SlideShare a Scribd company logo

Bringing the Cloud Back to Earth

Sri Chalasani
Sri Chalasani

Cloud computing can be safe, uncomplicated and move the organization forward IF YOU DO YOUR DUE DILIGENCE!! It's your data and your neck so don't be afraid to ask the right questions and get them in writing

1 of 31
Download to read offline
Bringing the Cloud Back to Earth webinars.plantemoran.com
Presenters Marv Sauer, Principal – Plante Moran, Education Consulting Marv has more than 25 years taking clients from initial strategic planning through the successful implementation of a variety of proven and leading edge technologies. He is a talented facilitator of small to large groups working with personnel ranging from end users to executive management. Marv has given presentations at local and national conferences on topics such as Building the Network of Tomorrow, Today and With Strategic Planning First, Successful Implementation Follows. Marv holds a Master of Business Administration in Finance from the University of Michigan and a Bachelor of Science in Math and Computer Science from the University of California, Los Angeles (UCLA). Sri Chalasani, Sr. Architect – Plante Moran, IT Consulting Sri has over twenty years of experience and specializes in the design, deployment, and troubleshooting of complex networks. He also has over fifteen years of experience in the design and implementation of broadband multimedia solutions across large networks. Sri has help many organization in the design and selection of data center including strategic sourcing of cloud based solutions. He has an MBA from Wayne State University, a MS in Computer Science from Western Michigan University and a BS in Electronics Engineering from Bangalore University.. webinars.plantemoran.com
Administration  Slides are available for download from your webcast console. A recording of today’s webinar will be added to our website in a few days.  We will allow time at the end of the presentation to respond to your questions, but please feel free to submit questions at any time. webinars.plantemoran.com
Administration  This is a CPE-eligible webinar. Throughout the webcast, participation pop-ups will appear.  Participants must respond to at least 75% of these popups in order to receive CPE credit.  To receive CPE credit, you need to be logged in individually to the webinar and meet the eligibility requirements (have an accrued viewing time of at least 50 minutes and 75% response to participation tracking), to receive CPE. Only attendees who are logged into the webinar will be eligible to earn CPE credit. 4 webinars.plantemoran.com
Overview Kick it to the next level - move beyond the tutorials • Review drivers, strategy and architectures for deploying a cloud • Identify your risks • Asking the right questions • Selection criteria • The T’s and C’s 5 webinars.plantemoran.com
Background Gartner believes enterprises will spend $112 billion cumulatively on software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS), Part of the attraction is the promise of lower total cost of ownership but, with this comes higher risks some of which are not always immediately apparent. Source: Gartner 6 webinars.plantemoran.com
Drivers of cloud computing - Recap Drivers • Data Center pressures – increased systems and data explosion • Flexibility - system capacity (elasticity) and ubiquitous access • Minimize risk – modernize to survive / keep up with the times • Cost / predictable cash flow • Reduced operational / systems management • Accelerated access to complex applications • Allow for focus on core competencies 7 webinars.plantemoran.com
Strategy - Recap • Goals maybe the same • Questions and priorities may be different and often competing Current IT Env. Terms & Conditions Users Cloud Strategy Risks Security C.I.A Business objectives and goals Costs Governance * Security & compliance * Impacts IT staff? * Performance & reliability? * Distributed workforce? * Agility & growth * Contract, SLA, & support? Administration * Reduce costs? TCO/ROI? * Distributed workforce? * Competitive advantages? * Risks? * Align with business goals? Roadmap Solutions Reg. & Compliance Agility Technology Business IT Staff & App. Integ / skills Process Rearch CEO CIO 8 webinars.plantemoran.com
IT Staff Net. Admin, DBA, Programmer Applications Applications Managed services Database PaaS Operating System and Back Office Servers Infrastructure Storage Network IaaS Operating System SaaS System Software Cloud Services Four major building blocks for IT system Architectures - Recap IaaS: Infrastructure as a Service; PaaS: Platform as a Service; SaaS: Software as a Service 9 webinars.plantemoran.com
Deployment Models - Recap  Multi-tenancy computing resources (infrastructure, OS, applications are available to other tenants  Typically hosted at a provider  Community Cloud  Collaboration between multiple org.  Involvement by invitation only  Private Cloud  Only your organization has access to the resources.  Hosted internally or hosted by a provider  Hybrid Cloud IaaS / PaaS / SaaS  Public Cloud  Combination of Private and Public  Most organizations Other: internal or external hosted 10 webinars.plantemoran.com
Examples of the cloud - Recap IaaS Source: Cloud Taxonomy 11 webinars.plantemoran.com
Examples of the cloud - Recap PaaS Source: Cloud Taxonomy 12 webinars.plantemoran.com
Examples of the cloud - Recap SaaS Source: Cloud Taxonomy 13 webinars.plantemoran.com
Examples of the cloud - Recap Cloud Software Source: Cloud Taxonomy 14 webinars.plantemoran.com
What is at risk? • Cloud computing inherently means trusting some of your most valuable assets • Before you start – high level understanding of the risks • Two key assets exposed to risk - Data and Applications/Process • Evaluate the risk for Confidentiality, Integrity and Availability. Impact on asset if it: • Breached • Accessed by provider(s) • Process is manipulated by an outsider • Unavailable for a while 15 webinars.plantemoran.com
