Managing Compliance in Cloud

ComputingDr. Manisha Kumari Deep

GreenGyaanamwww.greengyaanam.com

What is “Cloud”

‘Cloud’ is a term borrowed from telephony Cloud computing concept dates back to 1960, when

John McCarthy opined that ‘computation may someday be organized as a public utility’.

Here ‘cloud’ is used as a metaphor for the Internet Term cloud came into commercial use in the early

1990s Used in context of large Asynchronous Transfer

Mode (ATM) networks

Cloud Computing Taken as a change in a fundamental model of

events Details are abstracted from the users Abstraction simplifies control and conceals

complexity Typically involves the provision of dynamically

scalable and often virtualized resources as a service over the Internet

Cloud computing customers do not own the physical infrastructure

Instead they avoid capital expenditure on hardware, software and services, by renting usage from a third-party provider

Cloud computing confusion

Cloud computing is usually confused with: Grid Computing- a form of distributed computing Autonomic Computing- packaging of computing

resources, such as computation and storage, as a metered service

Utility Computing- computer systems capable of self-management.

Why Cloud Computing?

Cost reduction Limitless storage and data safety Low maintenance cost Provisioning on-demand, with no more waiting IT as disposable infrastructure and not a luxury New levels of collaborations with no geographical or

corporate boundaries

Why Cloud Computing

For many of us it is a mature technology and can almost run all applications

Features of easy accessibility anywhere at any time and almost no burden of on-going operational expenses

Cloud environment covers services right from the core infrastructure to software like email at an individual user level.

By implementing cloud the organizations certainly gets the benefit of reduced capital investment, faster implementation cycle with net reduction in hardware-software procurement and installation

Cloud computing interpretations

First academic definition provided by ‘Ramnath K. Chellappa’ who called it ‘a computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits’ in 1997.

A form of standardized IT-based capability — such as Internet-based services, software, or IT infrastructure — offered by a service provider that is accessible via Internet protocols from any computer, is always available and scales automatically to adjust to demand, is either pay-per-use or advertising-based, has Web- or programmatic-based control interfaces, and enables full customer self-service.

A style of computing in which massively scalable IT-enabled capabilities are delivered “as a service” to multiple customers using Internet technologies

Self-service provisioningShared resources/common versionsOffsite third-party providedAccess via the InternetStandard usage-based pricing

Essential Characteristics

On-demand self-service Ubiquitous network access

Multi-tenant Elasticity

Pay-per-use

Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks,

servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Which industries does this apply to?

Product Offerings

Security/Regulatory

Requirements

LowBitsAtom

s

High

• Music/video• Software/IT• News/Information

• Financial services• Telecom• IT Services

• Dell/electronics• Wal-Mart/retail• Commodities

• Defense/aerospace• Utilities, energy• Pharma

Mostly disruptive

Potentially disruptive Latent

Mostly Sustaining

Compliance Management

Compliance is about being in accordance to specifications, guidelines or laws or in process of becoming

Compliance to regulation needs to keep security factors tight inorder to avoid risk

Compliance management ensures that IT processes, services and systems comply with organizations policies and legal requirements

Non-conformance to the regulation might attract huge penalties and in cases federal agencies can also revoke the organizations licence to operate

The Approach

Organizations need to have a compliance management policy implemented ahead of time

This policy should be one of the inputs for selecting the cloud service provider (CSP)

Information security becomes crucial and should be included in the compliance management policy (CMP)

The process flow and major steps of the approach for managing the compliance has been represented in the figure (An Approach for Managing Compliance in Cloud)

This approach is based on the Plan Do Check Act principle.

The Approach

This approach has six phases: focus area layout plan, implement, monitor, audit and feedback.

Focus Area

It covers applicable standards, regulations and even best practices in Industry

Focus Area should be aligned with organizations strategic plan, and should cover performance standards, privacy and security aspects

Compliance requirements of business process, business units and even employees of the organizations which are exposed on the cloud

Layout Plan

Responsibilities of parties involved (i.e. service provider, user, customer), the expectations, assumptions and also the frequency of audits for defined focus area is charted out

Emphasis here should be on drawing clear lines on the responsibility and expectations with cloud provider

Implement, Monitor, Audit and Feedback Implement, Monitor, Audit and Feedback should

be followed as practiced in any standard quality management principle

The feedback is essential to close the findings of audits and observations while monitoring the processes

Feedback has to be sent to the layout planning stage as well as the focus area to make the process robust, error-free, and stable with scope for further improvement till perfection

Conflicting Aspects Organizations may adopt different models and

approach, however while designing a compliance management framework or system special emphasis should be given to the below mentioned conflicting aspects:

1. Data Collection Limitation and its usage2. Retention and Destruction of data3. Limitation of Private and Personal data usage and transfer4. Transfer of data with permission and protection5. Accountability

Suggestions

CSP must include compliance as a part of the operational process in order to ease global integration, avoid vendor conflicts, support transparency between users and providers, diverse regulations of countries, and to efficiently handle risks thus resulting in competitive advantage

 With external parties involved to meet the compliance there is a need to have the expectations set and assessed

In fact cloud compliance policy (CCP) should be one of the inputs and considerations for the organizations for selecting the cloud service provider, while signing an agreement with the service provider

Key Concerns Which cloud technology would best support the

business strategy of the organization? Which compliance management process to adopt

and follow? How much control should be abandoned for benefit

and change? Which service to purchase for right performance,

security, reliability and customization? Is it worth the risk and quality of service? How will it affect the organizations management

and corporate policies? Major CCM hurdle is data location during audit.

Key Concerns

Maintaining proper control over systems and data access

Security and confidentiality of non-public confidential information

Application designing, security, disaster recovery mechanism, issues handling and monitoring process are important while choosing CSPs

Important Cloud Players

GOOGLE MICROSOFT AMAZON CSC HP-EDS IBM ORACLE SUN CISCO DELL

Cloud Computing Startups to watch

VELOSTRATA CoreOS RAVELLO SYSTEMS BRACKET COMPUTING DIGITAL OCEAN

Future of Cloud Computing

Editors at InfoWorld make two predictions about the future direction of cloud technology over the next 10 years: pervasive cloud services standard for assembling

business solutions cloud-based data with context for better understanding

dataImportant points to look for: Large companies may move to cloud platform Data and cloud

Future of Cloud Computing

Important points to look for: Easier hybrid cloud strategies Productivity tools and proactive policies New security standards to counteract data breech More focus on Internet of Things (IoT)

Summarizing

Proper planning and migration services needed Scaling up and down is easy Security and monitoring achievable with planning and

analysis Hybrid cloud platform easier Enterprise cloud may become obsolete Cloud Computing has provided a platform to other

businesses to leverage technology at a reasonable pricing.

Summarizing

Compliance management not only would come handy in meeting the regulatory requirements but will also help them in managing organizational risks

A well drafted compliance policy when implemented will create an environment of self-accountability and minimize risks thus enabling organizations to focus more towards end products and services resulting in a satisfied customer and improved business results.

References

http://www.hightech-highway.com/cloud-computing-2/cloud-computing-yesterday-today-and-tomorrow/

http://www.hightech-highway.com/cloud-computing-2/five-basics-of-cloud-computing/ http://

searchcloudcomputing.techtarget.com/feature/Why-the-cloud-of-today-isnt-the-cloud-of-tomorrow

http://www.ijcce.org/papers/225-W0004.pdf http://

www.cio.com/article/3026527/cloud-computing/11-cloud-trends-that-will-dominate-2016.html

http://www.forbes.com/sites/joemckendrick/2015/12/21/my-one-big-fat-cloud-computing-prediction-for-2016/#19671244230a

http://searchcloudcomputing.techtarget.com/tip/Five-cloud-computing-startups-to-watch-heading-into-2016

References

http://www.cio.com/article/2901034/cloud-computing/your-guide-to-compliance-in-the-cloud.html

http://www.happiestminds.com/ComplianceVigil/ http://

www.sourcinginnovation.com/glossary/ComplianceManagement.php

Also ReadAlso Read: http://www.slideshare.net/GreenGyaanam/gree-computing-an-en

vi-nesecc http://www.slideshare.net/GreenGyaanam/positive-quotes-58408

909

http://www.slideshare.net/GreenGyaanam/introduction-to-information-systems-58490890

http://www.slideshare.net/GreenGyaanam/green-dentistry-58492754

http://www.slideshare.net/GreenGyaanam/mobile-governance-58491716

http://www.slideshare.net/GreenGyaanam/freedom-251-controversy-with-video

http://www.slideshare.net/GreenGyaanam/freedom-251-controversy-58502754

Also Read

http://www.slideshare.net/GreenGyaanam/budget-2015-2016-58901332

http://www.slideshare.net/GreenGyaanam/project-writing-58591580

http://www.slideshare.net/GreenGyaanam/relationship-quotes-58645765

http://www.slideshare.net/GreenGyaanam/facebook-for-nonprofits-58550161

http://www.slideshare.net/GreenGyaanam/technical-writing-58490472

Thanks GreenGyaanamwww.greengyaanam.comgreengyaanaminfo@gmail.com