Cloud computing can be safe, uncomplicated and move the organization forward IF YOU DO YOUR DUE DILIGENCE!!
It's your data and your neck so don't be afraid to ask the right questions and get them in writing
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
Vast amounts of your organization's sensitive data are accessible, stored, and used by authorized employees and partners on a host of devices and servers. Protecting that data where ever it is stored or travels is a top priority.
Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP).
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
24/7 coverage and skills shortages for post breach detection and response are driving the need for Managed Detection and Response (MDR) Services. Analysts are predicting 15X growth for MDR services over the next few years as security leaders shift their focus from prevention to detection knowing attacks are evading existing defenses, often without malware by using macros and scripts.
Managed services often use MDR marketing messages and this sometimes results in their security monitoring services not meeting expectations. Buyers must learn what to look for in an MDR solution to avoid falling into this trap.
Controlling Risk in Virtualized Environments session discusses practical education and Information Technology approaches providing strategies for effective risk management in Virtualization and Cloud adoption. The topic will cover key cloud concepts & terminology, cloud and virtualization project components and their implications in Information Technology Service Management (ITSM), as well as security and legal aspects in governance. The discussion will be interactive.
Leveraging guidelines proposed in the CompTIA Cloud™ and ITpreneurs Virtualization Essentials™ curriculum, this hour will also outline steps organization should take to increase their success rate of implementing cloud computing, improve in-house cloud competencies, and decrease dependence on external consultants and services.
Discussion points include:
Service Management - (ITIL):
Cloud computing as a set of technologies and an approach to IT service delivery.
Governance – (COBIT): Detailing ways that risks should be mitigated such that investments generate value.
Information Security- (ISO/IEC 27001):
"Risk Management or Governance" through specific "Policy" where information security ensures that information in the cloud is safe and secure.
Participants in this class will be provided with the ING Cloud Case Study, which they may find useful in preparing for their own Corporate Cloud Strategy
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
Vast amounts of your organization's sensitive data are accessible, stored, and used by authorized employees and partners on a host of devices and servers. Protecting that data where ever it is stored or travels is a top priority.
Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP).
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
24/7 coverage and skills shortages for post breach detection and response are driving the need for Managed Detection and Response (MDR) Services. Analysts are predicting 15X growth for MDR services over the next few years as security leaders shift their focus from prevention to detection knowing attacks are evading existing defenses, often without malware by using macros and scripts.
Managed services often use MDR marketing messages and this sometimes results in their security monitoring services not meeting expectations. Buyers must learn what to look for in an MDR solution to avoid falling into this trap.
Controlling Risk in Virtualized Environments session discusses practical education and Information Technology approaches providing strategies for effective risk management in Virtualization and Cloud adoption. The topic will cover key cloud concepts & terminology, cloud and virtualization project components and their implications in Information Technology Service Management (ITSM), as well as security and legal aspects in governance. The discussion will be interactive.
Leveraging guidelines proposed in the CompTIA Cloud™ and ITpreneurs Virtualization Essentials™ curriculum, this hour will also outline steps organization should take to increase their success rate of implementing cloud computing, improve in-house cloud competencies, and decrease dependence on external consultants and services.
Discussion points include:
Service Management - (ITIL):
Cloud computing as a set of technologies and an approach to IT service delivery.
Governance – (COBIT): Detailing ways that risks should be mitigated such that investments generate value.
Information Security- (ISO/IEC 27001):
"Risk Management or Governance" through specific "Policy" where information security ensures that information in the cloud is safe and secure.
Participants in this class will be provided with the ING Cloud Case Study, which they may find useful in preparing for their own Corporate Cloud Strategy
Engaging with a vendor especially one who provides some sort of Information and/or technology based services is necessary for many global organizations. Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP). Cloud based services add to the complexities of managing traditional security & compliance risks. Identifying and addressing risks associated with moving your data, applications and services are not
the only thing that an organization has to consider. An organization also needs to think about and plan for vendor related risks, legal, regulatory and contractual risks. This spectrum of risks continues to expand particularly when dealing with customers and vendors who are operating in different geographies governed by different regulations, data protection laws, culture and operating models.
