{"ID":101011,"post_author":"26","post_date":"2023-08-16 14:00:48","post_date_gmt":"2023-08-16 18:00:48","post_content":"","post_title":"Choosing and Implementing a Cloud-based Service for Your Laboratory","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"choosing-and-implementing-a-cloud-based-service-for-your-laboratory","to_ping":"","pinged":"","post_modified":"2023-08-16 17:12:36","post_modified_gmt":"2023-08-16 21:12:36","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.limsforum.com\/?post_type=ebook&p=101011","menu_order":0,"post_type":"ebook","post_mime_type":"","comment_count":"0","filter":"","holland":null,"_ebook_metadata":{"enabled":"on","private":"0","guid":"1B2C446F-89D6-4707-8F89-3FD4E78A8F53","title":"Choosing and Implementing a Cloud-based Service for Your Laboratory","subtitle":"Second Edition","cover_theme":"nico_3","cover_image":"https:\/\/www.limsforum.com\/wp-content\/plugins\/rdp-ebook-builder\/pl\/cover.php?cover_style=nico_3&subtitle=Second+Edition&editor=Shawn+Douglas&title=Choosing+and+Implementing+a+Cloud-based+Service+for+Your+Laboratory&title_image=https%3A%2F%2Fs3.limsforum.com%2Fwww.limsforum.com%2Fwp-content%2Fuploads%2FCloud-computing-1.gif&publisher=LabLynx+Press","editor":"Shawn Douglas","publisher":"LabLynx Press","author_id":"26","image_url":"https:\/\/s3.limsforum.com\/www.limsforum.com\/wp-content\/uploads\/Cloud-computing-1.gif","items":{"9cc8b0dd65d5032d00360743f6ef5b8c_type":"article","9cc8b0dd65d5032d00360743f6ef5b8c_title":"RFI questions for MSSPs","9cc8b0dd65d5032d00360743f6ef5b8c_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs","9cc8b0dd65d5032d00360743f6ef5b8c_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/RFI questions for MSSPsFrom LIMSWikiJump to navigationJump to search-----Return to the beginning of this guide-----\n\r\n\n\n Appendix 3. An RFI\/RFP for evaluating managed security services providers (MSSPs) \nWhether conducting the request for information (RFI) or request for proposal (RFP) process, a quality set of questions for potential vendors to respond to provides a solid base for helping evaluate and narrow down a vendor for your service. The RFI in particular is good for this sort of \"fact finding,\" acting as an ideal means for learning more about a potential solution and how it can solve your problems, or when you're not even sure how to solve your problem yet. However, the RFI should not be unduly long and tedious to complete for prospective vendors; it should be concise, direct, and honest. This means not only presenting a clear and humble vision of your own organization and its goals, but also asking just the right amount of questions to allow potential vendors to demonstrate their expertise and provide a clearer picture of who they are. Some take a technical approach to an RFI, using dense language and complicated spreadsheets for fact finding. However, vendors appreciate a slightly more inviting approach, with practical questions or requests that are carefully chosen because they matter to you.[1]\nWhat follows are a carefully selected set of \"questions\" for managed security services providers (MSSPs) posed as, well, requests for information. This collection of questions is admittedly long. Keeping with advice about maintaining a concise RFI, you may not use all of these as part of your RFI process. Remember that an RFI is not meant to answer all of your questions, but rather is meant as a means to help narrow down your search to a few quality candidates while learning more about each other.[1] Feel free to narrow this list down to those questions that are most important to you as part of this fact finding mission.\nSources used to compile this selection of RFI questions include:\n\nExpel's \"12 revealing questions to ask when evaluating an MSSP or MDR vendor\"[2]\nNTT Security's How to Write an MSSP RDP whitepaper[3]\nSecureworks' RFI\/RFP template[4]\nSolutionary's RFP\/RFI Questions for Managed Security Services whitepaper[5]\nThe U.S. Department of State's Bureau of Diplomatic Security's 2020 RFI requesting MSSP services[6][dead link ] \n\r\n\n\n RFI\/RFP introduction \nIf you're conducting a full RFI or RFP, you're going to lead with the standard components of an RFI or RFP, including:\n\na table of contents;\nan honest introduction and overview of your organization, its goals and problems, and the services sought to solve them;\ndetails on how the RFI or RFP evaluation process will be conducted;\nbasis for award (if an RFP);\nthe calendar schedule (including times) for related events;\nhow to submit the document and any related questions about it, including response format; and\nyour organization's background, business requirements, and current technical environment.\n\r\n\n\nOrganization basics \nPrimary business objectives \nPlease describe the primary business objectives for your organization.\n\r\n\n\r\n\n\r\n\n\nOrganization history \nPlease give some background on your organization's history, including how long it has been offering managed security services (MSSs).\n\r\n\n\r\n\n\r\n\n\nFinancial stability \nPlease provide information concerning the financial stability of your organization. If your organization is public, please include relevant documents such as annual reports and supporting financial statements. If private, please include documentation that supports the representation of your organization as a stable, profitable, and sustainable one. If not profitable, please provide details about your organization's path towards profitability. \n\r\n\n\r\n\n\r\n\n\nManaged security services offered \nPlease describe the primary MSSs offered by your organization, particularly any of which may be relevant based upon our company's stated needs. If the services are tiered, explain the different levels of service and any significant exceptions and differences separating the levels.