SlideShare a Scribd company logo

Cloud computing & service level agreements

Download as PPT, PDF
Cade Zvavanjanja
Cade Zvavanjanja

Computing on clouds while wearing water proof service level agreements.

TechnologyBusiness
1 of 19
Computing in the clouds while wearing a good service level agreement By Cade Zvavanjanja CISO Gainful Information Security
THE CLOUD  “Cloud Computing” can mean different things  SaaS, PaaS, IaaS  Public Definitions:  NIST  Berkeley  ABA Legal Tech Resource Center  Service & Deployment Models:  Private, Public, Hybrid
DIFFERENT THAN BOXES STORED AT IRON MOUNTAIN?
HOW CLOUD DIFFERS  Access  Data Location  Greater Custody and Control Differentiation  Multi-Tenancy Capability
CLOUDY QUESTIONS  Location issues  Operation issues  Legislative/Regulatory issues  3rd party contractual limitations  Security/Privacy issues  Litigation/Investigative issues  Authenticity/Admissibility issues
CLOUD: WHEN BAD THINGS HAPPEN TO GOOD EVIDENCE  General Considerations  Potential Liability for Spoliation  Minimize Risk by Addressing Up Front the Need to Preserve and Produce ESI  Remedies for Spoliation
HOW DO YOU CONDUCT A FORENSIC EXAMINATION IN THE CLOUD?
CLOUD COMPUTING SERVICE LEVEL AGREEMENT CONSIDERATIONS  Use of data/Security  Location of data  No change of terms  Destruction  Ownership (assignment)  Subpoena response  Regulatory requirements  Insurance/Indemnity  Audits
SERVICE LEVEL AGREEMENT (SLA) SLA should contain:  The list of services the provider will deliver and a complete definition of each service.  Metrics to determine whether the provider is delivering the service as promised  Auditing mechanism to monitor the service.  Responsibilities of the provider and the consumer  Remedies available to both provider and client if the terms of the SLA are not met.  A description of how the SLA will change over time.
SERVICE LEVEL AGREEMENT (SLA)  Security: Client and CSP must understand security requirements.  Data encryption: Data must be encrypted while it is in motion and while it is at rest. The details of the encryption algorithms and access control policies should be specified.  Privacy: Basic privacy concerns are addressed by requirements such as data encryption, retention, and deletion. An SLA should make it clear how the cloud provider isolates data and applications in a multi-tenant environment.  Data retention/deletion: How does CSP prove they comply with retention laws and deletion policies?  Hardware erasure/ destruction: Same as #4.  Regulatory compliance: If regulations must be enforced because of the type of data, CSP must be able to prove compliance.  Transparency: For critical data and applications CSP must be proactive in notifying client when the terms of the SLA are breached including infrastructure issues like outages and performance problems as well as security incidents.
(SLA)  Certification: CSP should be responsible for proving required certification and keeping it current.  Performance definitions: Defining terminology such as uptime and other contractual metric terms (i.e. – uptime could mean all servers on continent are available or only one designated server is available.)  Monitoring: Responsible party for monitoring including identification of any third-party organization designated to monitor performance of the provider.  Audit Rights: To monitor for any data breaches including loss of data and availability issues. SLA should clarify when and how the audits will take place.  Metrics: to be monitored in real-time and audited after occurence. Metrics of an SLA must be objectively and unambiguously defined.  Human interaction: On-demand self-service is one of the basic characteristics of cloud computing, but SLA should provide customer service when needed. Review and summary of cloud service level agreements, From "Cloud Computing Use Cases Whitepaper" Version 4.0,
REALITY – CONTRACT ISSUE  Currently, the standard contracts offered by cloud computing providers are one-sided and service provider-friendly, with little opportunity to change terms.  Few offer meaningful service levels or assume any responsibility for legal compliance, security or data protection. Many permit suspension of service or unilateral termination, and disclaim all or most of the provider's potential liability.  In addition, some cloud computing providers emphasize low cost offerings, which leave little room for robust contractual commitments or customer requirements.
BEFORE YOU GO “TO THE CLOUD!” Security & Control No uniform standard for security and compliance among cloud providers. This may be bad - if you have evolved mature security and control discipline; or it may be a good thing, if you are looking for an external provider to help you with best practices. Cloud is not, per se, either secure or insecure. You simply need to set your own standards, be aware of what your cloud provider can and cannot deliver, and choose according to your desired level of risk.
BEFORE YOU GO “TO THE CLOUD!” Por tability & Compatibility Not all cloud providers are able to provide the same level of portability and compatibility. Extractingand restoring data may be a slow manual process due to API limitations and other restrictions. May be impossible to accomplish in a timely manner due to common limitations such as bandwidth. Applications may require significant changes to be compatible with storage in a non-specific location that changes in case of emergency. Be aware of your use cases, and make sure your recovery plan allows for the mobility of data the cloud will enable.
BEFORE YOU GO “TO THE CLOUD!” Longevity & Accessibility Consider and verify the longevity of CSP to ensure data will be accessible when and how, needed before committing to CSP as sole source for data recovery. During an analyst keynote speech at the 2010 CA InfoXchange event in Malaysia, the speaker estimated that a substantial number of current cloud providers will be out of business within 2 years. CSPs talked about 99.999 per cent uptime, or the equivalent of five minutes' downtime per year. This is the Holy Grail of cloud computing but achieving it requires multi million-dollar investments in redundant infrastructure.
BEFORE YOU GO “TO THE CLOUD!” Where does your data reside?  EU Data Privacy Concerns  Which laws apply, country of origin or country where data resides?
ESSENTIAL POWER CONTRACTS TO RETAIN  Realtime feed from data intrusion detection systems to permit monitoring of the security systems performance.  Performance standards mandating maximum downtime and platform stability.  Auditing rights – access to monitoring dashboard to see metrics on function of the system. Also onsite visits to provider.  Remediation power – including monetary penalties for downtime, termination in the event of security violations and notice of any breach.
ESSENTIAL CONTRACT POWERS TO RETAIN  Freedom to Move – contract must make it clear that the data owner retains all ownership of the data as well as access to the data. There should be a defined time frame for giving back all the data once request has been made as well as definition of the format for the data if it is to be moved or returned to the client to avoid any additional cost to reformat data to be moved to a new provider.  Preservation of metadata – what metadata will be maintained and any impact of the system upon that metadata.  Access to information for e-discovery – how accessible the data will be including time to extract.
Thank You Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117 Eml: info@gis.co.zw cade@gis.co.zw Web: www.gis.co.zw