What is at risk? • Understand risk by mapping the asset to • Possible deployment models • The potential flow of data between your users and CSPs • Assurances on safety of data? • SOC standards provide some level of assurance – CSA, GSA, NIST • CSA / GSA / NIST - tools to assess security requirements & services • Onus is still on you, do have to conduct your own due diligence 16 webinars.plantemoran.com
Protect your assets – ask the questions 1. Who’s managing my data? • Qualifications and backgrounds of staff • Who else (partners/sub-contractors) can touch your data? 2. Where’s my data actually located? • Regulatory and compliance requirements for data export • Primary and secondary (replication sites) • Conformance to local laws – data discovery • Map how data is stored and handled 17 webinars.plantemoran.com
Protect your assets – ask the questions • Why does location matter? - Country Risk Ratings for Security and Privacy Source: 18 webinars.plantemoran.com
Protect your assets – ask the questions 3. What access controls are in place? • What are the physical controls and logical controls? • CSPs disclose data access control processes in place • Frequency of testing of access controls 4. How will my data be physically secured & separated from other customers? • Common hardware or applications with logical controls? • Testing of data encryption / data leakage 5. How’s my data encrypted? • Understand security for data at rest and data in transit • Data at rest - encryption types • Data in transit - encrypted, authenticated and integrity protected 19 webinars.plantemoran.com
Protect your assets – ask the questions • Map the potential flow of data between your users (internal and external), other providers and the cloud service CSP2 Organization CSP1 Data App Users Servers CSP3 Backup Backup Backup Users 20 webinars.plantemoran.com
Protect your assets – ask the questions 6. What authentication mechanisms are supported by the CSP? • 2-pass authentication - passwords with tokens and certificates • Integration using LDAP and SAML with Dir. Svcs or Identity Mgmt. systems 7. What happens if there’s a data breach? • Incident Response Plan (IRP) - proactive processes and technologies in place to detect if an application or data is under attack. Create your own too • Response times and notification process; request history • Technology Errors & Omissions policy and/or Cyber Liability coverage 21 webinars.plantemoran.com
Protect your assets – ask the questions 8. Can the CSP pass muster with the auditors? • Security assessment by a 3rd party or accreditation process • Process for accommodating the needs of the your auditors • Conduct a forensic investigation? 9. Is your cloud computing service SOC 2/SSAE16 (formerly SAS 70) compliant? • No assurances but a step in the right direction • Demonstrates methodical and repeatable process • Security certification and other regulatory requirements HIPAA, FERPA etc. 10. What is CSP’s stability factor? • CSP acquired or out of business? • Timely transition, removal and destruction of your data 22 webinars.plantemoran.com
Protect your assets – ask the questions 11. Does the CSP offer backup and recovery services? • Data retention, backup and recovery • Backed up to where. Basic backup services or beyond? • Recovery process from an outage • What is included in your service – does this match you RPO/RTO? 12. What are the contract terms? • SLA, breach notification, intellectual properties, limitation of liability, etc. • More on this later 23 webinars.plantemoran.com
Eeny, meeny, miny, moe – Picking a CSP No different than any other selection project • Identify what is important to you • Identify what “must haves” and “like to have” • Don’t ignore security and growth • For each of the identified areas, assign weightage • Seek “written” answers you are looking for • When in doubt err on the conservative side • Reference – ask for a list of clients, not just references • Not to be taken lightly – your data, your neck • Add skill sets to the IT mix to manage and administer vendor contracts • Viewed as a partnership - cannot abdicate management of the vendor / service though they provide the service webinars.plantemoran.com 24
Eeny, meeny, miny, moe – Picking a CSP 25 webinars.plantemoran.com
Eeny, meeny, miny, moe – picking a CSP Reference: Intel’s Intel Cloud Finder 26 webinars.plantemoran.com
Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Uptime Guarantees • SLA penalties • SLA penalty exclusions • Security • Business Continuity and Disaster recovery 27 webinars.plantemoran.com
Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Data privacy conditions • Suspension of service • Termination • Liability 28 webinars.plantemoran.com
Where’s my checklist?  Do I have a “strategy” or am I “piecemealing this”?  Have a process for identifying suitable applications / systems / workloads ideal for “cloudifying” – business objective first  Define your selection criteria - requirements for security, compliance, growth, performance, etc.  Identify issues around migrating existing workloads  Identify vendor(s), vendor lock-ins and flexibilities  Identify the costs? CapEx, OpEx, sunk costs, staff retraining  Identify your questions - have written responses, talk to existing clients  Determine the impact on your IT staff (skills and headcount)?  Understand your contract – have your requirements clearly identified It is not an all or nothing proposition – think hybrid 29 webinars.plantemoran.com
Q&A Q&A webinars.plantemoran.com
Thank you for attending Marv Sauer, Principal 248.223. 3120 Sri Chalasani, Sr. Architect 248.223.3707 marv.sauer@plantemoran.com sri.chalasani@plantemoran.com To view a complete calendar of upcoming Plante Moran webinars, visit webinars.plantemoran.com webinars.plantemoran.com

