Public cloud spending is growing rapidly, with the public cloud market expected to reach $236 billion by 2020. While public cloud platforms are growing the fastest, cloud and on-premises environments still need to co-exist. There are different hybrid models organizations can choose from based on their environment, tiers, load requirements, and cloud readiness. A hybrid multi-cloud environment provides capabilities across infrastructure, security, integration, service operation, and service transition to manage applications and data across on-premises and multiple cloud platforms.
The document discusses how enterprises are accelerating their journey to the cloud. It notes that change has become more dynamic and that transformation can take years during which the patient/enterprise needs to remain conscious. It discusses how the traditional IT model lacks agility to keep pace with startups. Adopting capabilities of startups can help but bridging the gap is not simple. AWS provides services that can help enterprises and startups bridge this gap. Moving to the cloud allows enterprises to focus on their core mission rather than IT operations. It also discusses how enterprises can become more agile like startups through practices like DevOps and continuous delivery. The document also discusses how the cloud makes it feasible for enterprises to move to the next generation
Infrastructure provisioning is a foundation for adopting cloud. HashiCorp Terraform is the most widely used cloud provisioning product. It can be used to provision infrastructure for any application using an array of providers for any target platform, helping organizations transition to the cloud seamlessly.
2016, A new era of OS and Cloud SecurityTudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach when it comes to security, especially after some of last years’ heavily publicized incidents. Join this session for a discussion on what Microsoft is doing to protect against these new security threats with fresh approaches taken both at the server & client OS level, as well as in Azure.
This document summarizes security best practices for cloud computing. It discusses how security in the cloud requires a shared responsibility model between the cloud provider and customer. It recommends implementing least privilege access, defense in depth strategies like isolating environments and regular patching, and knowing your system through strong authentication and authorization. Specific best practices covered include using multi-factor authentication, limiting exposed services, expiring unnecessary permissions, and preventing lateral movement between hosts. The document promotes keeping systems simple and securing the full technology stack.
The Road Ahead for OpenStack. As change keeps happening faster than ever, OpenStack will continue to evolve as containers, virtual machines, bare metal, and other paradigms such as serverless come into vogue.
This document discusses the challenges of enterprise data management in an increasingly complex multi-cloud landscape. It notes that organizations are adopting multiple public cloud providers and moving to a "cloud-first" approach for new applications. This brings concerns around data protection, resiliency, privacy and compliance when data and workloads span different cloud environments. The document presents Veritas' data management solutions for multi-cloud including cloud migration, workload mobility between clouds, data protection, disaster recovery, storage optimization, and gaining visibility and control over distributed data.
Public cloud spending is growing rapidly, with the public cloud market expected to reach $236 billion by 2020. While public cloud platforms are growing the fastest, cloud and on-premises environments still need to co-exist. There are different hybrid models organizations can choose from based on their environment, tiers, load requirements, and cloud readiness. A hybrid multi-cloud environment provides capabilities across infrastructure, security, integration, service operation, and service transition to manage applications and data across on-premises and multiple cloud platforms.
The document discusses how enterprises are accelerating their journey to the cloud. It notes that change has become more dynamic and that transformation can take years during which the patient/enterprise needs to remain conscious. It discusses how the traditional IT model lacks agility to keep pace with startups. Adopting capabilities of startups can help but bridging the gap is not simple. AWS provides services that can help enterprises and startups bridge this gap. Moving to the cloud allows enterprises to focus on their core mission rather than IT operations. It also discusses how enterprises can become more agile like startups through practices like DevOps and continuous delivery. The document also discusses how the cloud makes it feasible for enterprises to move to the next generation
Infrastructure provisioning is a foundation for adopting cloud. HashiCorp Terraform is the most widely used cloud provisioning product. It can be used to provision infrastructure for any application using an array of providers for any target platform, helping organizations transition to the cloud seamlessly.
2016, A new era of OS and Cloud SecurityTudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach when it comes to security, especially after some of last years’ heavily publicized incidents. Join this session for a discussion on what Microsoft is doing to protect against these new security threats with fresh approaches taken both at the server & client OS level, as well as in Azure.
This document summarizes security best practices for cloud computing. It discusses how security in the cloud requires a shared responsibility model between the cloud provider and customer. It recommends implementing least privilege access, defense in depth strategies like isolating environments and regular patching, and knowing your system through strong authentication and authorization. Specific best practices covered include using multi-factor authentication, limiting exposed services, expiring unnecessary permissions, and preventing lateral movement between hosts. The document promotes keeping systems simple and securing the full technology stack.
The Road Ahead for OpenStack. As change keeps happening faster than ever, OpenStack will continue to evolve as containers, virtual machines, bare metal, and other paradigms such as serverless come into vogue.
This document discusses the challenges of enterprise data management in an increasingly complex multi-cloud landscape. It notes that organizations are adopting multiple public cloud providers and moving to a "cloud-first" approach for new applications. This brings concerns around data protection, resiliency, privacy and compliance when data and workloads span different cloud environments. The document presents Veritas' data management solutions for multi-cloud including cloud migration, workload mobility between clouds, data protection, disaster recovery, storage optimization, and gaining visibility and control over distributed data.
