Slide presentasi Pak Sutedjo Tjahjadi dari Datacomm Cloud Business dalam seminar "Accelerating Cloud Computing Adoption", Materi Messaging Anniversary DCB
The Expedient public cloud offers the ability to connect and share your environment while ensuring data is housed in an enterprise-class data center, monitored 24x7x365. This solution is ideal for computing scalability and data storage while minimizing capital expense. Your cloud environment is contained in its own secure virtualized space with logical data segmentation, and N+2 physical redundancy.
It's All about Insight: Unlocking Effective Risk Management for Your Unstruct...Veritas Technologies LLC
Ransomware, data breaches, and credential hi-jacking can all initiate severe information crises--and put your unstructured data at serious risk. Vision is not a security conference, but that doesn't change the fact that you must monitor data at rest to keep your organization safe. This session will show you how Veritas Data Insight delivers the risk intelligence you need to keep all of your information safe--and make your CISO friends jealous.
Cloud security: Accelerating cloud adoption Dell World
Organizations now have an opportunity to more rapidly overcome their security concerns by using third-party cloud platforms. In this session, Dell SecureWorks security experts discuss the Shared Security Responsibility model, how organizations need to think about security architecture in the cloud, and new Dell SecureWorks services that are helping organizations plan, architect, manage and respond to threats in the cloud.
Slide presentasi Pak Sutedjo Tjahjadi dari Datacomm Cloud Business dalam seminar "Accelerating Cloud Computing Adoption", Materi Messaging Anniversary DCB
The Expedient public cloud offers the ability to connect and share your environment while ensuring data is housed in an enterprise-class data center, monitored 24x7x365. This solution is ideal for computing scalability and data storage while minimizing capital expense. Your cloud environment is contained in its own secure virtualized space with logical data segmentation, and N+2 physical redundancy.
It's All about Insight: Unlocking Effective Risk Management for Your Unstruct...Veritas Technologies LLC
Ransomware, data breaches, and credential hi-jacking can all initiate severe information crises--and put your unstructured data at serious risk. Vision is not a security conference, but that doesn't change the fact that you must monitor data at rest to keep your organization safe. This session will show you how Veritas Data Insight delivers the risk intelligence you need to keep all of your information safe--and make your CISO friends jealous.
Cloud security: Accelerating cloud adoption Dell World
Organizations now have an opportunity to more rapidly overcome their security concerns by using third-party cloud platforms. In this session, Dell SecureWorks security experts discuss the Shared Security Responsibility model, how organizations need to think about security architecture in the cloud, and new Dell SecureWorks services that are helping organizations plan, architect, manage and respond to threats in the cloud.
After a disaster, how much of your critical infrastructure and data could you recover? And how long would it take? To make sure you can answer these important questions with complete confidence, Veritas is adding machine learning technology to its data protection solutions. Attend this session to find out how combining machine learning and data protection enhances your ability to completely protect and recover critical systems and information more quickly and efficiently – no matter where it lives or what happens to it.
Cloud computing security issues .what is cloud computing, cloud clients, disadvantages of clouds, security issues, value of data, threat model and solutions.
Presentation I gave in March 2014 on cloud computing with cloud definition & characteristics, cloud ROI, benefits and costs, lessons learned, examples, and 7 enablers.
Shared responsibility - a model for good cloud securityAndy Powell
An overview of the shared responsibility model that is typically adopted by cloud providers and its impact on the way that Jisc members should build secure solutions in public cloud.
Accelerate your digital business transformation with 360 Data ManagementVeritas Technologies LLC
As infrastructure continues to become more commoditized and abstracted, IT organizations are actively shifting their focus from managing infrastructure to managing information. This session will provide a detailed introduction to 360 Data Management, Veritas' vision for how IT organizations should think about and deploy data management technologies as they work to modernize and embrace this important shift. Veritas experts will reveal the six pillars of 360 Data Management – and talk about how IT leaders can take advantage of the Veritas 360 Data Management Suite to accelerate their digital business transformation.