For more information, visit - http://www.happiestminds.com/technology-focus/cloud-computing/
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
Cybersecurity is an area of growing concern for financial institutions, especially in the face of recent high-profile data breaches. In June of this year, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Self Assessment Tool (CAT) to help institutions determine their risks and evaluate their preparedness.
Health Decisions Webinar: January 2013 data warehousesSi Nahra
Claims and enrollment data are a self-funded plan’s most important (and often most overlooked) asset. Do you know where your plan’s 2012 data are? They are warehoused somewhere. Whoever controls that warehouse controls your plan.
In this free webinar we will highlight the key features of data warehousing that assure you control your data and your plan. Ten criteria are presented that you should use to assess your current data warehouse arrangements and determine who really controls your plan.
For more information, please visit: http://www.healthdecisions.com
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan Singh
HIPAA's requirements serve to protect Protected Health Information (PHI) and Electronic Health Records (EHR) while PCI DSS concentrates on protected consumer credit card data. Both standards are highly effective in protecting the confidentiality of their patients and cardholders
TrustedAgent GRC streamlines the complexity of obtaining security authorization from FedRAMP for cloud IaaS, PaaS, and SaaS services and applications. From tracking evidence and key control implementation to create key deliverables like security plans and managing continuous monitoring for ongoing compliance. TrustedAgent significantly reduces the amount of work to be done manually including managing vulnerabilities from ongoing compliance. Download and contact us to learn more how TrustedAgent GRC can create opportunities for your cloud offerings in the Federal Government.
Click Here to visit the FedRAMP blog - https://www.controlcase.com/what-is-fedramp/?utm_source=webinar&utm_campaign=webinar
Click Here for FedRAMP Compliance Checklist - https://www.controlcase.com/fedramp-checklist-lp/?utm_source=webinar&utm_campaign=webinar
ControlCase covers the following:
- What is FedRAMP?
- What is FedRAMP Marketplace?
- Who does FedRAMP apply to?
- How hard is it to get FedRAMP certified?
- How long does the FedRAMP process take?
- How to get FedRAMP certified?
- ControlCase methodology for FedRAMP compliance
Marlabs helps establish and sustain the client’s company wide vision for cyber security strategies for addressing regulations, audit, and security risks.
Engaging with a vendor especially one who provides some sort of Information and/or technology based services is necessary for many global organizations. Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP). Cloud based services add to the complexities of managing traditional security & compliance risks. Identifying and addressing risks associated with moving your data, applications and services are not
the only thing that an organization has to consider. An organization also needs to think about and plan for vendor related risks, legal, regulatory and contractual risks. This spectrum of risks continues to expand particularly when dealing with customers and vendors who are operating in different geographies governed by different regulations, data protection laws, culture and operating models.
For more information, visit - http://www.happiestminds.com/technology-focus/cloud-computing/
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
Cybersecurity is an area of growing concern for financial institutions, especially in the face of recent high-profile data breaches. In June of this year, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Self Assessment Tool (CAT) to help institutions determine their risks and evaluate their preparedness.
Health Decisions Webinar: January 2013 data warehousesSi Nahra
Claims and enrollment data are a self-funded plan’s most important (and often most overlooked) asset. Do you know where your plan’s 2012 data are? They are warehoused somewhere. Whoever controls that warehouse controls your plan.
In this free webinar we will highlight the key features of data warehousing that assure you control your data and your plan. Ten criteria are presented that you should use to assess your current data warehouse arrangements and determine who really controls your plan.
For more information, please visit: http://www.healthdecisions.com
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan Singh
HIPAA's requirements serve to protect Protected Health Information (PHI) and Electronic Health Records (EHR) while PCI DSS concentrates on protected consumer credit card data. Both standards are highly effective in protecting the confidentiality of their patients and cardholders
TrustedAgent GRC streamlines the complexity of obtaining security authorization from FedRAMP for cloud IaaS, PaaS, and SaaS services and applications. From tracking evidence and key control implementation to create key deliverables like security plans and managing continuous monitoring for ongoing compliance. TrustedAgent significantly reduces the amount of work to be done manually including managing vulnerabilities from ongoing compliance. Download and contact us to learn more how TrustedAgent GRC can create opportunities for your cloud offerings in the Federal Government.
