This document provides an overview of cloud computing, including definitions of cloud computing models and service delivery models. It discusses the business case for cloud computing and provides guidance on security best practices and selecting a cloud service provider. It also presents a case study on conducting e-discovery from the cloud and discusses considerations around records and information management in the cloud.
Looking at Capacity Management variables introduced by the Cloud with an overview of the most prominent Cloud offerings. Also covers:
•Planning your move to the Cloud
•Metrics for capture with the Cloud Infrastructure
•Reporting examples
Many professionals within IT organizations think that since the advent of Cloud, capacity management is no longer needed and that it’s provided by the Cloud provider. Although it’s true that Cloud providers will provide you with all the capacity you desire, it’s not the same as managing that capacity – or the resulting bill!
Migrating applications and services to the Cloud is not as straightforward as moving the workloads, databases and systems to a Cloud provider. Planning for this migration is challenging and can be very costly if not done correctly. Once in the Cloud, continued monitoring of those services is needed to not over – or under – provision, as both can be very costly to the business.
Syncsort’s Athene™ Cloud provides secure, hassle-free capacity management without the need for software and database implementation. Whether on premise, in the cloud or both – Syncsort organizes the data that powers machine learning, AI and predictive analytics. Now, getting your data to the cloud – and accessing, integrating and cleansing it – has never been easier. Add on the expertise from Syncsort Professional Services and you have a world-class managed service offering that will ensure optimization of your workloads and services. How can you go wrong?
View this webcast on-demand to learn more about topics such as:
• What is Athene™ Cloud?
• Planning a migration to the Cloud
• Managing applications and services in the Cloud
• Moving capacity management to the Cloud
• How Syncsort Advance can help your organization be successful
Looking at Capacity Management variables introduced by the Cloud with an overview of the most prominent Cloud offerings. Also covers:
•Planning your move to the Cloud
•Metrics for capture with the Cloud Infrastructure
•Reporting examples
Many professionals within IT organizations think that since the advent of Cloud, capacity management is no longer needed and that it’s provided by the Cloud provider. Although it’s true that Cloud providers will provide you with all the capacity you desire, it’s not the same as managing that capacity – or the resulting bill!
Migrating applications and services to the Cloud is not as straightforward as moving the workloads, databases and systems to a Cloud provider. Planning for this migration is challenging and can be very costly if not done correctly. Once in the Cloud, continued monitoring of those services is needed to not over – or under – provision, as both can be very costly to the business.
Syncsort’s Athene™ Cloud provides secure, hassle-free capacity management without the need for software and database implementation. Whether on premise, in the cloud or both – Syncsort organizes the data that powers machine learning, AI and predictive analytics. Now, getting your data to the cloud – and accessing, integrating and cleansing it – has never been easier. Add on the expertise from Syncsort Professional Services and you have a world-class managed service offering that will ensure optimization of your workloads and services. How can you go wrong?
View this webcast on-demand to learn more about topics such as:
• What is Athene™ Cloud?
• Planning a migration to the Cloud
• Managing applications and services in the Cloud
• Moving capacity management to the Cloud
• How Syncsort Advance can help your organization be successful
Intelligent Business Process Management Suites (iBPMS) - The Next-Generation ...Kai Wähner
I had a talk at ECSA 2014 in Vienna: The Next-Generation BPM for a Big Data World: Intelligent Business Process Management Suites (iBPMS), sometimes also abbreviated iBPM. I want to share the slides with you. The slides include an example how to implement iBPMS easily with the TIBCO middleware stack: TIBCO AMX BPM + BusinessWorks + StreamBase + Tibbr.
Security & privacy challenges in cloud computingkdore
Existing research has only covered the technical, Performance and trust Challenges in Cloud Computing and therefore, this study have expanded the Challenges to Security and Privacy Issues in Cloud Computing
What are the Security and Privacy challenges in Cloud Computing ?
How to affect Security and Privacy challenges on cloud computing ?
Embracing Cloud in a Traditional Data CenterBrian Anderson
Many organizations are exerting top-down pressure to examine cloud and as-a-service models in general. To the IT managers and administrators in the data center, losing control of your data and/or applications can be a scary thing. There is also a complex web of fiscal and technical items that must be considered. In this presentation, Eagle Technologies will help you build a base understanding of the three core as-a-service models. We will then go on to discuss what we see working with our customers in the real world; these are opportunities that can offload some of the drudgery in your data center, while at the same time demonstrating to your organization that you are embracing the cloud.
In this presentation how cloud is useful in big data analytics.It givers brief introduction to cloud service models and Big data 4V's.Here I'm describing how cloud is used in telecom and finance domain. How it is better than traditional methods.