This session was originally delivered at Veritas' Vision 2017 on Tuesday, Sep 19, 4:30 PM - 5:30 PM.
Presentation of the future of cloud storage at Scality SDS Day in London (The Shard) in September 2017. Topics covered include private/public cloud and software-defined storage.
Exploring the Benefits of an Integrated Classification Engine: Lessons in Eli...Veritas Technologies LLC
How can your organization benefit from the world’s first next-generation classification engine? Attend this session to find out. You’ll discover how the new Veritas Integrated Classification Engine—which is infinitely scalable, policy enriched, and fueled by artificial intelligence—enriches your data with intelligence and eliminates the scourge of dark data. You’ll also learn how your organization can quickly deploy the Integrated Classification Engine across your existing Veritas stack to align with your needs and instantly produce a wide range of governance, risk, and compliance benefits.
Recent enhancements to Enterprise Vault give your organization new levels of control over your unstructured data. In this session, you'll learn how you can make the most of these new and enhanced capabilities. This includes using intelligent workflows that leverage classification and machine learning to accelerate your compliance activities, taking advantage of flexible new cloud deployment and cloud storage options, and much more. Don't miss this opportunity to explore best practices that will transform Enterprise Vault into one of the most versatile and powerful information management tools in your arsenal.
How many different people, processes, and technologies play a role in your disaster recovery plan? Have you tested and verified how long it will take? Do you have enough confidence that your business will survive when your plan is executed? This session will show how you can use the Veritas Resiliency Platform with NetBackup to easily orchestrate large-scale, complex recoveries to on-prem and multi-cloud environments, so you can get applications back online within established service levels and test your plan without disrupting production activity.
In this presentation from GITEX 2018, Virgil Dobos provides his perspective on creating a comprehensive data management strategy with Veritas solutions.
System Security Plans are part of the required documentation for certification and accreditation package. Documenting your SSP can be a daunting task, so how can you make it easy? This overview session covers; who is responsible for the SSP, plan contents, overview of implementation detail for selected controls, flexibility of the SSP, plan maintenance issues, and what a SSP is not
After a disaster, how much of your critical infrastructure and data could you recover? And how long would it take? To make sure you can answer these important questions with complete confidence, Veritas is adding machine learning technology to its data protection solutions. Attend this session to find out how combining machine learning and data protection enhances your ability to completely protect and recover critical systems and information more quickly and efficiently – no matter where it lives or what happens to it.
Cloud computing security issues .what is cloud computing, cloud clients, disadvantages of clouds, security issues, value of data, threat model and solutions.
Presentation I gave in March 2014 on cloud computing with cloud definition & characteristics, cloud ROI, benefits and costs, lessons learned, examples, and 7 enablers.
Shared responsibility - a model for good cloud securityAndy Powell
An overview of the shared responsibility model that is typically adopted by cloud providers and its impact on the way that Jisc members should build secure solutions in public cloud.
Accelerate your digital business transformation with 360 Data ManagementVeritas Technologies LLC
As infrastructure continues to become more commoditized and abstracted, IT organizations are actively shifting their focus from managing infrastructure to managing information. This session will provide a detailed introduction to 360 Data Management, Veritas' vision for how IT organizations should think about and deploy data management technologies as they work to modernize and embrace this important shift. Veritas experts will reveal the six pillars of 360 Data Management – and talk about how IT leaders can take advantage of the Veritas 360 Data Management Suite to accelerate their digital business transformation.
This session was originally delivered at Veritas' Vision 2017 on Tuesday, Sep 19, 4:30 PM - 5:30 PM.
Presentation of the future of cloud storage at Scality SDS Day in London (The Shard) in September 2017. Topics covered include private/public cloud and software-defined storage.
