460 likes | 565 Vues
Asia-Pacific Information Management Conference 2012. The Global Bridge of Information Management. “…What, me worry ?” ”. It’s in the Cloud…. About the Presenter. Norman K. Weiner
E N D
Asia-Pacific Information Management Conference 2012 The Global Bridge of Information Management
“…What, me worry ?”” It’s in the Cloud…
About the Presenter • Norman K. Weiner • 25 years’ experience as CIO, SVP, VP and Director providing IT strategic solutions for information management planning, operations, and consulting services • Providing IT solutions: • Healthcare • Law Firm, Legal • Education • Technology
Learning Objectives Identify key issues and best practices for managing information in the cloud, virtualized,and across borders
Learning Objectives • Virtualization and Cloud services • Should you know if they are in use ? • Should you care ? • Where is your cloud data ? • Should you worry ? • Why ? • Why not ?
Learning Objectives • Should information management and compliance professionals outside of IT’s decision making realm have a place at the “Cloud” and “Virtualization” decision tables ? • Why ? • Why not ?
Where is Your Data ? • Internal Network storage • Local PC’s • Thumb drives, USB drives • Internet websites • “In the Cloud” • Portable computers • Smart phones and tablets
Cloud Computing Evolution into Varietals
“Internal Cloud” Pooled computing resources within your company
“Public Cloud” Pooled computing resources and services delivered to your company and others on the web
“Private Cloud” Pooled computing resources on the web dedicated to one company
“Mix and Match Clouds” • Hybrid:mix of public and private clouds • Managed:cloud managed by vendor • Converged: mix of client and vendor management of a mixture of any cloud types
Cloud Computing Advantages * Hewlett Packard • Pay-as-you-go per user for shared hardware, software, administration and support • Flexibility for expansion or contraction • Restructure, reduce IT staffing, and costs • Ease of deployment • IT focus on service
Cloud Computing Disadvantages Cloud Security Alliance (CSA), “Top Threats to Cloud Computing,” March 2010 • Abuse and nefarious use of cloud computing • Insecure application programming interfaces • Malicious insiders • Shared technology vulnerabilities • Data loss/leakage • Account, service, and traffic hijacking • Unknown risk
Virtualization Enabling Platform For Cloud Computing
Virtualization • It’s why the cloud exists • A new old game • CFO’s love it • IT staffs must embrace it • Records Managers shouldshudder
Virtualization • Perform tasks of multiple physical computers on one physical computer • Operate multiple disparate operating systems on one physical computer • Store information outside of an organization on shared or dedicated equipment on the internet
“Cloud” Must Haves • Multi-layered security • Intrusion detection – performed and certified by an independent vendor • Security - support confidentiality and required segregation of financial information • DR/BC – capabilities extend your policies and procedures
Virtualization Advantages Reduced hard costs • Use of idle computing resources: • CPU, memory, storage • Fewer physical computers • Save: space, utilities • DR/BC • IT focus on delivery of service
Virtualization Disadvantages • Compatibility issues • Operating system • Application software • Application integration • Stability • Increased security risk • Co-mingling information
RIM Cloud Planning Questions Should the cloud design specification include vendor’s ability to meet RIM, Compliance and Legal Hold, requirements? Are RIM, Compliance, and Legal team included in vetting vendors for cloud services?
Cloud Audit Compliance • Compliance Monitoring • Document full electronic audit trail (chain-of-custody) • Keep vendor compliance statements (test them as well) • Periodic department and user testing • Compliance and remediation reporting
Cloud Litigation Discovery • Does Information management policy coordinate with your discovery policy ? • Are Cloud computing services addressed ? • Is information in other countries considered? • Where is your cloud data? • Are backups and archival data included in discovery responses ? Are they indexed ? • Current ESI data map ?
When information is moved to the cloud and across borders, every requirement related to Records Information Management, Compliance, Legal Hold, archiving, etc. continues, with more complexity and risk
Benefits of Cloud services are widely advertised • Impact on operations are not limited to IT • Impact of change must be identified, researched, vetted, and tested to meet all enterprise requirements, not limited to IT • Cloud services require finely tuned Service Level Agreements to address every risk
The Cloud brings significant change • Opportunity to reduce IT costs and improve efficiency • Reduces capital outlays • Refocuses IT assets, resources • Adds IT operational flexibility • Adds unknown risks for all
Hacking • Loss of government secrets • Loss of military secrets • Industrial espionage • Loss of intellectual property • Potential physical damage • Stuxnetand Flame
Which attack helicopter is the US AH-64 and which is the Chinese Z-10 Wikipedia wikipedia
Both are the US AH-64 Wikipedia wikipedia
China’s Z-10 Attack Helicopter Stalled in development for years due to insurmountable engineering and design issues, the Z-10 was completed after China “obtained” highly sophisticated, export prohibited, software to operate the Z-10’s flight controls and engines Ars technica
Information Security Across Borders Stalled in development for years due to insurmountable engineering and design issues, the Z-10 was completed with US national treasure in the form of highly sophisticated, export prohibited, commercial intellectual property, modified to operate the Z-10’s flight controls and engines. Ars technica
Man Made Emergencies • Terrorist Incidents • Fires, Power Outages • Governmental Espionage • Corporate Espionage • Data Security Breaches • Data Theft • Viruses • Human Error
Co-Location - Business ContinuityDisaster Recovery • Identify mission-critical applications and data • needed to keep your business operating • Include all cloud based services • Ensure cloud vendor’s • DR/BC service level • agreements satisfy • operational requirements
Crossing Borders Each topic has been a component of information security and information management which crosses borders All information “crosses borders” of some kind, be it within your walls, in the cloud, and around the world. ; .
Crossing Borders Across each border and behind each cloud are challenges being created you must address. Shared responsibility with others who manage and use the same data for diverse purposes. You should know these concepts. You must know their impact on your responsibilities to manage your information and to comply.
Advances • Virtualization continues to advance to more computing platforms • Virtualized Smartphone • Run two copies of the phone software on the same phone. One for personal information. The other for segregated business data. VMWare and IBM. • Clouds will continue to evolve in form and functionality…
Storm Cloud Your next eDiscovery request ? Choose Cloud services carefully
Mushroom Cloud You Must Engage and Partner with IT You Must Know and Care About the Cloud
Thank You ! ENGAGE and PARTNER with IT Build successful relationship to manage the same information for multiple purposes
Questions ? Norman K. Weiner SVP, Technology Services Kaizen InfoSource LLC (916) 290-3424 nweiner@2kaizen.com www.2kaizen.com