The Cloud Beckons, But is it Safe?
-
Upload
legal-services-national-technology-assistance-project-lsntap -
Category
Technology
-
view
175 -
download
1
Transcript of The Cloud Beckons, But is it Safe?
![Page 1: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/1.jpg)
The Cloud Beckons, But is it Safe?
You should hear voices. If you can’t hear anything, check that your computer volume is turned up and un-muted, and the “Use
Mic” radio button is selected.
Or you can use a phone to listen to the same audio by calling (914) 339-0030, Access Code: 742-024-148
![Page 2: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/2.jpg)
Logistics: Audio Via Phone
Speakers not working? Prefer the phone? Dial in:
Choose “Use Telephone”
(If you can’t
see this panel, click the “Show Control Panel”
button)
(914) 339-0030742-024-148
![Page 3: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/3.jpg)
Logistics: Ask Questions
Not hearing anything? Call 773-945-1010, access 257-723-187
Raise your hand and I’ll unmute
you
Ask questions! Otherwise I’m speaking to a black hole!
Click to open the
chat window
![Page 4: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/4.jpg)
Having Trouble?
You should hear voices. If you can’t hear anything, check that your computer volume is turned up and un-muted, and the “Use Mic” radio button is selected.
Or you can use a phone to listen to the same audio by calling (914) 339-0030, Access Code: 742-024-148
![Page 5: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/5.jpg)
The Cloud Beckons, But is it Safe?
July 2012
![Page 6: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/6.jpg)
Introductions
Laura QuinnExecutive Director
Idealware
What are you hoping to get out of this session?
Jeff Hogue
Legal Assistance of Western New York
![Page 7: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/7.jpg)
![Page 8: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/8.jpg)
What is The Cloud?
![Page 9: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/9.jpg)
LSC Grantees are Using It
• 46% said that “some or all of their servers are hosted externally”
• 18% said they were using Google Apps for email
• 13% said they were using Google Docs
![Page 10: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/10.jpg)
The Lure of the Cloud
Low cost of entry
Easy remote access
No complex infrastructure
![Page 11: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/11.jpg)
But What About Security?
![Page 12: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/12.jpg)
Cloud Security in the News
![Page 13: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/13.jpg)
Technology and Legal Ethics
The ABA is prepared to vote in new model rules requiring lawyers to "make reasonable efforts" to prevent "inadvertent or unauthorized disclosure of, or unauthorized access to" confidential client information.
This doesn’t preclude the cloud, but it requires you to think through it’s use.
![Page 14: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/14.jpg)
Under Siege
To be on the Internet is to be vulnerable to attack.
If you’re on the Internet, you’re in The Cloud
![Page 15: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/15.jpg)
But We Do Lots of Things on the Internet
We shop online
We bank online
We post crazy things on Facebook
Why is the cloud different? It’s not.
![Page 16: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/16.jpg)
How Secure is Your On-Site Data?
Do any of these sound familiar?
• No one patches computers or is responsible for network security
• You haven’t really thought about passwords or permissions
• No disaster recovery plans
• Staff hasn’t had any security training
![Page 17: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/17.jpg)
Myth“We’re a small nonprofit. We’re safe because no one would target us for cyber attack.”
![Page 18: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/18.jpg)
Fact
Many data security breaches are crimes of opportunity.
Organizations don’t always consider the sensitivity of their data until it’s exposed.
![Page 19: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/19.jpg)
Myth
“Our data is safer not in the cloud”
![Page 20: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/20.jpg)
A Cloud Data Center
![Page 21: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/21.jpg)
Is This Your Server Closet?
![Page 22: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/22.jpg)
What Does Security Mean?
![Page 23: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/23.jpg)
The Three Pillars of Information Security
![Page 24: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/24.jpg)
Confidentiality
Information is available only to authorized parties.
![Page 25: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/25.jpg)
Integrity
Information isn’t modified inappropriately, and that you can track who made what change.
![Page 26: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/26.jpg)
Availability
Assurance that data is accessible when needed by authorized parties.
![Page 27: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/27.jpg)
Also: Physical Possession
Whoever has the data could, in theory, turn it over to the government
![Page 28: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/28.jpg)
What Does Security Mean For You?