Click Here to visit the FedRAMP blog - https://www.controlcase.com/what-is-fedramp/?utm_source=webinar&utm_campaign=webinar
Click Here for FedRAMP Compliance Checklist - https://www.controlcase.com/fedramp-checklist-lp/?utm_source=webinar&utm_campaign=webinar
ControlCase covers the following:
- What is FedRAMP?
- What is FedRAMP Marketplace?
- Who does FedRAMP apply to?
- How hard is it to get FedRAMP certified?
- How long does the FedRAMP process take?
- How to get FedRAMP certified?
- ControlCase methodology for FedRAMP compliance
Marlabs helps establish and sustain the client’s company wide vision for cyber security strategies for addressing regulations, audit, and security risks.
Are your clients asking you about the costs and benefits of cloud based accounting and financial management systems? Are they asking you about the risks of cloud computing? Are you curious to know why there is so much buzz about the cloud?
As a trusted advisor, it is your responsibility to be informed about available (and exceptional) accounting and financial management software options. So, have you informed your client-base about the power of the cloud? Have you shared the rewards and possible risks of cloud computing? What, exactly, do they need to know to make the best financial decision for their organizations? This webcast will provide you with the nuts and bolts of cloud computing so you will be better able to answer your client’s questions.
In this webcast you will learn:
How to evaluate the available cloud options provided by various software vendors.
How cloud accounting complies with Section 404 of Sarbanes-Oxley?
Why cloud computing is relevant to CPAs in public practice?
What are the cost saving opportunities that arise from cloud computing.
Get ahead of the cloud or get left behindMatt Mandich
An enterprise cloud computing strategy results in:
Broad consensus on goals and expected results of moving select processes to the cloud
Standardized, consistent approach to evaluating the benefits and challenges of cloud projects
Clear requirements for the negotiation and monitoring of partnerships with cloud service providers
Understanding and consensus on the enabling and managing role IT will play in future cloud initiatives
Goals and a roadmap for transforming internal IT from asset managers to service broker
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Clint Harder, Vice President of Product Strategy for TDS HMS presents on "Cloud Services and Enterprise IT Applications: Are They a Match?". Clint Harder takes you through key decision points in selecting cloud services for enterprise applications.
This presentation was given at the Enterprise Cloud Summit on October 16, 2012 - presented by VISI.
Learn more about enterprise cloud computing at http://www.reliacloud.com.
Identity and Access Management for User login and departmental level and federation level. User can be easily manageable through identity and access Management
As public and private cloud adoption skyrockets, the number of attacks against cloud infrastructure is also increasing dramatically. Now more than ever, it is crucial to secure your cloud assets and data against advanced threats.
We’ll dig into what it means to be successful in the cloud and what successful organizations do more of (and less of) than their less successful peers. We’ll look across technologies adopted, organizational and operational practices, and vendors embraced.
Recorded webinar: https://youtu.be/Og1-xcc7JNs
Cloud computing is the future of the Information Technology sector, and considering its security is an important aspect. CCSK, an abbreviation of Certificate of Cloud Security Knowledge, is the first user certification for secure Cloud computing in the industry.
https://www.infosectrain.com/courses/certificate-cloud-security-knowledge-ccsk/
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
The Big Decision – What, when, and why?
Enterprises are aware that the Cloud is changing IT, but security and performance remain a concern. Each cloud model has potential risks: reliability, adaptability, application compatibility, efficiency, scaling, lock- in, security and compliance. Companies must select an enterprise cloud solution to suit a complex mix of applications; these decisions require great care. Uni Systems’ Uni|Cloud was built to be enterprise class. The essential reason that many businesses today are using Uni Systems Cloud for their enterprise IT, is because it offers the only enterprise-class cloud solution in the Greek market, designed for mission-critical applications, coupled with application performance SLAs and security built for the enterprise, combined with cloud efficiency and consumption-based pricing/chargeback.
