SlideShare a Scribd company logo

Cloud_Computing_IIMC_v1

Download as PPTX, PDF
Steve Markey
Steve Markey
1 of 53
Cloud Computing Primer for Municipal Records Management Steven C. Markey,MSIS,PMP,CISSP,CIPP,CISM,CISA,STS-EV,CCSK Principal,nControl,LLC AdjunctProfessor
• Presentation Overview – Cloud Overview • General • Business Case for Cloud Computing • Security Guidance • Selecting a Cloud Service Provider (CSP) • Records & Info Management (RIM) in the Cloud • Municipal Government in the Cloud – Case Studies • IlliniCloud • Washington D.C. Cloud Computing
• General Overview – Why should you care about the “cloud”? Cloud Computing
• What is Cloud Computing? – Re-Branded IT Business Model • Application Service Provider (ASP) • IT Outsourcing (ITO) – Formal Characteristics • Resource Pooling • Rapid Elasticity – Confusion • Hosting • Virtualization • Service Provider Cloud Computing
Service Delivery Models Source: Swain Techs
Source: Matthew Gardiner, Computer Associates Responsibility
SaaS Providers
PaaS Providers
IaaS Providers
Private Cloud • Dedicated Clouds – Usually Hosted Internally • Use Chargeback/Shared Services Model – External Private Clouds Exist
Hosting Providers
Third Parties
• Business Case for Cloud Computing – Time-to-Market – Global Presence – Focus on Core Competency – Elasticity – Cost-Benefit Analysis (CBA) Cloud Computing
Source: Flickr
• Partly Cloudy with a Chance of Risk! – The Cloud is Perceived as Risky Business • Lack of Control • Regulatory Compliance • Hacks, Outages, Disasters….Oh My! Source: Youtube Cloud Computing
Cloud Computing • Data Breaches & Security Incidents – Average Cost: $7.2 million – http://www.networkworld.com/news/2011/030811- ponemon-data-breach.html – Leading Cause: Negligence, 41%; Hacks, 31% – http://www.networkworld.com/news/2011/030811- ponemon-data-breach.html – Responsible Party: Vendors, 39% – http://www.theiia.org/chapters/index.cfm/view.news_detail/ cid/197/newsid/13809 – Increased Frequency: 2010-2011, 58% – http://www.out-law.com/en/articles/2011/october/personal- data-breaches-on-the-increase-in-private-sector-reports-ico/
• Security Guidance – Existing Certifications/Attestations • SAS 70 Type II/SSAE 16/ISAE 3402 • ISO 27001/2, 27036, 15489 • BITS Shared Assessments • PCI DSS • HIPAA/HITECH – Guidance Specifically for the Cloud • Cloud Security Alliance (CSA) Guide v3.0 • ENISA Cloud Computing Risk Assessment • NIST SP 800-144 Guidelines Security/Privacy for a Public Cloud Cloud Computing
Cloud Computing
• Selecting a CSP – Service Provider/Consumer Process Alignment – Portability/Interoperability – Contractual/Legal Agreements – Industry Tools Cloud Computing
• Service Provider/Consumer Process Alignment – Change/Configuration Management – Loading/Offloading – Disaster Recovery – Incident Response – Legal Hold/Litigation Response/e-Discovery • Electronic Discovery Reference Model (EDRM) – Records and Information Management (RIM) • Generally Accepted Recordkeeping Principles (GARP) • Information Governance Reference Model (IGRM) • Information Lifecycle Management (ILM) Cloud Computing
• Portability/Interoperability – Software – Data – Third Parties Cloud Computing
• Contractual/Legal Agreements – Service Level Agreements (SLA) • Up-Time • Jurisdiction • Data Ownership – Escrow Data – Include Metadata • Exit Clause • Testing – Disaster Recovery – Incident Response – Legal Hold/Litigation Response/e-Discovery Cloud Computing
• Contractual/Legal Agreements – Service Level Agreements (SLA) • Right to Audit – Vendor & Vendor’s Vendors – Public Sector Specific Cloud Computing
• Industry Tools – Selection • Gravitant CloudWiz • VMware Cloud Readiness Self-Assessment Tool – Brokerage/Management • RightScale • CloudFloor • Skydera • enStratus Cloud Computing
• Industry Tools – Migration • Bit Titan MigrationWiz • Layer 2 SharePoint Cloud Connector • Metalogix StoragePoint • AvePoint DocAve Migrator Cloud Computing
Cloud Computing • RIM in the Cloud – Process • Self-Service Provisioning • CSP Brokerage, Monitoring & Metering • CSP Information Governance • CSP Adherence to Standards – NIST » SP 800-92: Log Management – ISO » 15489: Records Management » 23081: Records Metadata » 15386: Digital Archive » 30300/303001: RIM Management System » 17024: Conformity Assessment
Cloud Computing • RIM in the Cloud – People • More Empowered: Shadow IT, Consumerized IT – Millenials Expect Autonomy – Bring Your Own Device (BYOD) – Less Office Time, But Always On • Increased Roles & Responsibilities • Additional Tech/Analytical Skill-Sets Required – Technology • Commoditized • CSP Metadata • New Technologies: Non-Relational Database Architectures • New Paradigms: Big Data (Data Lakes & Cloud)
• Municipal Government in the Cloud Cloud Computing Source: Cisco
• Municipal Government in the Cloud – Budget/Size – Technical Strategy – Risk Appetite/Tolerance – Constituents Cloud Computing
• Municipal Government in the Cloud – Budget/Size –Not all municipalities are the same –Economy of scale with vendors –Bigger does not mean better –Smaller = Nimble –Community clouds Cloud Computing
