SlideShare uma empresa Scribd logo

Fearing the cloud: why the life sciences shouldn't fret

Transferir como PPTX, PDF
Cornerstone OnDemand
Cornerstone OnDemand

Cornerstone’s July 29th webinar with Educe Group entitled “Fearing the Cloud: Why the Life Sciences Shouldn’t Fret,” focused on compliance in the cloud in Life Sciences. As with any software utilized within the Biotech and Pharma industry, it is important to understand the overall business intended use and the regulatory and compliance components that drive the overall validation and implementation efforts. This includes a risk-based approach to validation based on the criticality of the business intended use. As with any software, it is very important to understand what the software development process is and how the software is deployed. This is especially true of Cloud-based service models (e.g., IaaS, PaaS, SaaS). This session will focused on the these service models and more importantly considerations for how they should be managed within the Life Sciences industry.

Recrutamento e RH
1 de 30
Why the Life Sciences Shouldn’t Fret Michael Osburn Director, Risk &Compliance Advisory Services Cornerstone OnDemand Nyla Reed Founding Partner The Educe Group
Cloud Computing Defined  Cloud computing is Internet-based computing, where computing resources (servers, services, applications, data storage, buildings and/or staff) are provided to users on demand as a product offered by a company. Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015 2
Cloud Computing Defined ►It typically involves over-the-Internet provision of dynamically scalable and often virtualized computing resources  Virtualization allows the same computing hardware to be shared by multiple clients or customers 3Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Cloud Computing Defined ►Fees are typically based on the total amount of computing resources used  Think about how we access, use and pay for electricity from the power grid. The cloud model is similar. You use what you need, pay for it accordingly, and it is always available 4Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
The NIST Cloud Model ► The cloud model can be thought of as being composed of five essential characteristics, three service models and, four deployment models. ► A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. 5 Public Private Hybrid Community BroadNetwork Access RapidElasticity MeasuredService On-Demand Self-Service ResourcePooling Essential Characteristics Deployment Models SoftwareasaService (SasS) PlatformasaService (PasS) Infrastructureasa Service(IasS) Service Methods Source: NIST: National Institute of Standards and Technology Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Essential Characteristics of Cloud MULTI-TENANCY 6  Not called out by NIST, but considered another essential characteristic of Cloud.  Multi-tenancy in its simplest form implies use of same resources or application by multiple consumers that may belong to same organization or different organization.  The impact of multi- tenancy is visibility of residual data or trace of operations by other user or tenant. Source: http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Cloud Deployment Models 7 Public Cloud Private Cloud Hybrid Cloud Community Cloud Systems and services are delivered and managed within an organization in a shared services model. Organization has greater/complete control over data and systems. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities bound together by standardized or proprietary technology enabling data and application portability. The cloud infrastructure is shared by several organizations and supporting communities that share concerns (i.e., mission, security requirements, or policy) The cloud infrastructure available to the general public or a large industry group and owned by an organization selling cloud services Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Cloud Service Models THE SPI SERVICE MODELS 8Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Cloud Service Models - SPI 9 Public Cloud . Capability to use the provider’s applications running on cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web- based e-mail). Capability to deploy onto the cloud infrastructure customer- created or acquired applications created using programming languages and tools supported by the provider. Capability to provision processing, storage, networks and other fundamental computing resources, offering the customer the ability to deploy and run arbitrary software, which can include operating systems and applications. IaaS puts these IT operations into the hands of a third party. Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Cloud Computing CLOUD SERVICE MODELS – FACTORS TO CONSIDER 10 Source: ISACA Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives [October 2009] Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Cloud Computing CLOUD DEPLOYMENT MODELS – FACTORS TO CONSIDER 11Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Is Cloud for Us ?  Here’s a quick method for evaluating your tolerance for moving an asset to various cloud computing models.  Work through the following steps:  Identify the asset for cloud deployment  Evaluate the asset  Map the asset to potential cloud deployment models  Evaluate potential cloud service models and providers  Map out the potential data flow  Conclude  Documented within CSA’s publication: “Security guidance for critical areas of focus in Cloud Computing v3.0” ARE WE WILLING TO ACCEPT THE RISK ? 12Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Is Cloud for Us ?  How sensitive is the asset ?  How important an application / function / process is ?  Ask the following questions for each asset:  1. How would we be harmed if the asset became widely public and widely distributed?  2. How would we be harmed if an employee of our cloud provider accessed the asset?  3. How would we be harmed if the process or function were manipulated by an outsider?  4. How would we be harmed if the process or function failed to provide expected results?  5. How would we be harmed if the information/data were unexpectedly changed?  6. How would we be harmed if the asset were unavailable for a period of time ? EVALUATE THE ASSET 13Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Is Cloud for Us ?  Essentially we are assessing confidentiality, integrity, and availability requirements for the asset; and how the risk changes if all or part of the asset is handled in the cloud EVALUATE THE ASSET 14Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Is Cloud for Us ?  Which deployment models we are comfortable with?  Can we accept the risks implicit to the various deployment models: private, public, community, or hybrid; and hosting scenarios: internal, external, or combined ?  For the asset, determine if you are willing to accept the following options:  1. Public.  2. Private, internal/on-premises.  3. Private, external (including dedicated or shared infrastructure).  4. Community; taking into account the hosting location, potential service provider, and identification of other community members.  5. Hybrid. To effectively evaluate a potential hybrid deployment, you must have in mind at least a rough architecture of where components, functions, and data will reside MAP THE ASSET TO CLOUD DEPLOYMENT MODELS 15Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Is Cloud for Us ?  In this step focus on the degree of control you’ll have at each SPI tier to implement any required risk management.  If you are evaluating a specific offering, at this point you might switch to a fuller risk assessment  Your focus will be on the degree of control you have to implement risk mitigations in the different SPI tiers.  We’ll cover the evaluation of providers later. EVALUATE POTENTIAL CLOUD SERVICE MODELS AND PROVIDERS 16Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Is Cloud for Us ?  If you are evaluating a specific deployment option, map out the data flow between your organization, the cloud service, and any customers/other nodes.  It’s absolutely essential to understand whether, and how, data can move in and out of the cloud.  If you have yet to decide on a particular offering, you’ll want to sketch out the rough data flow for any options on your acceptable list. This is to insure that as you make final decisions, you’ll be able to identify risk exposure points.. MAP OUT THE POTENTIAL DATA FLOW 17Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Evaluating Cloud Service Providers  Choose a CSP that best serves business needs whilst minimizing potential risk  Consider size – smaller CSP vs established larger CSPs, Larger CSPs:  Will have references, comparable use cases etc  Will be more experienced with running cloud infrastructures, adapting to change and generally faster in responding to an incident or threat, thus being able to maintain stability more efficiently.  But a larger CSP will likely be stricter toward its offerings, which will greatly reduce the possibility of fine- tuning services not fully compatible with the enterprise needs WHEN EVALUATING A CLOUD SERVICE PROVIDER (CSP) 18 Source: Controls and Assurance in the Cloud: Using COBIT® 5 Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Evaluating Cloud Service Providers  Vendor expertise  The enterprise needs expert knowledge or a broader perspective and experience with similar enterprises to effectively and efficiently handle certain activities.  Vendor capacity  The enterprise does not have the resources to handle the work related to a specific product or service. The vendor can supply the resources to support the entire operation or to supplement in-house resources.  Vendor assuming risk  The enterprise outsources activities to leverage a vendor’s experience with operational risk and corresponding risk mitigation services. However, the accountability for the adequate performance of those activities can never be delegated and stays with the enterprise.  Vendor leveraging scale  Vendors can offer services at a lower cost because working for multiple customers allows vendors to leverage scale. FACTORS THAN CAN INFLUENCE SELECTION OF A CSP 19Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Evaluating Cloud Service Providers  Vendor location (storage and processing centers) is of key importance for legal reasons. Laws are applicable locally, which can result in a multitude of different law systems applicable to data or business processes stored in the cloud.  We need to consider:  Local Law of the Enterprise  Local law of the CSP  Local law where data is stored  Local law where data is processed . LEGAL IMPLICATIONS 20Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Evaluating Cloud Service Providers  An effective Vendor Management Process with clear goals and objectives can help to ensure:  Vendor selection and management strategy is consistent with enterprise goals.  Effective cooperation and governance models are in place.  Service, quality, cost and business goals are clear.  All parties perform as agreed.  Vendor risk is assessed and properly addressed.  Vendor relationships are working effectively, as measured according to service objectives.  Many key stakeholders will be involved:  IT and business process owners solely,  Legal to help define requirements and writing contracts.  Compliance and audit should be consulted when reviewing service agreements and vendor compliance assessments.  Risk management and business continuity should analyze vendor-related risk, etc. : VENDOR MANAGEMENT PROCESS 21Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Evaluating Cloud Service Providers  A formal information gathering process should be followed and key questions answered across the following topics. These should include topics such as: RFI / INFORMATION GATHERING QUESTIONNAIRE 22 Source: SIG (Standardized Information Gathering Questionnaire) v7.0 / The Santa Fe Group / http://www.sharedassessments.org Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Evaluating Cloud Service Providers  Cloud specific questions..  What service model (SaaS, PaaS, IaaS) ? What deployment model (Private, Public..) ?  Where is the Cloud infrastructure hosted ?  Is there a Cloud Audit Program to address client audit and assessment requirements ?  Is there a formal Development Methodology in operation ?  Is there a formal process to ensure clients are notified prior to changes being made which may impact their service ?  Is there a scheduled maintenance window ? RFI / INFORMATION GATHERING QUESTIONNAIRE 23 Source: SIG (Standardized Information Gathering Questionnaire) v7.0 / The Santa Fe Group / http://www.sharedassessments.org Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Evaluating Cloud Service Providers  Increasingly common for CSPs to elect to undergo an audit/review/assessment from an independent auditor/assessor and share the report/certification.  Most commonly used reports are:  SSAE 16 (SOC 1, SOC 2, SOC 3)  ISAE 3402 (SOC 1)  ISO/IEC 27001  AICPA / CICA Trust Services (SOC 2 and SOC 3) reports INDEPENDENT ASSURANCE OF CSP 24 Source: Controls and Assurance in the Cloud: Using COBIT® 5 Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
What does this mean to you? DEPLOYMENT CHANGES 25 Area of Responsibility Behind the Firewall Cloud Infrastructure and Architecture Hardware and Software installation - Integrations - SSO - Extensions (web services) Application Level Changes - Full access to enable/disable functionality and change system settings - Customizations - Some system settings changed by vendor only - Configuration only Reporting - Ability to access database directly - Reporting and Analytics - Export functionality Performance - Performance monitoring - Bandwidth limitations - Opportunities to optimize for growth/peak periods - Leverage CDNs Release Management - Upgrades - Client-based scheduling of changes - Release cycle determined by vendor - Client determines enable/disable settings Say goodbye to… The new normal… Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
What does this mean to you? IMPLEMENTATION APPROACH 26 Area of Responsibility Behind the Firewall Cloud Validation Strategy Created by client Leverage vendor documentation Requirements --- --- Business Process Definition --- --- Configuration Performed by client Responsibility split: client/vendor Testing Performed by client Leverage vendor, customer base Help Desk Client establishes SLAs SLAs need to be aligned with vendor Governance Vendor may participate in some meetings Greater partnership with vendor Technical – Content Client manages content servers Choice of content location Technical - Infrastructure Installations affect project plan Infrastructure readily available Say goodbye to… The new normal… Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
What does this mean to you? RELEASE MANAGEMENT 27  Identify internal resources to manage periodic release process  Review vendor release notes and determine what functionality changes will affect you  Create testing plan to regression test existing processes  Leverage existing vendor resources  Testing environment  Customer community  Pre-release webinars Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Contractual Provisions  Overview of important contractual provisions that an enterprise should consider when contracting with a CSP.  These include:  1. Scope of Services  2. Core Obligations of Parties  3. End of Contract  4. Custody and Ownership  5. Security, Privacy and Access  6. Fees and Payment Terms and Modalities  7. Performance  8. Term and Termination Possibilities  9. Liabilities  10.Dispute Resolution and Applicable Law  11.Business Continuity, Data Disposal and Exit Strategy WHEN CONTRACTING WITH A CLOUD SERVICE PROVIDER (CSP) 28 Source: Controls and Assurance in the Cloud: Using COBIT® 5 Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
References  Key Organisations:  NIST – National Institute of Standards and Technology (www.nist.gov)  CSA – Cloud Security Alliance (www.cloudsecurityalliance.org)  ISACA – www.isaca.org  Shared Assessments Program – (https://sharedassessments.org)  Key document references:  The NIST Definition of Cloud Computing (NIST Special Publication 800-145, Feb 2011)  Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives (ISACA Emerging technologies white paper, Oct 2009)  Controls and Assurance in the Cloud: Using COBIT® 5 (ISACA, 2014)  Cloud Governance: Questions Boards of Directors Need to Ask (ISACA, 2013)  Guiding Principles for Cloud Computing Adoption and Use (ISACA Cloud Computing Vision Series White Paper, February 2012)  Security Guidance for Critical Areas of Focus in Cloud Computing v3.0 (CSA, 2011) [http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf]  Standardized Information Gathering Questionnaire (SIG) (https://sharedassessments.org/) 29Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
Questions

