- slide 1 of 10
Defining the Essence of Best Investments for Cloud Computing
Different network service providers have an assortment of attractive propositions as the best investments for cloud computing. The latter’s main selling point is its cost-saving benefit as an alternative to investing in a grid computing system. By this, it means a business entity or organization intends to participate in the world of commerce, by perfoming tasks, functions and sharing business information using Internet-based infrastructures, platforms and software applications.
However, as pointed out in a separate article entitled "Regulatory Issues with Cloud Computing: The Risks and Threats to Business Information", costs of penalties for non-compliance could override the cost-saving benefits of putting the business under a network cloud.
The National Institute of Standards and Technology (NIST) emphasizes the need for employing highly trained IT professionals, because cloud computing is not just about cost efficiency in applying computer technology. It's also about business efficiency without compromising data integrity and security through compliance with regulations and policies.
The best investments for cloud computing, therefore, are the additional technological tools and training initiatives to implement. They allow business organizations to expedite the processing of transactions using net-based infrastructures and applications, at minimal costs, yet in accordance with the governing rules and regulations to ensure that no privacy or security policies are violated or breached.
- slide 2 of 10
How to Choose the Best Cloud Computing Investment for Your Business
The selection process should take into consideration the conditions and circumstances present in a business entity. The objective is to incur expenditures according to the organization's business requirements, in which case there should be a meticulous evaluation of its:
Business Risks -- Inasmuch as sensitive data are shared under a network cloud, the risks of compromising not only the company’s critical information but also the customers' personal data should be seriously and carefully addressed. Processing payments online using cloud platforms requires utmost attention because customers have to be assured that their personal data are secured.
Make sure that the cloud computing provider is certified as “PCI DSS (Payment Card Industry Data Security Standard)" compliant, which should be supported by a verifiable proof. The requirement of proof ensures that the business is not misled by those that offer services at cheaper rates but are supported by lame statements like this one:
"We are currently in the process of implementing the strictest security measures and attention to ensure that our commitment for providing consumers the most secure and highly-sophisticated technological tools meet the highest standards required by industry certifications."
- slide 3 of 10
Business Obligations – Understand that cloud computing is governed by a host of various ethical, commercial, statutory, federal and international laws that address not only the privacy and security of data that are shared in the Net. The security concerns extend to defense and safety measures that have been instituted to ward off threats of attacks against lives and property at national and global levels.
A simple matter of storing data at a geographical location other than where the data was collected could entail compliance under a new set of laws. A service provider's non-compliance for a separate licensing requirement, to which a subscriber's business information is associated, would implicate the latter as co-liable to the violation.
However, the network service provider may reserve the right not to disclose its data repository to preserve its own security against malicious threats and attacks. Aside from analyzing how the company handles data storage, an assessment of audit reports produced by external auditors will give the subscriber certain insights on how well the service provider complies with federal laws, i.e. EAR (Export Administration Regulations) and ITAR (International Trafficking in Arms Regulations).
In cases where the subscriber is aware that his data will be transferred to foreign territories, determining the service provider's compliance with the applicable international laws is also a must. Still, user-subscribers also have to consider the aspect of managing their own set of compliance obligations.
Please proceed to the next page to get insights on how to choose the best investments for cloud computing.
- slide 4 of 10
NIST recommends highly trained and competent IT professionals as key elements to ensure success when putting your business operations under the cloud. Hence, they are the first of the top ten best investments for cloud computing, since the complexity of federal and international laws require thorough knowledge of the governing rules that are applicable to cloud computing. Otherwise, you may find yourself paying hefty fines and penalties as well as criminally liable for failure to comply. Find out more from this article.
- slide 5 of 10
How to Choose the Best Cloud Computing Investment for Your Business (continuation)
Responses to Business Risks- In acknowledging the possible risks associated with cloud computing, which could adversely affect the business as well as the interests of customers or clients -- best practices require the implementation of mitigating measures or plans of actions to curtail the effects of those risks.
Competent IT professionals are aware that there are no guarantees to ensure 100% protection against security breaches. Nonetheless. their skills and training will equip them with sufficient knowledge in knowing the right implements or software that could enhance their company's security features.
An IT Compliance Officer in place, for example, will make sure that the subscribing company's staff complies with the rules and policies in every aspect of the business operations. This is in line with the principle that by adhering to the methods and procedures prescribed by the governing bodies, the methods being used in carrying-out tasks via cloud computing, have built-in security control features already proven as effective.
- slide 6 of 10
The Best Investments for Cloud Computing
Our recommendations for cloud computing investments include human resource components, initiatives, tools and applications that are deemed as suitable solutions for addressing the complexity of various laws that govern cloud computing. That way, an entity can move its operations under the clouds, without compromising the privacy of its customers' information as well as ensure the security and integrity of its business data.
1. Chief Information Officer - This person will act as the overseer of a business operation that makes use of cloud computing systems, which deploy business information and transactions outside of the company's internal computer structure . His concerns include harnessing the benefits of using network-based tools and applications in a way that will bring the company more business opportunities, cost-efficiently, securely and safely.
2. IT Compliance Officer - This individual will be tasked to monitor compliance in all related policies, laws, and recommended procedures, by reviewing the results of the transactions and by submitting relevant reports, directly to the Chief Information Officer. Said reports will serve as bases for decisions regarding other initiatives, or procurements or determining the network service provider's efficiency in keeping the integrity of their infrastructure and applications intact.
3. Training Initiatives for IT Staff Members - Conduct workshops, orientations and seminars involving the organizational components that will provide customer support or perform as members of the IT Compliance Group, regarding all procedures, processes and systems put in place to meet the mandatory regulations, industry standards / requirements and internal policies of the company.