Recommended

Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
EnterpriseGRC Solutions, Inc.
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
Robert Kloots
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Happiest Minds Technologies
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
EnterpriseGRC Solutions, Inc.
 

Recommended

Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
EnterpriseGRC Solutions, Inc.
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
Robert Kloots
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Happiest Minds Technologies
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
EnterpriseGRC Solutions, Inc.
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Happiest Minds Technologies
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
Cade Zvavanjanja
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Erg
mjschreck
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
West Monroe Partners
 
Health Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesHealth Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehouses
Si Nahra
 
GDPR
GDPRGDPR
GDPR
Rajivarnan R
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overviewDr. Ramkumar Lakshminarayanan
 
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan Singh
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
Aladdin Dandis
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
Tuan Phan
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Hassan EL ALLOUSSI
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
CLR Resume'
CLR Resume'CLR Resume'
CLR Resume'
Clay Ramsey
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security Authorization
Tuan Phan
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
ControlCase
 
Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services
Marlabs
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
How To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing ProcurementHow To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing Procurement
William Tanenbaum
 
Final risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page repFinal risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page rep
aman39650
 
Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3
RazaMehmood7
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
ThousandEyes
 

More Related Content

What's hot

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Happiest Minds Technologies
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
Cade Zvavanjanja
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Erg
mjschreck
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
West Monroe Partners
 
Health Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesHealth Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehouses
Si Nahra
 
GDPR
GDPRGDPR
GDPR
Rajivarnan R
 
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan Singh
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
Aladdin Dandis
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
Tuan Phan
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Hassan EL ALLOUSSI
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
CLR Resume'
CLR Resume'CLR Resume'
CLR Resume'
Clay Ramsey
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security Authorization
Tuan Phan
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
ControlCase
 
Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services
Marlabs
 
How To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing ProcurementHow To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing Procurement
William Tanenbaum
 
Final risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page repFinal risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page rep
aman39650
 
Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3
RazaMehmood7
 

What's hot (20)

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Erg
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
 
Health Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesHealth Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehouses
 
GDPR
GDPRGDPR
GDPR
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overview
 
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
CLR Resume'
CLR Resume'CLR Resume'
CLR Resume'
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security Authorization
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 
How To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing ProcurementHow To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing Procurement
 
Final risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page repFinal risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page rep
 
Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3
 

Similar to Bringing the Cloud Back to Earth

Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
ThousandEyes
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
ThousandEyes
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
East Midlands Cyber Security Forum
 
Cloud Computing for CPAs: What Your Client Will Ask You
Cloud Computing for CPAs: What Your Client Will Ask YouCloud Computing for CPAs: What Your Client Will Ask You
Cloud Computing for CPAs: What Your Client Will Ask You
Wipfli LLP/Brittenford Systems Inc.
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behind
Matt Mandich
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalAndrew White
 