Recommended

Cloud computing
Cloud computingCloud computing
Cloud computingReetesh Gupta
 
CS8791 Unit 2 Cloud Enabling Technologies
CS8791 Unit 2 Cloud Enabling TechnologiesCS8791 Unit 2 Cloud Enabling Technologies
CS8791 Unit 2 Cloud Enabling Technologieskarthikajegadeesan
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing ArchitectureAnimesh Chaturvedi
 
cloud computing, Principle and Paradigms: 1 introdution
cloud computing, Principle and Paradigms: 1 introdutioncloud computing, Principle and Paradigms: 1 introdution
cloud computing, Principle and Paradigms: 1 introdutionMajid Hajibaba
 
Migration into a Cloud
Migration into a CloudMigration into a Cloud
Migration into a CloudDivya S
 
Sla in cloud
Sla in cloudSla in cloud
Sla in cloudPankesh Patel
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cloud Computing- components, working, pros and cons
Cloud Computing- components, working, pros and consCloud Computing- components, working, pros and cons
Cloud Computing- components, working, pros and consAmritpal Singh Bedi
 

Recommended

Cloud computing
Cloud computingCloud computing
Cloud computingReetesh Gupta
 
CS8791 Unit 2 Cloud Enabling Technologies
CS8791 Unit 2 Cloud Enabling TechnologiesCS8791 Unit 2 Cloud Enabling Technologies
CS8791 Unit 2 Cloud Enabling Technologieskarthikajegadeesan
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing ArchitectureAnimesh Chaturvedi
 
cloud computing, Principle and Paradigms: 1 introdution
cloud computing, Principle and Paradigms: 1 introdutioncloud computing, Principle and Paradigms: 1 introdution
cloud computing, Principle and Paradigms: 1 introdutionMajid Hajibaba
 
Migration into a Cloud
Migration into a CloudMigration into a Cloud
Migration into a CloudDivya S
 
