paper

alokreddy

Chapter15ppt_2__1_-Presentation.ppt

Home >Information Systems homework help >paper

IT 833 INFORMATION GOVERNANCE

Dr. Isaac T. Gbenle

Chapter 15 – Information Governance for Cloud Computing

CHAPTER GOALS

Be able to define cloud computing
What are the key characteristics of cloud computing?
What are the four cloud deployment models?
Describe common security threats with cloud computing
Contrast the concerns of cloud computing with the benefits
Explain the guidelines for managing documents and records using cloud computing
Explain IG guidelines for cloud computing

WHY IS CLOUD COMPUTING SUCH A “BIG DEAL”?

Changes our entire way of thinking about computing and IT

Provides scalable, adjustable resources

Cost savings to business

Combines newest architectures, system software, hardware speeds, and lower storage costs

Instant resources at the disposal of business

Frees up the IT Department to focus on business functional unit needs

Concerns for privacy and security are overlooked

What is Cloud Computing?

“Cloud Computing is a shared resource that provides dynamic access to computing services that may range from raw computing power to basic infrastructure to fully operational and supported applications”

Smallwood, Information Governance: Concepts, Strategies and Best Practices, page 286

What is Cloud Computing?

“A model for enabling convenient on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction”Peter Mell and Tim Grance, “NIST Definition of Cloud Computing, Version 15, 10-07-09, www.nist.gov

“Shared resource that proavides dynamic access to computing services that may range from raw computing power, to basic infrastructure, to fully operational and supported applications”. –from your textbook page 286

CHARACTERISTICS OF CLOUD COMPUTING

On-Demand Self-Service
Broad network access
Resource pooling
Rapid Elasticity
Measured Service

Misconceptions of Cloud Computing

Cloud Computing is a service-oriented architecture
Misconception: Cloud Computing does not “move the organization to the cloud”
Misconception: If you don’t migrate to a cloud solution you are protected from the dangers of cloud computing

CLOUD DEPLOYMENT MODELS

Private Cloud –Dedicated to and operated by a single enterprise
Community Cloud – Where Cloud infrastructure is shared by several organizations
Public Cloud – Cloud infrastructure is made available to the general public or industrial group
Hybrid Cloud – Combined approach – composition of two or more clouds

THREATS OF CLOUD COMPUTING

Information Loss

Fix: Agreement by provider to follow standard operating procedure for data backup, archival and retention

Data Loss Insurance

Information Breaches

Fix: DLS Implementation

Strong Encryption

Secure Storage, management and doc destruction procedures

Contractual Agreements

Insurance Coverage

THREATS OF CLOUD COMPUTING

Insider Threats

Fix: Screening

Assessment of supplier’s practices

Hacking and Rogue Intrusions

Fix: IG policies and monitoring controls

Total Network Monitoring

Requirement that cloud provider regularly monitor public blacklists to check for exploitation

THREATS OF CLOUD COMPUTING

Insecure Points of Cloud Connection

Fix: Thoroughly test the API to ensure that all connections abide by standard policy

Utilization of multiple logon authentication steps

Encryption of sensitive data during transmission

THREATS OF CLOUD COMPUTING

Issues with Multitenancy and Technology Sharing

Fix: Control and verification of access

Enforceable service-level agreements for patching software bugs etc.

IG policy that requires full disclosure of activities and usage logs and related information.

THREATS OF CLOUD COMPUTING

Lack of clarity about who owns the information

Risk of large failures of cloud providers

Inability to closely follow user’s retention schedule

Lack of RM Functionality for many cloud based applications

Inability to implement legal holds

Poor response time

Limited ability to ensure cloud provider meets your duties to follow regulations

Jurisdictional and Political issues

Storage of PII on foreign services with various restrictions, and prohibitions

BENEFITS OF CLOUD COMPUTING

Allows for more flexibility in technology/devices
Workers can access information via mobile devices
Provides a mechanism to support collaboration with external partners
File Storage solutions provide better alternatives to remove information access than copying to unsecured devices, or sending via email
Key to organization’s disaster recovery/business continuity plan

GUIDELINES FOR CREATING STANDARDS AND POLICIES FOR MANAGEMENT OF E-DOCS IN CLOUD

Include Chief Records Management Officer /Lead RM staff in all stages

Define which copy of record will be the organization’s “official copy”

Include instructions for determining if records are covered under retention policy

Include instructions for record capture, management, retention, etc.

Include instructions on records analysis, development and submitting records schedules for unscheduled records in cloud environment

Include instructions to periodically test transfers of records to other environments to ensure they remain portable

Include instructions for migration to a new platform, operating system, etc. so records remain readable throughout their lifecycle

Resolve portability and accessibility issues through good records management policies

IG GUIDELINES FOR CLOUD COMPUTING

Define Business Objectives first and then select a provider that meets your objectives

Document roles and responsibilities

Make sure to incorporate the investigation and application of required fixes – incorporate that into your negotiations with cloud provider

If concept is new to your organization develop processes that can be reused in subsequent cloud computing projects. Things like:

How to migrate information to the cloud

How to get information back when you quit using the cloud

How to implement legal holds

THE END