The document discusses multi-cloud management. It describes how using multiple cloud providers can help organizations capitalize on different computing models but also adds complexity that requires effective management strategies. It identifies the main goals of multi-cloud as avoiding unnecessary complexity and containing costs. It also outlines some of the main challenges of managing heterogeneous clouds, such as complexity, lack of interoperability, and increased management overhead.
A multi-cloud strategy offers hardware, software, and infrastructure redundancy that optimizes fault tolerance and allows traffic to be steered through the fastest parts of the network. Different clouds perform better for different tasks, such as handling many small requests or fewer large requests. A multi-cloud approach prevents failures from causing significant service disruption by distributing services across multiple cloud providers. While storage is fragmented across providers, segregating file types to specific clouds makes files easily findable.
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...Amazon Web Services
I. The cloud enables organizations to move faster, more securely, and transform their security posture. Common motivations for cloud migration include cost reduction, increased productivity, and market agility.
II. While security concerns are often cited as barriers to cloud adoption, the cloud can provide stronger security than traditional data centers due to controls like standardized environments, ubiquitous encryption, and consolidated logging.
III. Best practices for secure cloud migration include designing for security, implementing identity and access management, monitoring configurations and changes, and developing using security-focused methodologies like infrastructure as code.
How hybrid/multi-cloud governance platform benefits your cloud strategy CoreStack
This document discusses the need for and benefits of a hybrid/multi-cloud governance platform. It notes that cloud is no longer optional and that multi-cloud is becoming mainstream. It then outlines key features that are required for an effective cloud governance platform, including service request management, provisioning, access control, policy management, and more. The document concludes by providing a quick demo of CoreStack, a cloud governance platform that addresses these needs.
Cloud computing elaborates on the remote servers networks which usually accessed over the Internet and to help the user to store, manage, and process data.
The use of multi-cloud approaches is on the rise. So is the demand for more sophisticated, multi-cloud management and application deployment services that provide the highly-desired ‘one tool-multiple clouds’ experience.
The document discusses IBM's Cloud Pak for Data and its components. It covers the different subject areas of Cloud Pak 4 Integration, including App Connect Enterprise, API Connect, and MQ Advanced. It also discusses Cloud Pak 4 Data and its AI ladder approach from collecting data to infusing AI. Additionally, it summarizes the areas of Cloud Pak 4 Applications, Cloud Pak 4 Security, and Cloud Pak 4 Multi-Cloud Management.
Cloud computing has won and most companies are using more than one public and private clouds. This has created challenges and complexity which are addressed by new technology such as Istio service mesh.
The document discusses cloud computing from different perspectives. It defines cloud computing as scalable IT capabilities delivered as a service over the internet. It examines the characteristics of cloud from the views of analysts and consumers. Key characteristics of cloud discussed include cost efficiency, easy access via web, automatic updates, pay-per-use models, and high service quality. The document emphasizes the importance of monitoring key performance indicators, automation, and efficiency to reduce costs and improve profit margins for cloud services.
This document provides an overview of a presentation about HashiCorp's cloud infrastructure automation tools. It includes an agenda, background on the presenter, and sections on HashiCorp as a company, digital transformation and the transition to multi-cloud, an overview of the HashiCorp suite of tools including Terraform, Vault, Consul, and Nomad, and two case studies on how EllieMae and Adobe have used Terraform and Vault respectively.
Although cloud computing can offer small businesses significant cost-saving benefits—namely, pay-as-you-go access to sophisticated software and powerful hardware—the service does come with certain security risks. When evaluating potential providers of cloud-based services, you should keep these top five security concerns in mind.
The document discusses how AWS can help customers achieve compliance with the General Data Protection Regulation (GDPR). It explains key aspects of the GDPR such as its territorial scope and requirements for organizations to implement appropriate technical and organizational measures to ensure security of personal data. It outlines AWS services like GuardDuty, Macie, and Trusted Advisor that help customers automate security controls to meet GDPR requirements for ongoing data protection, monitoring, and incident response. The document emphasizes that AWS and customers share responsibility for security and compliance under the GDPR.
Adopting Multi-Cloud Services with ConfidenceKevin Hakanson
In transitioning to multi-cloud, IT organizations have the same responsibility to provide quality service and operational security yet have a much greater need to understand how to efficiently govern and manage these disparate cloud services.
In this session, we will examine some key patterns and models taken from a Cloud Adoption Framework through a multi-cloud lens. The presentation will include a mixture of high-level guidance, examples where vocabulary and terminology differ, and opinions on when to utilize cloud-agnostic vs cloud-native technologies for strategic decisions.
Attendees will leave with a better understanding of how to implement a Cloud Adoption Framework across multiple clouds and a higher level of confidence in their multi-cloud adoption plans.
IBM Cloud Pak for Data Improves Cataloging Technologies for EnterpriseTimothy Valihora
Timothy Valihora is an Ottawa IT consultant who coordinates with IBM on developing next generation data solutions. Among the areas in which Timothy Valihora has extensive knowledge is IBM Cloud Pak for Data, an enterprise platform that was expanded in 2020 to include new data cataloging technologies.