Exploring the Benefits of an Integrated Classification Engine: Lessons in Eli...Veritas Technologies LLC
How can your organization benefit from the world’s first next-generation classification engine? Attend this session to find out. You’ll discover how the new Veritas Integrated Classification Engine—which is infinitely scalable, policy enriched, and fueled by artificial intelligence—enriches your data with intelligence and eliminates the scourge of dark data. You’ll also learn how your organization can quickly deploy the Integrated Classification Engine across your existing Veritas stack to align with your needs and instantly produce a wide range of governance, risk, and compliance benefits.
Recent enhancements to Enterprise Vault give your organization new levels of control over your unstructured data. In this session, you'll learn how you can make the most of these new and enhanced capabilities. This includes using intelligent workflows that leverage classification and machine learning to accelerate your compliance activities, taking advantage of flexible new cloud deployment and cloud storage options, and much more. Don't miss this opportunity to explore best practices that will transform Enterprise Vault into one of the most versatile and powerful information management tools in your arsenal.
How many different people, processes, and technologies play a role in your disaster recovery plan? Have you tested and verified how long it will take? Do you have enough confidence that your business will survive when your plan is executed? This session will show how you can use the Veritas Resiliency Platform with NetBackup to easily orchestrate large-scale, complex recoveries to on-prem and multi-cloud environments, so you can get applications back online within established service levels and test your plan without disrupting production activity.
In this presentation from GITEX 2018, Virgil Dobos provides his perspective on creating a comprehensive data management strategy with Veritas solutions.
System Security Plans are part of the required documentation for certification and accreditation package. Documenting your SSP can be a daunting task, so how can you make it easy? This overview session covers; who is responsible for the SSP, plan contents, overview of implementation detail for selected controls, flexibility of the SSP, plan maintenance issues, and what a SSP is not
PCI Compliance for Community Colleges @One CISOA 2011Donald E. Hester
An introduction to PCI compliance and data security standard. Including attestation requirements, PCI merchant levels, reporting requirements. Steps to Document PCI Cardholder Data Environment CDE and to work toward compliance.
Data Privacy: What you should know, what you should do!
CSMFO Data Privacy in the Governmental Sector, Local Government. Data Privacy Laws, PCI, Breaches, AICPA – Generally Accepted Privacy Principles
Payment Card Industry Compliance for Local Governments CSMFO 2009Donald E. Hester
An introduction to PCI compliance and data security standard. Including attestation requirements, PCI merchant levels, reporting requirements. Steps to Document PCI Cardholder Data Environment CDE and to work toward compliance.
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
Securing Apps & Data in the Cloud Presented by Spyders & Netskope - a discussion of shadow IT and the emergence of Cloud Access Security Brokers (CASBs) like Netskope, Spyders latest technology partner, have emerged to help solve the issue of shadow IT. Cloud Access Security Brokers were listed as the #1 technology in the Gartner 2014 Top 10 Technologies for Information Security. If your wondering about what cloud access security brokers are, Gartner defines CASBs as “on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. Essentially, CASBs consolidate multiple types of security policy enforcement.”
As organizations embrace cloud applications, new risks and complexities have arisen. Staying on top of the ever-changing policy, legal and tech landscapes is daunting and gives rise to complex legal and business challenges.
Privacy and security expert, Lisa Abe-Oldenburg, and Pranav Shah, a CIO advocate and security specialist, go over latest considerations facing Canadian organizations transitioning to cloud-based apps.
Lisa provides insight and guidance from a legal perspective, and Pranav addresses the business challenges related to architecture, technology, and human capital. Participants also gain insight into how organizations are successfully leveraging one of Gartner's newest categories, Cloud Access Security Brokers (CASB), as an integral component of their secure, SaaS business and security strategies.
Visit http://www.spyders.ca to learn more about Netskope and Cloud Access Security Brokers.
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
The Big Decision – What, when, and why?