![Page 29: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/29.jpg)
Rules for Absolute Safety
Turn off your Internet connection.
Allow no one access to your data and systems.
But let’s be realistic…
![Page 30: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/30.jpg)
Know What You’re Protecting
What kinds of data are you storing, and how sensitive are they?
Think about its value on the open market.
![Page 31: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/31.jpg)
Red Flags
You need extremely tight security to store:
• Donor’s credit card numbers.
• Scanned images of checks.
• Donor’s bank account information.
![Page 32: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/32.jpg)
Privilege and Waiver
Is storing data in the cloud disclosure that destroys the privileged nature of data?
No, but you have to spend time thinking through the problem.
![Page 33: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/33.jpg)
What’s Your Exposure?
Consider the impact of exposure of your confidential information, both in monetary terms and reputation.
![Page 34: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/34.jpg)
What’s The Impact of an Outage?
How much staff time could you lose from a short term or prolonged outage?
![Page 35: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/35.jpg)
Testing Your On-Site Security
Have you recently performed a:
• Check on whether your systems have been recently patched?
• Systems penetration test ?• Employee training on security
procedures?• Backup/recovery test?
If not, you’d likely increase your security by moving to the cloud.
![Page 36: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/36.jpg)
A Multi-Level Security Model
![Page 37: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/37.jpg)
Multi-Level Security is the Ideal
![Page 38: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/38.jpg)
Physical Security
• Guarded facilities
• Protection of your hardware and devices
• Power redundancy
• Co-location (redundant facilities)
![Page 39: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/39.jpg)
Network Security
• Intrusion prevention• Intrusion detection• Firewalled systems• Network proactive anti-virus protection
![Page 40: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/40.jpg)
Transmission Security
Is data encrypted in transit?
Is the network secure?
![Page 41: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/41.jpg)
Access Controls
• Ensuring the right people have access to the right data
• Physical access to the server• Training on appropriate
passwords and security measures
![Page 42: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/42.jpg)
Data Protection
• Data encryption• Solid backup and
restore policies• Ability to purge
deleted data• Ability to prevent
government entities from getting your data with a subpoena
![Page 43: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/43.jpg)
What to Look For in a Vendor
![Page 44: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/44.jpg)
Description of Security Mechanisms
Documentation of all the facets of security, and the staff can talk about it intelligently.
Proves information security is on the “front burner”
![Page 45: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/45.jpg)
Uptime
Your connection to the internet may well be the weakest link.
Do they provide any guarantee of uptime? Any historic uptime figures?
Uptime figures are typically in 9s-- 99%, 99.9% or 99.99%
![Page 46: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/46.jpg)
Terms of Service
What’s in the terms of service in terms of privacy and use of your data? Do they need to tell you if they change their terms of service?
![Page 47: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/47.jpg)
Regulatory Compliance: HIPAA
Does the vendor support organizations that need to be compliant with HIPAA (the Health Insurance Portability and Accountability Act)?
![Page 48: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/48.jpg)
Regulatory Compliance: SAS70 and SSAE16
Audit for security standards, hardware, and processes.
Statement on Accounting Standards 70 (SAS70)
Statement of Standards for Attestation Engagements 16 (SSAE16)
![Page 49: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/49.jpg)
Regulatory Compliance: PCI DSS Compliance
If you’re storing credit card numbers, your vendor needs to be compliant with PCI DSS (Payment Card Industry Payment Data Security Standard)
![Page 50: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/50.jpg)
In Summary
![Page 51: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/51.jpg)
Your Data Is No Safer Than You Make It
Any computer attached to the internet is vulnerable unless you protect it.
The cloud isn’t, in of itself, more or less secure
![Page 52: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/52.jpg)
Understand the Value of Your Data
What is it worth to you? To others?
What measures are appropriate to protect it?
![Page 53: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/53.jpg)
But Many Vendors Make Your Data Really Safe
Choose vendors who show they’re serious about data protection (not all vendors are created equal).
Consider a vendor’s regulatory compliance.
![Page 54: The Cloud Beckons, But is it Safe?](https://reader035.fdocuments.in/reader035/viewer/2022062703/5556fe24d8b42a4a418b4a6b/html5/thumbnails/54.jpg)
Questions?