\n\r\n\n\r\n\n\r\n\n\nDetails about those managed security services \nPlease provide details about:\n\nnumber of MSSs clients specifically using your organization's device management, security monitoring, vulnerability testing, log management, and other security-based managed services;\nhow long each of your organization's MSSs has been offered;\nthe growth rate of your organization's MSSs over the prior fiscal year;\nhow your organization's MSSs or your organization overall are ranked by top research firms such as Gartner and Forrester; and\nany awards received for your organization's MSSs.\n\r\n\n\r\n\n\r\n\n\nVision and investment in those managed security services \nPlease provide details about the vision and future direction for choosing, developing, and implementing new in-house or third-party technologies as part of your organization's MSS initiative. Additionally, discuss the level of investment made by your organization\u2014including in-house research and development\u2014towards solving emerging cybersecurity challenges and improving your clients' return on investment (ROI).\n\r\n\n\r\n\n\r\n\n\nExperience and references \nPlease provide details on:\n\nhow many clients you provide (or have provided) MSS to in our organization's industry;\nwhether any of them are willing to act as references for your services;\nwhat experience your organization has in meeting the unique security monitoring requirements of our industry;\nany examples of clients being a learning source for improving your service; and\nany whitepapers, reports, etc. authored by your organization that are relevant to our industry.\n\r\n\n\r\n\n\r\n\n\n Infrastructure, security, and related policies \nInternal security policy and procedure \nPlease describe your internal policy and procedure (P&P) regarding security within your organization, including any standards your organization has adopted as part of that P&P. Address any ancillary security policies regarding, e.g., acceptable use of technology, remote and from-home work, and security awareness training.\n\r\n\n\r\n\n\r\n\n\nBusiness continuity and disaster recovery policy \nPlease describe your organization's P&P regarding business continuity and disaster recovery.\n\r\n\n\r\n\n\r\n\n\nSecurity operation centers and related infrastructure \nDoes your organization use security operation centers (SOCs) to support its MSSs? If so, please provide details about:\n\nwhether or not you own and manage the SOCs;\nwhere the primary and secondary SOCs are located;\nwhere our data will be located;\nwhat specifications are used for data in transit and at rest;\nwhether or not all SOCs are \"always on\" and available;\nwhat level of redundancy is implemented within the SOCs;\nhow that redundancy limits service interruptions should an SOC go offline;\nwhat level of scalability is available to clients with growth or contraction states; and\nwhat qualifications and certifications apply to each SOC.\n\r\n\n\r\n\n\r\n\n\nPhysical security at security operation centers \nPlease describe the physical security (e.g., locks, badges, physical security perimeters, surveillance systems, etc.) and continuity measures (e.g., fire suppression, backup power, etc.) put in place at your organization's SOCs. Also address visitor procedures and how they are conducted. How are unauthorized access attempts at SOCs responded to?\n\r\n\n\r\n\n\r\n\n\nStaffing at security operation centers \nPlease describe the staffing procedures at these SOCs, including what percentage of overall staff is dedicated purely to delivering and managing MSS activities and accounts. Clearly define any implemented classifications of staff based on level of support or data sensitivity, as well as any related certifications and training required at each support or data sensitivity level. Are contractors treated any differently? Finally, describe what background checks or screening procedures, if any, are implemented towards any individual related to your organization's MSSs.\n\r\n\n\r\n\n\r\n\n\nIndependent infrastructure review \nIf your organization has received an independent review of its MSS infrastructure and services (e.g., SSAE 16), please provide details of this review, preferably with the full report, but if not, with critical details such as who, what, when, where, scope, frequency of testing, and a summary. If your organization has not completed such an independent review, please provide details of any plans or ongoing efforts towards such a review.\n\r\n\n\r\n\n\r\n\n\nInternal infrastructure review \nIf your organization has performed an internal review of its MSS infrastructure and services, please provide details of this review, with critical details such as who, what, when, where, scope, frequency of testing, and a summary. If your organization has not completed such an internal review, please provide details of any plans or ongoing efforts towards such a review.\n\r\n\n\r\n\n\r\n\n\nAuditing of your operations \nIf the results of your independent and\/or internal review cannot be shared, will your organization allow us to\u2014on our own or through a third party\u2014audit your operations, with the goal of determining the appropriateness of your organization's implemented safeguards?