Post on 17-Jan-2017
Managing Compliance in Cloud
ComputingDr. Manisha Kumari Deep
GreenGyaanamwww.greengyaanam.com
What is “Cloud”
‘Cloud’ is a term borrowed from telephony Cloud computing concept dates back to 1960, when
John McCarthy opined that ‘computation may someday be organized as a public utility’.
Here ‘cloud’ is used as a metaphor for the Internet Term cloud came into commercial use in the early
1990s Used in context of large Asynchronous Transfer
Mode (ATM) networks
Cloud Computing Taken as a change in a fundamental model of
events Details are abstracted from the users Abstraction simplifies control and conceals
complexity Typically involves the provision of dynamically
scalable and often virtualized resources as a service over the Internet
Cloud computing customers do not own the physical infrastructure
Instead they avoid capital expenditure on hardware, software and services, by renting usage from a third-party provider
Cloud computing confusion
Cloud computing is usually confused with: Grid Computing- a form of distributed computing Autonomic Computing- packaging of computing
resources, such as computation and storage, as a metered service
Utility Computing- computer systems capable of self-management.
Why Cloud Computing?
Cost reduction Limitless storage and data safety Low maintenance cost Provisioning on-demand, with no more waiting IT as disposable infrastructure and not a luxury New levels of collaborations with no geographical or
corporate boundaries
Why Cloud Computing
For many of us it is a mature technology and can almost run all applications
Features of easy accessibility anywhere at any time and almost no burden of on-going operational expenses
Cloud environment covers services right from the core infrastructure to software like email at an individual user level.
By implementing cloud the organizations certainly gets the benefit of reduced capital investment, faster implementation cycle with net reduction in hardware-software procurement and installation
Cloud computing interpretations
First academic definition provided by ‘Ramnath K. Chellappa’ who called it ‘a computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits’ in 1997.
A form of standardized IT-based capability — such as Internet-based services, software, or IT infrastructure — offered by a service provider that is accessible via Internet protocols from any computer, is always available and scales automatically to adjust to demand, is either pay-per-use or advertising-based, has Web- or programmatic-based control interfaces, and enables full customer self-service.
A style of computing in which massively scalable IT-enabled capabilities are delivered “as a service” to multiple customers using Internet technologies
Self-service provisioningShared resources/common versionsOffsite third-party providedAccess via the InternetStandard usage-based pricing
Essential Characteristics
On-demand self-service Ubiquitous network access
Multi-tenant Elasticity
Pay-per-use
Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Which industries does this apply to?
Product Offerings
Security/Regulatory
Requirements
LowBitsAtom
s
High
• Music/video• Software/IT• News/Information
• Financial services• Telecom• IT Services
• Dell/electronics• Wal-Mart/retail• Commodities
• Defense/aerospace• Utilities, energy• Pharma
Mostly disruptive
Potentially disruptive Latent
Mostly Sustaining
Compliance Management
Compliance is about being in accordance to specifications, guidelines or laws or in process of becoming
Compliance to regulation needs to keep security factors tight inorder to avoid risk
Compliance management ensures that IT processes, services and systems comply with organizations policies and legal requirements
Non-conformance to the regulation might attract huge penalties and in cases federal agencies can also revoke the organizations licence to operate
The Approach
Organizations need to have a compliance management policy implemented ahead of time
This policy should be one of the inputs for selecting the cloud service provider (CSP)
Information security becomes crucial and should be included in the compliance management policy (CMP)
The process flow and major steps of the approach for managing the compliance has been represented in the figure (An Approach for Managing Compliance in Cloud)
This approach is based on the Plan Do Check Act principle.
The Approach
This approach has six phases: focus area layout plan, implement, monitor, audit and feedback.