Sla in cloud
Sla in cloudSla in cloud
Sla in cloudPankesh Patel
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cloud Computing- components, working, pros and cons
Cloud Computing- components, working, pros and consCloud Computing- components, working, pros and cons
Cloud Computing- components, working, pros and consAmritpal Singh Bedi
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Public cloud
Public cloudPublic cloud
Public cloudDr.Neeraj Kumar Pandey
 
Service level agreement in cloud computing an overview
Service level agreement in cloud computing an overviewService level agreement in cloud computing an overview
Service level agreement in cloud computing an overviewDr Neelesh Jain
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment modelsAshok Kumar
 
Cloud Architecture
Cloud ArchitectureCloud Architecture
Cloud ArchitectureArief Gunawan
 
Cloud provenance
Cloud provenanceCloud provenance
Cloud provenanceMinnu C Tomy
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacytmather
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksWilliam McBorrough
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Introduction Of Cloud Computing
Introduction Of Cloud Computing Introduction Of Cloud Computing
Introduction Of Cloud Computing Md Nazrul Islam Roxy
 
Cloud Computing & Distributed Computing
Cloud Computing & Distributed ComputingCloud Computing & Distributed Computing
Cloud Computing & Distributed ComputingAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Applications of Distributed Systems
Applications of Distributed SystemsApplications of Distributed Systems
Applications of Distributed Systemssandra sukarieh
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureAdeel Javaid
 
Cloud Computing & Cloud Architecture
Cloud Computing & Cloud ArchitectureCloud Computing & Cloud Architecture
Cloud Computing & Cloud Architecturenotnip
 
Introduction to Integration Technologies
Introduction to Integration TechnologiesIntroduction to Integration Technologies
Introduction to Integration TechnologiesBizTalk360
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it securityEast Midlands Cyber Security Forum
 
Cloud Services As An Enabler
Cloud Services As An EnablerCloud Services As An Enabler
Cloud Services As An EnablerSLA-Ready Network
 

More Related Content

What's hot

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Service level agreement in cloud computing an overview
Service level agreement in cloud computing an overviewService level agreement in cloud computing an overview
Service level agreement in cloud computing an overviewDr Neelesh Jain
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment modelsAshok Kumar
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacytmather
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksWilliam McBorrough
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Applications of Distributed Systems
Applications of Distributed SystemsApplications of Distributed Systems
Applications of Distributed Systemssandra sukarieh
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureAdeel Javaid
 
Cloud Computing & Cloud Architecture
Cloud Computing & Cloud ArchitectureCloud Computing & Cloud Architecture
Cloud Computing & Cloud Architecturenotnip
 
Introduction to Integration Technologies
Introduction to Integration TechnologiesIntroduction to Integration Technologies
Introduction to Integration TechnologiesBizTalk360
 

What's hot (20)

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Public cloud
Public cloudPublic cloud
Public cloud
 
Service level agreement in cloud computing an overview
Service level agreement in cloud computing an overviewService level agreement in cloud computing an overview
Service level agreement in cloud computing an overview
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment models
 
Cloud Architecture
Cloud ArchitectureCloud Architecture
Cloud Architecture
 
Cloud provenance
Cloud provenanceCloud provenance
Cloud provenance
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacy
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Introduction Of Cloud Computing
Introduction Of Cloud Computing Introduction Of Cloud Computing
Introduction Of Cloud Computing
 
Cloud Computing & Distributed Computing
Cloud Computing & Distributed ComputingCloud Computing & Distributed Computing
Cloud Computing & Distributed Computing
 
Applications of Distributed Systems
Applications of Distributed SystemsApplications of Distributed Systems
Applications of Distributed Systems
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architecture
 
Cloud Computing & Cloud Architecture
Cloud Computing & Cloud ArchitectureCloud Computing & Cloud Architecture
Cloud Computing & Cloud Architecture
 
Introduction to Integration Technologies
Introduction to Integration TechnologiesIntroduction to Integration Technologies
Introduction to Integration Technologies
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101
 

Similar to Cloud computing & service level agreements

Cloud Services As An Enabler
Cloud Services As An EnablerCloud Services As An Enabler
Cloud Services As An EnablerSLA-Ready Network
 