\n\r\n\n\r\n\n\r\n\n\nAuditing of client data \nPlease describe how your organization handles requests from outside entities for client data and notifies clients when such requests are made. If subpoenas, court orders, search warrants, or other law enforcement actions were to take place, describe how you would maintain any privileged, confidential, or otherwise sensitive information as being protected. Do you have legal representation should these issues arise?\n\r\n\n\r\n\n\r\n\n\nService: Threat intelligence \nResearch team \nIf your organization has a research team dedicated to threats and vulnerabilities, please describe the team, how it's integrated with an SOC's operations, and what services that team supports beyond research. If the research team has a mission, please state that mission. \n\r\n\n\r\n\n\r\n\n\nThreat detection \nPlease describe the information sources the research team uses to gather threat intelligence. Provide specifics about any anomaly detection, behavioral analysis, malicious host detection, signature analysis, and volume analysis detection methods.\n\r\n\n\r\n\n\r\n\n\nUse of and access to threat intelligence \nPlease describe how gathered threat intelligence is analyzed and validated. Additionally, describe how that analyzed and validated threat intelligence is used in the management and monitoring of our devices and data. Finally, please describe what level of visibility and access a client has into this intelligence, as well as the research team itself.\n\r\n\n\r\n\n\r\n\n\nExamples of action on threat intelligence \nPlease provide examples of how threat intelligence generated by your organization's research team (or someone else) has been effectively used to protect clients. Also provide examples of organization white papers, use cases, threat reports, or internal write-ups (if available) regarding threat intelligence and its effective use.\n\r\n\n\r\n\n\r\n\n\nService: Vulnerability testing \nVulnerability testing basics \nPlease describe the architecture behind any vulnerability testing your organization may conduct, including configuration, scoping, and scheduling capabilities. Also describe the origin of testing protocols used. If your architecture supports web application scanning and testing for database vulnerabilities, please provide important details.\n\r\n\n\r\n\n\r\n\n\nVulnerability identification and confirmation \nPlease describe how vulnerabilities are identified and confirmed. If your organization has a process for identifying and reporting false positives, provide details. Additionally, if a process is in place to escalate and prioritize confirmed vulnerabilities, please describe it. Finally, is vulnerability data incorporated into overall security monitoring processes, and if so, in what ways? For example, can vulnerability testing results be correlated to other monitoring and analysis data to provide a status of being \"on-target\" or \"off-target,\" along with an impact analysis rating?\n\r\n\n\r\n\n\r\n\n\nVulnerability testing process \nPlease provide details of how vulnerability testing is scheduled and how associated reports are delivered. Additionally, explain whether or not clients can conduct their own vulnerability testing and upload the results to you.\n\r\n\n\r\n\n\r\n\n\nInternal and external testing \nPlease describe whether or not the vulnerability testing process can be run both internally and externally, and if so, on what infrastructure. If your organization provides internal vulnerability scanning as or supports external vulnerability scanning through a PCI Security Standards Council Approved Scanning Vendor (PCI ASV) for quarterly compliance, please provide details.\n\r\n\n\r\n\n\r\n\n\nService: Endpoint protection \nEndpoint protection basics \nPlease describe any managed service your organization provides in regard to endpoint security. Address whether or not service agents must be installed at every endpoint and what bandwidth requirements they may have. Also, please describe whether the endpoint protection service is \"always on\" or acts as a schedules service. Also state what management responsibilities are associated with the service, and by whom.\n\r\n\n\r\n\n\r\n\n\nVisibility and notifications \nPlease provide information about how visible endpoint security is to clients. Describe what types of alerts are given in association with endpoint security and what, if any, remediation recommendations are provided.\n\r\n\n\r\n\n\r\n\n\nData retention \nPlease describe your organization's data retention policies related to endpoint data collected as part of the endpoint protection service.\n\r\n\n\r\n\n\r\n\n\nEndpoint protection features \nPlease describe:\n\nwhether or not threat intelligence is integrated into your endpoint protection service;\nwhat operating system (OS) endpoints are covered by the service; and\nwhat level of remote incident response is supported and whether compromised endpoints can be quickly isolated from your organization's network.\n\r\n\n\r\n\n\r\n\n\nService: Malware protection \nMalware protection basics \nPlease describe any managed service your organization provides in regard to malware protection. Address whether or not your service uses sandboxing technology, and if so, what type.\n\r\n\n\r\n\n\r\n\n\nMalware protection features \nPlease describe:\n\nwhether or not threat intelligence is integrated into your malware protection service;\nwhether or not the service is able to detect malware designed to evade a traditional sandbox; and\nwhether or not the service is able to detect zero-day malware threats.\n\r\n\n\r\n\n\r\n\n\nService level and support \nPlease describe whether or not a \"defense in depth\" approach is taken with malware protection, and if so, whether this is a complimentary part of the service or at additional cost. Additionally, describe your policy about assisting clients with remediation in the event of malware compromising client systems.