Recomendados

Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsStatistics & Data Corporation
 
Enabling Proactive Quality Management Across Quality and Manufacturing
Enabling Proactive Quality Management Across Quality and ManufacturingEnabling Proactive Quality Management Across Quality and Manufacturing
Enabling Proactive Quality Management Across Quality and ManufacturingVeeva Systems
 
Speed Clinical Trials from Start to Close: The Path to a Modern CTMS
Speed Clinical Trials from Start to Close: The Path to a Modern CTMSSpeed Clinical Trials from Start to Close: The Path to a Modern CTMS
Speed Clinical Trials from Start to Close: The Path to a Modern CTMSVeeva Systems
 
Designing an EDC System to Work for a CRA
Designing an EDC System to Work for a CRADesigning an EDC System to Work for a CRA
Designing an EDC System to Work for a CRAVeeva Systems
 
Moving to unified PV: Transforming Safety with End-to-end PV Solutions
Moving to unified PV: Transforming Safety with End-to-end PV SolutionsMoving to unified PV: Transforming Safety with End-to-end PV Solutions
Moving to unified PV: Transforming Safety with End-to-end PV SolutionsVeeva Systems
 
Shorten Database Builds by 60% with Agile Design
Shorten Database Builds by 60% with Agile DesignShorten Database Builds by 60% with Agile Design
Shorten Database Builds by 60% with Agile DesignVeeva Systems
 
Transform Your Digital Content to Improve Speed to Market While Maintaining C...
Transform Your Digital Content to Improve Speed to Market While Maintaining C...Transform Your Digital Content to Improve Speed to Market While Maintaining C...
Transform Your Digital Content to Improve Speed to Market While Maintaining C...Veeva Systems
 
Using Vault eTMF Milestones and EDLs to Support Inspection Readiness
Using Vault eTMF Milestones and EDLs to Support Inspection ReadinessUsing Vault eTMF Milestones and EDLs to Support Inspection Readiness
Using Vault eTMF Milestones and EDLs to Support Inspection ReadinessVeeva Systems
 

Recomendados

Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsStatistics & Data Corporation
 
Enabling Proactive Quality Management Across Quality and Manufacturing
Enabling Proactive Quality Management Across Quality and ManufacturingEnabling Proactive Quality Management Across Quality and Manufacturing
Enabling Proactive Quality Management Across Quality and ManufacturingVeeva Systems
 
