensure security of consumer data, maintain compliance with privacy laws and prevent unauthorized access or transfer of customer data from cloud services.

Session 2b, 26th
October 2011 eChallenges e-2011 Copyright 2011 SAP Research
Auditing Issues for Cloud-based
Business Services
Jonathan Sinclair
SAP Research Belfast
UK

Session 2b, 26th
October 2011 eChallenges e-2011 Copyright 2011 SAP Research
Agenda
• Fundamentals of Cloud, Compliance and Auditing
• Cloud Compliance Challenges
• Use Case: Future Healthcare and CRM
• Compliance Auditing
• Conclusions

Session 2b, 26th
October 2011 eChallenges e-2011 Copyright 2011 SAP Research
Fundamentals
Compliance
Compliance is defined as
being in accordance with
relevant governmental orindustrial laws, regulationsand standards through
governance processes.
Business Web
A business model and
technical framework that
represents a marketplace
allowing providers and
consumers to negotiate the
usage of products.
Clouds are a large pool of
easily usable and accessible
virtualized resources that
can be dynamically
reconfigured to adjust to a
variable load.
Cloud Computing
Auditing
The process of collecting and
evaluating evidence to
determine whether a
computer system (information
system) safeguards assets,
maintains data integrity,
achieves organizational goals
effectively and consumes
resources efficiently.

Session 2b, 26th
October 2011 eChallenges e-2011 Copyright 2011 SAP Research
Motivation, Problem Area
“An undefined problem has an infinite number of solutions”
Robert A. Humphrey
Customer Data
Legislation
Government
Auditor
Compliance CheckCompliance Report
Regulation
Regulator
creates creates
Businesses
have to
comply with
store and are
responsible for
use IT to improve
operations
IT Department
have to
comply with
Governance
Compliance
Customer Data
Legislation
Government
Auditor
Compliance CheckCompliance Report
Regulation
Regulator
creates creates
Businesses
have to
comply with
store and are
responsible for
use IT to improve
operations
IT Department
have to
comply with
Governance
Compliance

Session 2b, 26th
October 2011 eChallenges e-2011 Copyright 2011 SAP Research
Research Objectives
• The locality of data is of key importance to adhere to legislation
– Cross-jurisdictional conflictions
– Performance and Availability
– Disaster Recovery and Backup
• Multi-tenancy and data accessibility
– Company Multi-tenancy
– Systems Multi-tenancy
• Data Retention
– Retaining data in the Cloud
– Retaining data from the Cloud
“The greatest challenge to any thinker is stating the problem in a way that will allow a solution.”
Bertrand Russell

Session 2b, 26th
October 2011 eChallenges e-2011 Copyright 2011 SAP Research
CloudCloud
AuditorAuditor
Research Approach, Methodology
“Most human beings have an almost infinite capacity for taking things for granted”
Aldous Huxley

Session 2b, 26th
October 2011 eChallenges e-2011 Copyright 2011 SAP Research
Major Outcomes/Results
“A complex system that works is invariably found to have evolved from a simple system that works”
John Gaule

Session 2b, 26th
October 2011 eChallenges e-2011 Copyright 2011 SAP Research
Conclusion and Outlook
• Ensure the security of consumer’s data
• Maintain compliance with data security / privacy laws
• Assure that service providers, integrators or composers cannot
• access data within a consumer’s service
• transfer data from a consumer’s service
“A conclusion is the place where you got tired of thinking”
Harold Fricklestein

Session 2b, 26th
October 2011 eChallenges e-2011 Copyright 2011 SAP Research
Thank You!
Jonathan Sinclair
Research Associate
SAP Research Belfast
SAP [UK] Ltd
The Concourse, Queen‘s Road
Queen‘s Island, Titanic Quarter
Belfast BT3 9DT
T +44 (0)28 9078 5749
E jonathan.sinclair@sap.com
Blogger:
cloudauditing.blogspot.com
LinkedIn:
jonathangsinclair
Twitter:
jonnygsinclair
Slideshare:
jonathansinclair86