Enterprises are aware that the Cloud is changing IT, but security and performance remain a concern. Each cloud model has potential risks: reliability, adaptability, application compatibility, efficiency, scaling, lock- in, security and compliance. Companies must select an enterprise cloud solution to suit a complex mix of applications; these decisions require great care. Uni Systems’ Uni|Cloud was built to be enterprise class. The essential reason that many businesses today are using Uni Systems Cloud for their enterprise IT, is because it offers the only enterprise-class cloud solution in the Greek market, designed for mission-critical applications, coupled with application performance SLAs and security built for the enterprise, combined with cloud efficiency and consumption-based pricing/chargeback.
Cloud Computing the new buzz word.
This presentation was presented by CA Anand Prakash Jangid at a regional conference of The Institute of Chartered Accountants of India at Hyderabad.
The data services marketplace is enabled by a data abstraction layer that supports rapid development of operational applications and single data view portals. In this presentation yo will learn services-based reference architecture, modality, and latency of data access.
- Reference architecture for enterprise data services marketplace
- Modality and latency of data access
- Customer use cases and demo
This presentation is part of the Denodo Educational Seminar , and you can watch the video here goo.gl/vycYmZ.
With cloud technology, lawyers have greater power to control their work/life balance, cut costs, and deliver better services to their clients.
The catch is that lawyers must now extend their traditional duties of competency and confidentiality into these new tools. But how can they do so in a safe and ethical way?
In this CLE-eligible webinar, you’ll learn:
What is the cloud?
The benefits and risks of cloud technology
Cloud concerns specific to legal professionals
How to select a cloud vendor
Recording: https://landing.clio.com/does-cloud-technology-belong-at-your-law-firm-recording.html
The cloud is driving significant change in how companies deploy and manage resources for their existing business applications. This session explains in non-technical terms how to evaluate if a move to the cloud is in your midst without being a technical expert. We'll explain the many different deployment options as well as business opportunities, pros and cons that companies should consider when addressing the cloud. This session will also provide an executive viewpoint on Azure and it's future potential for businesses.
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...Lviv Startup Club
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult? (EN)
Ukraine Online PMO Day 2022 Autumn
Website - https://pmday.org/pmo
Youtube - https://www.youtube.com/startuplviv
FB - https://www.facebook.com/pmdayconference
Cybersecurity is important for local government. Understand the reasons why cybersecurity is so important for local governments. Includes statistics on cyber crime.
Ransomware is a threat that is growing exponentially is your organization ready? Learn what we know about the perpetrators, what they typical attack vectors are, who the typical victims are. What step you can take to protect and mitigate the risk along with the cost considerations. We will also cover some alarming statistics and predictions for the future.
This infographic depicts the relationship of Student Learning Outcomes/Objectives SLOs with the measurable objectives and course content for Las Positas College CNT 54 Administering Windows Client. This course aligns with Microsoft exam 70-698 Installing and Configuring Windows 10.
This session will provide information on some common fraud schemes relevant to most entities and provide examples of controls you can implement in your organization to decrease the risk of fraud. We will also provide an overview of the Internal Control Guidelines issued by the State Controller's Office.
Presenters David Alvey, CPA Audit Partner and Katherine Yuen, CPA, Audit Partner
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...Donald E. Hester
Are you ready for the new Single Audit rules and requirements? In this session, we will go over the new Uniform Guidance to Federal Awards with a high level background and overview on the latest updates on the new single audit requirements. We will discuss how the Uniform Guidance will affect the planning considerations for year-end single audits. We will also discuss how you can successfully prepare for the single audit and comply with the new Uniform Guidance for Federal Awards.