The synergy provided by this solution is that it combines containerized software metadata repositories with new ways of simplifying and unifying elements that enable seamless collection and organization of data. This is critical in situations where business continuity efforts are at the forefront and massive volumes of data from various sources are challenging to aggregate and analyze, in ways that generate fast, actionable insights.
With the rapid growth in data and move towards data commercialisation there are multiple aspects to focus on and prioritize the steps being taken across an enterprise. Enterprises face many challenges when it comes to truly becoming a data driven organization and realize the full potential of data. Some of those challenges include data availability, capacity to process, store and analyze this data, sharing the models and data artefacts across different teams etc. Most of these challenges could be handled through a platform which is Cloud based, scalable, and offers different capabilities for Governance, security, reusability and their likes. In this talk, I will talk about how IBM Cloud Pak serves as a framework for implementing your AI Strategy and how it could be used to build different artefacts while adhering to above listed requirements and being future ready. We will further illustrate how Cloud Pak for Data fastens and shortens the route to data commercialisation?
Rubrik offers a software-defined data management platform that can help organizations accelerate their GDPR compliance efforts. The platform provides centralized management of data across on-premises, edge, and cloud environments. It employs security measures like encryption and immutable storage that are designed with privacy and compliance in mind. Rubrik also simplifies compliance through policy-driven automation that enforces data protection, retention, and deletion policies. Reporting tools give insights into policy effectiveness. The unified platform streamlines compliance processes around identifying, managing, and securing personal data.
In this session, AWS will cover our Shared Responsibility Model in relations to Security and our Compliance Program. Customers can expect to learn about how AWS works with customers to build solutions to secure their cloud-based environments. They will also come away with an understanding of our compliance program and what security assurances they inherit as customers
Cloud Regulations and Security Standards by Ran AdlerIdan Tohami
The document discusses regulations and standards related to cloud computing and privacy. It outlines various regulations including GDPR, Ramot (Israeli privacy authority), and Privacy Shield. It also discusses standards such as ISO 27017 and 27018 which provide guidance on information security controls for cloud computing. The document suggests that cloud computing raises risks regarding confidentiality but can improve availability and integrity if proper security policies and frameworks are implemented.
Privacy and the GDPR: How Cloud computing could be your failingIT Governance Ltd
This webinar covers:
- An overview of the GDPR
- Breach notification requirements under the GDPR and a showcase of recent data breaches and their costs
- Organisations' responsibilities when storing data in the Cloud, and the roles of controller and processor
- The outcome of subcontracting on Cloud service providers and notifications on activities in the Cloud
- The role and responsibilities of the Cloud adoption team
- ISO 27018 and implementing security controls for PII in the Cloud.
A recording of this webinar is available here:
https://www.youtube.com/watch?v=mcLPEEGqvr4
The document discusses multi-cloud management. It describes how using multiple cloud providers can help organizations capitalize on different computing models but also adds complexity that requires effective management strategies. It identifies the main goals of multi-cloud as avoiding unnecessary complexity and containing costs. It also outlines some of the main challenges of managing heterogeneous clouds, such as complexity, lack of interoperability, and increased management overhead.
A multi-cloud strategy offers hardware, software, and infrastructure redundancy that optimizes fault tolerance and allows traffic to be steered through the fastest parts of the network. Different clouds perform better for different tasks, such as handling many small requests or fewer large requests. A multi-cloud approach prevents failures from causing significant service disruption by distributing services across multiple cloud providers. While storage is fragmented across providers, segregating file types to specific clouds makes files easily findable.
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...Amazon Web Services
I. The cloud enables organizations to move faster, more securely, and transform their security posture. Common motivations for cloud migration include cost reduction, increased productivity, and market agility.
II. While security concerns are often cited as barriers to cloud adoption, the cloud can provide stronger security than traditional data centers due to controls like standardized environments, ubiquitous encryption, and consolidated logging.
III. Best practices for secure cloud migration include designing for security, implementing identity and access management, monitoring configurations and changes, and developing using security-focused methodologies like infrastructure as code.
How hybrid/multi-cloud governance platform benefits your cloud strategy CoreStack
This document discusses the need for and benefits of a hybrid/multi-cloud governance platform. It notes that cloud is no longer optional and that multi-cloud is becoming mainstream. It then outlines key features that are required for an effective cloud governance platform, including service request management, provisioning, access control, policy management, and more. The document concludes by providing a quick demo of CoreStack, a cloud governance platform that addresses these needs.
Cloud computing elaborates on the remote servers networks which usually accessed over the Internet and to help the user to store, manage, and process data.
The use of multi-cloud approaches is on the rise. So is the demand for more sophisticated, multi-cloud management and application deployment services that provide the highly-desired ‘one tool-multiple clouds’ experience.
The document discusses IBM's Cloud Pak for Data and its components. It covers the different subject areas of Cloud Pak 4 Integration, including App Connect Enterprise, API Connect, and MQ Advanced. It also discusses Cloud Pak 4 Data and its AI ladder approach from collecting data to infusing AI. Additionally, it summarizes the areas of Cloud Pak 4 Applications, Cloud Pak 4 Security, and Cloud Pak 4 Multi-Cloud Management.