Observability in serverless solutions
Observability in serverless solutionsObservability in serverless solutions
Observability in serverless solutions
Leonardo Murillo
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Marlabs Capabilities Overview: Digital Asset Management (DAM)
Marlabs Capabilities Overview: Digital Asset Management (DAM)Marlabs Capabilities Overview: Digital Asset Management (DAM)
Marlabs Capabilities Overview: Digital Asset Management (DAM)
Marlabs
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
Azure Group
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
VISI
 
Identity and User Access Management.pptx
Identity and User Access Management.pptxIdentity and User Access Management.pptx
Identity and User Access Management.pptx
irfanullahkhan64
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
PECB
 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overview
Dimitar Georgiev
 
Why CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfWhy CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdf
infosec train
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think
Uni Systems S.M.S.A.
 
Securing your Cloud Deployment
Securing your Cloud DeploymentSecuring your Cloud Deployment
Securing your Cloud Deployment
Hrusostomos Vicatos
 
The Cloud's Business Impact on Human Resources
The Cloud's Business Impact on Human ResourcesThe Cloud's Business Impact on Human Resources
The Cloud's Business Impact on Human Resources
FrankHolman
 

Similar to Bringing the Cloud Back to Earth (20)

Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Cloud Computing for CPAs: What Your Client Will Ask You
Cloud Computing for CPAs: What Your Client Will Ask YouCloud Computing for CPAs: What Your Client Will Ask You
Cloud Computing for CPAs: What Your Client Will Ask You
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behind
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
 
Observability in serverless solutions
Observability in serverless solutionsObservability in serverless solutions
Observability in serverless solutions
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Marlabs Capabilities Overview: Digital Asset Management (DAM)
Marlabs Capabilities Overview: Digital Asset Management (DAM)Marlabs Capabilities Overview: Digital Asset Management (DAM)
Marlabs Capabilities Overview: Digital Asset Management (DAM)
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
Identity and User Access Management.pptx
Identity and User Access Management.pptxIdentity and User Access Management.pptx
Identity and User Access Management.pptx
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overview
 
Why CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfWhy CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdf
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think
 
Securing your Cloud Deployment
Securing your Cloud DeploymentSecuring your Cloud Deployment
Securing your Cloud Deployment
 
The Cloud's Business Impact on Human Resources
The Cloud's Business Impact on Human ResourcesThe Cloud's Business Impact on Human Resources
The Cloud's Business Impact on Human Resources
 

Recently uploaded

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 

Recently uploaded (20)