Presenters Nikki Apura, Audit Supervisor and Mark Wong, CPA, Audit Partner
2016 Maze Live Cyber-security for Local GovernmentsDonald E. Hester
Is your organization doing enough to reduce the risk of cyber threats? Cyber-security is more than compliance with credit card processing. What risks does your organization have? Cyber-security is a prime concern today and in this session we will cover what local governments can do to reduce risk. Presenter Donald E. Hester, CISA, CISSP, Director
How did your implementation go last year? In this session, we will cover issues that we or our clients encountered during the implementation of GASB 68 and 71. We will also cover anticipated challenges, new information from actuaries, as well as sample journal entries in this first year after implementation. Presenter Amy Myer, CPA, Audit Partner
Implementing GASB 72: Fair Value Measurement and ApplicationDonald E. Hester
In this session, we identify the impacts of GASB 72 for financial statement presentation purposes and be exposed to updated footnote tables and other pertinent footnote disclosures. Other topics include: valuation techniques, reporting requirements and definitions related to the Statement. Presenters Cody Smith, CPA, Audit Supervisor and Amy Myer, CPA, Audit Partner
Are you wondering what is down the pike for GASB implementation? In this session we will cover the new GASB pronouncements for the upcoming years, including those addressing tax abatement disclosures and retiree healthcare benefits. Presenter David Alvey, CPA Audit Partner
Annual Maze Live Event 2016 – GASB Updates & Best Practices Donald E. Hester
Hosted by the City of San Leandro
Topics covered:
GASB Update
Implementing GASB 72: Fair Value Measurement and Application
GASB 68 and 71 Planning for the Second Year
Cyber-security for Local Governments
Changes in Grant Management and How to Prepare for the Single Audit
Fraud Environment
Payment Card Cashiering for Local Governments 2016Donald E. Hester
Slides cover PCI compliance training for cashiers covering topics from Payment Card Industry Data Security Standard (PCI DSS), supplemental guidance provided by Payment Card Industry Security Standards Council (PCI SSC), Visa's Card Acceptance Guidelines for Visa Merchants, and MasterCard’s Security Rules and Procedures Merchant Edition 2011.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
3. Cloud Computing?
The “Cloud”
• Buzz word
• Overused cliché
• Ill defined
• Many different definitions
• Marketing term
• All hype
• The “unknown path”
• Service provider
3
Nebulous
4. What is it?
4
“..[a] model for enabling convenient, on-demand
network access to a shared pool of configurable
computing resources (e.g. networks, servers,
storage, applications, services) that can be
provisioned and released with minimal
management effort or service provider
interactions.”
NIST & Cloud Security Alliance
A utility model of technology delivery.
5. Cloud Flavors
5
• Private Cloud
• Operated solely for one organization
• In-sourcing
• Community Cloud
• Operated for a group of similar organizations
• Public Cloud
• Outsourced
• Multi-tenant
• Hybrid Cloud
• Combination of the above
8. Potential Spending on Cloud Computing
8
Based on agency estimates as reported to the Office of Management and Budget (OMB)
Federal Cloud Computing Strategy
9. Federal Cloud Computing Strategy
9
“Cloud First policy. This policy is intended to
accelerate the pace at which the government will
realize the value of cloud computing by requiring
agencies to evaluate safe, secure cloud computing
options before making any new investments.”
“…to be more efficient, agile, and innovative through
more effective use of IT investments…”
Federal Cloud Computing Strategy, February 2011
10. Benefits of Cloud Computing
10
• Save time and money on provisioning new
services
• Less time spent on deployment
• Move capital investment to operational
expenses
• Instant test bed
• Enables IT systems to be scalable and
elastic
• Provision computing resources as required,
on-demand
• No need to own data center infrastructure
(for public cloud service)
11. Benefits of Cloud Computing
11
• Energy saving (green)
• Increased utilization, less idle time
• Cost based on usage
• More effective use of capital resources ($)
• Better service
• Allows IT staff to focus on core
competencies
• Repurpose IT staff for more customer
service
• Outsource to esoteric experts
• 24/7 service and support
• Economies of scale
13. Cost Benefit Analysis
13
Traditional Costs
Hardware (initial)
Software (initial)
Hardware repair/upgrades
Software upgrades
Staff costs
Energy costs
Training
Traditional Limits
Maximum load
Maximum up-time
Maximum users
MTTR
Dependencies
Cloud Costs
Cost per user
Cost by bandwidth/storage
Cost increase over time
Cost of additional services
Legal consultation costs
Staff costs
Training
Cloud limitations
Users
Bandwidth
Storage
Service Support
Dependencies
14. Cost Benefit Analysis Example
14
Traditional Costs
TCO $21,000
Cloud Costs
TCO $22,850
0
2000
4000
6000
8000
10000
12000
14000
1 2 3 4 5 6 7 8 9 10
Year
Traditional
Cloud
15. Cost Benefit Analysis Example
15
TCO over 10 years:
MS Office Retail
$1,220
MS Office Academic
$346
MS Office 360
$295
0
50
100
150
200
250
300
350
1 2 3 4 5 6 7 8 9 10
Retail
Academic
Cloud
16. Cloud Risks
16
Where’s My Data?