In moving towards cloud services, security concerns are often cited as reasons to delay or even abandon the transition. This presentation highlights some basic steps to take to analyse and assess what risk might exist and how to mitigate this. In short, the security concerns regarding cloud deployments will exist in your privately managed data centre environments as well. Outsourcing your service to a Cloud provider does not mean you pass on your liability to your own customers nor responsibility of managing your systems and services.
The Cloud's Business Impact on Human ResourcesFrankHolman
HR professionals are often faced with challenging questions about cloud-based technology. For example, how can HR professionals ensure that a cloud-based system provides security and can be trusted to protect data? How should service levels and formal service agreements be analyzed to guarantee that they are sufficient to handle organizational needs? How will incorporating cloud-based technology with other applications impact areas such as payroll and benefits. This presentation will explore these questions about cloud-based technology, preparing HR professionals to respond to challenging questions about security, service, and integration. Participants will also learn how cloud-based technology provides an efficient means to make data driven decisions based on the measurement of goals and human capital costs.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
2. Presenters
Marv Sauer, Principal – Plante Moran, Education Consulting
Marv has more than 25 years taking clients from initial strategic planning through
the successful implementation of a variety of proven and leading edge
technologies. He is a talented facilitator of small to large groups working with
personnel ranging from end users to executive management. Marv has given
presentations at local and national conferences on topics such as Building the
Network of Tomorrow, Today and With Strategic Planning First, Successful
Implementation Follows. Marv holds a Master of Business Administration in Finance
from the University of Michigan and a Bachelor of Science in Math and Computer
Science from the University of California, Los Angeles (UCLA).
Sri Chalasani, Sr. Architect – Plante Moran, IT Consulting
Sri has over twenty years of experience and specializes in the design, deployment,
and troubleshooting of complex networks. He also has over fifteen years of
experience in the design and implementation of broadband multimedia solutions
across large networks. Sri has help many organization in the design and selection of
data center including strategic sourcing of cloud based solutions. He has an MBA
from Wayne State University, a MS in Computer Science from Western Michigan
University and a BS in Electronics Engineering from Bangalore University..
webinars.plantemoran.com
3. Administration
Slides are available for download from your webcast
console. A recording of today’s webinar will be added to
our website in a few days.
We will allow time at the end of the presentation to
respond to your questions, but please feel free to submit
questions at any time.
webinars.plantemoran.com
4. Administration
This is a CPE-eligible webinar. Throughout the webcast,
participation pop-ups will appear.
Participants must respond to at least 75% of these popups in order to receive CPE credit.
To receive CPE credit, you need to be logged in
individually to the webinar and meet the eligibility
requirements (have an accrued viewing time of at least
50 minutes and 75% response to participation tracking),
to receive CPE. Only attendees who are logged into the
webinar will be eligible to earn CPE credit.
4
webinars.plantemoran.com
5. Overview
Kick it to the next level - move beyond the tutorials
• Review drivers, strategy and architectures for deploying a cloud
• Identify your risks
• Asking the right questions
• Selection criteria
• The T’s and C’s
5
webinars.plantemoran.com
6. Background
Gartner believes enterprises will spend $112 billion cumulatively
on software as a service (SaaS), platform as a service (PaaS)
and infrastructure as a service (IaaS), Part of the attraction is the
promise of lower total cost of ownership but, with this comes
higher risks some of which are not always immediately apparent.
Source: Gartner
6
webinars.plantemoran.com
7. Drivers of cloud computing - Recap
Drivers
• Data Center pressures – increased systems and data explosion
• Flexibility - system capacity (elasticity) and ubiquitous access
• Minimize risk – modernize to survive / keep up with the times
• Cost / predictable cash flow
• Reduced operational / systems management
• Accelerated access to complex applications
• Allow for focus on core competencies
7
webinars.plantemoran.com
8. Strategy - Recap
• Goals maybe the same
• Questions and priorities may be different and often competing
Current
IT Env.