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 

Bringing the Cloud Back to Earth

  • 1. Bringing the Cloud Back to Earth webinars.plantemoran.com
  • 2. Presenters Marv Sauer, Principal – Plante Moran, Education Consulting Marv has more than 25 years taking clients from initial strategic planning through the successful implementation of a variety of proven and leading edge technologies. He is a talented facilitator of small to large groups working with personnel ranging from end users to executive management. Marv has given presentations at local and national conferences on topics such as Building the Network of Tomorrow, Today and With Strategic Planning First, Successful Implementation Follows. Marv holds a Master of Business Administration in Finance from the University of Michigan and a Bachelor of Science in Math and Computer Science from the University of California, Los Angeles (UCLA). Sri Chalasani, Sr. Architect – Plante Moran, IT Consulting Sri has over twenty years of experience and specializes in the design, deployment, and troubleshooting of complex networks. He also has over fifteen years of experience in the design and implementation of broadband multimedia solutions across large networks. Sri has help many organization in the design and selection of data center including strategic sourcing of cloud based solutions. He has an MBA from Wayne State University, a MS in Computer Science from Western Michigan University and a BS in Electronics Engineering from Bangalore University.. webinars.plantemoran.com
  • 3. Administration  Slides are available for download from your webcast console. A recording of today’s webinar will be added to our website in a few days.  We will allow time at the end of the presentation to respond to your questions, but please feel free to submit questions at any time. webinars.plantemoran.com
  • 4. Administration  This is a CPE-eligible webinar. Throughout the webcast, participation pop-ups will appear.  Participants must respond to at least 75% of these popups in order to receive CPE credit.  To receive CPE credit, you need to be logged in individually to the webinar and meet the eligibility requirements (have an accrued viewing time of at least 50 minutes and 75% response to participation tracking), to receive CPE. Only attendees who are logged into the webinar will be eligible to earn CPE credit. 4 webinars.plantemoran.com
  • 5. Overview Kick it to the next level - move beyond the tutorials • Review drivers, strategy and architectures for deploying a cloud • Identify your risks • Asking the right questions • Selection criteria • The T’s and C’s 5 webinars.plantemoran.com
  • 6. Background Gartner believes enterprises will spend $112 billion cumulatively on software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS), Part of the attraction is the promise of lower total cost of ownership but, with this comes higher risks some of which are not always immediately apparent. Source: Gartner 6 webinars.plantemoran.com
  • 7. Drivers of cloud computing - Recap Drivers • Data Center pressures – increased systems and data explosion • Flexibility - system capacity (elasticity) and ubiquitous access • Minimize risk – modernize to survive / keep up with the times • Cost / predictable cash flow • Reduced operational / systems management • Accelerated access to complex applications • Allow for focus on core competencies 7 webinars.plantemoran.com
  • 8. Strategy - Recap • Goals maybe the same • Questions and priorities may be different and often competing Current IT Env. Terms & Conditions Users Cloud Strategy Risks Security C.I.A Business objectives and goals Costs Governance * Security & compliance * Impacts IT staff? * Performance & reliability? * Distributed workforce? * Agility & growth * Contract, SLA, & support? Administration * Reduce costs? TCO/ROI? * Distributed workforce? * Competitive advantages? * Risks? * Align with business goals? Roadmap Solutions Reg. & Compliance Agility Technology Business IT Staff & App. Integ / skills Process Rearch CEO CIO 8 webinars.plantemoran.com
  • 9. IT Staff Net. Admin, DBA, Programmer Applications Applications Managed services Database PaaS Operating System and Back Office Servers Infrastructure Storage Network IaaS Operating System SaaS System Software Cloud Services Four major building blocks for IT system Architectures - Recap IaaS: Infrastructure as a Service; PaaS: Platform as a Service; SaaS: Software as a Service 9 webinars.plantemoran.com
  • 10. Deployment Models - Recap  Multi-tenancy computing resources (infrastructure, OS, applications are available to other tenants  Typically hosted at a provider  Community Cloud  Collaboration between multiple org.  Involvement by invitation only  Private Cloud  Only your organization has access to the resources.  Hosted internally or hosted by a provider  Hybrid Cloud IaaS / PaaS / SaaS  Public Cloud  Combination of Private and Public  Most organizations Other: internal or external hosted 10 webinars.plantemoran.com
  • 11. Examples of the cloud - Recap IaaS Source: Cloud Taxonomy 11 webinars.plantemoran.com
  • 12. Examples of the cloud - Recap PaaS Source: Cloud Taxonomy 12 webinars.plantemoran.com
  • 13. Examples of the cloud - Recap SaaS Source: Cloud Taxonomy 13 webinars.plantemoran.com
  • 14. Examples of the cloud - Recap Cloud Software Source: Cloud Taxonomy 14 webinars.plantemoran.com
  • 15. What is at risk? • Cloud computing inherently means trusting some of your most valuable assets • Before you start – high level understanding of the risks • Two key assets exposed to risk - Data and Applications/Process • Evaluate the risk for Confidentiality, Integrity and Availability. Impact on asset if it: • Breached • Accessed by provider(s) • Process is manipulated by an outsider • Unavailable for a while 15 webinars.plantemoran.com