The Bad Divorce
Trust but Verify
“I thought you knew”
I didn’t think of that
Clarify
Consider
Expectations, Put it in Writing
17. Where’s My Data?
17
• In the information age your key asset is information.
• Some information requires protection
• (Credit Card Data, Student Records, SSN, etc…)
• Your information could be anywhere in the world
• You may loss access to your data
• ISP failure
• Service provider failure
• Failure to pay (service provider stops access)
18. The Bad Divorce
18
“Vendor Lock”
• All relationships come to an end
• Let you down, had a breach, SLA performance etc…
• The company fails/gets sold
• Introductory pricing or it goes up over time
• Transition to new vendor or in-source
• How will you get your data back?
• Get a prenup – get it in the contract up front
19. Trust but Verify
19
Assurance
• How do you know they are protecting your data?
• Not everyone is treated the same by service providers
• Disclosure concerning security posture
• 3rd party independent verification (audit/assessment)
• SAS 70 / SSAE 16
• SysTrust / WebTrust
• ISO 27001 Certification
• Audit / Assessment
20. “I thought you knew”
20
Breach Notification
• When do you want to know about a data breach?
• (Data that you are legal obligated to protect)
• Typical contracts give wide latitude for service providers
• Actual verses possible breach
• Timeliness of notification
21. I didn’t think of that
21
Dependencies
• Infrastructure – Internet
• Authentication management (SSO)
• Operational budget
• Greater dependency on 3rd parties
Other considerations
• Complex legal issues
• Multi-tenancy
• Transborder data flow
22. Clarify
22
• What do they mean by “Cloud”
• Establish clear responsibilities and accountability
• Your expectations
• Cost of compensating controls
• What will happen with billing disputes
23. Consider
23
• The reputation of the service provider
• Track record of issues
• Large or small, likelihood of change
• Vendor ‘supply chain management’ issues
• The reliability of the service or technology
• Is the technology time tested
• Typically you have no control over upgrades and
changes
• Training for staff
24. Expectations, Put it in Writing
24
• Anything they guarantee get in writing
• Typical agreements are in favor of the service provider
• Protect your interests in writing (have legal look at it)
• Get specific SLA
• Document specific security requirements
• Non-performance clause
• Disposition and transition clauses
• Notification requirements
25. Resources
Cloud Security Alliance
• cloudsecurityalliance.org
ISACA: Cloud Computing Management
Audit/Assurance Program, 2010
NIST Special Publication 800-145 (draft)
Federal Cloud Computing Strategy, February 2011
Above the Clouds managing Risk in the World of
Cloud Computing by McDonald (978-1-84928-031-0)
Cloud Computing, Implementation, Management, and
Security by Rittinghouse and Ransome (978-1-4398-
0680-7)
25
26. Donald E. Hester
CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+
Director, Maze & Associates
University of San Francisco / San Diego City College / Los Positas College
www.LearnSecurity.org | www.linkedin.com/in/donaldehester | www.facebook.com/LearnSec |
www.twitter.com/sobca | DonaldH@MazeAssociates.com
Q&A
27. Thanks for attending
For upcoming events and links to recently archived
seminars, check the @ONE Web site at:
http://onefortraining.org/
IT Series:
Cloud Computing Done Right