Speed Clinical Trials from Start to Close: The Path to a Modern CTMS
Speed Clinical Trials from Start to Close: The Path to a Modern CTMSSpeed Clinical Trials from Start to Close: The Path to a Modern CTMS
Speed Clinical Trials from Start to Close: The Path to a Modern CTMSVeeva Systems
 
Designing an EDC System to Work for a CRA
Designing an EDC System to Work for a CRADesigning an EDC System to Work for a CRA
Designing an EDC System to Work for a CRAVeeva Systems
 
Moving to unified PV: Transforming Safety with End-to-end PV Solutions
Moving to unified PV: Transforming Safety with End-to-end PV SolutionsMoving to unified PV: Transforming Safety with End-to-end PV Solutions
Moving to unified PV: Transforming Safety with End-to-end PV SolutionsVeeva Systems
 
Shorten Database Builds by 60% with Agile Design
Shorten Database Builds by 60% with Agile DesignShorten Database Builds by 60% with Agile Design
Shorten Database Builds by 60% with Agile DesignVeeva Systems
 
Transform Your Digital Content to Improve Speed to Market While Maintaining C...
Transform Your Digital Content to Improve Speed to Market While Maintaining C...Transform Your Digital Content to Improve Speed to Market While Maintaining C...
Transform Your Digital Content to Improve Speed to Market While Maintaining C...Veeva Systems
 
Using Vault eTMF Milestones and EDLs to Support Inspection Readiness
Using Vault eTMF Milestones and EDLs to Support Inspection ReadinessUsing Vault eTMF Milestones and EDLs to Support Inspection Readiness
Using Vault eTMF Milestones and EDLs to Support Inspection ReadinessVeeva Systems
 
Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...
Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...
Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...Eric Burniche, MBA
 
Unify quality manufacturing to drive speed, compliance and collaboration
Unify quality manufacturing to drive speed, compliance and collaborationUnify quality manufacturing to drive speed, compliance and collaboration
Unify quality manufacturing to drive speed, compliance and collaborationVeeva Systems
 
Best practices for implementing and maintaining successful standards
Best practices for implementing and maintaining successful standardsBest practices for implementing and maintaining successful standards
Best practices for implementing and maintaining successful standardsVeeva Systems
 
Implementing a New Clinical Systems Strategy
Implementing a New Clinical Systems StrategyImplementing a New Clinical Systems Strategy
Implementing a New Clinical Systems StrategyVeeva Systems
 
The Benefits of a Seamless IRT and EDC Integration in Clinical Trial Execution
The Benefits of a Seamless IRT and EDC Integration in Clinical Trial ExecutionThe Benefits of a Seamless IRT and EDC Integration in Clinical Trial Execution
The Benefits of a Seamless IRT and EDC Integration in Clinical Trial ExecutionVeeva Systems
 
The Industry’s Move Toward Digitally Connected Clinical Trials
The Industry’s Move Toward Digitally Connected Clinical TrialsThe Industry’s Move Toward Digitally Connected Clinical Trials
The Industry’s Move Toward Digitally Connected Clinical TrialsVeeva Systems
 
Apellis Pharmaceuticals Selects a Modern Safety Solution
Apellis Pharmaceuticals Selects a Modern Safety SolutionApellis Pharmaceuticals Selects a Modern Safety Solution
Apellis Pharmaceuticals Selects a Modern Safety SolutionVeeva Systems
 
Validation strategies for cloud-based EDCs: more innovation, less effort
Validation strategies for cloud-based EDCs: more innovation, less effortValidation strategies for cloud-based EDCs: more innovation, less effort
Validation strategies for cloud-based EDCs: more innovation, less effortVeeva Systems
 
Veeva Systems Webinar: Driving Continuous Quality Improvements
Veeva Systems Webinar: Driving Continuous Quality ImprovementsVeeva Systems Webinar: Driving Continuous Quality Improvements
Veeva Systems Webinar: Driving Continuous Quality ImprovementsVeeva Systems
 
University of Louisville: Enabling Research During COVID-19 and Beyond
University of Louisville: Enabling Research During COVID-19 and BeyondUniversity of Louisville: Enabling Research During COVID-19 and Beyond
University of Louisville: Enabling Research During COVID-19 and BeyondVeeva Systems
 
TrackWise Enterprise Quality Management System
TrackWise Enterprise Quality Management SystemTrackWise Enterprise Quality Management System
TrackWise Enterprise Quality Management SystemJakub Sládeček
 
Streamline Change Control and Variation Management
Streamline Change Control and Variation ManagementStreamline Change Control and Variation Management
Streamline Change Control and Variation ManagementVeeva Systems
 
Reimagine patient safety 2030 governance through a unified safety platform
Reimagine patient safety 2030 governance through a unified safety platformReimagine patient safety 2030 governance through a unified safety platform
Reimagine patient safety 2030 governance through a unified safety platformVeeva Systems
 
Vertex Reduces EDC Study Build Times by 50%
Vertex Reduces EDC Study Build Times by 50%Vertex Reduces EDC Study Build Times by 50%
Vertex Reduces EDC Study Build Times by 50%Veeva Systems
 
Modernizing Quality Management
Modernizing Quality ManagementModernizing Quality Management
Modernizing Quality ManagementVeeva Systems
 
Webinar: Rethinking the Life Sciences Training Technology Ecosystem
Webinar: Rethinking the Life Sciences Training Technology EcosystemWebinar: Rethinking the Life Sciences Training Technology Ecosystem
Webinar: Rethinking the Life Sciences Training Technology EcosystemVeeva Systems
 
Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...
Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...
Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...Veeva Systems
 
AI in Clinical Trials: From Big Sky to Practical Application
AI in Clinical Trials: From Big Sky to Practical ApplicationAI in Clinical Trials: From Big Sky to Practical Application
AI in Clinical Trials: From Big Sky to Practical ApplicationVeeva Systems
 
Best Practices for Managing Regulatory Binders Electronically
Best Practices for Managing Regulatory Binders ElectronicallyBest Practices for Managing Regulatory Binders Electronically
Best Practices for Managing Regulatory Binders ElectronicallyVeeva Systems
 
Building a Business Case for Quality Management Transformation
Building a Business Case for Quality Management TransformationBuilding a Business Case for Quality Management Transformation
Building a Business Case for Quality Management TransformationVeeva Systems
 
Swe cs external 25112013 services
Swe cs external 25112013 servicesSwe cs external 25112013 services
Swe cs external 25112013 servicesAfiman Abdul Rahman
 
Continuous Controls Monitoring: Putting Controls in Place is Not Enough
Continuous Controls Monitoring: Putting Controls in Place is Not EnoughContinuous Controls Monitoring: Putting Controls in Place is Not Enough
Continuous Controls Monitoring: Putting Controls in Place is Not EnoughFraudBusters
 

Mais conteúdo relacionado

Mais procurados

Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...
Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...
Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...Eric Burniche, MBA
 
Unify quality manufacturing to drive speed, compliance and collaboration
Unify quality manufacturing to drive speed, compliance and collaborationUnify quality manufacturing to drive speed, compliance and collaboration
Unify quality manufacturing to drive speed, compliance and collaborationVeeva Systems
 
Best practices for implementing and maintaining successful standards
Best practices for implementing and maintaining successful standardsBest practices for implementing and maintaining successful standards
Best practices for implementing and maintaining successful standardsVeeva Systems
 
Implementing a New Clinical Systems Strategy
Implementing a New Clinical Systems StrategyImplementing a New Clinical Systems Strategy
Implementing a New Clinical Systems StrategyVeeva Systems
 
The Benefits of a Seamless IRT and EDC Integration in Clinical Trial Execution
The Benefits of a Seamless IRT and EDC Integration in Clinical Trial ExecutionThe Benefits of a Seamless IRT and EDC Integration in Clinical Trial Execution
The Benefits of a Seamless IRT and EDC Integration in Clinical Trial ExecutionVeeva Systems
 