• Municipal Government in the Cloud – Technical Strategy –Internal Staff –Outsourcing/In-Sourcing –Vendors/Partners –Best-of-Breed/Lowest Bidder Cloud Computing
• Municipal Government in the Cloud – Risk Appetite/Tolerance –Not all risks are the same –911 & Operational Risk – Constituents –Not all constituents are technical Cloud Computing
• Case Study: IlliniCloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps Cloud Computing
• Case Study: IlliniCloud – Background • Community Cloud • Illinois School Districts – Drivers • Budget – Technologies • Virtualization: VMware • Networking: Cisco Cloud Computing
• Case Study: IlliniCloud – Limitations • Budget • Skill-Set – Risks • Security • Privacy • System Interoperability Cloud Computing
• Case Study: IlliniCloud – Lessons Learned • One’s smallest client may be its largest consumer. • A particular service (e.g., video conferencing) may be a surprise hit. • The delivery of a blended hardware/software solution set may be appropriate in order to receive the maximum return on investment (ROI). • A service that may have been cost prohibitive before may be cost effective in a cloud environment. • Collaboration (with stakeholders) is key to enhanced participation. Cloud Computing
• Case Study: IlliniCloud – Lessons Learned • One’s smallest client may be its largest consumer. • Community cloud consumers should not underestimate the economies of scale/cost efficiencies that can be reached by deploying a community cloud. • An organization should focus on its core competency/technical skill set, thus enabling the use of these different skill sets throughout the conglomerate. • An organization can leverage a community cloud for necessities, such as disaster recovery (DR). • Community clouds leverage a grassroots approach for stakeholder buy-in. Cloud Computing
• Case Study: IlliniCloud – Next Steps • Master Data Management (MDM) • Using Hypervisor Neutral Technologies • Packaging Software/System Solutions • Expanding User-base • Federated Identities Cloud Computing
Cloud Computing • Case Study: D.C. IN the Cloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps
Cloud Computing • Case Study: D.C. IN the Cloud – Background • 38,000 Employees/Contractors – Drivers • Cost – Technologies • Cloud: Google Apps (Docs), Drive (Storage) & Gmail
Cloud Computing • Case Study: D.C. IN the Cloud – Limitations • Budget – Risks • Software/System Interoperability • Data Privacy • Intuitive Use • Administration
Cloud Computing • Case Study: D.C. IN the Cloud – (Hypothetical) Lessons Learned • Limited Cost Savings • Vendor Lock-In
Cloud Computing • Case Study: D.C. IN the Cloud – (Hypothetical) Next Steps • Test Gmail/Postini Message Discovery • Use CloudLock Data Discovery • Use Google AppEngine (PaaS) to Develop New Apps • Federated Identities
Cloud Computing • Presentation Take Aways – Cloud = Re-Branded Business Model –With New Bells & Whistles (Big Data, etc.) – Paradigm Shift Towards Empowerment – Strategy & Due Diligence Are VERY Important –Must Consider the Business Ecosystem
Cloud Computing • References – CSA Guide: https://cloudsecurityalliance.org/research/security-guidance/ – BITS Enterprise Cloud Self-Assessment: http://sharedassessments.org/media/pdf-EnterpriseCloud-SA.pdf – ENISA Risk Assessment: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk- assessment – NIST SP 800-144: http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf – VMware CRSA: http://getcloudready.vmware.com/crsa/ – Bit Titan MigrationWiz: https://www.migrationwiz.com/Secure/Default.aspx – Gravitant cloudWiz: http://www.gravitant.com/cloudwiz-home.html – RightScale: http://www.rightscale.com/ – CloudFloor: http://www.cloudfloor.com/ – Skydera: http://www.skydera.com/ – enStratus: http://enstratus.com/ – Layer 2: http://www.layer2.de/en/products/Pages/Cloud-Connector-for-SharePoint-2010-Office365.aspx – Metalogix StoragePoint: http://www.metalogix.com/Products/StoragePoint.aspx – AvePoint DocAve: http://www.avepoint.com/sharepoint-to-sharepoint-migration-docave/ – GovTech: http://www.itnewsafrica.com/2011/09/govtech-cloud-allows-gov-citizen-connection/
Cloud Computing • Personal References – PenTest Magazine, "Scanning Your Cloud Environment": http://pentestmag.com/client-side-exploits-pentest- 082011/ – ISACA Journal, "Testing Your Incident Response Plan": http://www.isaca.org/Journal/Current- Issue/Pages/default.aspx – e-Discovery 2.0: In the Cloud: https://s3.amazonaws.com/nControl-Docs/CSA11_Session-SMarkey.ppt – Security in the Cloud: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Security.ppt – System Architecture & Engineering for the Cloud: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing-Architecture_Engineering.ppt – Cloud Computing Primer: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Basic.ppt – Cloud Computing - Authentication & Encryption: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_II.ppt – Cloud Computing - Application & Virtualization Security: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_III.ppt – Securing Your ESI: https://s3.amazonaws.com/nControl-Docs/Securing_Your_ESI_v2.ppt
• Questions? • Contact – Email: steve@ncontrol-llc.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey

Recommended

Cloud computing arma_nnj
Cloud computing arma_nnjCloud computing arma_nnj
Cloud computing arma_nnj
scm24
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmont
scm24
 
Is cloud computing really ready for prime time
Is cloud computing really ready for prime timeIs cloud computing really ready for prime time
Is cloud computing really ready for prime time
Vaishnavi
 
Maximizing your share_point_investment_final
Maximizing your share_point_investment_finalMaximizing your share_point_investment_final
Maximizing your share_point_investment_final
scm24
 
Group 39 presentation cloud computing
Group 39 presentation cloud computingGroup 39 presentation cloud computing
Group 39 presentation cloud computing
Deepak Shukla
 
Embracing Cloud in a Traditional Data Center
Embracing Cloud in a Traditional Data CenterEmbracing Cloud in a Traditional Data Center
Embracing Cloud in a Traditional Data Center
Brian Anderson
 
Cloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleCloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop Sample
Alan Quayle
 
Fernando sousa
Fernando sousaFernando sousa
Fernando sousa
EuroCloud
 

Recommended

Cloud computing arma_nnj
Cloud computing arma_nnjCloud computing arma_nnj
Cloud computing arma_nnj
scm24
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmont
scm24
 
Is cloud computing really ready for prime time
Is cloud computing really ready for prime timeIs cloud computing really ready for prime time
Is cloud computing really ready for prime time
Vaishnavi
 
Maximizing your share_point_investment_final
Maximizing your share_point_investment_finalMaximizing your share_point_investment_final
Maximizing your share_point_investment_final
scm24
 
Group 39 presentation cloud computing
Group 39 presentation cloud computingGroup 39 presentation cloud computing
Group 39 presentation cloud computing
Deepak Shukla
 
Embracing Cloud in a Traditional Data Center
Embracing Cloud in a Traditional Data CenterEmbracing Cloud in a Traditional Data Center
Embracing Cloud in a Traditional Data Center
Brian Anderson
 
Cloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleCloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop Sample
Alan Quayle
 