Cloud computing has won and most companies are using more than one public and private clouds. This has created challenges and complexity which are addressed by new technology such as Istio service mesh.
The document discusses cloud computing from different perspectives. It defines cloud computing as scalable IT capabilities delivered as a service over the internet. It examines the characteristics of cloud from the views of analysts and consumers. Key characteristics of cloud discussed include cost efficiency, easy access via web, automatic updates, pay-per-use models, and high service quality. The document emphasizes the importance of monitoring key performance indicators, automation, and efficiency to reduce costs and improve profit margins for cloud services.
This document provides an overview of a presentation about HashiCorp's cloud infrastructure automation tools. It includes an agenda, background on the presenter, and sections on HashiCorp as a company, digital transformation and the transition to multi-cloud, an overview of the HashiCorp suite of tools including Terraform, Vault, Consul, and Nomad, and two case studies on how EllieMae and Adobe have used Terraform and Vault respectively.
Although cloud computing can offer small businesses significant cost-saving benefits—namely, pay-as-you-go access to sophisticated software and powerful hardware—the service does come with certain security risks. When evaluating potential providers of cloud-based services, you should keep these top five security concerns in mind.
The document discusses how AWS can help customers achieve compliance with the General Data Protection Regulation (GDPR). It explains key aspects of the GDPR such as its territorial scope and requirements for organizations to implement appropriate technical and organizational measures to ensure security of personal data. It outlines AWS services like GuardDuty, Macie, and Trusted Advisor that help customers automate security controls to meet GDPR requirements for ongoing data protection, monitoring, and incident response. The document emphasizes that AWS and customers share responsibility for security and compliance under the GDPR.
Adopting Multi-Cloud Services with ConfidenceKevin Hakanson
In transitioning to multi-cloud, IT organizations have the same responsibility to provide quality service and operational security yet have a much greater need to understand how to efficiently govern and manage these disparate cloud services.
In this session, we will examine some key patterns and models taken from a Cloud Adoption Framework through a multi-cloud lens. The presentation will include a mixture of high-level guidance, examples where vocabulary and terminology differ, and opinions on when to utilize cloud-agnostic vs cloud-native technologies for strategic decisions.
Attendees will leave with a better understanding of how to implement a Cloud Adoption Framework across multiple clouds and a higher level of confidence in their multi-cloud adoption plans.
IBM Cloud Pak for Data Improves Cataloging Technologies for EnterpriseTimothy Valihora
Timothy Valihora is an Ottawa IT consultant who coordinates with IBM on developing next generation data solutions. Among the areas in which Timothy Valihora has extensive knowledge is IBM Cloud Pak for Data, an enterprise platform that was expanded in 2020 to include new data cataloging technologies.
The synergy provided by this solution is that it combines containerized software metadata repositories with new ways of simplifying and unifying elements that enable seamless collection and organization of data. This is critical in situations where business continuity efforts are at the forefront and massive volumes of data from various sources are challenging to aggregate and analyze, in ways that generate fast, actionable insights.
With the rapid growth in data and move towards data commercialisation there are multiple aspects to focus on and prioritize the steps being taken across an enterprise. Enterprises face many challenges when it comes to truly becoming a data driven organization and realize the full potential of data. Some of those challenges include data availability, capacity to process, store and analyze this data, sharing the models and data artefacts across different teams etc. Most of these challenges could be handled through a platform which is Cloud based, scalable, and offers different capabilities for Governance, security, reusability and their likes. In this talk, I will talk about how IBM Cloud Pak serves as a framework for implementing your AI Strategy and how it could be used to build different artefacts while adhering to above listed requirements and being future ready. We will further illustrate how Cloud Pak for Data fastens and shortens the route to data commercialisation?
Rubrik offers a software-defined data management platform that can help organizations accelerate their GDPR compliance efforts. The platform provides centralized management of data across on-premises, edge, and cloud environments. It employs security measures like encryption and immutable storage that are designed with privacy and compliance in mind. Rubrik also simplifies compliance through policy-driven automation that enforces data protection, retention, and deletion policies. Reporting tools give insights into policy effectiveness. The unified platform streamlines compliance processes around identifying, managing, and securing personal data.
In this session, AWS will cover our Shared Responsibility Model in relations to Security and our Compliance Program. Customers can expect to learn about how AWS works with customers to build solutions to secure their cloud-based environments. They will also come away with an understanding of our compliance program and what security assurances they inherit as customers
Cloud Regulations and Security Standards by Ran AdlerIdan Tohami
The document discusses regulations and standards related to cloud computing and privacy. It outlines various regulations including GDPR, Ramot (Israeli privacy authority), and Privacy Shield. It also discusses standards such as ISO 27017 and 27018 which provide guidance on information security controls for cloud computing. The document suggests that cloud computing raises risks regarding confidentiality but can improve availability and integrity if proper security policies and frameworks are implemented.
Privacy and the GDPR: How Cloud computing could be your failingIT Governance Ltd
This webinar covers:
- An overview of the GDPR
- Breach notification requirements under the GDPR and a showcase of recent data breaches and their costs
- Organisations' responsibilities when storing data in the Cloud, and the roles of controller and processor
- The outcome of subcontracting on Cloud service providers and notifications on activities in the Cloud
- The role and responsibilities of the Cloud adoption team
- ISO 27018 and implementing security controls for PII in the Cloud.