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachSLA-Ready Network
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveJanine Anthony Bowen, Esq.
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computingmovinghats
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computingRitambhara Agrawal
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensenjaredcarst
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudHappiest Minds Technologies
 
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1David Spinks
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Happiest Minds Technologies
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contractsMeera Kaul
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingJanine Anthony Bowen, Esq.
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110guestd7fc9c
 

Similar to Cloud computing & service level agreements (20)

Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Cloud Services As An Enabler
Cloud Services As An EnablerCloud Services As An Enabler
Cloud Services As An Enabler
 
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers Perspective
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the Cloud
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensen
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
 
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contracts
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud Computing
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cloud Security.ppt
Cloud Security.pptCloud Security.ppt
Cloud Security.ppt
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
 
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
 

More from Cade Zvavanjanja

Cade zvavanjanja saigf cybercrime & security online
Cade zvavanjanja saigf cybercrime & security onlineCade zvavanjanja saigf cybercrime & security online
Cade zvavanjanja saigf cybercrime & security onlineCade Zvavanjanja
 
Cade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade Zvavanjanja
 
Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cade Zvavanjanja
 
A case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaA case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaCade Zvavanjanja
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Cade Zvavanjanja
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresCade Zvavanjanja
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT SecurityCade Zvavanjanja
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 

More from Cade Zvavanjanja (10)

Cade zvavanjanja saigf cybercrime & security online
Cade zvavanjanja saigf cybercrime & security onlineCade zvavanjanja saigf cybercrime & security online
Cade zvavanjanja saigf cybercrime & security online
 
Cade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf online
 
comesa cybersecurity
comesa cybersecuritycomesa cybersecurity
comesa cybersecurity
 
Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1
 
A case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaA case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanja
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasures
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT Security
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Top online frauds 2010
Top online frauds 2010Top online frauds 2010
Top online frauds 2010
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Cloud computing & service level agreements