What's hot

TheValueChain Beyond Simple 10-05-16 - Internet of Things

TheValueChain

Characterizing Incidents in Cloud-based IoT Data Analytics

Hong-Linh Truong

IOTA MAM and Internet of Underwater Things systems The main problem of the IoT control devices and sensor is the lack of secure direct communication with thefinal trust point and different types of corruption and spoofing can occur. This introduces a great opportunity for data tampering and cyber-attack in addition no one can trust the sensor data in the first communication step. No one guarantees that a right sensor sends out the right data due to no authentication and no truthfulness of sensors that are connected with a trusted point. The middle point is the first trusted point but no one can guarantee correctness and truthfulness in the data before this point. The aim of this talk is to reach out a new way to directly connect an embedded devices system, in this case, an underwater things system directly with a DL endpoint. The final purpose is to avoid an intermediary gateway step and port down the entire client system directly on embedded IoT devices, this will allow the device to directly communicate with blockchain with no additional middle step. The entire project covers the needs to reach a secure and authenticate communication directly from the sensor node and in this way guarantee the CIA properties from the bottom. We have therefore developed a solution that exploits the advantages of the IOTA MAM protocol and the advantages offered by the DL technology offered by IOTA to set up a protocol that allows direct communication between IOTA Tangle and low-level devices. The solution is based on IOTA technology and IOTA environment and uses MAM protocol for message exchange on tangle. This protocol allows to sign and encrypt the message and thanks to the solidity of IOTA tangle is easy to reach the continuous availability and accessible to the service.

SFScon 21 - Nicola Altamura - Implementation of IOTA solutions on embedded de...

South Tyrol Free Software Conference

Energy efficient fault-tolerant data storage & processing in mobile cloud

LogicMindtech Nologies

Tim scottkoenverheyenpresentation

Patrick Van Renterghem

Benefits of cloud computing

Rishabh Dogra

Energy efficient fault-tolerant data storage and processing in mobile cloud Do Your Projects With Technology Experts To Get this projects Call : 9566355386 / 99625 88976 Web : http://www.lemenizinfotech.com Web : http://www.ieeemaster.com Mail : projects@lemenizinfotech.com Blog : http://ieeeprojectspondicherry.weebly.com Blog : http://www.ieeeprojectsinpondicherry.blogspot.in/ Youtube:https://www.youtube.com/watch?v=eesBNUnKvws

Energy efficient fault-tolerant data storage and processing in mobile cloud

LeMeniz Infotech

Cloud Computing Introduction

Presentaionslive.blogspot.com

The potential of the cloud

Jisc

Adoptive Gateways for dIverse MuLtiple Environments

Charalampos Doukas

According to the Leapfrog Group, hospitals in the US pay a surcharge of $5900-$7800 per admission to cover a wide range of medical errors. Smart point-of-care systems address the source of these errors to help reduce healthcare expenditures while improving patient care. The systems reliably connect and transmit critical data for medical devices, clinicians and patients – ensuring information is shared exactly when and where it's needed most. However, it is extremely challenging to address data interoperability, safety, security and integration with other systems in today's healthcare environment. As data volume grows and becomes increasingly valuable, these issues will affect system and data architecture, especially with the rise of smart analytics used to improve the quality of treatment. Join Tracy Rausch, founder and CTO of DocBox Inc., and Sumeet Shendrikar, RTI Solutions Architect, as they discuss the challenges of developing smarter point-of-care systems and how a data-centric architecture can ensure the right data gets to the right place at the right time to improve patient healthcare.

How to Architect Smarter Systems for Healthcare

Real-Time Innovations (RTI)

SMART Seminar Series: "From cloud-sourced flood mapping to connected communit...

SMART Infrastructure Facility

Data Science for Effective Network Operations

Kiran Inampudi

Engineering and OW2 Big Data Initiative: an open approach to the data-driven ...