Terms &
Conditions
Users
Cloud Strategy
Risks
Security
C.I.A
Business
objectives
and goals
Costs
Governance
* Security & compliance
* Impacts IT staff?
* Performance & reliability?
* Distributed workforce?
* Agility & growth
* Contract, SLA, & support?
Administration
* Reduce costs? TCO/ROI?
* Distributed workforce?
* Competitive advantages?
* Risks?
* Align with business goals?
Roadmap
Solutions
Reg. &
Compliance
Agility
Technology
Business IT Staff & App. Integ /
skills
Process
Rearch
CEO
CIO
8
webinars.plantemoran.com
9. IT Staff
Net. Admin, DBA,
Programmer
Applications
Applications
Managed services
Database
PaaS
Operating
System and
Back Office
Servers
Infrastructure
Storage
Network
IaaS
Operating
System
SaaS
System
Software
Cloud Services
Four major building blocks for IT system
Architectures - Recap
IaaS: Infrastructure as a Service; PaaS: Platform as a Service; SaaS: Software as a Service
9
webinars.plantemoran.com
10. Deployment Models - Recap
Multi-tenancy computing resources
(infrastructure, OS, applications are
available to other tenants
Typically hosted at a provider
Community Cloud
Collaboration between multiple org.
Involvement by invitation only
Private Cloud
Only your organization has access
to the resources.
Hosted internally or hosted by a
provider
Hybrid Cloud
IaaS / PaaS / SaaS
Public Cloud
Combination of Private and Public
Most organizations
Other: internal or external hosted
10
webinars.plantemoran.com
11. Examples of the cloud - Recap
IaaS
Source: Cloud Taxonomy
11
webinars.plantemoran.com
12. Examples of the cloud - Recap
PaaS
Source: Cloud Taxonomy
12
webinars.plantemoran.com
13. Examples of the cloud - Recap
SaaS
Source: Cloud Taxonomy
13
webinars.plantemoran.com
14. Examples of the cloud - Recap
Cloud
Software
Source: Cloud Taxonomy
14
webinars.plantemoran.com
15. What is at risk?
• Cloud computing inherently means trusting some of your most valuable assets
• Before you start – high level understanding of the risks
• Two key assets exposed to risk - Data and Applications/Process
• Evaluate the risk for Confidentiality, Integrity and Availability. Impact on
asset if it:
• Breached
• Accessed by provider(s)
• Process is manipulated by an outsider
• Unavailable for a while
15
webinars.plantemoran.com
16. What is at risk?
• Understand risk by mapping the asset to
• Possible deployment models
• The potential flow of data between your users and CSPs
• Assurances on safety of data?
• SOC standards provide some level of assurance – CSA, GSA, NIST
• CSA / GSA / NIST - tools to assess security requirements & services
• Onus is still on you, do have to conduct your own due diligence
16
webinars.plantemoran.com
17. Protect your assets – ask the questions
1. Who’s managing my data?
• Qualifications and backgrounds of staff
• Who else (partners/sub-contractors) can touch your data?
2. Where’s my data actually located?
• Regulatory and compliance requirements for data export
• Primary and secondary (replication sites)
• Conformance to local laws – data discovery
• Map how data is stored and handled
17
webinars.plantemoran.com
18. Protect your assets – ask the questions
• Why does location matter? - Country Risk Ratings for Security and Privacy
Source:
18
webinars.plantemoran.com
19. Protect your assets – ask the questions
3. What access controls are in place?
• What are the physical controls and logical controls?
• CSPs disclose data access control processes in place
• Frequency of testing of access controls
4. How will my data be physically secured & separated from other customers?
• Common hardware or applications with logical controls?