The Industry’s Move Toward Digitally Connected Clinical Trials
The Industry’s Move Toward Digitally Connected Clinical TrialsThe Industry’s Move Toward Digitally Connected Clinical Trials
The Industry’s Move Toward Digitally Connected Clinical TrialsVeeva Systems
 
Apellis Pharmaceuticals Selects a Modern Safety Solution
Apellis Pharmaceuticals Selects a Modern Safety SolutionApellis Pharmaceuticals Selects a Modern Safety Solution
Apellis Pharmaceuticals Selects a Modern Safety SolutionVeeva Systems
 
Validation strategies for cloud-based EDCs: more innovation, less effort
Validation strategies for cloud-based EDCs: more innovation, less effortValidation strategies for cloud-based EDCs: more innovation, less effort
Validation strategies for cloud-based EDCs: more innovation, less effortVeeva Systems
 
Veeva Systems Webinar: Driving Continuous Quality Improvements
Veeva Systems Webinar: Driving Continuous Quality ImprovementsVeeva Systems Webinar: Driving Continuous Quality Improvements
Veeva Systems Webinar: Driving Continuous Quality ImprovementsVeeva Systems
 
University of Louisville: Enabling Research During COVID-19 and Beyond
University of Louisville: Enabling Research During COVID-19 and BeyondUniversity of Louisville: Enabling Research During COVID-19 and Beyond
University of Louisville: Enabling Research During COVID-19 and BeyondVeeva Systems
 
TrackWise Enterprise Quality Management System
TrackWise Enterprise Quality Management SystemTrackWise Enterprise Quality Management System
TrackWise Enterprise Quality Management SystemJakub Sládeček
 
Streamline Change Control and Variation Management
Streamline Change Control and Variation ManagementStreamline Change Control and Variation Management
Streamline Change Control and Variation ManagementVeeva Systems
 
Reimagine patient safety 2030 governance through a unified safety platform
Reimagine patient safety 2030 governance through a unified safety platformReimagine patient safety 2030 governance through a unified safety platform
Reimagine patient safety 2030 governance through a unified safety platformVeeva Systems
 
Vertex Reduces EDC Study Build Times by 50%
Vertex Reduces EDC Study Build Times by 50%Vertex Reduces EDC Study Build Times by 50%
Vertex Reduces EDC Study Build Times by 50%Veeva Systems
 
Modernizing Quality Management
Modernizing Quality ManagementModernizing Quality Management
Modernizing Quality ManagementVeeva Systems
 
Webinar: Rethinking the Life Sciences Training Technology Ecosystem
Webinar: Rethinking the Life Sciences Training Technology EcosystemWebinar: Rethinking the Life Sciences Training Technology Ecosystem
Webinar: Rethinking the Life Sciences Training Technology EcosystemVeeva Systems
 
Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...
Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...
Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...Veeva Systems
 
AI in Clinical Trials: From Big Sky to Practical Application
AI in Clinical Trials: From Big Sky to Practical ApplicationAI in Clinical Trials: From Big Sky to Practical Application
AI in Clinical Trials: From Big Sky to Practical ApplicationVeeva Systems
 
Best Practices for Managing Regulatory Binders Electronically
Best Practices for Managing Regulatory Binders ElectronicallyBest Practices for Managing Regulatory Binders Electronically
Best Practices for Managing Regulatory Binders ElectronicallyVeeva Systems
 
Building a Business Case for Quality Management Transformation
Building a Business Case for Quality Management TransformationBuilding a Business Case for Quality Management Transformation
Building a Business Case for Quality Management TransformationVeeva Systems
 

Mais procurados (20)

Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...
Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...
Simplifying Postmarket Surveillance: Introducing Veeva Vault Product Surveill...
 
Unify quality manufacturing to drive speed, compliance and collaboration
Unify quality manufacturing to drive speed, compliance and collaborationUnify quality manufacturing to drive speed, compliance and collaboration
Unify quality manufacturing to drive speed, compliance and collaboration
 
Best practices for implementing and maintaining successful standards
Best practices for implementing and maintaining successful standardsBest practices for implementing and maintaining successful standards
Best practices for implementing and maintaining successful standards
 
Implementing a New Clinical Systems Strategy
Implementing a New Clinical Systems StrategyImplementing a New Clinical Systems Strategy
Implementing a New Clinical Systems Strategy
 
The Benefits of a Seamless IRT and EDC Integration in Clinical Trial Execution
The Benefits of a Seamless IRT and EDC Integration in Clinical Trial ExecutionThe Benefits of a Seamless IRT and EDC Integration in Clinical Trial Execution
The Benefits of a Seamless IRT and EDC Integration in Clinical Trial Execution
 
The Industry’s Move Toward Digitally Connected Clinical Trials
The Industry’s Move Toward Digitally Connected Clinical TrialsThe Industry’s Move Toward Digitally Connected Clinical Trials
The Industry’s Move Toward Digitally Connected Clinical Trials
 
Apellis Pharmaceuticals Selects a Modern Safety Solution
Apellis Pharmaceuticals Selects a Modern Safety SolutionApellis Pharmaceuticals Selects a Modern Safety Solution
Apellis Pharmaceuticals Selects a Modern Safety Solution
 
Validation strategies for cloud-based EDCs: more innovation, less effort
Validation strategies for cloud-based EDCs: more innovation, less effortValidation strategies for cloud-based EDCs: more innovation, less effort
Validation strategies for cloud-based EDCs: more innovation, less effort
 
Veeva Systems Webinar: Driving Continuous Quality Improvements
Veeva Systems Webinar: Driving Continuous Quality ImprovementsVeeva Systems Webinar: Driving Continuous Quality Improvements
Veeva Systems Webinar: Driving Continuous Quality Improvements
 
University of Louisville: Enabling Research During COVID-19 and Beyond
University of Louisville: Enabling Research During COVID-19 and BeyondUniversity of Louisville: Enabling Research During COVID-19 and Beyond
University of Louisville: Enabling Research During COVID-19 and Beyond
 
TrackWise Enterprise Quality Management System
TrackWise Enterprise Quality Management SystemTrackWise Enterprise Quality Management System
TrackWise Enterprise Quality Management System
 
Streamline Change Control and Variation Management
Streamline Change Control and Variation ManagementStreamline Change Control and Variation Management
Streamline Change Control and Variation Management
 
Reimagine patient safety 2030 governance through a unified safety platform
Reimagine patient safety 2030 governance through a unified safety platformReimagine patient safety 2030 governance through a unified safety platform
Reimagine patient safety 2030 governance through a unified safety platform
 
Vertex Reduces EDC Study Build Times by 50%
Vertex Reduces EDC Study Build Times by 50%Vertex Reduces EDC Study Build Times by 50%
Vertex Reduces EDC Study Build Times by 50%
 
Modernizing Quality Management
Modernizing Quality ManagementModernizing Quality Management
Modernizing Quality Management
 
Webinar: Rethinking the Life Sciences Training Technology Ecosystem
Webinar: Rethinking the Life Sciences Training Technology EcosystemWebinar: Rethinking the Life Sciences Training Technology Ecosystem
Webinar: Rethinking the Life Sciences Training Technology Ecosystem
 
Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...
Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...
Micro-learning, Macro-compliance: Improving GxP Compliance with Modern Learni...
 