SpagoWorld

Cloud computing and managed services (Sumit Dutta, CSSWA)

makinglinks

Asset Intelligence

Juliann2012

Open Source at GLA - a road less travelled

Invotra2014

2014.11 meetup presentation v1

gradyneff

NordForsk Open Access Reykjavik 14-15/8-2014:NeIC

NordForsk

Improving Innovation Through Open Data - Construction Excellence Annual Confe...

21cConsultancy_2012

What's hot (20)

TheValueChain Beyond Simple 10-05-16 - Internet of Things

Characterizing Incidents in Cloud-based IoT Data Analytics

SFScon 21 - Nicola Altamura - Implementation of IOTA solutions on embedded de...

Energy efficient fault-tolerant data storage & processing in mobile cloud

Tim scottkoenverheyenpresentation

Benefits of cloud computing

Energy efficient fault-tolerant data storage and processing in mobile cloud

Cloud Computing Introduction

The potential of the cloud

Adoptive Gateways for dIverse MuLtiple Environments

How to Architect Smarter Systems for Healthcare

SMART Seminar Series: "From cloud-sourced flood mapping to connected communit...

Data Science for Effective Network Operations

Engineering and OW2 Big Data Initiative: an open approach to the data-driven ...

Cloud computing and managed services (Sumit Dutta, CSSWA)

Asset Intelligence

Open Source at GLA - a road less travelled

2014.11 meetup presentation v1

NordForsk Open Access Reykjavik 14-15/8-2014:NeIC

Improving Innovation Through Open Data - Construction Excellence Annual Confe...

Viewers also liked

Infographic RBD Nordic-Baltic - 2016 Final

Yvette Entius

Presentation Kenzen Paleo Bar™ Slide Show 4-16-16

Pamela Hoffner Schuler

Natives_guide_2017.compressed

Stephan Morse

Bursting The Filter Bubble

NicoleBranch

What are the Key Customer Experience Mistakes that Brands Make?

MikeGTaylor

Paola medina

Fcb

stroud-david-resume (1) (1) (1)

David Stroud

Λεωφορείο-Μέσο συγκοινωνίας

Elvira Athanasopoulou

Bonitasoft BPMN Presentation

Kashif Captain

Informal email 3º

Estela Albaladejo Martínez

Presentation by Chris Uttley, Stroud RSuds Project Officer - Delivery of Natu...

Countryside and Community Research Institute

Production schedule

Ege1072

Viewers also liked (14)

Infographic RBD Nordic-Baltic - 2016 Final

Presentation Kenzen Paleo Bar™ Slide Show 4-16-16

Natives_guide_2017.compressed

Bursting The Filter Bubble

What are the Key Customer Experience Mistakes that Brands Make?

MikeGTaylor

Paola medina

Fcb

stroud-david-resume (1) (1) (1)

Λεωφορείο-Μέσο συγκοινωνίας

Bonitasoft BPMN Presentation

Informal email 3º

Presentation by Chris Uttley, Stroud RSuds Project Officer - Delivery of Natu...

Production schedule

Similar to eChallenges_e2011_JS

Cloud Compliance Auditing - Closer 2011

Jonathan Sinclair

Cloud Computing and the Changing IT Model

Kaali Dass PMP, PhD.

RightScale User Conference NYC 2011 - Michael Crandell - CEO, RightScale Brian Adler - Solutions Architect, RightScale Cloud misconceptions and corporate inertia often surface as the greatest inhibitors of enterprise cloud adoption. In this session, we'll share successful enterprise use cases and give you practical tips on addressing legitimate concerns to accelerate cloud adoption within your organization. We'll discuss specific issues that enterprises often encounter when using cloud-based resource pools, such as managing security, visibility, and control through infrastructure audits.

Advancing Cloud Initiatives and Removing Barriers to Adoption

RightScale

ADV Slides: The Evolution of the Data Platform and What It Means to Enterpris...