A recording of this webinar is available here:
https://www.youtube.com/watch?v=mcLPEEGqvr4
Critical Hong Kong Banking, Securities and Insurance Workloads on the Cloud –...Amazon Web Services
• What’s a critical workload?
• Cloud = outsourcing, or something more?
• Data protection in the cloud
• How we can help you achieve your goals
Speaker: Iolaire McKinnon, Senior Consultant, Security, Risk & Compliance, AWS
Kawser Hamid : ICO and Data Protection in the CloudGurbir Singh
Kawser Hamid Lead Policy Officer at the Information Commissioner's Office talks about the challenges of Cloud Computing and complying with Data Protection Act
A recording of the Northwest Regional meeting of the Institute of Information Security Professionals in Manchester on 23rd May 2013. Copyright of this presentation is held by the author, Kawser Hamid.
This document provides an overview of the General Data Protection Regulation (GDPR) and how Amazon Web Services (AWS) can help customers achieve compliance. It discusses what the GDPR is, its key requirements, who it applies to, and the shared responsibilities of controllers and processors. It outlines various AWS services and tools that can help with encryption, access control, monitoring, logging, and maintaining records of processing activities. It also discusses AWS' view of supporting GDPR compliance through its global infrastructure and compliance programs. Finally, it discusses how AWS professional services and partners can assist customers with GDPR requirements.
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...Livingstone Advisory
How should we navigate the pitfalls of IT’s newest ‘big opportunity’?
For individuals and small business, Cloud computing via the Internet offers unprecedented access to systems, software and technologies, previously restricted to the corporate world, at little or no cost.
But for mid-sized and large organisations, the reality of adopting Cloud computing presents a whole new set of costs, risks and governance implications, quite different to those in traditional in-house IT systems.
This public lecture provides a concise, plain English overview of Cloud computing and what it means for businesses in Australia. It explores the privacy, security, commercial, regulatory, cost, risk and internal governance challenges that organisations, as well as the wider community, should be aware of.
The document discusses designing secure and compliant cloud infrastructures. It covers topics like determining organizational compliance needs, responsible parties in cloud environments, developing security policies, questions to ask when developing policies, goals of securing cloud solutions, applying a holistic security approach, guidelines for planning a secure cloud infrastructure, and the need for compliance in cloud design.
GDPR - Top 10 AWS Security and Compliance Best PracticesAhmad Khan
AWS Cloud GDPR challenges solved, this webinar (see our youtube channel). We show you exactly which Articles you need to worry about and how to address the data security using automation and top 10 best practices to implement step by step.
Automatski is an IoT pioneer that addresses security and privacy concerns through its ground-up first principles IoT platform and standards compliance. It aims to eliminate reasons for customers to choose competitors by adhering to over a dozen security standards, including SAS 70, PCI DSS, Sarbanes-Oxley, ISO 27001, NIST, HIPAA, and the Cloud Security Alliance's CCM. Automatski was founded by technology experts with decades of experience and a track record of success with global Fortune 500 companies.
Unlock the potential of data security 2020Ulf Mattsson
Explore challenges of managing and protecting data. We'll share best practices on establishing the right balance between privacy, security, and compliance
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
Do you have a GDPR Roadmap?
- How to measure Cybersecurity Preparedness
- Oversight of Third Parties
- Related International Standards
- Killing Cloud Quickly?
Technology aspects:
- International/EU PII Customer Case Studies
- Available Data Protection Options
- How to Integrate Security into Application Development
- Security Metrics
GDPR: Raising the Bar for Security & Compliance Across the EUAmazon Web Services
The European Union’s General Data Protection Regulation (GDPR) protects European Union citizens’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance. Come learn how to work with AWS to build your security and data protection strategy, and how to transform the way your organisation processes data. In this session, we will examine GDPR as the baseline for data protection, with the belief that organisations should aim higher. The cloud makes this a realistic goal.
First presented on April 4, 2018 at Deconomy event in Seoul, South Korea. Based on a previous presentation on the same topic at the Smart Cloud event held on September 21, 2016 also in Seoul.
Automatski is an IoT pioneer that has developed an IoT platform and products like Infinions.io and Autonomous Compute Platform. They aim to be leaders in IoT security and privacy by building these aspects into the foundations of their architecture using research, standards, engineering principles and operational excellence. Their roadmap shows complying with regulations like the Privacy Act of 1974, ISO/IEC 27018, and the upcoming EU Data Protection Regulation between 2015-2016. The founders have extensive experience in software engineering, consulting, and emerging technologies.
The EU’s General Data Protection Regulation (GDPR) introduces mandatory requirements for data controllers and processors. Join this webinar to learn more about the AWS Shared Responsibility Model in the context of the GDPR. Find how AWS services can help you realise data protection by design principles under the GDPR.
Canadian Cloud Webcast from CTE Solutions part of Smarter Everyday ProjectCTE Solutions Inc.