AI in Clinical Trials: From Big Sky to Practical Application
AI in Clinical Trials: From Big Sky to Practical ApplicationAI in Clinical Trials: From Big Sky to Practical Application
AI in Clinical Trials: From Big Sky to Practical Application
 
Best Practices for Managing Regulatory Binders Electronically
Best Practices for Managing Regulatory Binders ElectronicallyBest Practices for Managing Regulatory Binders Electronically
Best Practices for Managing Regulatory Binders Electronically
 
Building a Business Case for Quality Management Transformation
Building a Business Case for Quality Management TransformationBuilding a Business Case for Quality Management Transformation
Building a Business Case for Quality Management Transformation
 

Destaque

Swe cs external 25112013 services
Swe cs external 25112013 servicesSwe cs external 25112013 services
Swe cs external 25112013 servicesAfiman Abdul Rahman
 
Continuous Controls Monitoring: Putting Controls in Place is Not Enough
Continuous Controls Monitoring: Putting Controls in Place is Not EnoughContinuous Controls Monitoring: Putting Controls in Place is Not Enough
Continuous Controls Monitoring: Putting Controls in Place is Not EnoughFraudBusters
 
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...Oracle
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applicationskanimozhin
 
Stephon Grey Profile 2015
Stephon Grey Profile 2015Stephon Grey Profile 2015
Stephon Grey Profile 2015Stephon Grey
 
Audit standards for Federal PKI Certification Authorities using PKI
Audit standards for Federal PKI Certification Authorities using PKIAudit standards for Federal PKI Certification Authorities using PKI
Audit standards for Federal PKI Certification Authorities using PKIDavid Sweigert
 
SOC 2/SOC 3 Whitepaper
SOC 2/SOC 3 WhitepaperSOC 2/SOC 3 Whitepaper
SOC 2/SOC 3 WhitepaperDTIMMERMAN
 
Federal government-of-nigeria-ncap-april-2013
Federal government-of-nigeria-ncap-april-2013Federal government-of-nigeria-ncap-april-2013
Federal government-of-nigeria-ncap-april-2013Perkins Abaje
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...CTE Solutions Inc.
 
New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0Donny Shimamoto
 
Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Matthew Green
 
TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days bas...
TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days bas...TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days bas...
TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days bas...Charley Hanania
 
Saving America’s Black Boys National Campaign Launch
Saving America’s Black Boys National Campaign LaunchSaving America’s Black Boys National Campaign Launch
Saving America’s Black Boys National Campaign LaunchScaleUp Partners LLC
 
IAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 FebruaryIAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 FebruaryPhil Agcaoili
 
Evaluating Vendor Risks - Presentation
Evaluating Vendor Risks - PresentationEvaluating Vendor Risks - Presentation
Evaluating Vendor Risks - PresentationISACA New England
 

Destaque (20)

Swe cs external 25112013 services
Swe cs external 25112013 servicesSwe cs external 25112013 services
Swe cs external 25112013 services
 
Continuous Controls Monitoring: Putting Controls in Place is Not Enough
Continuous Controls Monitoring: Putting Controls in Place is Not EnoughContinuous Controls Monitoring: Putting Controls in Place is Not Enough
Continuous Controls Monitoring: Putting Controls in Place is Not Enough
 
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Stephon Grey Profile 2015
Stephon Grey Profile 2015Stephon Grey Profile 2015
Stephon Grey Profile 2015
 
Audit standards for Federal PKI Certification Authorities using PKI
Audit standards for Federal PKI Certification Authorities using PKIAudit standards for Federal PKI Certification Authorities using PKI
Audit standards for Federal PKI Certification Authorities using PKI
 
SOC 2/SOC 3 Whitepaper
SOC 2/SOC 3 WhitepaperSOC 2/SOC 3 Whitepaper
SOC 2/SOC 3 Whitepaper
 
Federal government-of-nigeria-ncap-april-2013
Federal government-of-nigeria-ncap-april-2013Federal government-of-nigeria-ncap-april-2013
Federal government-of-nigeria-ncap-april-2013
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
 
Ifc deloitte
Ifc deloitteIfc deloitte
Ifc deloitte
 
Baigiang kiemtoan english
Baigiang kiemtoan englishBaigiang kiemtoan english
Baigiang kiemtoan english
 
Information Technology Portfolio
Information Technology PortfolioInformation Technology Portfolio
Information Technology Portfolio
 
Cia brochure part 1 2
Cia brochure part 1 2Cia brochure part 1 2
Cia brochure part 1 2
 
New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0
 
Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013
 
Fraud Prevention
Fraud PreventionFraud Prevention
Fraud Prevention
 
TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days bas...
TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days bas...TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days bas...
TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days bas...
 
Saving America’s Black Boys National Campaign Launch
Saving America’s Black Boys National Campaign LaunchSaving America’s Black Boys National Campaign Launch
Saving America’s Black Boys National Campaign Launch
 
IAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 FebruaryIAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 February
 
Evaluating Vendor Risks - Presentation
Evaluating Vendor Risks - PresentationEvaluating Vendor Risks - Presentation
Evaluating Vendor Risks - Presentation
 

Semelhante a Fearing the cloud: why the life sciences shouldn't fret

Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment reportAhmad El Tawil
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET Journal
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...ijcnes
 
Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing CeleraNetworks
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesIOSR Journals
 
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue ...
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue ...The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue ...
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue ...RapidValue
 
IRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET Journal
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorAmazon Web Services
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Scalar Decisions
 
Enabling Cloud Computing
Enabling Cloud ComputingEnabling Cloud Computing
Enabling Cloud Computingtntsa1972
 
Architecting your Cloud Strategy - Part One.vsdx
Architecting your Cloud Strategy - Part One.vsdxArchitecting your Cloud Strategy - Part One.vsdx
Architecting your Cloud Strategy - Part One.vsdxGareth Llewellyn
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 

Semelhante a Fearing the cloud: why the life sciences shouldn't fret (20)

Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment report
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
 
Securing The Journey To The Cloud
Securing The Journey To The Cloud Securing The Journey To The Cloud
Securing The Journey To The Cloud
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital Forensic
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
 
Cloud Computing Improving Organizational Agility
Cloud Computing Improving Organizational AgilityCloud Computing Improving Organizational Agility
Cloud Computing Improving Organizational Agility
 
cloud Resilience
cloud Resilience cloud Resilience
cloud Resilience
 
Cloud capability for startups
Cloud capability for startupsCloud capability for startups
Cloud capability for startups
 
Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and Services
 
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue ...
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue ...The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue ...
The Adoption of Cloud Technology by Enterprises - A Whitepaper by RapidValue ...
 
IRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and Challenges
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public Sector
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6
 
Enabling Cloud Computing
Enabling Cloud ComputingEnabling Cloud Computing
Enabling Cloud Computing
 
Architecting your Cloud Strategy - Part One.vsdx
Architecting your Cloud Strategy - Part One.vsdxArchitecting your Cloud Strategy - Part One.vsdx
Architecting your Cloud Strategy - Part One.vsdx
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 

Mais de Cornerstone OnDemand

The Value of a Learning Mindset in the New Skills Economy
The Value of a Learning Mindset in the New Skills EconomyThe Value of a Learning Mindset in the New Skills Economy
The Value of a Learning Mindset in the New Skills EconomyCornerstone OnDemand
 
Coffee with Cornerstone: How to Deliver Training to Franchisees and Dealers
Coffee with Cornerstone: How to Deliver Training to Franchisees and DealersCoffee with Cornerstone: How to Deliver Training to Franchisees and Dealers
Coffee with Cornerstone: How to Deliver Training to Franchisees and DealersCornerstone OnDemand
 
HCI Webinar: Changing a Company Culture, One Technological Performance Module...
HCI Webinar: Changing a Company Culture, One Technological Performance Module...HCI Webinar: Changing a Company Culture, One Technological Performance Module...
HCI Webinar: Changing a Company Culture, One Technological Performance Module...Cornerstone OnDemand
 
The Evolution of HR: Embrace an Analytics Mindset to Unlock HR’s Potential
The Evolution of HR: Embrace an Analytics Mindset to Unlock HR’s PotentialThe Evolution of HR: Embrace an Analytics Mindset to Unlock HR’s Potential
The Evolution of HR: Embrace an Analytics Mindset to Unlock HR’s PotentialCornerstone OnDemand
 
The New VUCA World – Creating Alignment for Stability!
The New VUCA World – Creating Alignment for Stability!The New VUCA World – Creating Alignment for Stability!
The New VUCA World – Creating Alignment for Stability!Cornerstone OnDemand
 