Fernando sousa
Fernando sousaFernando sousa
Fernando sousa
EuroCloud
 
Cloud computing boi fair 9jan2012
Cloud computing boi fair 9jan2012Cloud computing boi fair 9jan2012
Cloud computing boi fair 9jan2012
punyagup
 
Pulse Comes To You Intro
Pulse Comes To You IntroPulse Comes To You Intro
Pulse Comes To You Intro
IBM Danmark
 
Road Map da Virtualização para Cloud Computing
Road Map da Virtualização para Cloud ComputingRoad Map da Virtualização para Cloud Computing
Road Map da Virtualização para Cloud Computing
Webcasts developerWorks Brasil
 
CRTC Cloud- Scott Sadler
CRTC Cloud- Scott SadlerCRTC Cloud- Scott Sadler
CRTC Cloud- Scott Sadler
KrisValerio
 
Economics of Cloud Computing (Jazoon'11)
Economics of Cloud Computing (Jazoon'11)Economics of Cloud Computing (Jazoon'11)
Economics of Cloud Computing (Jazoon'11)
Netcetera
 
Net App Cisco V Mware Integrated Presov6
Net App Cisco V Mware Integrated Presov6Net App Cisco V Mware Integrated Presov6
Net App Cisco V Mware Integrated Presov6
jnava09
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Tannya seth
 
Cc
CcCc
Cc
Sunny Sreekanth
 
Adopting the open group cloud eco system reference model
Adopting the open group cloud eco system reference modelAdopting the open group cloud eco system reference model
Adopting the open group cloud eco system reference model
Krishna-Kumar
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
UOS
 
The cloud talk
The cloud talkThe cloud talk
The cloud talk
Pethuru Raj PhD
 
Why the Cloud?
Why the Cloud?Why the Cloud?
Why the Cloud?
Carlos Martin Hernandez
 
BBIM510 Lecture (2014)
BBIM510 Lecture (2014)BBIM510 Lecture (2014)
BBIM510 Lecture (2014)
Arjun Shivraj
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Ram Mohan
 
CLOUD COMPUTING V.S.ARJUN
CLOUD COMPUTING V.S.ARJUNCLOUD COMPUTING V.S.ARJUN
CLOUD COMPUTING V.S.ARJUN
V S ARJUN
 
Coud discovery chap 10
Coud discovery chap 10Coud discovery chap 10
Coud discovery chap 10
Alain Charpentier
 
Cloud adoption success and challenges - July 2014
Cloud adoption success and challenges - July 2014Cloud adoption success and challenges - July 2014
Cloud adoption success and challenges - July 2014
IBM Thailand Co Ltd
 
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Marius Zaharia
 
Cloud computing
Cloud computingCloud computing
Cloud computing
anumidha
 
Cloud 122 building the perfect cloud
Cloud 122 building the perfect cloudCloud 122 building the perfect cloud
Cloud 122 building the perfect cloud
Scott Simmons
 
ICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINAL
Steve Markey
 
Presentatie hrm inspiratiedag
Presentatie hrm inspiratiedagPresentatie hrm inspiratiedag
Presentatie hrm inspiratiedag
Esther Mallant
 

More Related Content

What's hot

Pulse Comes To You Intro
Pulse Comes To You IntroPulse Comes To You Intro
Pulse Comes To You Intro
IBM Danmark
 
BBIM510 Lecture (2014)
BBIM510 Lecture (2014)BBIM510 Lecture (2014)
BBIM510 Lecture (2014)
Arjun Shivraj
 

What's hot (20)

Cloud computing boi fair 9jan2012
Cloud computing boi fair 9jan2012Cloud computing boi fair 9jan2012
Cloud computing boi fair 9jan2012
 
Pulse Comes To You Intro
Pulse Comes To You IntroPulse Comes To You Intro
Pulse Comes To You Intro
 
Road Map da Virtualização para Cloud Computing
Road Map da Virtualização para Cloud ComputingRoad Map da Virtualização para Cloud Computing
Road Map da Virtualização para Cloud Computing
 
CRTC Cloud- Scott Sadler
CRTC Cloud- Scott SadlerCRTC Cloud- Scott Sadler
CRTC Cloud- Scott Sadler
 
