NACTT STAFF SYMPOSIUM SERIES INFORMATION TECHNOLOGY TRACK Russell Brown Chapter 13 Standing Trustee - Phoenix, AZ Allan Reininger System Manager - San Antonio, TX Chapter 13 Standing Trustee - Mary Viegelahn Carl Brooks System Manager - Detroit, MI Chapter 13 Standing Trustee - Tammy Terry Tom O’Hern Program Manager, ICF International, Baltimore, MD STACS - Standing Trustee Alliance for Computer Security STAFF SYMPOSIUM - IT TRACK SESSION 4 - CLOUD SERVICES 1 4/29/2015
IT Track Outline Day 1 Session 1 (9:00 - 10:30) - HOW TO KEEP YOUR TRUSTEE HAPPY FROM AN IT PERSPECTIVE Session 2 (10:45 - 12:15) - A RIVERWALK THROUGH YOUR NETWORK Lunch (12:15-1:30) Session 3 (1:30 – 3:00) - DESKTOP & SERVER MANAGEMENT Session 4 (3:15 – 4:45) - THE CLOUD – WHO REALLY UNDERSTANDS IT? DAY 2 Session 5 (8:30 - 10:00) - DISASTER RECOVERY – YOUR WORST FEAR COMES TRUE Session 6 (10:15 - 11:45) - BUERRITO BOWL - MIXED HOT TOPICS List of Reference Material STAFF SYMPOSIUM IT TRACK SESSION 4 - CLOUD SERVICES 2 4/29/2015
Sess ssion Focal Po Points ts What is the Cloud? IaaS, PaaS, SaaS, DRaaS Security Risks, Requirements and Standards Cloud Services and Security Options Shadow IT Managed Service Providers Cloud services in the 13 community NDC (30-45 min) – David Shapiro and Dave Sapp STAFF SYMPOSIUM - IT TRACK SESSION 4 - CLOUD SERVICES 3 4/29/2015
Hosted (Cloud) Services Examples: Software as a Service Google mail (SaaS) Iron Mountain LiveVault ◦ Email GoToMyPC ◦ Online backup Adobe.com online print ◦ Remote access / VPN & collaboration ◦ Printing MySpace ◦ Data Exchanges Google Groups ◦ Website Hosting ◦ News Groups/List Services Infrastructure as a Exchange, SQL, IIS mail, database, web Service (IaaS) ◦ Back office services STAFF SYMPOSIUM IT TRACK SESSION 4 - CLOUD SERVICES 4 4/29/2015
Hosted (Cloud) Services Issues ◦ Free services agreements undermine data ownership & privacy ◦ Hosting staff access to sensitive data ◦ Misleading or no information about security ◦ Breach notification ◦ Risk to Trustee for data breach Security Strategy ◦ Do diligence to confirm the security basics ◦ Review contract for assurances and limitations ◦ Bond and Insure for additional risk STAFF SYMPOSIUM IT TRACK SESSION 4 - CLOUD SERVICES 5 4/29/2015
What is the Cloud? In lay terms, a Cloud is using someone else’s network, servers, software, storage, power, facility, and support staff to deliver a computing service over the Internet to you or to others on your behalf. A distinguishing feature is the sharing of these resources to service more than one instance of the service concurrently to maximize utilization. STAFF SYMPOSIUM IT TRACK 6 4/29/2015 SESSION 4 - CLOUD SERVICES
STAFF SYMPOSIUM - IT TRACK 7 4/29/2015 SESSION 4 - CLOUD SERVICES
Cloud Security Concerns What type of data am I putting in the Cloud? ◦ Public, financial, PII, Health records Who are the players? ◦ Cloud provider, 3rd party servicers, local resellers Who has access and how is it secured over the net? ◦ Users and administrators login authentication ◦ Data exchanged with outside systems or users STAFF SYMPOSIUM IT TRACK 4/29/2 8 SESSION 4 - CLOUD SERVICES 015
Cloud Security Concerns How secure is the software application itself? ◦ Attack from the internet and other cloud users ◦ Functionally protects data in use How secure is critical data in the system? ◦ Database fields, files, backups What country is the data center in? STAFF SYMPOSIUM IT TRACK 4/29/2 9 SESSION 4 - CLOUD SERVICES 015
Cloud Security Assessing The Risk More sensitive data requires more security ◦ Consider certified federal cloud services Request a security statement of controls, practices and assurances from the servicer ◦ Needs to be a technical document, not PR material No service is 100% secure. ◦ The value of the service must be greater then the potential loss ◦ Insure for the risk you are accepting STAFF SYMPOSIUM IT TRACK 4/29/2 10 SESSION 4 - CLOUD SERVICES 015
HOSTED HOSTED HOSTED DOMAIN DOMAIN NAME SSL CERTIFICATE REMOTE REMOTE SPAM PROXY EMAIL VOIP PHONE WEBSITE AUTHORITY USERS DESKTOP REGISTRY SERVICE CO-LOCATION HOSTED VM HOSTED HOSTED CASE MGMT MULTI-FACTOR BACKUP FILE TRANSFER VENDOR NDC ECF/PACER SERVICES VM MANAGED SUPPORT BANK SHADOW IT Internet Service COURT/341 SERVICE PROVIDER SERVICES CLOUD STORAGE Provider Site To Site VPN ANALOG Patch Panel POTS/PBX WIRELESS PHONE ACCESS POINT DMZ VOIP GATEWAY WIRELESS ACCESS POINT PBX VOIP VOIP VOICE MAIL VPN PHONES SWITCH CALL MGMT LAN VOIP VLAN VOIP PHONES ON LAN VOIP PHONES W/ HOSTED GATEWAY STAFF SYMPOSIUM - IT TRACK SESSION 4 - CLOUD SERVICES 11 4/29/2015
HOSTED HOSTED HOSTED SPAM PROXY EMAIL VOIP PHONE WEBSITE CO-LOCATION HOSTED VM HOSTED HOSTED MULTI-FACTOR BACKUP VM MANAGED SUPPORT SHADOW IT SERVICE PROVIDER CLOUD STORAGE STAFF SYMPOSIUM - IT TRACK SESSION 4 - CLOUD SERVICES 12 4/29/2015
CASE MGMT BANK FILE TRANSFER VENDOR ECF/PACER NDC SERVICES SERVICES STAFF SYMPOSIUM - IT TRACK SESSION 4 - CLOUD SERVICES 13 4/29/2015
STAFF SYMPOSIUM - IT TRACK 14 4/29/2015 SESSION 4 - CLOUD SERVICES
Cyber Liability Insurance Different than E&O and Fidelity Bonding and Insurance products maturing USTP Guidance on Cyber Liability Insurance is found in the supplemental materials on their website STAFF SYMPOSIUM IT TRACK 15 4/29/2015 SESSION 4 - CLOUD SERVICES
Cyber Liability Insurance What is covered? What is not covered? ◦ Ask both questions ◦ Real answers determined when a claim is actually made Ask your insurer “What if” scenarios specific to your situation ◦ What if my IT vendor … ◦ What if the cloud service … ◦ Am I liable for my 3rd party providers actions? Breach of protected data Financial thefts from any party using the service What coverage should I expect from my IT service? STAFF SYMPOSIUM IT TRACK 4/29/2 16 SESSION 4 - CLOUD SERVICES 015
Recommend
More recommend