Leveraging The Machine: The Future of People Data Is Now
Leveraging The Machine: The Future of People Data Is Now Leveraging The Machine: The Future of People Data Is Now
Leveraging The Machine: The Future of People Data Is Now Cornerstone OnDemand
 
The Evolution of HR: Is Recruiting HR Too?
The Evolution of HR: Is Recruiting HR Too?The Evolution of HR: Is Recruiting HR Too?
The Evolution of HR: Is Recruiting HR Too?Cornerstone OnDemand
 
Business Performance & Strategic HR
Business Performance & Strategic HRBusiness Performance & Strategic HR
Business Performance & Strategic HRCornerstone OnDemand
 
Embracing Disruption: How One Multinational is Changing its Approach
Embracing Disruption: How One Multinational is Changing its ApproachEmbracing Disruption: How One Multinational is Changing its Approach
Embracing Disruption: How One Multinational is Changing its ApproachCornerstone OnDemand
 
Emerging Trends in Learning & Performance: Shift Your Performance Discussions...
Emerging Trends in Learning & Performance: Shift Your Performance Discussions...Emerging Trends in Learning & Performance: Shift Your Performance Discussions...
Emerging Trends in Learning & Performance: Shift Your Performance Discussions...Cornerstone OnDemand
 
Learning and Business Impact: Making the Case through Metrics and Analytics
Learning and Business Impact: Making the Case through Metrics and AnalyticsLearning and Business Impact: Making the Case through Metrics and Analytics
Learning and Business Impact: Making the Case through Metrics and AnalyticsCornerstone OnDemand
 
Revising your Enterprise Learning Strategy: It Starts with Commitment
Revising your Enterprise Learning Strategy: It Starts with CommitmentRevising your Enterprise Learning Strategy: It Starts with Commitment
Revising your Enterprise Learning Strategy: It Starts with CommitmentCornerstone OnDemand
 
Emerging Trends in Performance Management: Diagnose, Discern & Develop - Part 1
Emerging Trends in Performance Management: Diagnose, Discern & Develop - Part 1Emerging Trends in Performance Management: Diagnose, Discern & Develop - Part 1
Emerging Trends in Performance Management: Diagnose, Discern & Develop - Part 1Cornerstone OnDemand
 
Preventing Staff Burnout: Strategies for Happier Staff and Healthier Patients
Preventing Staff Burnout: Strategies for Happier Staff and Healthier PatientsPreventing Staff Burnout: Strategies for Happier Staff and Healthier Patients
Preventing Staff Burnout: Strategies for Happier Staff and Healthier PatientsCornerstone OnDemand
 
Shifting Away From Annual Performance Reviews to Increase Productivity and En...
Shifting Away From Annual Performance Reviews to Increase Productivity and En...Shifting Away From Annual Performance Reviews to Increase Productivity and En...
Shifting Away From Annual Performance Reviews to Increase Productivity and En...Cornerstone OnDemand
 
Driving Engagement: The Link Between Staff Buy-in and Quality Care
Driving Engagement: The Link Between Staff Buy-in and Quality CareDriving Engagement: The Link Between Staff Buy-in and Quality Care
Driving Engagement: The Link Between Staff Buy-in and Quality CareCornerstone OnDemand
 
Onboarding in Healthcare that Sticks: It's More Than Just the Paperwork
Onboarding in Healthcare that Sticks: It's More Than Just the PaperworkOnboarding in Healthcare that Sticks: It's More Than Just the Paperwork
Onboarding in Healthcare that Sticks: It's More Than Just the PaperworkCornerstone OnDemand
 
Recruiting & Onboarding First Looks - Oct. 16
Recruiting & Onboarding First Looks - Oct. 16Recruiting & Onboarding First Looks - Oct. 16
Recruiting & Onboarding First Looks - Oct. 16Cornerstone OnDemand
 
Performance, Comp, Succession First Looks - Oct. 16
Performance, Comp, Succession First Looks - Oct. 16Performance, Comp, Succession First Looks - Oct. 16
Performance, Comp, Succession First Looks - Oct. 16Cornerstone OnDemand
 

Mais de Cornerstone OnDemand (20)

Compliance as Culture Strategy
Compliance as Culture StrategyCompliance as Culture Strategy
Compliance as Culture Strategy
 
The Value of a Learning Mindset in the New Skills Economy
The Value of a Learning Mindset in the New Skills EconomyThe Value of a Learning Mindset in the New Skills Economy
The Value of a Learning Mindset in the New Skills Economy
 
Coffee with Cornerstone: How to Deliver Training to Franchisees and Dealers
Coffee with Cornerstone: How to Deliver Training to Franchisees and DealersCoffee with Cornerstone: How to Deliver Training to Franchisees and Dealers
Coffee with Cornerstone: How to Deliver Training to Franchisees and Dealers
 
HCI Webinar: Changing a Company Culture, One Technological Performance Module...
HCI Webinar: Changing a Company Culture, One Technological Performance Module...HCI Webinar: Changing a Company Culture, One Technological Performance Module...
HCI Webinar: Changing a Company Culture, One Technological Performance Module...
 
The Evolution of HR: Embrace an Analytics Mindset to Unlock HR’s Potential
The Evolution of HR: Embrace an Analytics Mindset to Unlock HR’s PotentialThe Evolution of HR: Embrace an Analytics Mindset to Unlock HR’s Potential
The Evolution of HR: Embrace an Analytics Mindset to Unlock HR’s Potential
 
The New VUCA World – Creating Alignment for Stability!
The New VUCA World – Creating Alignment for Stability!The New VUCA World – Creating Alignment for Stability!
The New VUCA World – Creating Alignment for Stability!
 
Leveraging The Machine: The Future of People Data Is Now
Leveraging The Machine: The Future of People Data Is Now Leveraging The Machine: The Future of People Data Is Now
Leveraging The Machine: The Future of People Data Is Now
 
The Evolution of HR: Is Recruiting HR Too?
The Evolution of HR: Is Recruiting HR Too?The Evolution of HR: Is Recruiting HR Too?
The Evolution of HR: Is Recruiting HR Too?
 
Business Performance & Strategic HR
Business Performance & Strategic HRBusiness Performance & Strategic HR
Business Performance & Strategic HR
 
Embracing Disruption: How One Multinational is Changing its Approach
Embracing Disruption: How One Multinational is Changing its ApproachEmbracing Disruption: How One Multinational is Changing its Approach
Embracing Disruption: How One Multinational is Changing its Approach
 
Emerging Trends in Learning & Performance: Shift Your Performance Discussions...
Emerging Trends in Learning & Performance: Shift Your Performance Discussions...Emerging Trends in Learning & Performance: Shift Your Performance Discussions...
Emerging Trends in Learning & Performance: Shift Your Performance Discussions...
 
Learning and Business Impact: Making the Case through Metrics and Analytics
Learning and Business Impact: Making the Case through Metrics and AnalyticsLearning and Business Impact: Making the Case through Metrics and Analytics
Learning and Business Impact: Making the Case through Metrics and Analytics
 
Revising your Enterprise Learning Strategy: It Starts with Commitment
Revising your Enterprise Learning Strategy: It Starts with CommitmentRevising your Enterprise Learning Strategy: It Starts with Commitment
Revising your Enterprise Learning Strategy: It Starts with Commitment
 
Emerging Trends in Performance Management: Diagnose, Discern & Develop - Part 1
Emerging Trends in Performance Management: Diagnose, Discern & Develop - Part 1Emerging Trends in Performance Management: Diagnose, Discern & Develop - Part 1
Emerging Trends in Performance Management: Diagnose, Discern & Develop - Part 1
 
Preventing Staff Burnout: Strategies for Happier Staff and Healthier Patients
Preventing Staff Burnout: Strategies for Happier Staff and Healthier PatientsPreventing Staff Burnout: Strategies for Happier Staff and Healthier Patients
Preventing Staff Burnout: Strategies for Happier Staff and Healthier Patients
 
Shifting Away From Annual Performance Reviews to Increase Productivity and En...
Shifting Away From Annual Performance Reviews to Increase Productivity and En...Shifting Away From Annual Performance Reviews to Increase Productivity and En...
Shifting Away From Annual Performance Reviews to Increase Productivity and En...
 