  • 1. Computing in the clouds while wearing a good service level agreement By Cade Zvavanjanja CISO Gainful Information Security
  • 2. THE CLOUD  “Cloud Computing” can mean different things  SaaS, PaaS, IaaS  Public Definitions:  NIST  Berkeley  ABA Legal Tech Resource Center  Service & Deployment Models:  Private, Public, Hybrid
  • 3. DIFFERENT THAN BOXES STORED AT IRON MOUNTAIN?
  • 4. HOW CLOUD DIFFERS  Access  Data Location  Greater Custody and Control Differentiation  Multi-Tenancy Capability
  • 5. CLOUDY QUESTIONS  Location issues  Operation issues  Legislative/Regulatory issues  3rd party contractual limitations  Security/Privacy issues  Litigation/Investigative issues  Authenticity/Admissibility issues
  • 6. CLOUD: WHEN BAD THINGS HAPPEN TO GOOD EVIDENCE  General Considerations  Potential Liability for Spoliation  Minimize Risk by Addressing Up Front the Need to Preserve and Produce ESI  Remedies for Spoliation
  • 7. HOW DO YOU CONDUCT A FORENSIC EXAMINATION IN THE CLOUD?
  • 8. CLOUD COMPUTING SERVICE LEVEL AGREEMENT CONSIDERATIONS  Use of data/Security  Location of data  No change of terms  Destruction  Ownership (assignment)  Subpoena response  Regulatory requirements  Insurance/Indemnity  Audits
  • 9. SERVICE LEVEL AGREEMENT (SLA) SLA should contain:  The list of services the provider will deliver and a complete definition of each service.  Metrics to determine whether the provider is delivering the service as promised  Auditing mechanism to monitor the service.  Responsibilities of the provider and the consumer  Remedies available to both provider and client if the terms of the SLA are not met.  A description of how the SLA will change over time.
  • 10. SERVICE LEVEL AGREEMENT (SLA)  Security: Client and CSP must understand security requirements.  Data encryption: Data must be encrypted while it is in motion and while it is at rest. The details of the encryption algorithms and access control policies should be specified.  Privacy: Basic privacy concerns are addressed by requirements such as data encryption, retention, and deletion. An SLA should make it clear how the cloud provider isolates data and applications in a multi-tenant environment.  Data retention/deletion: How does CSP prove they comply with retention laws and deletion policies?  Hardware erasure/ destruction: Same as #4.  Regulatory compliance: If regulations must be enforced because of the type of data, CSP must be able to prove compliance.  Transparency: For critical data and applications CSP must be proactive in notifying client when the terms of the SLA are breached including infrastructure issues like outages and performance problems as well as security incidents.
  • 11. (SLA)  Certification: CSP should be responsible for proving required certification and keeping it current.  Performance definitions: Defining terminology such as uptime and other contractual metric terms (i.e. – uptime could mean all servers on continent are available or only one designated server is available.)  Monitoring: Responsible party for monitoring including identification of any third-party organization designated to monitor performance of the provider.  Audit Rights: To monitor for any data breaches including loss of data and availability issues. SLA should clarify when and how the audits will take place.  Metrics: to be monitored in real-time and audited after occurence. Metrics of an SLA must be objectively and unambiguously defined.  Human interaction: On-demand self-service is one of the basic characteristics of cloud computing, but SLA should provide customer service when needed. Review and summary of cloud service level agreements, From "Cloud Computing Use Cases Whitepaper" Version 4.0,
  • 12. REALITY – CONTRACT ISSUE  Currently, the standard contracts offered by cloud computing providers are one-sided and service provider-friendly, with little opportunity to change terms.  Few offer meaningful service levels or assume any responsibility for legal compliance, security or data protection. Many permit suspension of service or unilateral termination, and disclaim all or most of the provider's potential liability.  In addition, some cloud computing providers emphasize low cost offerings, which leave little room for robust contractual commitments or customer requirements.
  • 13. BEFORE YOU GO “TO THE CLOUD!” Security & Control No uniform standard for security and compliance among cloud providers. This may be bad - if you have evolved mature security and control discipline; or it may be a good thing, if you are looking for an external provider to help you with best practices. Cloud is not, per se, either secure or insecure. You simply need to set your own standards, be aware of what your cloud provider can and cannot deliver, and choose according to your desired level of risk.
  • 14. BEFORE YOU GO “TO THE CLOUD!” Por tability & Compatibility Not all cloud providers are able to provide the same level of portability and compatibility. Extractingand restoring data may be a slow manual process due to API limitations and other restrictions. May be impossible to accomplish in a timely manner due to common limitations such as bandwidth. Applications may require significant changes to be compatible with storage in a non-specific location that changes in case of emergency. Be aware of your use cases, and make sure your recovery plan allows for the mobility of data the cloud will enable.
  • 15. BEFORE YOU GO “TO THE CLOUD!” Longevity & Accessibility Consider and verify the longevity of CSP to ensure data will be accessible when and how, needed before committing to CSP as sole source for data recovery. During an analyst keynote speech at the 2010 CA InfoXchange event in Malaysia, the speaker estimated that a substantial number of current cloud providers will be out of business within 2 years. CSPs talked about 99.999 per cent uptime, or the equivalent of five minutes' downtime per year. This is the Holy Grail of cloud computing but achieving it requires multi million-dollar investments in redundant infrastructure.
  • 16. BEFORE YOU GO “TO THE CLOUD!” Where does your data reside?  EU Data Privacy Concerns  Which laws apply, country of origin or country where data resides?
  • 17. ESSENTIAL POWER CONTRACTS TO RETAIN  Realtime feed from data intrusion detection systems to permit monitoring of the security systems performance.  Performance standards mandating maximum downtime and platform stability.  Auditing rights – access to monitoring dashboard to see metrics on function of the system. Also onsite visits to provider.  Remediation power – including monetary penalties for downtime, termination in the event of security violations and notice of any breach.
  • 18. ESSENTIAL CONTRACT POWERS TO RETAIN  Freedom to Move – contract must make it clear that the data owner retains all ownership of the data as well as access to the data. There should be a defined time frame for giving back all the data once request has been made as well as definition of the format for the data if it is to be moved or returned to the client to avoid any additional cost to reformat data to be moved to a new provider.  Preservation of metadata – what metadata will be maintained and any impact of the system upon that metadata.  Access to information for e-discovery – how accessible the data will be including time to extract.
  • 19. Thank You Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117 Eml: info@gis.co.zw cade@gis.co.zw Web: www.gis.co.zw