Economics of Cloud Computing (Jazoon'11)
Economics of Cloud Computing (Jazoon'11)Economics of Cloud Computing (Jazoon'11)
Economics of Cloud Computing (Jazoon'11)
 
Net App Cisco V Mware Integrated Presov6
Net App Cisco V Mware Integrated Presov6Net App Cisco V Mware Integrated Presov6
Net App Cisco V Mware Integrated Presov6
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cc
CcCc
Cc
 
Adopting the open group cloud eco system reference model
Adopting the open group cloud eco system reference modelAdopting the open group cloud eco system reference model
Adopting the open group cloud eco system reference model
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
The cloud talk
The cloud talkThe cloud talk
The cloud talk
 
Why the Cloud?
Why the Cloud?Why the Cloud?
Why the Cloud?
 
BBIM510 Lecture (2014)
BBIM510 Lecture (2014)BBIM510 Lecture (2014)
BBIM510 Lecture (2014)
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
CLOUD COMPUTING V.S.ARJUN
CLOUD COMPUTING V.S.ARJUNCLOUD COMPUTING V.S.ARJUN
CLOUD COMPUTING V.S.ARJUN
 
Coud discovery chap 10
Coud discovery chap 10Coud discovery chap 10
Coud discovery chap 10
 
Cloud adoption success and challenges - July 2014
Cloud adoption success and challenges - July 2014Cloud adoption success and challenges - July 2014
Cloud adoption success and challenges - July 2014
 
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud 122 building the perfect cloud
Cloud 122 building the perfect cloudCloud 122 building the perfect cloud
Cloud 122 building the perfect cloud
 

Viewers also liked

ICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINAL
Steve Markey
 
Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2
Steve Markey
 
Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Securing_Medical_Devices_v5
Securing_Medical_Devices_v5
Steve Markey
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
Steve Markey
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clients
Steve Markey
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015
Erin Perkins
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4
Steve Markey
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12
Steve Markey
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5
Steve Markey
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnl
Thuyly Vu
 

Viewers also liked (20)

ICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINAL
 
Presentatie hrm inspiratiedag
Presentatie hrm inspiratiedagPresentatie hrm inspiratiedag
Presentatie hrm inspiratiedag
 
Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2
 
Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Securing_Medical_Devices_v5
Securing_Medical_Devices_v5
 
Safety webinar with mark friend
Safety webinar with mark friendSafety webinar with mark friend
Safety webinar with mark friend
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
 
Alpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneAlpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the Capstone
 
Maotchitim
MaotchitimMaotchitim
Maotchitim
 
Cryptov2 v1
Cryptov2 v1Cryptov2 v1
Cryptov2 v1
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clients
 
Passion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartPassion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia Earhart
 
ERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China TripERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China Trip
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015
 
MARIA AUXILIADORA
MARIA AUXILIADORAMARIA AUXILIADORA
MARIA AUXILIADORA
 
Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014
 
SSO_Good_Bad_Ugly
SSO_Good_Bad_UglySSO_Good_Bad_Ugly
SSO_Good_Bad_Ugly
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnl
 

Similar to Cloud_Computing_IIMC_v1

Selecting csp iapp_summit_2012 - 5-february
Selecting csp iapp_summit_2012 - 5-februarySelecting csp iapp_summit_2012 - 5-february
Selecting csp iapp_summit_2012 - 5-february
scm24
 
Cloud Computing and Data Governance
Cloud Computing and Data GovernanceCloud Computing and Data Governance
Cloud Computing and Data Governance
Trillium Software
 
E discovery 2-cloud_v5
E discovery 2-cloud_v5E discovery 2-cloud_v5
E discovery 2-cloud_v5
scm24
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
Tudor Damian
 
Cloud Computing in Africa
Cloud Computing in AfricaCloud Computing in Africa
Cloud Computing in Africa
techzimslides
 
Enterprise Blockchains – A Pragmatic & Realistic Guide for CIOs/CDOS
Enterprise Blockchains – A Pragmatic & Realistic Guide for CIOs/CDOSEnterprise Blockchains – A Pragmatic & Realistic Guide for CIOs/CDOS
Enterprise Blockchains – A Pragmatic & Realistic Guide for CIOs/CDOS
Iceventure
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
ikanow
 

Similar to Cloud_Computing_IIMC_v1 (20)