DATAVERSITY

Watch full webinar here: https://bit.ly/3cUA0Qi Many organizations are embarking on strategically important journeys to embrace data and analytics. The goal can be to improve internal efficiencies, improve the customer experience, drive new business models and revenue streams, or – in the public sector – provide better services. All of these goals require empowering employees to act on data and analytics and to make data-driven decisions. However, getting data – the right data at the right time – to these employees is a huge challenge and traditional technologies and data architectures are simply not up to this task. This webinar will look at how organizations are using Data Virtualization to quickly and efficiently get data to the people that need it. Attend this session to learn: - The challenges organizations face when trying to get data to the business users in a timely manner - How Data Virtualization can accelerate time-to-value for an organization’s data assets - Examples of leading companies that used data virtualization to get the right data to the users at the right time

Bridging the Last Mile: Getting Data to the People Who Need It

Denodo

Scality medical imaging storage

Scality

Keynote at Sixth International Workshop on Cloud Data Management CloudDB 2014 Chicago March 31 2014. Abstract: We introduce the NIST collection of 51 use cases and describe their scope over industry, government and research areas. We look at their structure from several points of view or facets covering problem architecture, analytics kernels, micro-system usage such as flops/bytes, application class (GIS, expectation maximization) and very importantly data source. We then propose that in many cases it is wise to combine the well known commodity best practice (often Apache) Big Data Stack (with ~120 software subsystems) with high performance computing technologies. We describe this and give early results based on clustering running with different paradigms. We identify key layers where HPC Apache integration is particularly important: File systems, Cluster resource management, File and object data management, Inter process and thread communication, Analytics libraries, Workflow and Monitoring. See [1] A Tale of Two Data-Intensive Paradigms: Applications, Abstractions, and Architectures, Shantenu Jha, Judy Qiu, Andre Luckow, Pradeep Mantha and Geoffrey Fox, accepted in IEEE BigData 2014, available at: http://arxiv.org/abs/1403.1528 [2] High Performance High Functionality Big Data Software Stack, G Fox, J Qiu and S Jha, in Big Data and Extreme-scale Computing (BDEC), 2014. Fukuoka, Japan. http://grids.ucs.indiana.edu/ptliupages/publications/HPCandApacheBigDataFinal.pdf

Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...

Geoffrey Fox

Watch full webinar here: https://bit.ly/3joZa0a The current data landscape is fragmented, not just in location but also in terms of processing paradigms: data lakes, IoT architectures, NoSQL, and graph data stores, SaaS applications, etc. are found coexisting with relational databases to fuel the needs of modern analytics, ML, and AI. The physical consolidation of enterprise data into a central repository, although possible, is both expensive and time-consuming. A logical data warehouse is a modern data architecture that allows organizations to leverage all of their data irrespective of where the data is stored, what format it is stored in, and what technologies or protocols are used to store and access the data. Watch this session to understand: - What is a logical data warehouse and how to architect one - The benefits of logical data warehouse – speed with agility - Customer use case depicting logical architecture implementation

A Logical Architecture is Always a Flexible Architecture (ASEAN)

Denodo

Watch this webinar in full here: https://buff.ly/2IxM8Iy Watch all webinars from the Denodo Packed Lunch webinar series here: https://buff.ly/2IR3q6w While big data initiatives have become necessary for any business to generate actionable insights, big data fabric has become a necessity for any successful big data initiative. The best of breed big data fabrics should deliver actionable insights to the business users with minimal effort, provide end-to-end security to the entire enterprise data platform and provide real-time data integration, while delivering self-service data platform to business users. Attend this session to learn how big data fabric enabled by data virtualization: • Provides lightning fast self-service data access to business users • Centralizes data security, governance and data privacy • Fulfills the promise of data lakes to provide actionable insights

Big Data Fabric: A Necessity For Any Successful Big Data Initiative

Denodo

Cloud Presentation and OpenStack case studies -- Harvard University

Barton George

A Survey on A Secure Anti-Collusion Data Sharing Scheme for Dynamic Groups in...