  • 16. What is at risk? • Understand risk by mapping the asset to • Possible deployment models • The potential flow of data between your users and CSPs • Assurances on safety of data? • SOC standards provide some level of assurance – CSA, GSA, NIST • CSA / GSA / NIST - tools to assess security requirements & services • Onus is still on you, do have to conduct your own due diligence 16 webinars.plantemoran.com
  • 17. Protect your assets – ask the questions 1. Who’s managing my data? • Qualifications and backgrounds of staff • Who else (partners/sub-contractors) can touch your data? 2. Where’s my data actually located? • Regulatory and compliance requirements for data export • Primary and secondary (replication sites) • Conformance to local laws – data discovery • Map how data is stored and handled 17 webinars.plantemoran.com
  • 18. Protect your assets – ask the questions • Why does location matter? - Country Risk Ratings for Security and Privacy Source: 18 webinars.plantemoran.com
  • 19. Protect your assets – ask the questions 3. What access controls are in place? • What are the physical controls and logical controls? • CSPs disclose data access control processes in place • Frequency of testing of access controls 4. How will my data be physically secured & separated from other customers? • Common hardware or applications with logical controls? • Testing of data encryption / data leakage 5. How’s my data encrypted? • Understand security for data at rest and data in transit • Data at rest - encryption types • Data in transit - encrypted, authenticated and integrity protected 19 webinars.plantemoran.com
  • 20. Protect your assets – ask the questions • Map the potential flow of data between your users (internal and external), other providers and the cloud service CSP2 Organization CSP1 Data App Users Servers CSP3 Backup Backup Backup Users 20 webinars.plantemoran.com
  • 21. Protect your assets – ask the questions 6. What authentication mechanisms are supported by the CSP? • 2-pass authentication - passwords with tokens and certificates • Integration using LDAP and SAML with Dir. Svcs or Identity Mgmt. systems 7. What happens if there’s a data breach? • Incident Response Plan (IRP) - proactive processes and technologies in place to detect if an application or data is under attack. Create your own too • Response times and notification process; request history • Technology Errors & Omissions policy and/or Cyber Liability coverage 21 webinars.plantemoran.com
  • 22. Protect your assets – ask the questions 8. Can the CSP pass muster with the auditors? • Security assessment by a 3rd party or accreditation process • Process for accommodating the needs of the your auditors • Conduct a forensic investigation? 9. Is your cloud computing service SOC 2/SSAE16 (formerly SAS 70) compliant? • No assurances but a step in the right direction • Demonstrates methodical and repeatable process • Security certification and other regulatory requirements HIPAA, FERPA etc. 10. What is CSP’s stability factor? • CSP acquired or out of business? • Timely transition, removal and destruction of your data 22 webinars.plantemoran.com
  • 23. Protect your assets – ask the questions 11. Does the CSP offer backup and recovery services? • Data retention, backup and recovery • Backed up to where. Basic backup services or beyond? • Recovery process from an outage • What is included in your service – does this match you RPO/RTO? 12. What are the contract terms? • SLA, breach notification, intellectual properties, limitation of liability, etc. • More on this later 23 webinars.plantemoran.com
  • 24. Eeny, meeny, miny, moe – Picking a CSP No different than any other selection project • Identify what is important to you • Identify what “must haves” and “like to have” • Don’t ignore security and growth • For each of the identified areas, assign weightage • Seek “written” answers you are looking for • When in doubt err on the conservative side • Reference – ask for a list of clients, not just references • Not to be taken lightly – your data, your neck • Add skill sets to the IT mix to manage and administer vendor contracts • Viewed as a partnership - cannot abdicate management of the vendor / service though they provide the service webinars.plantemoran.com 24
  • 25. Eeny, meeny, miny, moe – Picking a CSP 25 webinars.plantemoran.com
  • 26. Eeny, meeny, miny, moe – picking a CSP Reference: Intel’s Intel Cloud Finder 26 webinars.plantemoran.com
  • 27. Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Uptime Guarantees • SLA penalties • SLA penalty exclusions • Security • Business Continuity and Disaster recovery 27 webinars.plantemoran.com
  • 28. Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Data privacy conditions • Suspension of service • Termination • Liability 28 webinars.plantemoran.com
  • 29. Where’s my checklist?  Do I have a “strategy” or am I “piecemealing this”?  Have a process for identifying suitable applications / systems / workloads ideal for “cloudifying” – business objective first  Define your selection criteria - requirements for security, compliance, growth, performance, etc.  Identify issues around migrating existing workloads  Identify vendor(s), vendor lock-ins and flexibilities  Identify the costs? CapEx, OpEx, sunk costs, staff retraining  Identify your questions - have written responses, talk to existing clients  Determine the impact on your IT staff (skills and headcount)?  Understand your contract – have your requirements clearly identified It is not an all or nothing proposition – think hybrid 29 webinars.plantemoran.com
  • 31. Thank you for attending Marv Sauer, Principal 248.223. 3120 Sri Chalasani, Sr. Architect 248.223.3707 marv.sauer@plantemoran.com sri.chalasani@plantemoran.com To view a complete calendar of upcoming Plante Moran webinars, visit webinars.plantemoran.com webinars.plantemoran.com