Collegenote
- Defining the Cloud
- Cloud Computing
- Emergence of Cloud Computing
- Cloud Based Service Models
- Grid Computing or Cloud Computing
- Components of Cloud Computing
- Cloud Computing Deployment Models
- Benefits of using cloud models
- Legal Issues in Using Cloud Models
- Ethical issues in cloud computing
- Characteristics of Cloud Computing
- Evolution of cloud computing
- Challenges for cloud computing
- Grid Computing
- Distributed Computing in Grid and Cloud
- Cloud Communication
- Communication-as-a-Service (CaaS)
- Advantages of CaaS
- Infrastructure-as-a-Service (IaaS)
- Popular IaaS solutions
- Modern On-Demand Computing
- Amazon’s Elastic Cloud
- Amazon EC2 Service Characteristics
- Elastic IP Addressing
- Monitoring-as-a-Service (MaaS)
- The Traditional On-Premises Model
- Platform-as-a-Service (PaaS)
- Key Characteristics of PaaS
- Software-as-a-Service
- SaaS Implementation Issues
- The key characteristics of SaaS
- Benefits of SaaS Model
- Jericho Cube Model
- XaaS
- Evolution from Managed service providers (MSP) to Cloud Computing
- Single Purpose architectures to multi-purpose architectures
- Service Oriented Architectures (SOA)
- Combining Cloud and SOA
- Characterizing SOA
- Open Source Software in Data Centers
- Data center virtualization
- Cloud data center
Data Privacy #
A risk assessment and gap analysis of controls and procedures must be conducted. Based on this data, formal privacy processes and initiatives must be defined, managed, and sustained. As with security, privacy controls and protection must an element of the secure architecture design. Depending on the size of the organization and the scale of operations, either an individual or a team should be assigned and given responsibility for maintaining privacy. A member of the security team who is responsible for privacy or a corporate security compliance team should collaborate with the company legal team to address data privacy issues and concerns. As with security, a privacy steering committee should also be created to help make decisions related to data privacy. Typically, the security compliance team, if one even exists, will not have formalized training on data privacy, which will limit the ability of the organization to address adequately the data privacy issues they currently face and will be continually challenged on in the future. The answer is to hire a consultant in this area, hire a privacy expert, or have one of your existing team members trained properly. This will ensure that your organization is prepared to meet the data privacy demands of its customers and regulators.
For example, customer contractual requirements/agreements for data privacy must be adhered to, accurate inventories of customer data, where it is stored, who can access it, and how it is used must be known, and, though often overlooked, Request for Interest/Request for Proposal questions regarding privacy must answered accurately. This requires special skills, training, and experience that do not typically exist within a security team. As companies move away from a service model under which they do not store customer data to one under which they do store customer data, the data privacy concerns of customers increase exponentially. This new service model pushes companies into the cloud computing space, where many companies do not have sufficient experience in dealing with customer privacy concerns, permanence of customer data throughout its globally distributed systems, cross-border data sharing, and compliance with regulatory or lawful intercept requirements.