\n\r\n\n\r\n\n\r\n\n\nService: Overall cloud security \nCompany philosophy or approach \nPlease describe how your cloud services address the ephemeral nature of cloud computing while at the same time helping clients maintain their overall security posture. Explain your organization's approach to its security team, including whether or not a dedicated team of security researchers are utilized. If such a team exists, also explain how that research from that team is incorporated into MSS activities. Finally, describe your team's overall approach to monitoring, analysis, and correlation of security threats, including how automated and human-based analyses are balanced in their approaches and in their handoff to each other.\n\r\n\n\r\n\n\r\n\n\nTechnology and security \nPlease describe:\n\nthe technical architecture of your MSS in the cloud, including any associated hardware and software agents that are installed;\nwhether or not you can manage client devices, and if so, how;\nhow troubleshooting for any managed devices is handled and subsequently validated should changes need to be made;\nwhat firewall performance monitoring your MSS is capable of in the cloud;\nhow managed and monitored intrusion prevention and detection is implemented as part of your MMS;\nhow security mechanisms built into your cloud solutions are activated; and\nwhat integration requirements, if any, exist for securely connecting to data analysis, incident management, or other SOAR (security orchestration, automation, and response) tools.\n\r\n\n\r\n\n\r\n\n\nEvent correlations and rules \nPlease explain how event information can be used within your correlation and rules engine. Additionally, describe whether or not event correlations can be made across multiple client device types, across clients, and by user identity.\n\r\n\n\r\n\n\r\n\n\nVulnerability testing \nPlease describe what agreements, if any, your organization has with CSPs to perform different types of vulnerability assessments on their platforms;\n\r\n\n\r\n\n\r\n\n\nLogging \nPlease describe your approach to collecting, analyzing, correlating, and acting upon cloud log and event data and how you're able to gain visibility into anomalous activity. List the log and event data sources and devices you support by clients and other CSPs. Do you enrich log data with your own contextual elements such as IP reputation scores and GeoIP2 data? Finally, provide background on your organizational policy in regards to retaining and making available collected log and event data.\n\r\n\n\r\n\n\r\n\n\nMonitoring \nIf your MSS provides a cloud monitoring portal to clients, please describe it. Include details on what data is viewable and reportable, as well as whether or not a central dashboard for all types of data is available. If not, explain how are clients are informed of security threats and other service-related activities. Additionally, if a client runs their own red team exercises on their infrastructure, does your organization have the capability of monitoring for and detecting those authorized red team activities, as well as reporting on them?\n\r\n\n\r\n\n\r\n\n\nIncident response \nShould a security threat be identified by your monitoring team, please explain how your incident response team cooperates with the monitoring team for efficiency. Additionally, describe how your incident response team works together with clients during a security incident, including the handling of breach notification.\n\r\n\n\r\n\n\r\n\n\nHybrid and multicloud \nPlease describe how your cloud services and their associated technology enable and improve secure integrations in hybrid and multicloud scenarios.\n\r\n\n\r\n\n\r\n\n\nAncillary services \nPlease describe if your organization is capable of assisting clients with security audits and certifications of their cloud installations. If your organization also provides consulting, technical testing, penetration testing, forensic investigation, and threat remediation services, please describe them, as well as any associated service tiers. How do teams associated with incident response and threat remediation services use their capabilities to provide value to the client?\n\r\n\n\r\n\n\r\n\n\nReporting \nApproach to reporting \nPlease describe your organization's approach to meaningful reporting, including the selection of security metrics. Explain how your MSS reporting provides value to clients by demonstrating security effectiveness and quality return on investment (ROI).\n\r\n\n\r\n\n\r\n\n\nReporting basics \nPlease describe your organization's approach to standard reporting, including details such as:\n\nreport frequency;\naccess and distribution methods (e.g., portal, app, email, SMS);\nformat (e.g., PDF, Excel, HTML);\nauthenticity (i.e., can they be digitally signed and tracked);\nthe structure of the reporting interface;\nwhether or not the reporting interface can integrate with other systems, or vice versa;\nany integration of reporting across different services; and\navailable and requestable report types, including pre-built, customizable, compliance, and regulatory reports.\nIf possible, provide examples such as sample reports or screenshots of your web-based interface. If reports can be customized, provide details of how this is accomplished.\n\r\n\n\r\n\n\r\n\n\nAsset-based and ad-hoc reporting \nPlease explain any asset-based and ad-hoc reporting capabilities available as part of your managed security services. If asset-based reporting is available to clients, describe whether or not the service allows clients to create and group assets, assign criticality levels to them, scan them, and view events related to them. IF ad-hoc reporting is available to clients, describe the request process and turnaround time (TAT) for such reports.