The document provides 5 tips for Canadian organizations adopting cloud services:
1. Privacy and consent are critical under Canadian privacy legislation. Organizations must obtain proper consent when transferring personal information outside of Canada.
2. Mechanisms like consent, governance, encryption, and geo-location of data can help address concerns about data location.
3. A Cloud Management Platform can help with governance in cloud environments through security policy enforcement, automated instance hardening, security logging, and leveraging encryption key management.
4. The Cloud Security Alliance guidance document provides a framework for addressing legal aspects of cloud adoption related to Canadian laws across 14 domains.
5. The Cloud Controls Matrix can be used to evaluate how service providers meet security requirements
Cloud Computing Legal Risks And Best Practiceslisaabe
Cloud Computing: Legal Risks and Best Practices
1. Security and Data Privacy.
2. Recent OPC Guidelines.
3. Compliance Issues.
4. Negotiating Contracts with Cloud Providers.
5. New Trends and Challenges.
6. Practical Tips
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Brian Miller, Solicitor
In a more detailed look at data protection, Vicki Bowles takes a look at the new draft EU Data Protection Regulation, disclosure and BYOD (Bring Your Own Device).
Brian Miller then covers ISO certification, how to check whether your vendor’s systems are secure, how US Safe Harbor worked in practice, how it will do so with the new Privacy Shield and the various certification/accreditation systems for cloud computing vendors.
Similar to Introdction to Cloud Regulation for Enterprise by 2Bsecure (20)
Cybowall is committed to protecting organizations of all sizes. Whether securing the IP reputations of some of the largest Service Provider networks in the world.
AML Transaction Monitoring Tuning WebinarIdan Tohami
Poorly defined thresholds have a number of key impacts on a bank’s operations and compliance departments. Often times, analysts spend considerable time investigating useless alerts which increases operational costs significantly and causes a delay in regulatory filings. Also, the absence of risk-focused thresholds may cause potential money laundering patterns to go un-detected which poses higher monitoring risk to the bank.
Learn how financial institutions can leverage advanced analytics techniques to improve the productivity of the rules by setting up appropriate thresholds. Our speaker will also discuss how to leverage automation techniques for alert investigation in order to reduce the effort spent on false positives, thereby giving more time for the investigations to focus on true suspicious activities.
Topics covered:
- Regulatory Implications
- Managing AML Risks and Emerging Typologies
- Developing Targeted Detection Scenarios
- Customer Segmentation/Population Groups
- Understanding Normal and Outliers
- Operational Improvement through automation
Robotic Process Automation (RPA) Webinar - By Matrix-IFSIdan Tohami
(1) RPA can automate repetitive tasks in financial crime compliance like AML/KYC to reduce manual work and costs. It allows focusing investigator time on more complex cases.
(2) The document discusses how RPA can enhance operations throughput by automating tasks like external data retrieval and form filling. A case study shows an organization improved alerts processed per day from 200 to 1200 using RPA.
(3) The presentation recommends organizations first assess their operations to identify automation opportunities, then start with a pilot RPA project and scale up based on proven value and ROI. RPA benefits include faster processes, accuracy, and scalability with business needs.
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Idan Tohami
The purpose of this webinar is to help Financial Institutions understand the implications of financial crime and fraud prevention, and get ready to review and upgrade their systems accordingly where required.
Topics covered:
-Overview of GDPR and PSD2 regulations with respect to Financial Crime
-Implications of each the regulations on Fraud and Financial Crime (FFC)
-The challenges and opportunities offered by those regulations
-Which steps should Financial Institutions take to mitigate the cost of FFC
Robotic Automation Process (RPA) Webinar - By Matrix-IFSIdan Tohami
Anshul Arora presented Matrix-ifs' RPA solution which talked about
- Integrating AML, Fraud and Cyber-security Investigations
- Eliminate Manual Time Consuming Tasks Using Automation
- Proactive Investigations - System Triggering using AI and Machine Learning Trends
The document discusses CloudZone's path to helping customers adopt AWS cloud services. It describes AWS' global infrastructure including regions and availability zones. CloudZone provides assessments, governance, workload reviews, and implementation to help customers migrate systems to AWS cloud. Ongoing services include cost optimization and managed services. Two customer case studies are presented: a Ministry of Health using AWS for big data healthcare research, and a manufacturer using AWS for worldwide connectivity of factory data collection.
This document provides an overview of Google Cloud Fundamentals. It introduces Andrew Liaskovski as the teacher and covers various Google Cloud topics including migration, security, DevOps, big data, and disaster recovery services. It also discusses CloudZone's full service package including consulting, managed services, and professional services. The rest of the document focuses on specific Google Cloud products and services such as Compute Engine, App Engine, Container Engine, Cloud Storage, Cloud SQL, networking, big data, and machine learning.
This document provides instructions for deploying the necessary environments and tools for a data analytics lab. It includes setting up a Hortonworks sandbox cluster on Azure, creating an Azure data science virtual machine, and optional configurations for Azure Data Lake and SQL Data Warehouse. Completing these steps ensures students have all required software and access installed prior to the lab. The document estimates completion of the prerequisite setup should take less than 30 minutes.