Driving Engagement: The Link Between Staff Buy-in and Quality Care
Driving Engagement: The Link Between Staff Buy-in and Quality CareDriving Engagement: The Link Between Staff Buy-in and Quality Care
Driving Engagement: The Link Between Staff Buy-in and Quality Care
 
Onboarding in Healthcare that Sticks: It's More Than Just the Paperwork
Onboarding in Healthcare that Sticks: It's More Than Just the PaperworkOnboarding in Healthcare that Sticks: It's More Than Just the Paperwork
Onboarding in Healthcare that Sticks: It's More Than Just the Paperwork
 
Recruiting & Onboarding First Looks - Oct. 16
Recruiting & Onboarding First Looks - Oct. 16Recruiting & Onboarding First Looks - Oct. 16
Recruiting & Onboarding First Looks - Oct. 16
 
Performance, Comp, Succession First Looks - Oct. 16
Performance, Comp, Succession First Looks - Oct. 16Performance, Comp, Succession First Looks - Oct. 16
Performance, Comp, Succession First Looks - Oct. 16
 

Último

Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...
Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...
Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...Jasper Colin
 
2k Shots ≽ 9205541914 ≼ Call Girls In Ganesh Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Ganesh Nagar (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Ganesh Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Ganesh Nagar (Delhi)Delhi Call girls
 
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)Delhi Call girls
 
RecruZone - Your Recruiting Bounty marketplace
RecruZone - Your Recruiting Bounty marketplaceRecruZone - Your Recruiting Bounty marketplace
RecruZone - Your Recruiting Bounty marketplaceDavide Donghi
 
Webinar - How to set pay ranges in the context of pay transparency legislation
Webinar - How to set pay ranges in the context of pay transparency legislationWebinar - How to set pay ranges in the context of pay transparency legislation
Webinar - How to set pay ranges in the context of pay transparency legislationPayScale, Inc.
 
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...hyt3577
 

Último (6)

Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...
Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...
Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...
 
2k Shots ≽ 9205541914 ≼ Call Girls In Ganesh Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Ganesh Nagar (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Ganesh Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Ganesh Nagar (Delhi)
 
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)
 
RecruZone - Your Recruiting Bounty marketplace
RecruZone - Your Recruiting Bounty marketplaceRecruZone - Your Recruiting Bounty marketplace
RecruZone - Your Recruiting Bounty marketplace
 
Webinar - How to set pay ranges in the context of pay transparency legislation
Webinar - How to set pay ranges in the context of pay transparency legislationWebinar - How to set pay ranges in the context of pay transparency legislation
Webinar - How to set pay ranges in the context of pay transparency legislation
 
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...
 