\n\r\n\n\r\n\n\r\n\n\nAvailability \nPlease explain how long MSS reports and associated data are accessible after creation, as well as whether or not any of that information is archived.\n\nAccount management and support \nSupport basics \nPlease describe your organizational approach to client support and how that support is structured, including the processes and mechanisms for handling client inquiries and issues. Describe the communication mechanisms primarily and secondarily used for support, including mailed documentation, phone calls, electronic communication, and face-to-face communication. Explain how the escalation process for inquiries and reported issues should be handled.\n\r\n\n\r\n\n\r\n\n\nHelp desk and support ticketing \nPlease indicate what help desk or ticketing functionality is available for clients having MSS-related incident and troubleshooting issues. How should clients go about using such tools to initiate the support process?\n\r\n\n\r\n\n\r\n\n\n Availability, provisioning, and responsiveness \nPlease indicate the availability of your organization's support services, including hours offered. Also indicate who is provisioning the service, whether it's in-house or a third party, and from where the service is provisioned. Note whether or not support services change hands at any point. Finally, describe how support quality is guaranteed at all times, including any guarantees on responsiveness.\n\r\n\n\r\n\n\r\n\n\nClient satisfaction \nPlease describe how your organization measures and reports (including frequency) client satisfaction with support and account services. Describe how deficiencies in client satisfaction are addressed and resolved within the organization.\n\r\n\n\r\n\n\r\n\n\nAncillary services \nPlease indicate whether or not your organization provides value-added support services, and if so what type. Can a dedicated account manager with sufficient technical knowledge be provided, and if so, at what cost?\n\r\n\n\r\n\n\r\n\n\n Service level agreements (SLAs) and contracts \nSLA basics \nPlease describe the details of your SLAs for the various services you provide, including any negotiable aspects of the SLAs. Provide examples. Any relevant measurements and ranges for work performed by you (e.g., service speed, response times, and accuracy) should also be clearly defined and stated. Explain what the cost implications related to any differing service levels are. Finally, explain whether or not your organization provides clients with a 30-day proof of concept test of the services to ensure your organization can prove its marketing and operational claims.\n\r\n\n\r\n\n\r\n\n\nSLA failure \nPlease explain how your organization monitors and measures its compliance with an SLA. Describe what options are available to clients upon your organization failing to meet an agreed-upon SLA.\n\r\n\n\r\n\n\r\n\n\nContract termination \nPlease describe your policy on archiving, deleting, and helping transition client data from any of your systems upon contract termination, including particulars about data formats, deletion methodologies, and transfer methods. Any explanation should include the respective termination rights of both the organization and the client.\n\r\n\n\r\n\n\r\n\n\nService implementation \nImplementation basics \nPlease describe your approach to implementing your MSS for clients. You should address:\n\nthe standard timeframe for implementation and onboarding (overall average or last 10 customers);\nwhether or not a dedicated point of contact will be maintained throughout implementation, to the end of the contract;\nwhat resources clients will require to support the implementation and throughout the contract's duration;\nwhat device and database integrations are supported in an implementation;\nwhether or not unsupported devices and databases can be added for support;\nhow the impact or disruption of client resources is minimized during implementation; and\nwhat your normalization and fine-tuning procedures are.\n\r\n\n\r\n\n\r\n\n\nCompletion and handoff \nPlease describe what steps are taken to ensure the implementation is complete, as well as how the service is handed off to the client afterwards. If your organization provides training and documentation at handoff, describe how this training and documentation is administered, and at what additional cost, if any.\n\r\n\n\r\n\n\r\n\n\nMulti-site implementations \nPlease describe the process used when implementing a service to a client with many geographically dispersed facilities.\n\r\n\n\r\n\n\r\n\n\nPricing \nPricing basics \nPlease describe how your company's pricing and payment models meet industry standard practices (e.g., payment per actual services consumed, per GB of storage, per server, per annual subscription, etc.). Provide pricing estimates and examples based upon the various services provided using a current published catalog, standard market pricing, and\/or web enabled price calculators. Explain how any metered services are clearly reported and billed. Ensure all costs are accurately reflected, including any:\n\nunderlying \"implied\" costs,\ninitial \"stand up\" costs,\nongoing maintenance or subscription costs,\nrenewal-related price increases\ndata download costs, and\ntermination costs.