IRJET Journal

Paper Final Taube Bienert GridInterop 2012

Bert Taube

Agile Big Data Analytics Development: An Architecture-Centric Approach

SoftServe

Watch full webinar here: https://bit.ly/3FF1ubd In the recent Building the Unified Data Warehouse and Data Lake report by leading industry analysts TDWI, we have discovered 64% of organizations stated the objective for a unified Data Warehouse and Data Lakes is to get more business value and 84% of organizations polled felt that a unified approach to Data Warehouses and Data Lakes was either extremely or moderately important. In this session, you will learn how your organization can apply a logical data fabric and the associated technologies of machine learning, artificial intelligence, and data virtualization can reduce time to value. Hence, increasing the overall business value of your data assets. KEY TAKEAWAYS: - How a Logical Data Fabric is the right approach to assist organizations to unify their data. - The advanced features of a Logical Data Fabric that assist with the democratization of data, providing an agile and governed approach to business analytics and data science. - How a Logical Data Fabric with Data Virtualization enhances your legacy data integration landscape to simplify data access and encourage self-service.

Building a Logical Data Fabric using Data Virtualization (ASEAN)

Denodo

OCSL-Nabarro-LLP-Cast-Study-Web-

Charlotte Sanders

The data center has gone through several inflection points in the past decades: adoption of Linux, migration from physical infrastructure to virtualization and Cloud, and now large-scale data analytics with Big Data and Hadoop. Please join us to learn about how Cloudera and Intel are jointly innovating through open source software to enable Hadoop to run best on IA (Intel Architecture) and to foster the evolution of a vibrant Big Data ecosystem.

Intel and Cloudera: Accelerating Enterprise Big Data Success

Cloudera, Inc.

Internet of Things and Multi-model Data Infrastructure

SingleStore

Qubole on AWS - White paper

Vasu S

Artificial Intelligence for IT Operations (AIOps) is a class of software which targets the automation of operational tasks through machine learning technologies. ML algorithms are typically used to support tasks such as anomaly detection, root-causes analysis, failure prevention, failure prediction, and system remediation. AIOps is gaining an increasing interest from the industry due to the exponential growth of IT operations and the complexity of new technology. Modern applications are assembled from hundreds of dependent microservices distributed across many cloud platforms, leading to extremely complex software systems. Studies show that cloud environments are now too complex to be managed solely by humans. This talk discusses various AIOps problems we have addressed over the years and gives a sketch of the solutions and algorithms we have implemented. Interesting problems include hypervisor anomaly detection, root-cause analysis of software service failures using application logs, multi-modal anomaly detection, root-cause analysis using distributed traces, and verification of virtual private cloud networks.

On the Application of AI for Failure Management: Problems, Solutions and Algo...

Jorge Cardoso

As the cloud computing technology develops during the last decade, outsourcing data to cloud service for storage becomes an attractive trend, which benefits in sparing efforts on heavy data maintenance and management. Nevertheless, since the outsourced cloud storage is not fully trustworthy, it raises security concerns on how to realize data deduplication in cloud while achieving integrity auditing. In this work, we study the problem of integrity auditing and secure deduplication on cloud data. Specifically, aiming at achieving both data integrity and deduplication in cloud, we propose two secure systems, namely SecCloud and SecCloud+. SecCloud introduces an auditing entity with a maintenance of a MapReduce cloud, which helps clients generate data tags before uploading as well as audit the integrity of data having been stored in cloud. Compared with previous work, the computation by user in SecCloud is greatly reduced during the file uploading and auditing phases. SecCloud+ is designed motivated by the fact that customers always want to encrypt their data before uploading, and enables integrity auditing and secure deduplication on encrypted data.

Privacy preserving public auditing for secured cloud storage

dbpublications

Similar to eChallenges_e2011_JS (20)

Cloud Compliance Auditing - Closer 2011

Cloud Computing and the Changing IT Model

Advancing Cloud Initiatives and Removing Barriers to Adoption

ADV Slides: The Evolution of the Data Platform and What It Means to Enterpris...