Fearing the cloud: why the life sciences shouldn't fret

  • 1. Why the Life Sciences Shouldn’t Fret Michael Osburn Director, Risk &Compliance Advisory Services Cornerstone OnDemand Nyla Reed Founding Partner The Educe Group
  • 2. Cloud Computing Defined  Cloud computing is Internet-based computing, where computing resources (servers, services, applications, data storage, buildings and/or staff) are provided to users on demand as a product offered by a company. Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015 2
  • 3. Cloud Computing Defined ►It typically involves over-the-Internet provision of dynamically scalable and often virtualized computing resources  Virtualization allows the same computing hardware to be shared by multiple clients or customers 3Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 4. Cloud Computing Defined ►Fees are typically based on the total amount of computing resources used  Think about how we access, use and pay for electricity from the power grid. The cloud model is similar. You use what you need, pay for it accordingly, and it is always available 4Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 5. The NIST Cloud Model ► The cloud model can be thought of as being composed of five essential characteristics, three service models and, four deployment models. ► A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. 5 Public Private Hybrid Community BroadNetwork Access RapidElasticity MeasuredService On-Demand Self-Service ResourcePooling Essential Characteristics Deployment Models SoftwareasaService (SasS) PlatformasaService (PasS) Infrastructureasa Service(IasS) Service Methods Source: NIST: National Institute of Standards and Technology Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 6. Essential Characteristics of Cloud MULTI-TENANCY 6  Not called out by NIST, but considered another essential characteristic of Cloud.  Multi-tenancy in its simplest form implies use of same resources or application by multiple consumers that may belong to same organization or different organization.  The impact of multi- tenancy is visibility of residual data or trace of operations by other user or tenant. Source: http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 7. Cloud Deployment Models 7 Public Cloud Private Cloud Hybrid Cloud Community Cloud Systems and services are delivered and managed within an organization in a shared services model. Organization has greater/complete control over data and systems. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities bound together by standardized or proprietary technology enabling data and application portability. The cloud infrastructure is shared by several organizations and supporting communities that share concerns (i.e., mission, security requirements, or policy) The cloud infrastructure available to the general public or a large industry group and owned by an organization selling cloud services Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 8. Cloud Service Models THE SPI SERVICE MODELS 8Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 9. Cloud Service Models - SPI 9 Public Cloud . Capability to use the provider’s applications running on cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web- based e-mail). Capability to deploy onto the cloud infrastructure customer- created or acquired applications created using programming languages and tools supported by the provider. Capability to provision processing, storage, networks and other fundamental computing resources, offering the customer the ability to deploy and run arbitrary software, which can include operating systems and applications. IaaS puts these IT operations into the hands of a third party. Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 10. Cloud Computing CLOUD SERVICE MODELS – FACTORS TO CONSIDER 10 Source: ISACA Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives [October 2009] Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 11. Cloud Computing CLOUD DEPLOYMENT MODELS – FACTORS TO CONSIDER 11Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 12. Is Cloud for Us ?  Here’s a quick method for evaluating your tolerance for moving an asset to various cloud computing models.  Work through the following steps:  Identify the asset for cloud deployment  Evaluate the asset  Map the asset to potential cloud deployment models  Evaluate potential cloud service models and providers  Map out the potential data flow  Conclude  Documented within CSA’s publication: “Security guidance for critical areas of focus in Cloud Computing v3.0” ARE WE WILLING TO ACCEPT THE RISK ? 12Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 13. Is Cloud for Us ?  How sensitive is the asset ?  How important an application / function / process is ?  Ask the following questions for each asset:  1. How would we be harmed if the asset became widely public and widely distributed?  2. How would we be harmed if an employee of our cloud provider accessed the asset?  3. How would we be harmed if the process or function were manipulated by an outsider?  4. How would we be harmed if the process or function failed to provide expected results?  5. How would we be harmed if the information/data were unexpectedly changed?  6. How would we be harmed if the asset were unavailable for a period of time ? EVALUATE THE ASSET 13Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 14. Is Cloud for Us ?  Essentially we are assessing confidentiality, integrity, and availability requirements for the asset; and how the risk changes if all or part of the asset is handled in the cloud EVALUATE THE ASSET 14Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 15. Is Cloud for Us ?  Which deployment models we are comfortable with?  Can we accept the risks implicit to the various deployment models: private, public, community, or hybrid; and hosting scenarios: internal, external, or combined ?  For the asset, determine if you are willing to accept the following options:  1. Public.  2. Private, internal/on-premises.  3. Private, external (including dedicated or shared infrastructure).  4. Community; taking into account the hosting location, potential service provider, and identification of other community members.  5. Hybrid. To effectively evaluate a potential hybrid deployment, you must have in mind at least a rough architecture of where components, functions, and data will reside MAP THE ASSET TO CLOUD DEPLOYMENT MODELS 15Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 16. Is Cloud for Us ?  In this step focus on the degree of control you’ll have at each SPI tier to implement any required risk management.  If you are evaluating a specific offering, at this point you might switch to a fuller risk assessment  Your focus will be on the degree of control you have to implement risk mitigations in the different SPI tiers.  We’ll cover the evaluation of providers later. EVALUATE POTENTIAL CLOUD SERVICE MODELS AND PROVIDERS 16Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 17. Is Cloud for Us ?  If you are evaluating a specific deployment option, map out the data flow between your organization, the cloud service, and any customers/other nodes.  It’s absolutely essential to understand whether, and how, data can move in and out of the cloud.  If you have yet to decide on a particular offering, you’ll want to sketch out the rough data flow for any options on your acceptable list. This is to insure that as you make final decisions, you’ll be able to identify risk exposure points.. MAP OUT THE POTENTIAL DATA FLOW 17Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 18. Evaluating Cloud Service Providers  Choose a CSP that best serves business needs whilst minimizing potential risk  Consider size – smaller CSP vs established larger CSPs, Larger CSPs:  Will have references, comparable use cases etc  Will be more experienced with running cloud infrastructures, adapting to change and generally faster in responding to an incident or threat, thus being able to maintain stability more efficiently.  But a larger CSP will likely be stricter toward its offerings, which will greatly reduce the possibility of fine- tuning services not fully compatible with the enterprise needs WHEN EVALUATING A CLOUD SERVICE PROVIDER (CSP) 18 Source: Controls and Assurance in the Cloud: Using COBIT® 5 Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 19. Evaluating Cloud Service Providers  Vendor expertise  The enterprise needs expert knowledge or a broader perspective and experience with similar enterprises to effectively and efficiently handle certain activities.  Vendor capacity  The enterprise does not have the resources to handle the work related to a specific product or service. The vendor can supply the resources to support the entire operation or to supplement in-house resources.  Vendor assuming risk  The enterprise outsources activities to leverage a vendor’s experience with operational risk and corresponding risk mitigation services. However, the accountability for the adequate performance of those activities can never be delegated and stays with the enterprise.  Vendor leveraging scale  Vendors can offer services at a lower cost because working for multiple customers allows vendors to leverage scale. FACTORS THAN CAN INFLUENCE SELECTION OF A CSP 19Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 20. Evaluating Cloud Service Providers  Vendor location (storage and processing centers) is of key importance for legal reasons. Laws are applicable locally, which can result in a multitude of different law systems applicable to data or business processes stored in the cloud.  We need to consider:  Local Law of the Enterprise  Local law of the CSP  Local law where data is stored  Local law where data is processed . LEGAL IMPLICATIONS 20Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 21. Evaluating Cloud Service Providers  An effective Vendor Management Process with clear goals and objectives can help to ensure:  Vendor selection and management strategy is consistent with enterprise goals.  Effective cooperation and governance models are in place.  Service, quality, cost and business goals are clear.  All parties perform as agreed.  Vendor risk is assessed and properly addressed.  Vendor relationships are working effectively, as measured according to service objectives.  Many key stakeholders will be involved:  IT and business process owners solely,  Legal to help define requirements and writing contracts.  Compliance and audit should be consulted when reviewing service agreements and vendor compliance assessments.  Risk management and business continuity should analyze vendor-related risk, etc. : VENDOR MANAGEMENT PROCESS 21Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 22. Evaluating Cloud Service Providers  A formal information gathering process should be followed and key questions answered across the following topics. These should include topics such as: RFI / INFORMATION GATHERING QUESTIONNAIRE 22 Source: SIG (Standardized Information Gathering Questionnaire) v7.0 / The Santa Fe Group / http://www.sharedassessments.org Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 23. Evaluating Cloud Service Providers  Cloud specific questions..  What service model (SaaS, PaaS, IaaS) ? What deployment model (Private, Public..) ?  Where is the Cloud infrastructure hosted ?  Is there a Cloud Audit Program to address client audit and assessment requirements ?  Is there a formal Development Methodology in operation ?  Is there a formal process to ensure clients are notified prior to changes being made which may impact their service ?  Is there a scheduled maintenance window ? RFI / INFORMATION GATHERING QUESTIONNAIRE 23 Source: SIG (Standardized Information Gathering Questionnaire) v7.0 / The Santa Fe Group / http://www.sharedassessments.org Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 24. Evaluating Cloud Service Providers  Increasingly common for CSPs to elect to undergo an audit/review/assessment from an independent auditor/assessor and share the report/certification.  Most commonly used reports are:  SSAE 16 (SOC 1, SOC 2, SOC 3)  ISAE 3402 (SOC 1)  ISO/IEC 27001  AICPA / CICA Trust Services (SOC 2 and SOC 3) reports INDEPENDENT ASSURANCE OF CSP 24 Source: Controls and Assurance in the Cloud: Using COBIT® 5 Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 25. What does this mean to you? DEPLOYMENT CHANGES 25 Area of Responsibility Behind the Firewall Cloud Infrastructure and Architecture Hardware and Software installation - Integrations - SSO - Extensions (web services) Application Level Changes - Full access to enable/disable functionality and change system settings - Customizations - Some system settings changed by vendor only - Configuration only Reporting - Ability to access database directly - Reporting and Analytics - Export functionality Performance - Performance monitoring - Bandwidth limitations - Opportunities to optimize for growth/peak periods - Leverage CDNs Release Management - Upgrades - Client-based scheduling of changes - Release cycle determined by vendor - Client determines enable/disable settings Say goodbye to… The new normal… Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 26. What does this mean to you? IMPLEMENTATION APPROACH 26 Area of Responsibility Behind the Firewall Cloud Validation Strategy Created by client Leverage vendor documentation Requirements --- --- Business Process Definition --- --- Configuration Performed by client Responsibility split: client/vendor Testing Performed by client Leverage vendor, customer base Help Desk Client establishes SLAs SLAs need to be aligned with vendor Governance Vendor may participate in some meetings Greater partnership with vendor Technical – Content Client manages content servers Choice of content location Technical - Infrastructure Installations affect project plan Infrastructure readily available Say goodbye to… The new normal… Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 27. What does this mean to you? RELEASE MANAGEMENT 27  Identify internal resources to manage periodic release process  Review vendor release notes and determine what functionality changes will affect you  Create testing plan to regression test existing processes  Leverage existing vendor resources  Testing environment  Customer community  Pre-release webinars Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 28. Contractual Provisions  Overview of important contractual provisions that an enterprise should consider when contracting with a CSP.  These include:  1. Scope of Services  2. Core Obligations of Parties  3. End of Contract  4. Custody and Ownership  5. Security, Privacy and Access  6. Fees and Payment Terms and Modalities  7. Performance  8. Term and Termination Possibilities  9. Liabilities  10.Dispute Resolution and Applicable Law  11.Business Continuity, Data Disposal and Exit Strategy WHEN CONTRACTING WITH A CLOUD SERVICE PROVIDER (CSP) 28 Source: Controls and Assurance in the Cloud: Using COBIT® 5 Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015
  • 29. References  Key Organisations:  NIST – National Institute of Standards and Technology (www.nist.gov)  CSA – Cloud Security Alliance (www.cloudsecurityalliance.org)  ISACA – www.isaca.org  Shared Assessments Program – (https://sharedassessments.org)  Key document references:  The NIST Definition of Cloud Computing (NIST Special Publication 800-145, Feb 2011)  Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives (ISACA Emerging technologies white paper, Oct 2009)  Controls and Assurance in the Cloud: Using COBIT® 5 (ISACA, 2014)  Cloud Governance: Questions Boards of Directors Need to Ask (ISACA, 2013)  Guiding Principles for Cloud Computing Adoption and Use (ISACA Cloud Computing Vision Series White Paper, February 2012)  Security Guidance for Critical Areas of Focus in Cloud Computing v3.0 (CSA, 2011) [http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf]  Standardized Information Gathering Questionnaire (SIG) (https://sharedassessments.org/) 29Fearing the Cloud: Why the Life Sciences Shouldn’t Fret | July 29, 2015