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...gueste4e93e3
This presentation aims at: setting the context about Identity in the Cloud; discussing related identity management issues along with core requirements (coming from users and organisations); illustrating, from an HP Labs’ perspective, future possible models, approaches and IT infrastructures to handle Identity in the Cloud.
The introduction of the presentation sets some background: it gives an overview of Cloud Computing and its implications, in terms of service provisioning, security, privacy and identity management. In particular it discusses the paradigm shift from a close & controlled approach (within enterprises) to potentially, on-the-fly composable and customisable services, in the Cloud.
Use cases are introduced to illustrate “common” usage and management tasks involving Identity in the Cloud - from both user and organisational perspectives, including the implications of having to deal with Identity in composable and dynamic services. New emerging, related threats and risks are briefly discussed, such as the potential growth of bogus service providers, targeted attacks to the weakest points in the service provisioning chain and identity thefts.
This will lead to a discussion of key requirements, determined by new interaction models and service-provisioning paradigms in the Cloud, including: control of identity flows and management of distributed user accounts; trust and reputation about service providers in the Cloud; identity assurance; transparency about security practices; privacy (including consent and revocation).
I will then discuss current (categories of) identity management solutions and approaches that deal with aspects of Identity in the Cloud (such as identity federation, identity brokering, Identity 2.0, etc.), along with their pros and cons and failures to address some of the core requirements (such as assurance, trust and privacy control).
The final part of this presentation challenges current assumptions and approaches and illustrates future directions, by presenting HP Labs’ medium and long–term vision about how the underlying Cloud infrastructure is going to evolve along with its implication in terms of Identity and Identity Management. This includes the paradigm shifts introduced by the usage of trusted virtualisation, remote attestation of platform capabilities (Trusted Computing Platforms) and identity-driven computational environment (coming from the cloud) that could run on local systems (e.g. at the user side); new emerging identity management models driven by identity-aware platforms and policy-driven delegation of credentials; the role that Security and Identity Analytics can play, by using modelling and simulation, to help organisations to evaluating and predicting the consequences of using services in the Cloud, based on assumptions made on the underlying identity management model and existing threats.
Intelligent Business Process Management Suites (iBPMS) - The Next-Generation ...Kai Wähner
I had a talk at ECSA 2014 in Vienna: The Next-Generation BPM for a Big Data World: Intelligent Business Process Management Suites (iBPMS), sometimes also abbreviated iBPM. I want to share the slides with you. The slides include an example how to implement iBPMS easily with the TIBCO middleware stack: TIBCO AMX BPM + BusinessWorks + StreamBase + Tibbr.
Security & privacy challenges in cloud computingkdore
Existing research has only covered the technical, Performance and trust Challenges in Cloud Computing and therefore, this study have expanded the Challenges to Security and Privacy Issues in Cloud Computing
What are the Security and Privacy challenges in Cloud Computing ?
How to affect Security and Privacy challenges on cloud computing ?
Embracing Cloud in a Traditional Data CenterBrian Anderson
Many organizations are exerting top-down pressure to examine cloud and as-a-service models in general. To the IT managers and administrators in the data center, losing control of your data and/or applications can be a scary thing. There is also a complex web of fiscal and technical items that must be considered. In this presentation, Eagle Technologies will help you build a base understanding of the three core as-a-service models. We will then go on to discuss what we see working with our customers in the real world; these are opportunities that can offload some of the drudgery in your data center, while at the same time demonstrating to your organization that you are embracing the cloud.
In this presentation how cloud is useful in big data analytics.It givers brief introduction to cloud service models and Big data 4V's.Here I'm describing how cloud is used in telecom and finance domain. How it is better than traditional methods.
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...gueste4e93e3
This presentation aims at: setting the context about Identity in the Cloud; discussing related identity management issues along with core requirements (coming from users and organisations); illustrating, from an HP Labs’ perspective, future possible models, approaches and IT infrastructures to handle Identity in the Cloud.
The introduction of the presentation sets some background: it gives an overview of Cloud Computing and its implications, in terms of service provisioning, security, privacy and identity management. In particular it discusses the paradigm shift from a close & controlled approach (within enterprises) to potentially, on-the-fly composable and customisable services, in the Cloud.
Use cases are introduced to illustrate “common” usage and management tasks involving Identity in the Cloud - from both user and organisational perspectives, including the implications of having to deal with Identity in composable and dynamic services. New emerging, related threats and risks are briefly discussed, such as the potential growth of bogus service providers, targeted attacks to the weakest points in the service provisioning chain and identity thefts.