\n\r\n\n\r\n\n\r\n\n\nReferences \n\n\n\u2191 1.0 1.1 Holmes, T.. \"It's a Match: How to Run a Good RFI, RFP, or RFQ and Find the Right Partner\". AllCloud Blog. https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 Korff, Y. (19 February 2019). \"12 revealing questions to ask when evaluating an MSSP or MDR vendor\". Expel blog. Expel, Inc. https:\/\/expel.com\/blog\/12-revealing-questions-when-evaluating-mssp-mdr-vendor\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"How to Write an MSSP RDP\". NTT Security. September 2016. Archived from the original on 08 May 2021. https:\/\/web.archive.org\/web\/20210508224902\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_whitepaper_mssp_rfp_uea_v1 . Retrieved 14 August 2023 .   \n \n\n\u2191 \"Secureworks Guide to Building a Cloud MSSP RFP Template\" (DOCX). Secureworks. Archived from the original on 08 May 2021. https:\/\/web.archive.org\/web\/20210508225741\/https:\/\/pcdnscwx001.azureedge.net\/~\/media\/Files\/US\/White%20Papers\/SecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx?modified=20170714201638 . Retrieved 14 August 2023 .   \n \n\n\u2191 \"RFP\/RFI Questions for Managed Security Services: Sample MSSP RFP Template\". Solutionary, Inc. September 2015. https:\/\/d.docecity.com\/rfp-sample-questions-for-managed-security-services.html . Retrieved 14 August 2023 .   \n \n\n\u2191 U.S. Department of State (24 October 2020). \"Cloud Mission Support Request for Information\". SAM.gov. https:\/\/beta.sam.gov\/opp\/91dc7217b32b459695b27339f4b5d9aa\/view . Retrieved 21 August 2021 .   \n \n\n\n\r\n\n\nCitation information for this chapter \nChapter: Appendix 3. RFI questions for MSSPs\nTitle: Choosing and Implementing a Cloud-based Service for Your Laboratory\nEdition: Second edition\nAuthor for citation: Shawn E. Douglas\nLicense for content: Creative Commons Attribution-ShareAlike 4.0 International\nPublication date: August 2023\n\r\n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 16 August 2023, at 21:09.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 355 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","9cc8b0dd65d5032d00360743f6ef5b8c_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_RFI_questions_for_MSSPs rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_RFI_questions_for_MSSPs skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/RFI questions for MSSPs<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><div align=\"center\">-----Return to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction\" class=\"wiki-link\" data-key=\"a5122d160da552b7fab8ca62d4bc6155\">the beginning<\/a> of this guide-----<\/div>\n<p><br \/>\n<\/p>\n<h1><span id=\"rdp-ebb-Appendix_3._An_RFI\/RFP_for_evaluating_managed_security_services_providers_(MSSPs)\"><\/span><span class=\"mw-headline\" id=\"Appendix_3._An_RFI.2FRFP_for_evaluating_managed_security_services_providers_.28MSSPs.29\">Appendix 3. An RFI\/RFP for evaluating managed security services providers (MSSPs)<\/span><\/h1>\n<p>Whether conducting the request for information (RFI) or request for proposal (RFP) process, a quality set of questions for potential vendors to respond to provides a solid base for helping evaluate and narrow down a vendor for your service. The RFI in particular is good for this sort of \"fact finding,\" acting as an ideal means for learning more about a potential solution and how it can solve your problems, or when you're not even sure how to solve your problem yet. However, the RFI should not be unduly long and tedious to complete for prospective vendors; it should be concise, direct, and honest. This means not only presenting a clear and humble vision of your own organization and its goals, but also asking just the right amount of questions to allow potential vendors to demonstrate their expertise and provide a clearer picture of who they are. Some take a technical approach to an RFI, using dense language and complicated spreadsheets for fact finding. However, vendors appreciate a slightly more inviting approach, with practical questions or requests that are carefully chosen because they matter to you.<sup id=\"rdp-ebb-cite_ref-HolmesItsAMatch_1-0\" class=\"reference\"><a href=\"#cite_note-HolmesItsAMatch-1\">[1]<\/a><\/sup>\n<\/p><p>What follows are a carefully selected set of \"questions\" for managed security services providers (MSSPs) posed as, well, requests for information. This collection of questions is admittedly long. Keeping with advice about maintaining a concise RFI, you may not use all of these as part of your RFI process. Remember that an RFI is not meant to answer all of your questions, but rather is meant as a means to help narrow down your search to a few quality candidates while learning more about each other.<sup id=\"rdp-ebb-cite_ref-HolmesItsAMatch_1-1\" class=\"reference\"><a href=\"#cite_note-HolmesItsAMatch-1\">[1]<\/a><\/sup> Feel free to narrow this list down to those questions that are most important to you as part of this fact finding mission.\n<\/p><p>Sources used to compile this selection of RFI questions include:\n<\/p>\n<ul><li>Expel's \"12 revealing questions to ask when evaluating an MSSP or MDR vendor\"<sup id=\"rdp-ebb-cite_ref-Korff12Rev19_2-0\" class=\"reference\"><a href=\"#cite_note-Korff12Rev19-2\">[2]<\/a><\/sup><\/li>\n<li>NTT Security's <i>How to Write an MSSP RDP<\/i> whitepaper<sup id=\"rdp-ebb-cite_ref-NTTSHowTo16_3-0\" class=\"reference\"><a href=\"#cite_note-NTTSHowTo16-3\">[3]<\/a><\/sup><\/li>\n<li>Secureworks' RFI\/RFP template<sup id=\"rdp-ebb-cite_ref-SWGuideToBuild_4-0\" class=\"reference\"><a href=\"#cite_note-SWGuideToBuild-4\">[4]<\/a><\/sup><\/li>\n<li>Solutionary's <i>RFP\/RFI Questions for Managed Security Services<\/i> whitepaper<sup id=\"rdp-ebb-cite_ref-SolutionaryRFP15_5-0\" class=\"reference\"><a href=\"#cite_note-SolutionaryRFP15-5\">[5]<\/a><\/sup><\/li>\n<li>The