Compliance Terms and Requirement – Cloud Computing – Part 3

While selection of cloud providers the important thing to check how the cloud provider can help you to comply the international regulations and standards

Some important questions to ask from the provider:

• How complaint are the services offered by cloud provider?
• Terms are part of the privacy statement for the provider
• Deployment of own cloud based solutions those need accreditation or have compliance requirement?
• Handling of sensitive data by the cloud provider , how ?

 

Compliance Offering:

Below is the list of compliance offerings available:

• Criminal Justice Information Services(CJIS)
  • Any US state or local agency wants to access FBI’s CJIS database is required to adhere to the CJIS security policy.
  • Azure is only major cloud provider that contractually commits to conformance with CJIS security policy
• Cloud Security Alliance(CSA) Star certification
  • Azure, Intune and Power BI has obtain star certification
  • The star certification is based on achieving ISO/IEC 27001 certification and meeting the specific criteria in Cloud Controls Matrix(CCM).
  • This certificate demonstrates that a cloud service provider:
    • Conforms to the applicable requirements of ISO/IES27001
    • addressed issues that critical to cloud security as described in the Cloud Control Matrix(CCM)
    • Assessed against the Star Capability Maturity Model for the management of activities in Cloud Control Matrix(CCM) control areas.
• General Data Protection Regulation(GDPR)
  • As of May 2018, a European Privacy law  (GDPR) is in effect.
  • GDPR imposes new rules on companies, government agencies, non-profits and other organizations that offer goods and service to the European Union People or collect and analyze data of European Union resident.
  • The GDPR applies no matter where are you located if your company or agency lies as per above statement.
• Health Insurance Portability and Accountability Act(HIPAA)
  • Its a US Federal Law that regulates patient Protected Health Information(PHI)
  • Azure offers customers a HIPAA Business Associate Agreement(BAA) which means Azure is adherence to certain security and privacy provisions in HIPPA and the Health Information Technology for Economical and Clinical Health(HITECH) Act.
  • To Assist customers in the individual compliance efforts, Microsoft offers BAA to Azure customers as contract addendum.
• Multi-tier Cloud Security (MTCS) Singapore
  • After rigorous assessments conducted by MTCS certification body, Microsoft cloud services received MTCS 584:2013 certifications for all three service classification
    • Infrastructure as a Service(IaaS)
    • Platform as a Service(Paas)
    • Software as a Service(SaaS)
  • Microsoft was the first service provider who got this certification for all three service classifications.
• International Organization for Standardization(ISO) and International Electrotechnical Commission (IEC) 27018
  • Microsoft is the first cloud provider who adopted the ISO/IEC 27018 code of practice, covering the processing of personnel information by the cloud service providers.
• UK Government G-Cloud
  • The UK Government G-Cloud is a cloud computing certification for services used by government entities in the United Kingdom.Azure has received official accreditation from the UK Government Accreditor.
• National Institute of Standards and Technology (NIST) Cybersecurity Framework(CSF)
  • NIST CFT is a voluntary framework that consists of standards, guidelines and best practices to manage the cyber-security related risks. Microsoft cloud services have undergone independent, Third-party Federal Risk and Authorization Management program(FedRAMP) Moderate and High Baseline audits, and are certified according to FeRAMP standards. Office 365 is certified to the objectives specified in the NIST CSF.
• Service Organization control (SOC) 1,2 and 3
  • Microsoft cloud services are audited at least annually according to the SOC report framework by independent auditors.
• EU model Clauses
  • Microsoft Offers customer EU standard contractual clauses the provides contractual guarantees around transfer of personal data outside of the EU.Microsoft is the first company to receive joint approval from the EU ‘s Article 29 working party that the contractual privacy protections  Azure deliver to its enterprise cloud customers meet current EU standards for international transfer of data. This ensure that Azure customers can use Microsoft services to move data freely through Microsoft cloud rom Europe to the rest of the world.

 

Benefits of Cloud Computing – Cloud Computing – Part 2

Benefits of Cloud Computing

1. Cost effective
   • Its has pay as you go or consumption based pricing model
   • No upfront infrastructure cost
   • No need to purchase or manage costly infrastructure
   • Based on needs resources can be added or remove which are no longer required
2. Scalable
   • Its supports  both vertical and horizontal scaling
     • Vertical Scaling – known as ‘Scaling up’ is the process of adding resources to increase the power of an existing server.example of vertical scaling is adding more CPUs or memory
     • Horizontal Scaling – know as ‘Scaling out’is the process of adding more servers that function together as one unit. example more than one server processing request together.
3. Elastic
   • Based on the workload it automatically adding or removing the resources. Example is website that gain attention overnight because of some article published. Then it automatically assign more computing resources to handle the increased traffic. When traffic is normal than cloud automatically de-allocate the resources.
4. Reliable
   • Its reliable because it available globally and uptime is 100% for the services.
5. Global
   • Cloud providers  have fully loaded data centers across the globe on different locations.
6. Secure
   • Cloud is secure than locally manage services because cloud providers offer wide range of policies, technologies, control and expert technical skills to manage the digital security. Cloud providers invest heavily in the security sector, as walls, electronic gates, cameras to protect physical assets.

 

Cloud Computing Services – Cloud Computing

There are two most common cloud services

1. Computer Power
2. Storage

Computer Power:

There operations speed performed on any machine (sending an email, processing some application data etc) depend on the computer power of the machine. The power required to perform operations on the cloud are reffered to as a compute power.

Two popular options in the computing services

• Containers
• Serverless computing

What are containers?

Containers provide a consistent, isolated execution environment for applications. They’re similar to VMs except they don’t require a guest operating system. Instead, the application and all its dependencies is packaged into a “container” and then a standard runtime environment is used to execute the app. This allows the container to start up in just a few seconds because there’s no OS to boot and initialize. You only need the app to launch.

The open-source project, Docker, is one of the leading platforms for managing containers. Docker containers provide an efficient, lightweight approach to application deployment because they allow different components of the application to be deployed independently into different containers. Multiple containers can be run on a single machine, and containers can be moved between machines. The portability of the container makes it easy for applications to be deployed in multiple environments, either on-premises or in the cloud, often with no changes to the application.

What is serverless computing?

Serverless computing lets you run application code without creating, configuring, or maintaining a server. The core idea is that your application is broken into separate functions that run when triggered by some action. This is ideal for automated tasks – for example, you can build a serverless process that automatically sends an email confirmation after a customer makes an online purchase.

The serverless model differs from VMs and containers in that you only pay for the processing time used by each function as it executes. VMs and containers are charged while they’re running – even if the applications on them are idle. This architecture doesn’t work for every app – but when the app logic can be separated to independent units, you can test them separately, update them separately, and launch them in microseconds, making this approach the fastest option for deployment.

Here’s a diagram comparing the three compute approaches we’ve covered.

 

 

Storage

Most devices and applications read and/or write data. Here are some examples:

• Buying a movie ticket online
• Looking up the price of an online item
• Taking a picture
• Sending an email
• Leaving a voicemail

In all of these cases, data is either read (looking up a price) or written (taking a picture). The type of data and how it’s stored can be different in each of these cases.

Cloud providers typically offer services that can handle all of these types of data. For example, if you wanted to store text or a movie clip, you could use a file on disk. If you had a set of relationships such as an address book, you could take a more structured approach like using a database.

The advantage to using cloud-based data storage is you can scale to meet your needs. If you find that you need more space to store your movie clips, you can pay a little more and add to your available space. In some cases, the storage can even expand and contract automatically – so you pay for exactly what you need at any given point in time.

Summary

Every business has different needs and requirements. Cloud computing is flexible and cost-efficient, which can be beneficial to every business, whether it’s a small start-up or a large enterprise.

What is Cloud Computing? – Cloud Computing – Part 1

Basic understanding Cloud Computing

Cloud computing is renting resources, like storage space or cpu cycles on another company computer.

Companies that provided cloud services are reffered to as a cloud providers for exampleGoogle, Amazon and Microsoft.

Cloud providers are responsible for Physical hardware that require to execute the work.

Typical services provide by cloud providers:

 

Compute power: such as servers and web applciation

Storage: Such as databases and files

Networking: Secure connections between cloud providers and your company

Analytics: Visual representation of perfomrnace and telemetry data