This will lead to a discussion of key requirements, determined by new interaction models and service-provisioning paradigms in the Cloud, including: control of identity flows and management of distributed user accounts; trust and reputation about service providers in the Cloud; identity assurance; transparency about security practices; privacy (including consent and revocation).
I will then discuss current (categories of) identity management solutions and approaches that deal with aspects of Identity in the Cloud (such as identity federation, identity brokering, Identity 2.0, etc.), along with their pros and cons and failures to address some of the core requirements (such as assurance, trust and privacy control).
The final part of this presentation challenges current assumptions and approaches and illustrates future directions, by presenting HP Labs’ medium and long–term vision about how the underlying Cloud infrastructure is going to evolve along with its implication in terms of Identity and Identity Management. This includes the paradigm shifts introduced by the usage of trusted virtualisation, remote attestation of platform capabilities (Trusted Computing Platforms) and identity-driven computational environment (coming from the cloud) that could run on local systems (e.g. at the user side); new emerging identity management models driven by identity-aware platforms and policy-driven delegation of credentials; the role that Security and Identity Analytics can play, by using modelling and simulation, to help organisations to evaluating and predicting the consequences of using services in the Cloud, based on assumptions made on the underlying identity management model and existing threats.
Global IT BPM Market Perspective by Dolat Capital with special coverage on cl...Mohit Agarwal, CFA
Dolat Capital's Investment Banking Team releases its quarterly newsletter on IT-BPM Sector. Special coverage on Global Cloud Infrastructure and Services sector.
EXIN Cloud Computing Foundation is a demanding certification required by many IT organizations all over the world. The Cloud Computing Elementary Professional Certification provides clearly and concisely the basis of cloud computing. It is a technology of providing computational power on tap for IT service and allows IT service providers to concentrate on their chief competence by managing customers without worrying about the difficulties of infrastructure.
EXIN Cloud Computing Foundation is a demanding certification required by many IT organizations all over the world. The Cloud Computing Elementary Professional Certification provides clearly and concisely the basis of cloud computing. It is a technology of providing computational power on tap for IT service and allows IT service providers to concentrate on their chief competence by managing customers without worrying about the difficulties of infrastructure. This certification helps IT professionals who are looking forward to improve their knowledge on cloud computing and willing to attain globally recognized cloud certification.
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValueRapidValue
Digital transformation based on cloud-first strategy is a marathon. Any transformation journey which is disruptive and requires changing the core foundation of the organization can be very challenging. It is bound to fail unless the journey is planned with specific goals in mind, right roles and resources allocated to it, ‘as-is’ to ‘to-be state’ is mapped and implementation engine is fine-tuned.
Based on the experience of implementing numerous transformation projects for our global clients, RapidValue has formulated a BRAVE framework for cloud-first digital transformation.
Sample of workshop given at CloudAsia 2012. Workshop is 700 slides, so this is just a small sample to give a feel for the content, depth and independent approach.
This was presented at 2009 Web World Conference.
The presentation analyzes some trends of cloud computing, and prospects the futures of cloud computing.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
1. Cloud Computing
Steven C. Markey,MSIS,PMP, CISSP,CIPP, CISM,CISA,STS-EV,CCSK
Principal, nControl, LLC
Adjunct Professor
President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
2. Cloud Computing
• Presentation Overview
– Cloud Overview
• General
• Business Case for Cloud Computing
• Security Guidance
• Selecting a Cloud Service Provider (CSP)
• Records & Info Management (RIM) in the Cloud
– Case Studies
• e-Discovery IN the Cloud
4. Cloud Computing Trends
Numbers
Numbers around CC are always impressive:
80% fortune companies 1000 will pay
to use cloud computing services and
30% will pay for infrastructure.
Gartner
At this moment, the 5
major search engines
together have 2.000.000 Market :
computers 42 billon: IDC
95 billion: Merrill Lynch
33% of IT business will be in
Cloud Computing
Gartner
Microsoft data centre in Chicago:
610.000 servers
8
8 Source: Open Group
5. Cloud Computing
• What is Cloud Computing?
– Re-Branded IT Business Model
• Application Service Provider (ASP)
• IT Outsourcing (ITO)
– Formal Characteristics
• Resource Pooling
• Rapid Elasticity
– Confusion
• Hosting
• Virtualization
• Service Provider
15. Cloud Computing
• Business Case for Cloud Computing
– Time-to-Market
– Global Presence
– Focus on Core Competency
– Elasticity
– Cost-Benefit Analysis (CBA)
16. Cloud Computing
• Partly Cloudy with a Chance of Risk!