U.S. Department of State's Bureau of Diplomatic Security's 2020 RFI requesting MSSP services<sup id=\"rdp-ebb-cite_ref-SAMCloudMiss20_6-0\" class=\"reference\"><a href=\"#cite_note-SAMCloudMiss20-6\">[6]<\/a><\/sup><sup class=\"noprint Inline-Template\"><span style=\"white-space: nowrap;\">[<i><a href=\"https:\/\/en.wikipedia.org\/wiki\/Wikipedia:Link_rot\" class=\"extiw wiki-link\" title=\"wikipedia:Wikipedia:Link rot\" data-key=\"8e73a2ff6f82d88817bdd8ee8b302ab7\"><span title=\" Dead link since 14 August 2023\">dead link<\/span><\/a><\/i>]<\/span><\/sup><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span id=\"rdp-ebb-RFI\/RFP_introduction\"><\/span><span class=\"mw-headline\" id=\"RFI.2FRFP_introduction\">RFI\/RFP introduction<\/span><\/h2>\n<p>If you're conducting a full RFI or RFP, you're going to lead with the standard components of an RFI or RFP, including:\n<\/p>\n<ul><li>a table of contents;<\/li>\n<li>an honest introduction and overview of your organization, its goals and problems, and the services sought to solve them;<\/li>\n<li>details on how the RFI or RFP evaluation process will be conducted;<\/li>\n<li>basis for award (if an RFP);<\/li>\n<li>the calendar schedule (including times) for related events;<\/li>\n<li>how to submit the document and any related questions about it, including response format; and<\/li>\n<li>your organization's background, business requirements, and current technical environment.<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Organization_basics\">Organization basics<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Primary_business_objectives\">Primary business objectives<\/span><\/h3>\n<p>Please describe the primary business objectives for your organization.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Organization_history\">Organization history<\/span><\/h3>\n<p>Please give some background on your organization's history, including how long it has been offering managed security services (MSSs).\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Financial_stability\">Financial stability<\/span><\/h3>\n<p>Please provide information concerning the financial stability of your organization. If your organization is public, please include relevant documents such as annual reports and supporting financial statements. If private, please include documentation that supports the representation of your organization as a stable, profitable, and sustainable one. If not profitable, please provide details about your organization's path towards profitability. \n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Managed_security_services_offered\">Managed security services offered<\/span><\/h3>\n<p>Please describe the primary MSSs offered by your organization, particularly any of which may be relevant based upon our company's stated needs. If the services are tiered, explain the different levels of service and any significant exceptions and differences separating the levels.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Details_about_those_managed_security_services\">Details about those managed security services<\/span><\/h3>\n<p>Please provide details about:\n<\/p>\n<ul><li>number of MSSs clients specifically using your organization's device management, security monitoring, vulnerability testing, log management, and other security-based managed services;<\/li>\n<li>how long each of your organization's MSSs has been offered;<\/li>\n<li>the growth rate of your organization's MSSs over the prior fiscal year;<\/li>\n<li>how your organization's MSSs or your organization overall are ranked by top research firms such as Gartner and Forrester; and<\/li>\n<li>any awards received for your organization's MSSs.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Vision_and_investment_in_those_managed_security_services\">Vision and investment in those managed security services<\/span><\/h3>\n<p>Please provide details about the vision and future direction for choosing, developing, and implementing new in-house or third-party technologies as part of your organization's MSS initiative. Additionally, discuss the level of investment made by your organization\u2014including in-house research and development\u2014towards solving emerging cybersecurity challenges and improving your clients' return on investment (ROI).\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Experience_and_references\">Experience and references<\/span><\/h3>\n<p>Please provide details on:\n<\/p>\n<ul><li>how many clients you provide (or have provided) MSS to in our organization's industry;<\/li>\n<li>whether any of them are willing to act as references for your services;<\/li>\n<li>what experience your organization has in meeting the unique security monitoring requirements of our industry;<\/li>\n<li>any examples of clients being a learning source for improving your service; and<\/li>\n<li>any whitepapers, reports, etc. authored by your organization that are relevant to our industry.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span id=\"rdp-ebb-Infrastructure,_security,_and_related_policies\"><\/span><span class=\"mw-headline\" id=\"Infrastructure.2C_security.2C_and_related_policies\">Infrastructure, security, and related policies<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Internal_security_policy_and_procedure\">Internal security policy and procedure<\/span><\/h3>\n<p>Please describe your internal policy and procedure (P&P) regarding security within your organization, including any standards your organization has adopted as part of that P&P. Address any ancillary security policies regarding, e.g., acceptable use of technology, remote and from-home work, and security awareness training.