Selecting csp iapp_summit_2012 - 5-february
Selecting csp iapp_summit_2012 - 5-februarySelecting csp iapp_summit_2012 - 5-february
Selecting csp iapp_summit_2012 - 5-february
 
Rubik cloud risks-jun2012
Rubik cloud risks-jun2012Rubik cloud risks-jun2012
Rubik cloud risks-jun2012
 
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyMay 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing Introduction
Cloud Computing IntroductionCloud Computing Introduction
Cloud Computing Introduction
 
Cloud Computing and Data Governance
Cloud Computing and Data GovernanceCloud Computing and Data Governance
Cloud Computing and Data Governance
 
E discovery 2-cloud_v5
E discovery 2-cloud_v5E discovery 2-cloud_v5
E discovery 2-cloud_v5
 
Financial impact of Cloud Computing
Financial impact of Cloud ComputingFinancial impact of Cloud Computing
Financial impact of Cloud Computing
 
Cloud Computing in Alaska
Cloud Computing in AlaskaCloud Computing in Alaska
Cloud Computing in Alaska
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
4831586.ppt
4831586.ppt4831586.ppt
4831586.ppt
 
Cloud Computing in Africa
Cloud Computing in AfricaCloud Computing in Africa
Cloud Computing in Africa
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
 
Enterprise Blockchains – A Pragmatic & Realistic Guide for CIOs/CDOS
Enterprise Blockchains – A Pragmatic & Realistic Guide for CIOs/CDOSEnterprise Blockchains – A Pragmatic & Realistic Guide for CIOs/CDOS
Enterprise Blockchains – A Pragmatic & Realistic Guide for CIOs/CDOS
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
 
Business in the cloud
Business in the cloudBusiness in the cloud
Business in the cloud
 
Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby presentation to cloud workshop 2016Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby presentation to cloud workshop 2016
 

