information technology

INFORMATION TECHNOLOGY TRACK Russell Brown Chapter 13 Standing - PowerPoint PPT Presentation

NACTT STAFF SYMPOSIUM SERIES INFORMATION TECHNOLOGY TRACK Russell Brown Chapter 13 Standing Trustee - Phoenix, AZ Allan Reininger System Manager - San Antonio, TX Chapter 13 Standing Trustee - Mary Viegelahn Carl Brooks System Manager -


  1. NACTT STAFF SYMPOSIUM SERIES INFORMATION TECHNOLOGY TRACK Russell Brown Chapter 13 Standing Trustee - Phoenix, AZ Allan Reininger System Manager - San Antonio, TX Chapter 13 Standing Trustee - Mary Viegelahn Carl Brooks System Manager - Detroit, MI Chapter 13 Standing Trustee - Tammy Terry Tom O’Hern Program Manager, ICF International, Baltimore, MD STACS - Standing Trustee Alliance for Computer Security STAFF SYMPOSIUM - IT TRACK SESSION 4 - CLOUD SERVICES 1 4/29/2015

  2. IT Track Outline Day 1 Session 1 (9:00 - 10:30) - HOW TO KEEP YOUR TRUSTEE HAPPY FROM AN IT PERSPECTIVE  Session 2 (10:45 - 12:15) - A RIVERWALK THROUGH YOUR NETWORK  Lunch (12:15-1:30) Session 3 (1:30 – 3:00) - DESKTOP & SERVER MANAGEMENT  Session 4 (3:15 – 4:45) - THE CLOUD – WHO REALLY UNDERSTANDS IT?  DAY 2 Session 5 (8:30 - 10:00) - DISASTER RECOVERY – YOUR WORST FEAR COMES TRUE  Session 6 (10:15 - 11:45) - BUERRITO BOWL - MIXED HOT TOPICS  List of Reference Material STAFF SYMPOSIUM IT TRACK SESSION 4 - CLOUD SERVICES 2 4/29/2015

  3. Sess ssion Focal Po Points ts  What is the Cloud?  IaaS, PaaS, SaaS, DRaaS  Security Risks, Requirements and Standards  Cloud Services and Security Options  Shadow IT  Managed Service Providers  Cloud services in the 13 community  NDC (30-45 min) – David Shapiro and Dave Sapp STAFF SYMPOSIUM - IT TRACK SESSION 4 - CLOUD SERVICES 3 4/29/2015

  4. Hosted (Cloud) Services  Examples:  Software as a Service  Google mail (SaaS)  Iron Mountain LiveVault ◦ Email  GoToMyPC ◦ Online backup  Adobe.com online print ◦ Remote access / VPN  & collaboration ◦ Printing  MySpace ◦ Data Exchanges  Google Groups ◦ Website Hosting ◦ News Groups/List Services  Infrastructure as a  Exchange, SQL, IIS mail, database, web Service (IaaS) ◦ Back office services STAFF SYMPOSIUM IT TRACK SESSION 4 - CLOUD SERVICES 4 4/29/2015

  5. Hosted (Cloud) Services  Issues ◦ Free services agreements undermine data ownership & privacy ◦ Hosting staff access to sensitive data ◦ Misleading or no information about security ◦ Breach notification ◦ Risk to Trustee for data breach  Security Strategy ◦ Do diligence to confirm the security basics ◦ Review contract for assurances and limitations ◦ Bond and Insure for additional risk STAFF SYMPOSIUM IT TRACK SESSION 4 - CLOUD SERVICES 5 4/29/2015

  6. What is the Cloud? In lay terms, a Cloud is using someone else’s network, servers, software, storage, power, facility, and support staff to deliver a computing service over the Internet to you or to others on your behalf. A distinguishing feature is the sharing of these resources to service more than one instance of the service concurrently to maximize utilization. STAFF SYMPOSIUM IT TRACK 6 4/29/2015 SESSION 4 - CLOUD SERVICES

  7. STAFF SYMPOSIUM - IT TRACK 7 4/29/2015 SESSION 4 - CLOUD SERVICES

  8. Cloud Security Concerns  What type of data am I putting in the Cloud? ◦ Public, financial, PII, Health records  Who are the players? ◦ Cloud provider, 3rd party servicers, local resellers  Who has access and how is it secured over the net? ◦ Users and administrators login authentication ◦ Data exchanged with outside systems or users STAFF SYMPOSIUM IT TRACK 4/29/2 8 SESSION 4 - CLOUD SERVICES 015

  9. Cloud Security Concerns  How secure is the software application itself? ◦ Attack from the internet and other cloud users ◦ Functionally protects data in use  How secure is critical data in the system? ◦ Database fields, files, backups  What country is the data center in? STAFF SYMPOSIUM IT TRACK 4/29/2 9 SESSION 4 - CLOUD SERVICES 015

  10. Cloud Security Assessing The Risk  More sensitive data requires more security ◦ Consider certified federal cloud services  Request a security statement of controls, practices and assurances from the servicer ◦ Needs to be a technical document, not PR material  No service is 100% secure. ◦ The value of the service must be greater then the potential loss ◦ Insure for the risk you are accepting STAFF SYMPOSIUM IT TRACK 4/29/2 10 SESSION 4 - CLOUD SERVICES 015

  11. HOSTED HOSTED HOSTED DOMAIN DOMAIN NAME SSL CERTIFICATE REMOTE REMOTE SPAM PROXY EMAIL VOIP PHONE WEBSITE AUTHORITY USERS DESKTOP REGISTRY SERVICE CO-LOCATION HOSTED VM HOSTED HOSTED CASE MGMT MULTI-FACTOR BACKUP FILE TRANSFER VENDOR NDC ECF/PACER SERVICES VM MANAGED SUPPORT BANK SHADOW IT Internet Service COURT/341 SERVICE PROVIDER SERVICES CLOUD STORAGE Provider Site To Site VPN ANALOG Patch Panel POTS/PBX WIRELESS PHONE ACCESS POINT DMZ VOIP GATEWAY WIRELESS ACCESS POINT PBX VOIP VOIP VOICE MAIL VPN PHONES SWITCH CALL MGMT LAN VOIP VLAN VOIP PHONES ON LAN VOIP PHONES W/ HOSTED GATEWAY STAFF SYMPOSIUM - IT TRACK SESSION 4 - CLOUD SERVICES 11 4/29/2015

  12. HOSTED HOSTED HOSTED SPAM PROXY EMAIL VOIP PHONE WEBSITE CO-LOCATION HOSTED VM HOSTED HOSTED MULTI-FACTOR BACKUP VM MANAGED SUPPORT SHADOW IT SERVICE PROVIDER CLOUD STORAGE STAFF SYMPOSIUM - IT TRACK SESSION 4 - CLOUD SERVICES 12 4/29/2015

  13. CASE MGMT BANK FILE TRANSFER VENDOR ECF/PACER NDC SERVICES SERVICES STAFF SYMPOSIUM - IT TRACK SESSION 4 - CLOUD SERVICES 13 4/29/2015

  14. STAFF SYMPOSIUM - IT TRACK 14 4/29/2015 SESSION 4 - CLOUD SERVICES

  15. Cyber Liability Insurance  Different than E&O and Fidelity  Bonding and Insurance products maturing  USTP Guidance on Cyber Liability Insurance is found in the supplemental materials on their website STAFF SYMPOSIUM IT TRACK 15 4/29/2015 SESSION 4 - CLOUD SERVICES

  16. Cyber Liability Insurance  What is covered? What is not covered? ◦ Ask both questions ◦ Real answers determined when a claim is actually made  Ask your insurer “What if” scenarios specific to your situation ◦ What if my IT vendor … ◦ What if the cloud service … ◦ Am I liable for my 3rd party providers actions?  Breach of protected data  Financial thefts from any party using the service  What coverage should I expect from my IT service? STAFF SYMPOSIUM IT TRACK 4/29/2 16 SESSION 4 - CLOUD SERVICES 015

Recommend


More recommend