Azure Logic Apps by Gil Gross, CloudZoneIdan Tohami
This document discusses Azure Logic Apps and serverless computing. It defines key cloud computing models like IaaS, PaaS, and serverless. Serverless computing is running code without dedicated servers. Logic Apps allow automating workflows between cloud services without coding by using connectors. Popular Logic Apps connectors include FTP, HTTP, and Office 365. Logic Apps are billed per action and examples of pricing are provided. Advanced uses of Logic Apps include orchestrating API apps, data validation, transformation, and connectivity between cloud and on-premises systems.
AWS Fundamentals @Back2School by CloudZoneIdan Tohami
This document provides an overview of an AWS Fundamentals course. The course objectives are to teach attendees how to navigate the AWS Management Console, understand foundational AWS services like EC2, VPC, S3, and EBS, manage security and access with IAM, use database services like DynamoDB and RDS, and manage resources with services like Auto Scaling, ELB, and CloudWatch. The agenda covers introductions to AWS, foundational services, security and IAM, databases, and management tools.
Rolling presentation during Couchbase Day. Including
Introduction to NoSQL
Why NoSQL?
Introduction to Couchbase
Couchbase Architecture
Single Node Operations
Cluster Operations
HA and DR
Availability and XDCR
Backup/Restore
Security
Developing with Couchbase
Couchbase SDKs
Couchbase Indexing
Couchbase GSI and Views
Indexing and Query
Couchbase Mobile
Sarine's Big Data Journey by Rostislav AaronovIdan Tohami
This document discusses how Sarine, a company that provides technology for the diamond industry, uses Elasticsearch. It notes that Sarine uses Elasticsearch to store over 400 million documents totaling 1 terabyte of data across 125 indices. Sarine uses Elasticsearch for logging application requests, monitoring system activity, collecting statistics, and visualizing and reporting on data. The document recommends how to best implement and use Elasticsearch, such as using at least three nodes, carefully designing index mappings, educating teams, and using partners for consulting.
Arthur Gimpel is the director of DataZone, a company that provides advanced analytics, cutting-edge data technologies, financial optimization services, and direct access to top experts. DataZone also offers training services such as workshops, meetups, and hands-on labs to its ecosystem. The agenda outlined is for an upcoming event featuring talks on what's new in Elastic and shaping data with Elastic, as well as a question booth. Arthur Gimpel thanks attendees at the end.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
3. Lecture Agenda
• Is cloud is a real danger?
• If I was the regulator what would I do?
• Understanding regulations types
• GDPR and the new Israeli’s privacy rules
• BOI and the Insurance Supervision regulations in Israel
• ISO and PCI DSS
4. Is cloud is a real danger?
• Yes!!
• Someone else can see your staff…
• Subpoenas…
• Who run’s the encryption keys?
• Multi tenancy risks
• Lack of transparency
• And many more…
5. So why bother?
Or why should regulators even consider of
allowing the usage of cloud services?
6. - Because cloud can be cheaper
- Because by allowing cloud - encourages competition
- Because allowing cloud is allowing progress
- Because cloud can be much more secure
Why?
7. Examples for cloud security advantages:
• If you need a stable and redundant application for your
customers.
• IfYou want to make sure that all patches and updates are
well implemented (SAAS and PAAS)
• If you want an advanced monitoring capabilities.
• If you need a fast and effective implementation of security
tools into your (cloud) environment.
8. AWS- build in security features/ capabilities
• AmazonVPC+ security groups and ACL’s
• DDOS- CloudFront and Route 53
• Multi Factor Authentication- AWS- MFA
• IAM and Federation services-AWS IAM and AWS directory
services
• Built in Encryption capabilities- EBS, S3, Glacier and more
• Keys management-AWS KMS and Cloud HSM
• APIVisibility-AWS CloudTrail
• Security Alerts- AWS CloudWatch
11. Privacy Protection Authority- FKA- Ramot
• The Privacy authority in Israel. From now on – PPA…
• It has the authority under the “Protection of Privacy” Law
• One of the most prominent issues from the privacy law Perspective is:
“are we allowed to store/ process private information:
• Outside our organization- Outsourcing
• Outside of the country?”
The common practice of using one of the international cloud providers
services contains it both…
12. PPA- Outsourcing rules
• PPA has published, few years ago, the following directive:
“בשירותי שימושOutSourcingאישי מידע לעיבוד"
• In a footnote they wrote that they are about to publish a
dedicated cloud regulation. We are still waiting…
13. • The principles of the rule are based on risk
management approach, such as:
• Check the cloud service provider background,
experience
• Take into consideration the ability of the cloud
service provider to access the information
• The legal agreement should contain the follows:
• Information security and privacy issues
• The ability to fully erase the content of data
• The ability to carry out audits
PPA- Outsourcing rules
17. Safe harbor
• Safe Harbour Privacy Principles were developed between
1998 and 2000 in order to prevent private organizations
within the United States which store customer data from
accidentally disclosing or losing personal information.
• However, after a customer complained that
his Facebook data were insufficiently protected, the ECJ
declared in October 2015 that the Safe Harbour Decision
was invalid,
• The European Commission and the United States agreed to
establish a new framework for transatlantic data flows on
2nd February 2016, known as the Privacy Shield".