Focus Area
It covers applicable standards, regulations and even best practices in Industry
Focus Area should be aligned with organizations strategic plan, and should cover performance standards, privacy and security aspects
Compliance requirements of business process, business units and even employees of the organizations which are exposed on the cloud
Layout Plan
Responsibilities of parties involved (i.e. service provider, user, customer), the expectations, assumptions and also the frequency of audits for defined focus area is charted out
Emphasis here should be on drawing clear lines on the responsibility and expectations with cloud provider
Implement, Monitor, Audit and Feedback Implement, Monitor, Audit and Feedback should
be followed as practiced in any standard quality management principle
The feedback is essential to close the findings of audits and observations while monitoring the processes
Feedback has to be sent to the layout planning stage as well as the focus area to make the process robust, error-free, and stable with scope for further improvement till perfection
Conflicting Aspects Organizations may adopt different models and
approach, however while designing a compliance management framework or system special emphasis should be given to the below mentioned conflicting aspects:
1. Data Collection Limitation and its usage2. Retention and Destruction of data3. Limitation of Private and Personal data usage and transfer4. Transfer of data with permission and protection5. Accountability
Suggestions
CSP must include compliance as a part of the operational process in order to ease global integration, avoid vendor conflicts, support transparency between users and providers, diverse regulations of countries, and to efficiently handle risks thus resulting in competitive advantage
With external parties involved to meet the compliance there is a need to have the expectations set and assessed
In fact cloud compliance policy (CCP) should be one of the inputs and considerations for the organizations for selecting the cloud service provider, while signing an agreement with the service provider
Key Concerns Which cloud technology would best support the
business strategy of the organization? Which compliance management process to adopt
and follow? How much control should be abandoned for benefit
and change? Which service to purchase for right performance,
security, reliability and customization? Is it worth the risk and quality of service? How will it affect the organizations management
and corporate policies? Major CCM hurdle is data location during audit.
Key Concerns
Maintaining proper control over systems and data access
Security and confidentiality of non-public confidential information
Application designing, security, disaster recovery mechanism, issues handling and monitoring process are important while choosing CSPs
Important Cloud Players
GOOGLE MICROSOFT AMAZON CSC HP-EDS IBM ORACLE SUN CISCO DELL
Cloud Computing Startups to watch
VELOSTRATA CoreOS RAVELLO SYSTEMS BRACKET COMPUTING DIGITAL OCEAN
Future of Cloud Computing
Editors at InfoWorld make two predictions about the future direction of cloud technology over the next 10 years: pervasive cloud services standard for assembling
business solutions cloud-based data with context for better understanding
dataImportant points to look for: Large companies may move to cloud platform Data and cloud
Future of Cloud Computing
Important points to look for: Easier hybrid cloud strategies Productivity tools and proactive policies New security standards to counteract data breech More focus on Internet of Things (IoT)
Summarizing
Proper planning and migration services needed Scaling up and down is easy Security and monitoring achievable with planning and
analysis Hybrid cloud platform easier Enterprise cloud may become obsolete Cloud Computing has provided a platform to other
businesses to leverage technology at a reasonable pricing.
Summarizing
Compliance management not only would come handy in meeting the regulatory requirements but will also help them in managing organizational risks
A well drafted compliance policy when implemented will create an environment of self-accountability and minimize risks thus enabling organizations to focus more towards end products and services resulting in a satisfied customer and improved business results.
References
http://www.hightech-highway.com/cloud-computing-2/cloud-computing-yesterday-today-and-tomorrow/
http://www.hightech-highway.com/cloud-computing-2/five-basics-of-cloud-computing/ http://
searchcloudcomputing.techtarget.com/feature/Why-the-cloud-of-today-isnt-the-cloud-of-tomorrow
http://www.ijcce.org/papers/225-W0004.pdf http://
www.cio.com/article/3026527/cloud-computing/11-cloud-trends-that-will-dominate-2016.html
http://www.forbes.com/sites/joemckendrick/2015/12/21/my-one-big-fat-cloud-computing-prediction-for-2016/#19671244230a
http://searchcloudcomputing.techtarget.com/tip/Five-cloud-computing-startups-to-watch-heading-into-2016
References
http://www.cio.com/article/2901034/cloud-computing/your-guide-to-compliance-in-the-cloud.html
http://www.happiestminds.com/ComplianceVigil/ http://
www.sourcinginnovation.com/glossary/ComplianceManagement.php
Also ReadAlso Read: http://www.slideshare.net/GreenGyaanam/gree-computing-an-en
vi-nesecc http://www.slideshare.net/GreenGyaanam/positive-quotes-58408
909
http://www.slideshare.net/GreenGyaanam/introduction-to-information-systems-58490890
http://www.slideshare.net/GreenGyaanam/green-dentistry-58492754
http://www.slideshare.net/GreenGyaanam/mobile-governance-58491716
http://www.slideshare.net/GreenGyaanam/freedom-251-controversy-with-video
http://www.slideshare.net/GreenGyaanam/freedom-251-controversy-58502754
Also Read
http://www.slideshare.net/GreenGyaanam/budget-2015-2016-58901332
http://www.slideshare.net/GreenGyaanam/project-writing-58591580
http://www.slideshare.net/GreenGyaanam/relationship-quotes-58645765
http://www.slideshare.net/GreenGyaanam/facebook-for-nonprofits-58550161
http://www.slideshare.net/GreenGyaanam/technical-writing-58490472
Thanks GreenGyaanamwww.greengyaanam.comgreengyaanaminfo@gmail.com