– The Cloud is Perceived as Risky Business
• Lack of Control
• Regulatory Compliance
• Hacks, Outages, Disasters….Oh My!
Source: Youtube
17. Cloud Computing
• Security Guidance
– Existing Certifications/Attestations
• SAS 70 Type II/SSAE 16/ISAE 3402
• ISO 27001/2, 27036, 15489
• BITS Shared Assessments
• PCI DSS
• HIPAA/HITECH
– Guidance Specifically for the Cloud
• CSA Guide v3.0
• ENISA Cloud Computing Risk Assessment
• NIST SP 800-144 Guidelines Security/Privacy for a Public Cloud
18. Cloud Computing
• Selecting a CSP
– Service Provider/Consumer Process Alignment
– Portability/Interoperability
– Contractual/Legal Agreements
– Industry Tools
19. Cloud Computing
• Service Provider/Consumer Process Alignment
– Change/Configuration Management
– Loading/Offloading
– Disaster Recovery
– Incident Response
– Legal Hold/Litigation Response/e-Discovery
• Electronic Discovery Reference Model (EDRM)
– Records and Information Management (RIM)
• Generally Accepted Recordkeeping Principles (GARP)
• Information Governance Reference Model (IGRM)
• Information Lifecycle Management (ILM)
30. Cloud Computing
• RIM in the Cloud
– Process
• Self-Service Provisioning
• CSP Brokerage, Monitoring & Metering
• CSP Information Governance
• CSP Adherence to Standards
– NIST
» SP 800-92: Log Management
– ISO
» 15489: Records Management
» 23081: Records Metadata
» 15386: Digital Archive
» 30300/303001: RIM Management System
» 17024: Conformity Assessment
32. Cloud Computing
• RIM in the Cloud
– People
• More Empowered: Shadow IT, Consumerized IT
– Millenials Expect Autonomy
– Bring Your Own Device (BYOD)
– Less Office Time, But Always On
• Increased Roles & Responsibilities
• Additional Tech/Analytical Skill-Sets Required
– Technology
• Commoditized
• CSP Metadata
• New Technologies: Non-Relational Database Architectures
• New Paradigms: Big Data (Data Lakes & Cloud)
33.
34. Cloud Computing
• Case Study: e-Discovery FROM the Cloud
– Background
– Drivers
– Technologies
– Limitations
– Risks
– Lessons Learned
– Next Steps
35. Cloud Computing
• Case Study: e-Discovery FROM the Cloud
– Background
• Financial Services SMB
– Capital Management (PA)
• Recent Project: 2010
• IT: Managed Service Provider/Operations, Director
– Drivers
• Cost
• Compliance
– Technologies
• Email: Exchange Server 2007, 2010/Office 365
• Discovery: Symantec Enterprise Vault (EV) v8.0/v9.0
36. Cloud Computing
• Case Study: e-Discovery FROM the Cloud
– Limitations
• Budget
• Skill-Sets
• Resources
– Risks
• Software/System Interoperability
• Vendor Management: Contractual/SLA Omissions
• Disaster Recovery: Datacom
• Legacy Email Availability, No More Archiving
• Scope Creep
37. Cloud Computing
• Case Study: e-Discovery FROM the Cloud
– Lessons Learned
• Limited Cost Savings
– On-Site Exchange Box for Journaling
– Upgrade to EV v9.0 to Support Exchange 2010
– Exchange Hosted Encryption (EHE)
– Forefront Online Protection for Exchange (FOPE)
• Exchange Journaling From the Cloud, Complicated
– Microsoft Federation Gateway (MFG)
• Leverage Interim Solution for BlackBerry Services
– Shutdown BlackBerry Enterprise Server (BES)
– Leverage AstraSync (Exchange ActiveSync)
38. Cloud Computing
• Case Study: e-Discovery FROM the Cloud
– Next Steps
• Upgrade to EV v10.0
– Incorporate Social Media
• Test BCP/DR e-Discovery Functionality
• BlackBerry Office 365
– Looking at BES Balance (“Data Boxing”)
• Leverage Office 365 for SharePoint, iOS & Android
– Nix AstraSync, Reviewing Hosted AirWatch & MobileIron for MDM
• Reviewing Cloud e-Discovery SaaS Solutions
– Symantec Enterprise Vault.cloud
– Microsoft Exchange Online Archiving (EOA)
39. Cloud Computing
• Presentation Take Aways
– Cloud = Re-Branded Business Model
–With New Bells & Whistles (Big Data, etc.)
– Paradigm Shift Towards Empowerment
– Strategy & Due Diligence Are VERY Important
–Must Consider the Business Ecosystem