Bridging the Last Mile: Getting Data to the People Who Need It

Scality medical imaging storage

Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...

A Logical Architecture is Always a Flexible Architecture (ASEAN)

Big Data Fabric: A Necessity For Any Successful Big Data Initiative

Cloud Presentation and OpenStack case studies -- Harvard University

A Survey on A Secure Anti-Collusion Data Sharing Scheme for Dynamic Groups in...

Paper Final Taube Bienert GridInterop 2012

Agile Big Data Analytics Development: An Architecture-Centric Approach

Building a Logical Data Fabric using Data Virtualization (ASEAN)

OCSL-Nabarro-LLP-Cast-Study-Web-

Intel and Cloudera: Accelerating Enterprise Big Data Success

Internet of Things and Multi-model Data Infrastructure

Qubole on AWS - White paper

On the Application of AI for Failure Management: Problems, Solutions and Algo...

Privacy preserving public auditing for secured cloud storage

eChallenges_e2011_JS

2. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Agenda • Fundamentals of Cloud, Compliance and Auditing • Cloud Compliance Challenges • Use Case: Future Healthcare and CRM • Compliance Auditing • Conclusions

3. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Fundamentals Compliance Compliance is defined as being in accordance with relevant governmental orindustrial laws, regulationsand standards through governance processes. Business Web A business model and technical framework that represents a marketplace allowing providers and consumers to negotiate the usage of products. Clouds are a large pool of easily usable and accessible virtualized resources that can be dynamically reconfigured to adjust to a variable load. Cloud Computing Auditing The process of collecting and evaluating evidence to determine whether a computer system (information system) safeguards assets, maintains data integrity, achieves organizational goals effectively and consumes resources efficiently.

4. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Motivation, Problem Area “An undefined problem has an infinite number of solutions” Robert A. Humphrey Customer Data Legislation Government Auditor Compliance CheckCompliance Report Regulation Regulator creates creates Businesses have to comply with store and are responsible for use IT to improve operations IT Department have to comply with Governance Compliance Customer Data Legislation Government Auditor Compliance CheckCompliance Report Regulation Regulator creates creates Businesses have to comply with store and are responsible for use IT to improve operations IT Department have to comply with Governance Compliance

5. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Research Objectives • The locality of data is of key importance to adhere to legislation – Cross-jurisdictional conflictions – Performance and Availability – Disaster Recovery and Backup • Multi-tenancy and data accessibility – Company Multi-tenancy – Systems Multi-tenancy • Data Retention – Retaining data in the Cloud – Retaining data from the Cloud “The greatest challenge to any thinker is stating the problem in a way that will allow a solution.” Bertrand Russell

6. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research CloudCloud AuditorAuditor Research Approach, Methodology “Most human beings have an almost infinite capacity for taking things for granted” Aldous Huxley

7. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Major Outcomes/Results “A complex system that works is invariably found to have evolved from a simple system that works” John Gaule

8. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Conclusion and Outlook • Ensure the security of consumer’s data • Maintain compliance with data security / privacy laws • Assure that service providers, integrators or composers cannot • access data within a consumer’s service • transfer data from a consumer’s service “A conclusion is the place where you got tired of thinking” Harold Fricklestein

9. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Thank You! Jonathan Sinclair Research Associate SAP Research Belfast SAP [UK] Ltd The Concourse, Queen‘s Road Queen‘s Island, Titanic Quarter Belfast BT3 9DT T +44 (0)28 9078 5749 E jonathan.sinclair@sap.com Blogger: cloudauditing.blogspot.com LinkedIn: jonathangsinclair Twitter: jonnygsinclair Slideshare: jonathansinclair86

eChallenges_e2011_JS

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (14)

Similar to eChallenges_e2011_JS

Similar to eChallenges_e2011_JS (20)

eChallenges_e2011_JS