Cloud_Computing_IIMC_v1

  • 1. Cloud Computing Primer for Municipal Records Management Steven C. Markey,MSIS,PMP,CISSP,CIPP,CISM,CISA,STS-EV,CCSK Principal,nControl,LLC AdjunctProfessor
  • 2. • Presentation Overview – Cloud Overview • General • Business Case for Cloud Computing • Security Guidance • Selecting a Cloud Service Provider (CSP) • Records & Info Management (RIM) in the Cloud • Municipal Government in the Cloud – Case Studies • IlliniCloud • Washington D.C. Cloud Computing
  • 3. • General Overview – Why should you care about the “cloud”? Cloud Computing
  • 4.
  • 5.
  • 6. • What is Cloud Computing? – Re-Branded IT Business Model • Application Service Provider (ASP) • IT Outsourcing (ITO) – Formal Characteristics • Resource Pooling • Rapid Elasticity – Confusion • Hosting • Virtualization • Service Provider Cloud Computing
  • 7.
  • 9. Source: Matthew Gardiner, Computer Associates Responsibility
  • 13. Private Cloud • Dedicated Clouds – Usually Hosted Internally • Use Chargeback/Shared Services Model – External Private Clouds Exist
  • 16. • Business Case for Cloud Computing – Time-to-Market – Global Presence – Focus on Core Competency – Elasticity – Cost-Benefit Analysis (CBA) Cloud Computing
  • 18. • Partly Cloudy with a Chance of Risk! – The Cloud is Perceived as Risky Business • Lack of Control • Regulatory Compliance • Hacks, Outages, Disasters….Oh My! Source: Youtube Cloud Computing
  • 19. Cloud Computing • Data Breaches & Security Incidents – Average Cost: $7.2 million – http://www.networkworld.com/news/2011/030811- ponemon-data-breach.html – Leading Cause: Negligence, 41%; Hacks, 31% – http://www.networkworld.com/news/2011/030811- ponemon-data-breach.html – Responsible Party: Vendors, 39% – http://www.theiia.org/chapters/index.cfm/view.news_detail/ cid/197/newsid/13809 – Increased Frequency: 2010-2011, 58% – http://www.out-law.com/en/articles/2011/october/personal- data-breaches-on-the-increase-in-private-sector-reports-ico/
  • 20. • Security Guidance – Existing Certifications/Attestations • SAS 70 Type II/SSAE 16/ISAE 3402 • ISO 27001/2, 27036, 15489 • BITS Shared Assessments • PCI DSS • HIPAA/HITECH – Guidance Specifically for the Cloud • Cloud Security Alliance (CSA) Guide v3.0 • ENISA Cloud Computing Risk Assessment • NIST SP 800-144 Guidelines Security/Privacy for a Public Cloud Cloud Computing
  • 22. • Selecting a CSP – Service Provider/Consumer Process Alignment – Portability/Interoperability – Contractual/Legal Agreements – Industry Tools Cloud Computing
  • 23. • Service Provider/Consumer Process Alignment – Change/Configuration Management – Loading/Offloading – Disaster Recovery – Incident Response – Legal Hold/Litigation Response/e-Discovery • Electronic Discovery Reference Model (EDRM) – Records and Information Management (RIM) • Generally Accepted Recordkeeping Principles (GARP) • Information Governance Reference Model (IGRM) • Information Lifecycle Management (ILM) Cloud Computing
  • 24. • Portability/Interoperability – Software – Data – Third Parties Cloud Computing
  • 25. • Contractual/Legal Agreements – Service Level Agreements (SLA) • Up-Time • Jurisdiction • Data Ownership – Escrow Data – Include Metadata • Exit Clause • Testing – Disaster Recovery – Incident Response – Legal Hold/Litigation Response/e-Discovery Cloud Computing
  • 26. • Contractual/Legal Agreements – Service Level Agreements (SLA) • Right to Audit – Vendor & Vendor’s Vendors – Public Sector Specific Cloud Computing
  • 27. • Industry Tools – Selection • Gravitant CloudWiz • VMware Cloud Readiness Self-Assessment Tool – Brokerage/Management • RightScale • CloudFloor • Skydera • enStratus Cloud Computing
  • 28. • Industry Tools – Migration • Bit Titan MigrationWiz • Layer 2 SharePoint Cloud Connector • Metalogix StoragePoint • AvePoint DocAve Migrator Cloud Computing
  • 29.
  • 30.
  • 31. Cloud Computing • RIM in the Cloud – Process • Self-Service Provisioning • CSP Brokerage, Monitoring & Metering • CSP Information Governance • CSP Adherence to Standards – NIST » SP 800-92: Log Management – ISO » 15489: Records Management » 23081: Records Metadata » 15386: Digital Archive » 30300/303001: RIM Management System » 17024: Conformity Assessment
  • 32. Cloud Computing • RIM in the Cloud – People • More Empowered: Shadow IT, Consumerized IT – Millenials Expect Autonomy – Bring Your Own Device (BYOD) – Less Office Time, But Always On • Increased Roles & Responsibilities • Additional Tech/Analytical Skill-Sets Required – Technology • Commoditized • CSP Metadata • New Technologies: Non-Relational Database Architectures • New Paradigms: Big Data (Data Lakes & Cloud)
  • 33.
  • 34. • Municipal Government in the Cloud Cloud Computing Source: Cisco
  • 35. • Municipal Government in the Cloud – Budget/Size – Technical Strategy – Risk Appetite/Tolerance – Constituents Cloud Computing
  • 36. • Municipal Government in the Cloud – Budget/Size –Not all municipalities are the same –Economy of scale with vendors –Bigger does not mean better –Smaller = Nimble –Community clouds Cloud Computing
  • 37. • Municipal Government in the Cloud – Technical Strategy –Internal Staff –Outsourcing/In-Sourcing –Vendors/Partners –Best-of-Breed/Lowest Bidder Cloud Computing