Broadening the knowledge of the support staff ensures comprehensive understanding about the standards set forth by the following organizations but are not limited to:
- The NIST - The organization responsible for developing the guidelines implemented by the Federal Information Security Management Act (FISMA) to institute the privacy and security measures that are observed by all federal agencies in their use of the Internet systems.
- The Control Objective of IT by the Information Systems Audit and Control Association(ISACA) for proper implementation of IT controls
- International Organization of Standards (ISO), i.e. ISO 20000 for delivery and management of IT services; ISO 27000 for IT best practices for security; and ISO 38500 a control framework for IT Governance
- Unified Compliance Framework (UCF), a unified system of IT controls from over 400 international regulatory standards and guidelines.
4. The UCF XML Documentation This is a schema of multiple individual XML lists, that could form a complex and potent source of compliance references, which allows cost-efficiency in moving data from one program to another. It reduces software development costs and shorten development cycles, as the schema allows the minimization of errors associated with data movement, increases transparency to enhance capability for electronic discovery process and for effective compliance management.
5. Business Intelligence Software - This collectively refers to a host of application solutions, which will enable the IT department to evaluate and report on IT risks. These tools help in evaluating any significant trade offs for pulling together data that has more value for the company. BI software are designed to facilitate analysis, the generation of reports, and formulation of predictions in comparison with past performances.
Please proceed to the next page where you will find more of the ten best investments for cloud computing.
- slide 7 of 10
Find out the different IT systems controls among the ten best investments for cloud computing, since they will allow you to transition smoothly into a cloud computing business entity. Understanding their uses and importance will give you insights into probable solutions that can address the regulatory issues about cloud computing. Find more information about the add-on implements that will enable you to move ahead via Internet or network-based computing in this article by Ciel S. Cantoria of Bright Hub.
- slide 8 of 10
6. Smart Card Protection and Smart Card Readers This is recommended for those with telecommuting employees or those with employees in remote units that need access to sensitive information. Cloud computing systems require dual authentication procedures to enhance the control features of data security and integrity. The swiping of ID badges in an office set-up could be replaced by smart card protection if employees involved are in different geographical locations.
7. WAN (Wide Area Network) Optimization Software to mitigate wide area network overhead involving remote users as they access network applications over long distances but supported by low bandwidth.
8. Software Development Life Cycle (SDLC) Controls to integrate automated programs that effectively control job scheduling, backup and recovery, to ensure the highest degree of probability that they are being implemented on time, within the budget and with utmost quality according to the business's requirements.
9. IT Software Controls for:
- Managing all user accounts, the users' identities and the limitations of their access to critical IT resources. This may also include setting-up role-based access to applications and resources. Access of privileges of new employees and employees who are about to resign or leave a current position will be automatically added or deleted according to the effective date.
- Managing of software packages to ensure that only the current versions of software relevant to the company's system are being used by the service provider, in order to minimize vulnerabilities and optimize efficiency.
- Instituting information management control, designed to prevent external parties attempting to gain unauthorized access to the company's critical information such as corporate electronic records or by way of enabling e-discovery of e-mail and other data-sensitive records.
- Ensuring the segregation of duties via controls that prevent a single employee from performing more than one key function or having combinations of privileges that would make it possible for the employee to carry out improper or fraudulent actions.
- Managing and monitoring changes in systems configurations to track updates and document all changes.
- Ensuring the continuity and implementation of disaster recovery plans, by way of controls that allow availability of the adverse impact technology services and render them operational in the event that the previously anticipated threats or risks take place.
- Rationalizing the overlap of controls in order to lessen the over-reliance in automated features; the system will automatically require human IT intelligence to evaluate the criticality of the conditions present.
- Managing threat prevention and eradication of all types of malware, including viruses, spam, rootkits and attacks of all kinds, as detected by the anti-virus, malware,and rootkit detection software.
10. Virtual Communication, Storage and Networking Tools, like video conferencing systems, 10G Ethernet, Radio Frequency Identification (RFID) systems to promote visibility and presence of information, for efficient instant messaging, videoconferencing, and mobile call devices employed in a network-based cloud infrastructure.
- slide 9 of 10
Almost all businesses face the challenges of improving their enterprise but under a more complex set-up, wherein compliance with governance is seen as the most effective road to recovery and success. However, inasmuch as the current US federal laws and regulations may appear fragmented, the best investments for cloud computing are those that will allow management to institute compliance controls. They present the most effective methods of managing risks inherent in Internet and network-based computing technologies.
- slide 10 of 10
References and Image Credit Section:
By Lamm, Jacob, Blount, Sumner, Cooper, Nancy, Boston, Steve, Camm, Marc, Cirabisi, Robert , Datskovsky, Galina, Fox, Christopher, Handal, Kenneth, McCracken, William, Meyer, John, Scheil, Helge, Srulowitz, Allan and Zanella, Robert. Under Control: Governance Across the Enterprise published by Apres.com Dec 2009 -- lifted from http://books.google.com.ph/books?id=t0B-uh8R3-EC&printsec=frontcover&dq=reviews+about+Under+Control:+Governance+Across+the+Enterprise&source=bl&ots=7qBSpC1wCC&sig=SHytLKbiBIgvWsHKpBSEsz3Q1pE&hl=en&ei=yBZ8Tc2LCo6lcZTWoLgG&sa=X&oi=book_result&ct=result&resnum=1&ved=0CBMQ6AEwADgK#v=onepage&q&f=false