• Testing of data encryption / data leakage
5. How’s my data encrypted?
• Understand security for data at rest and data in transit
• Data at rest - encryption types
• Data in transit - encrypted, authenticated and integrity protected
19
webinars.plantemoran.com
20. Protect your assets – ask the questions
• Map the potential flow of data between your users (internal and external),
other providers and the cloud service
CSP2
Organization
CSP1
Data
App
Users
Servers
CSP3
Backup
Backup
Backup
Users
20
webinars.plantemoran.com
21. Protect your assets – ask the questions
6. What authentication mechanisms are supported by the CSP?
• 2-pass authentication - passwords with tokens and certificates
• Integration using LDAP and SAML with Dir. Svcs or Identity Mgmt. systems
7. What happens if there’s a data breach?
• Incident Response Plan (IRP) - proactive processes and technologies in
place to detect if an application or data is under attack. Create your own too
• Response times and notification process; request history
• Technology Errors & Omissions policy and/or Cyber Liability coverage
21
webinars.plantemoran.com
22. Protect your assets – ask the questions
8. Can the CSP pass muster with the auditors?
• Security assessment by a 3rd party or accreditation process
• Process for accommodating the needs of the your auditors
• Conduct a forensic investigation?
9. Is your cloud computing service SOC 2/SSAE16 (formerly SAS 70) compliant?
• No assurances but a step in the right direction
• Demonstrates methodical and repeatable process
• Security certification and other regulatory requirements HIPAA, FERPA etc.
10. What is CSP’s stability factor?
• CSP acquired or out of business?
• Timely transition, removal and destruction of your data
22
webinars.plantemoran.com
23. Protect your assets – ask the questions
11. Does the CSP offer backup and recovery services?
• Data retention, backup and recovery
• Backed up to where. Basic backup services or beyond?
• Recovery process from an outage
• What is included in your service – does this match you RPO/RTO?
12. What are the contract terms?
• SLA, breach notification, intellectual properties, limitation of liability, etc.
• More on this later
23
webinars.plantemoran.com
24. Eeny, meeny, miny, moe – Picking a CSP
No different than any other selection project
• Identify what is important to you
• Identify what “must haves” and “like to have”
• Don’t ignore security and growth
• For each of the identified areas, assign weightage
• Seek “written” answers you are looking for
• When in doubt err on the conservative side
• Reference – ask for a list of clients, not just references
• Not to be taken lightly – your data, your neck
• Add skill sets to the IT mix to manage and administer vendor contracts
• Viewed as a partnership - cannot abdicate management of the vendor
/ service though they provide the service
webinars.plantemoran.com
24
26. Eeny, meeny, miny, moe – picking a CSP
Reference: Intel’s Intel Cloud Finder
26
webinars.plantemoran.com
27. Contractual considerations
Negotiate key terms and conditions to mitigate risk and cost
exposure:
• Uptime Guarantees
• SLA penalties
• SLA penalty exclusions
• Security
• Business Continuity and Disaster recovery
27
webinars.plantemoran.com
28. Contractual considerations
Negotiate key terms and conditions to mitigate risk and cost
exposure:
• Data privacy conditions
• Suspension of service
• Termination
• Liability
28
webinars.plantemoran.com
29. Where’s my checklist?
Do I have a “strategy” or am I “piecemealing this”?
Have a process for identifying suitable applications / systems /
workloads ideal for “cloudifying” – business objective first
Define your selection criteria - requirements for security, compliance,
growth, performance, etc.
Identify issues around migrating existing workloads
Identify vendor(s), vendor lock-ins and flexibilities
Identify the costs? CapEx, OpEx, sunk costs, staff retraining
Identify your questions - have written responses, talk to existing clients
Determine the impact on your IT staff (skills and headcount)?
Understand your contract – have your requirements clearly identified
It is not an all or nothing proposition – think hybrid
29
webinars.plantemoran.com
31. Thank you for attending
Marv Sauer, Principal
248.223. 3120
Sri Chalasani, Sr. Architect
248.223.3707
marv.sauer@plantemoran.com
sri.chalasani@plantemoran.com
To view a complete calendar of upcoming Plante Moran webinars, visit webinars.plantemoran.com
webinars.plantemoran.com