  • 38. • Municipal Government in the Cloud – Risk Appetite/Tolerance –Not all risks are the same –911 & Operational Risk – Constituents –Not all constituents are technical Cloud Computing
  • 39. • Case Study: IlliniCloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps Cloud Computing
  • 40. • Case Study: IlliniCloud – Background • Community Cloud • Illinois School Districts – Drivers • Budget – Technologies • Virtualization: VMware • Networking: Cisco Cloud Computing
  • 41. • Case Study: IlliniCloud – Limitations • Budget • Skill-Set – Risks • Security • Privacy • System Interoperability Cloud Computing
  • 42. • Case Study: IlliniCloud – Lessons Learned • One’s smallest client may be its largest consumer. • A particular service (e.g., video conferencing) may be a surprise hit. • The delivery of a blended hardware/software solution set may be appropriate in order to receive the maximum return on investment (ROI). • A service that may have been cost prohibitive before may be cost effective in a cloud environment. • Collaboration (with stakeholders) is key to enhanced participation. Cloud Computing
  • 43. • Case Study: IlliniCloud – Lessons Learned • One’s smallest client may be its largest consumer. • Community cloud consumers should not underestimate the economies of scale/cost efficiencies that can be reached by deploying a community cloud. • An organization should focus on its core competency/technical skill set, thus enabling the use of these different skill sets throughout the conglomerate. • An organization can leverage a community cloud for necessities, such as disaster recovery (DR). • Community clouds leverage a grassroots approach for stakeholder buy-in. Cloud Computing
  • 44. • Case Study: IlliniCloud – Next Steps • Master Data Management (MDM) • Using Hypervisor Neutral Technologies • Packaging Software/System Solutions • Expanding User-base • Federated Identities Cloud Computing
  • 45. Cloud Computing • Case Study: D.C. IN the Cloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps
  • 46. Cloud Computing • Case Study: D.C. IN the Cloud – Background • 38,000 Employees/Contractors – Drivers • Cost – Technologies • Cloud: Google Apps (Docs), Drive (Storage) & Gmail
  • 47. Cloud Computing • Case Study: D.C. IN the Cloud – Limitations • Budget – Risks • Software/System Interoperability • Data Privacy • Intuitive Use • Administration
  • 48. Cloud Computing • Case Study: D.C. IN the Cloud – (Hypothetical) Lessons Learned • Limited Cost Savings • Vendor Lock-In
  • 49. Cloud Computing • Case Study: D.C. IN the Cloud – (Hypothetical) Next Steps • Test Gmail/Postini Message Discovery • Use CloudLock Data Discovery • Use Google AppEngine (PaaS) to Develop New Apps • Federated Identities
  • 50. Cloud Computing • Presentation Take Aways – Cloud = Re-Branded Business Model –With New Bells & Whistles (Big Data, etc.) – Paradigm Shift Towards Empowerment – Strategy & Due Diligence Are VERY Important –Must Consider the Business Ecosystem
  • 51. Cloud Computing • References – CSA Guide: https://cloudsecurityalliance.org/research/security-guidance/ – BITS Enterprise Cloud Self-Assessment: http://sharedassessments.org/media/pdf-EnterpriseCloud-SA.pdf – ENISA Risk Assessment: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk- assessment – NIST SP 800-144: http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf – VMware CRSA: http://getcloudready.vmware.com/crsa/ – Bit Titan MigrationWiz: https://www.migrationwiz.com/Secure/Default.aspx – Gravitant cloudWiz: http://www.gravitant.com/cloudwiz-home.html – RightScale: http://www.rightscale.com/ – CloudFloor: http://www.cloudfloor.com/ – Skydera: http://www.skydera.com/ – enStratus: http://enstratus.com/ – Layer 2: http://www.layer2.de/en/products/Pages/Cloud-Connector-for-SharePoint-2010-Office365.aspx – Metalogix StoragePoint: http://www.metalogix.com/Products/StoragePoint.aspx – AvePoint DocAve: http://www.avepoint.com/sharepoint-to-sharepoint-migration-docave/ – GovTech: http://www.itnewsafrica.com/2011/09/govtech-cloud-allows-gov-citizen-connection/
  • 52. Cloud Computing • Personal References – PenTest Magazine, "Scanning Your Cloud Environment": http://pentestmag.com/client-side-exploits-pentest- 082011/ – ISACA Journal, "Testing Your Incident Response Plan": http://www.isaca.org/Journal/Current- Issue/Pages/default.aspx – e-Discovery 2.0: In the Cloud: https://s3.amazonaws.com/nControl-Docs/CSA11_Session-SMarkey.ppt – Security in the Cloud: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Security.ppt – System Architecture & Engineering for the Cloud: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing-Architecture_Engineering.ppt – Cloud Computing Primer: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Basic.ppt – Cloud Computing - Authentication & Encryption: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_II.ppt – Cloud Computing - Application & Virtualization Security: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_III.ppt – Securing Your ESI: https://s3.amazonaws.com/nControl-Docs/Securing_Your_ESI_v2.ppt
  • 53. • Questions? • Contact – Email: steve@ncontrol-llc.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey