Industry Insights from Our Experts

Tag Archives: public

Canadian Cloud Law

Comments Off
Filed under Cloud Practice

(re-post from the blog of PaulSPatterson.com)

One of my favorite sites these days is David T.S. Fraser’s Canadian Cloud Law Blog (www.cloudlawyer.ca). I can easily answer objections related to using cloud services; especially from people here in Canada. However, I am just one person, and having resources such as David’s blog certainly helps add credibility to the objection handling in my cloud context conversations.

If you are a Canadian organization, or doing business with a Canadian organization, then I encourage you to visit David’s blog. If anything, browse through the Cloud Computing Privacy FAQ on the site. The information on the FAQ is fantastic, and is a great reference point for further cloud privacy conversations.

Remember, using the cloud is not an all-or-nothing proposition. There are private and hybrid cloud opportunities that will address privacy concerns, while still offering real value to the organization. Canadian enterprises specifically can take advantage of these types of integrated cloud scenarios to benefit in ways that will offer a great return.

Data is just a part of the overall solution. Keeping data on-premise while leveraging public cloud services to offload processing, for example, is one scenario that has been proven to be successful. Keeping the data private and within the organizational boundaries keeps data concerns private. Leveraging the elastic nature of cloud services to take care of “spinning up” services when needed takes the load of otherwise important internal IT infrastructure. Data doesn’t need to be stored externally, and when the data is used it is compressed and encrypted for use by external services but not stored externally.

There are plenty of options and opportunities for Canadian enterprises to leverage the cloud. Feel free to send me a note, or contact me directly, with whatever questions or conversations you have. I love talking about this stuff.

Curious to know more about what the cloud means to Canadian organizations? I’d be more than happy to chat about it.


Organizational Control and Public Cloud Services

Comments Off
Filed under Cloud Practice

(…a re-post from PaulSPatterson.com)

In my journey of public cloud security enlightenment, I’ve been hording a wealth of reference material. One of the things I’ve found is a terrific article titled, “Cloud Computing Security in the Enterprise”  by Dan Blum, a former VP Distinguished Analyst at Gartner. In it is a section that talks about how new security management  thinking must take place when an organization looks at public cloud services.

It is important that organizations understand the risks in adopting the use of public cloud services. Legislation, regulatory requirements, and organization policies and procedures will not change as quickly as the cloud evolves. Embarking on a cloud strategy means an organization is subject to threats above and beyond what it is already exposed to. Organizations need to understand how risks transfer to the cloud when investigating cloud service arrangements.

The more an organization leverages public cloud services, the more control shifts from the organization, to the cloud service provider. For example, a solution architecture that is completely deployed on premise means the organization has, for the most part, complete control of the deployment. At the other extreme is an solution that is entirely hosted by an external service provider, whereby the control of the deployment is mostly, of not entirely, controlled by the service provider.

The following diagram illustrates the comparative control models that is typical of a organizations cloud environment, moving from a on premise scenario, to a public cloud services scenario.

When it comes to the service provider having all the control, the organization takes on more of a monitoring and feedback focus. What does this mean in terms of public cloud governance? I don’t know yet – that something I’m still learning about. However I find this information about how the security control model changes the more a cloud architecture moves from a on premise cloud scenario to a public cloud.

Are you considering cloud services? Let us know, we can help.

Copyright 2017 by Quercus Solutions