• Domain 1: Cloud Computing Architectural Framework. BPI will take advantage of the benefits of cloud computing to rapidly provisioned and released with minimal management effort or service provider interaction of the resources needed. By doing that, BPI will have an efficient scalable environment, low cost fast and fast to deploy. A hybrid Cloud Deployment model with a combination of Public, Private and Community models will be used. The Cloud Service Delivery model will be a combination of SaaS, PaaS and IaaS to satisfy the requirements of the multiple business units within the organization, customers, and suppliers resulting in a cost reduction through optimized and efficient computing BPI will be responsible for most of the security …show more content…
• Domain 3: Legal and Electronic Discovery For the IaaS, The CSP must comply with US federal and state laws, as well as international regulations and industry standards such as PCI. Compliance with all local legal regulations should be met, and if possible excide them to match the most restricted laws among all the countries where BPI has a presence. BPI will pass down all regulations to suppliers, contractors and service providers. The CSP should maintain data retention based on local legal requirements, and should make available the records if are required in a readable format and not in a proprietary format. • Domain 4: Compliance and Audit BPI should have the ability to audit the cloud service provider, and should assess which policies and procedures related to regulations will have to change (such as activity reporting, logging, data retention, incident response, controls testing, and privacy policies). In addition to regular audits, retention times should be established. In the SaaS case, the provider will have to deploy many of the security controls for regulatory compliance, so understanding the specific requirements, and ensuring that the cloud services contract and service level agreements adequately address them, is important. BPI’s legal and contracts personnel should review the terms of service to ensure that the cloud services contract
As previously mentioned, cloud computing has recently emerged as a pioneering model for hosting and distributing services over the Internet. Actually, the model entails sharing resources on a huge scale through a value effective and location independent process. While the resources on the cloud are deployed by the seller, they are utilized by the consumer (Belamkar, 2014). Cloud computing is very beneficial to organizations and companies because it is engaging to business organizations
Cloud computing offers many advantages to both end users and businesses of all sizes. The advantages of cloud
This research paper tackles the issues that faces Cloud Computing today and gives the experts and industry’s point of view on the matter. The aspects explored are the significant industry questions that have risen about the use of Cloud Computing, business value, organization impact, adaptability, limitations, initial cost of implementation, and the severe business security risks
Hybrid cloud is a mix of both private and public from different providers that offers benefits of multiple deployment models. Extends capability of a cloud service.
A lot has being said concerning issues surrounding the law and cloud computing. Some of these issues include privacy and data security concerns and laws and regulations. Regardless of what cloud computing models an organization uses, both the cloud provider and the consumer ha to operate under this laws. Therefore both parties need to have a broad knowledge of the these laws such as data breaches, information ownership and control and how close customers can manage risk both at the federal and state levels.
Before engaging in cloud computing, organizations should consider the providers locations and data restrictions as well as terms and conditions on the information stored in the cloud.
One of the main things that we need to understand in the process of selecting the appropriate cloud development model for BPI is to understand what cloud deployment is all about. Cloud has been used for a while now and as business and security comes, it is predicted to be rising faster as years come by. The ubiquitous term cloud refers to anything that is being delivered today through the internet and in simple terms, cloud is where one can rent technology and information services on the internet through the providers. Most companies are today turning their focus on
When dealing with cloud compliance issues, cloud provider need to make a clear difference between achieving compliance and measuring the compliance, because they are two distinctive things. Just like the traditional hosting providers, cloud provider needs to provide every cloud customer needs a form of assurance that is in proving that the controls are and will always be placed. For example, auditors should be able to understand virtualization, in order to avoid any complications. In terms of the cloud security alliance, issuing audit reports is very important. (Shackleford, 2010)
When a cloud service provider connected both public and private cloud’s infrastructure, it will be called hybrid cloud, which let an organization to arrange workload between two environments that its deployments need compatibility among the software that both private and public clouds using.
The world is moving from manufacturing to more service-oriented day after a day. According to a survey of the U.S. economy conducted in 2010, 15% of the U.S. economy is driven by manufacturing, 5% in agriculture and other areas, and the remaining 80% is related to the service industry (Hwang & Dongarra 2013). Also, based on IDC, International Data Corporation, the cloud service market reached $17.4 billion globally in 2009 and is predicted to grow to more than $45 billion by the end of 2015. Cloud Computing can be explained as the delivery of computing resources over the Internet and is generally categorized under three layer: IaaS- Infrastructure as a Service, PaaS- Platform as a Service, and SaaS- Software as a Service (McKay, 2011).
Create an appropriate use policy for your cloud applications, which defines key terms, proper use methodology, details what is permitted, objectives and responsibilities. Effective governance is half of security. Your policies also need to demonstrate an incident response plan and which third party service provider you have engaged to manage threats should they become apparent.
When auditing an internal information system, an auditing team should traverse four phases of activity in a non-bias manner to ensure a complete and concise analysis of all associated soft assets to ascertain if a move to a Cloud service would be a benefit to the organization. In phase one, audit planning, the audit team obtains a charter. The charter is a formal document, which will lay the foundations of the audit team’s business requirements, while defining their scope of responsibility and limits of authority. It also determines the individuals who are to be accountable for a successful audit, as well as, those who are responsible for aiding the team to said end. At this stage, the audit manager and the liaison
In the case of IaaS with this model focusing on the management virtual machines(VM). The risk is dealing with the virtual machines themselves and the data they hold. To mitigate this risk, the chief security officer (CSO) should outlay a governance framework to enable our business to put controls in place requiring how VM’s are created and spun down which would avoid uncontrolled access and cost increases. (Mark O’Neill, Vordel, SaaS, PaaS, and IaaS: A security checklist for cloud models)
Platform As A Service (PAAS): provides clients with the capability of building and deploying services onto the cloud infrastructure such as operating systems, servers, storage and network without the complexity and cost of purchasing and managing the underlying software and hardware [5]. It also offers facilities for application development, application design, deployment, testing and hosting. That includes the scope of application services such as web service integration and marshalling, team collaboration, storage, database integration, scalability, security [5]. There are two dominant modes of PAAS service and they are as follows [6]:
2.1 Cloud Software-as-a-Service: The software as service architecture gives access to a software infrastructure, which is remotely accessed via the web, based services. In this infrastructure, it is important to note that the service provider is responsible for managing the infrastructure. This architecture allows companies to get the business functionality of software by incurring a minimal cost, which is less than paying for the licensed applications. It follows the pay as you go, model. Software-as-a-Service eliminates all possibilities for organizations to handle the installation, set-up, daily preservation and maintenance.