19. Privacy shield
• The Privacy Shield Frameworks were designed by the U.S. Department of
Commerce, and the European Commission, to provide companies on
both sides of the Atlantic with a mechanism to comply with data
protection requirements when transferring personal data from the
European Union to the United States.
• The Privacy Shield program, is administered by the InternationalTrade
Administration (ITA) within the U.S. Department of Commerce
• To join either Privacy Shield Framework, a U.S.-based organization will
be required to self-certify to the Department of Commerce and publicly
commit to comply with the Framework’s requirements.
• While joining the Privacy Shield is voluntary, once an eligible
organization makes the public commitment to comply with the
Framework’s requirements, the commitment will become enforceable
under U.S. law
21. What about Proxy services?
http://www.justice.gov.il/Units/ilita/subjects/HaganatHapratiyut
/MeidaMerasham/Pages/DataTranfer.aspx
22. Israeli privacy new rules
• Announced earlier this year
• Going to be mandatory from the beginning of 2018
• There is no direct reference to cloud, but, like many other
regulations – it refers cloud as an outsourcing case:
23. GDPR- General
• IncreasedTerritorial Scope- extra-territorial applicability
• Penalties- organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million
(whichever is greater)
• Breach Notification- 72-hour notification for personal data breaches
• Right to Access-whether or not personal data concerning an individual is being processed, where and for
what purpose
• Right to be Forgotten -Data Erasure
• Privacy by Design
• Data Protection Officers (DPO)
• Data processing agreement (DPA) – an organization may need a DPA that will meet the requirements of
the GDPR, particularly if personal data is transferred outside the European EconomicArea.
24. GDPR- some steps towards compliance
• Know the location where cloud apps are processing or storing data.
• Take adequate security measures to protect personal data from
loss, alteration, or unauthorized processing..
• Close a data processing agreement (DPA) with the cloud apps
you’re using.
• Collect only “necessary” data and limit the processing of “special”
data.
• Don’t allow cloud apps to use personal data for other purposes.
• Ensure that you can erase the data when you stop using the app. .
25. GDPR- AWS
• General declaration:
• https://aws.amazon.com/compliance/eu-data-protection/
32. ISO- 27017, 27018
• 27017-This standard provides guidance on the information
security aspects of cloud computing, recommending and
assisting with the implementation of cloud-specific
information security controls .
• 27018-This standard provides guidance aimed at ensuring
that cloud service providers (such as Amazon and Google)
offer suitable information security controls to protect the
privacy of their customers’ clients by securing PII (Personally
Identifiable Information) entrusted to them.
33.
34. PCI DSS and Cloud
• PCI Council has published a unique manual to assist
merchants who uses cloud services to comply with PCI DSS
• “PCI DSS Cloud Computing Guidelines”
36. TOHAG
• TOHAG is the new Israeli Cyber Authority Cyber seucity
framework
• I refers to cloud in section 11.
• We think it is going to take a central place in future
assessments by entities
אני מעריך שיושבים כאן בקהל באופן גס שתי קבוצות:
א. לקוחות שחושבים לעבור לענן. ממשלה, בנקים וכו'
ב. חברות הייטק שנעזרות ביום יום בענן ורוצות לדעת מה כדאי להן לעשות כדי לעבוד נכון
מה שבסוף מעניין את הרגולטור זה הנושא של ניהול סיכונים. הוא צריך לדאוג שהגופים עליהם מפקח נשארים יציבים
הנה רצף של דוגמאות בהן אולי כדאי לעבור לענן.
אני לא אומר שזה תמידי אבל בניהול הסיכונים אני מעריך שבמקרים רבים תיווצר עדיפות לענן
הנה רצף של דוגמאות בהן אולי כדאי לעבור לענן.
אני לא אומר שזה תמידי אבל בניהול הסיכונים אני מעריך שבמקרים רבים תיווצר עדיפות לענן
הנה רצף של דוגמאות בהן אולי כדאי לעבור לענן.
אני לא אומר שזה תמידי אבל בניהול הסיכונים אני מעריך שבמקרים רבים תיווצר עדיפות לענן
השאלה הראשונה היא האם קיים חוק ייעודי בנושא ענן? התשובה היא לא. אלו דברים שיכולים להיגזר מתוך חוקים קיימים
השימוש בשירותי ענן מכניס אותנו תחת שתי קטגוריות. הראשונה שבהן עיבוד או שמירת מידע על ידי גוף צד ג'. השניה היא שמירת המידע מחוץ לישראל
וכאן נדבר על ההיבט השני- הוצאת המידע מחוץ לגבולות ישראל
מי חסר לנו? ארה"ב!
מי חסר לנו? ארה"ב!
למעשה זה המצב החוקי שבו תקוע היום המשק הישראלי
למעשה זה המצב החוקי שבו תקוע היום המשק הישראלי
אין התייחסות ממוקדת לגבי ענן
למעשה אלו דרישות שידרשו הרבה יותר תיעוד\ גיבוי\ יכולת התחקות לאחור\ מעקב אחר מידע וכו'
הממשלה – באופן מפתיע יצאה בהכרזה כי יש לה מגמה לקדם שירותי ענן במגזרת הממשלתי