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Business_continuity_and_disaster_recovery_policy\">Business continuity and disaster recovery policy<\/span><\/h3>\n<p>Please describe your organization's P&P regarding business continuity and disaster recovery.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Security_operation_centers_and_related_infrastructure\">Security operation centers and related infrastructure<\/span><\/h3>\n<p>Does your organization use security operation centers (SOCs) to support its MSSs? If so, please provide details about:\n<\/p>\n<ul><li>whether or not you own and manage the SOCs;<\/li>\n<li>where the primary and secondary SOCs are located;<\/li>\n<li>where our data will be located;<\/li>\n<li>what specifications are used for data in transit and at rest;<\/li>\n<li>whether or not all SOCs are \"always on\" and available;<\/li>\n<li>what level of redundancy is implemented within the SOCs;<\/li>\n<li>how that redundancy limits service interruptions should an SOC go offline;<\/li>\n<li>what level of scalability is available to clients with growth or contraction states; and<\/li>\n<li>what qualifications and certifications apply to each SOC.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Physical_security_at_security_operation_centers\">Physical security at security operation centers<\/span><\/h3>\n<p>Please describe the physical security (e.g., locks, badges, physical security perimeters, surveillance systems, etc.) and continuity measures (e.g., fire suppression, backup power, etc.) put in place at your organization's SOCs. Also address visitor procedures and how they are conducted. How are unauthorized access attempts at SOCs responded to?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Staffing_at_security_operation_centers\">Staffing at security operation centers<\/span><\/h3>\n<p>Please describe the staffing procedures at these SOCs, including what percentage of overall staff is dedicated purely to delivering and managing MSS activities and accounts. Clearly define any implemented classifications of staff based on level of support or data sensitivity, as well as any related certifications and training required at each support or data sensitivity level. Are contractors treated any differently? Finally, describe what background checks or screening procedures, if any, are implemented towards any individual related to your organization's MSSs.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Independent_infrastructure_review\">Independent infrastructure review<\/span><\/h3>\n<p>If your organization has received an independent review of its MSS infrastructure and services (e.g., SSAE 16), please provide details of this review, preferably with the full report, but if not, with critical details such as who, what, when, where, scope, frequency of testing, and a summary. If your organization has not completed such an independent review, please provide details of any plans or ongoing efforts towards such a review.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Internal_infrastructure_review\">Internal infrastructure review<\/span><\/h3>\n<p>If your organization has performed an internal review of its MSS infrastructure and services, please provide details of this review, with critical details such as who, what, when, where, scope, frequency of testing, and a summary. If your organization has not completed such an internal review, please provide details of any plans or ongoing efforts towards such a review.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Auditing_of_your_operations\">Auditing of your operations<\/span><\/h3>\n<p>If the results of your independent and\/or internal review cannot be shared, will your organization allow us to\u2014on our own or through a third party\u2014audit your operations, with the goal of determining the appropriateness of your organization's implemented safeguards?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Auditing_of_client_data\">Auditing of client data<\/span><\/h3>\n<p>Please describe how your organization handles requests from outside entities for client data and notifies clients when such requests are made. If subpoenas, court orders, search warrants, or other law enforcement actions were to take place, describe how you would maintain any privileged, confidential, or otherwise sensitive information as being protected. Do you have legal representation should these issues arise?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Service:_Threat_intelligence\">Service: Threat intelligence<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Research_team\">Research team<\/span><\/h3>\n<p>If your organization has a research team dedicated to threats and vulnerabilities, please describe the team, how it's integrated with an SOC's operations, and what services that team supports beyond research. If the research team has a mission, please state that mission. \n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Threat_detection\">Threat detection<\/span><\/h3>\n<p>Please describe the information sources the research team uses to gather threat intelligence. Provide specifics about any anomaly detection, behavioral analysis, malicious host detection, signature analysis, and volume analysis detection methods.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Use_of_and_access_to_threat_intelligence\">Use of and access to threat intelligence<\/span><\/h3>\n<p>Please describe how gathered threat intelligence is analyzed and validated. Additionally, describe how that analyzed and validated threat intelligence is used in the management and monitoring of our devices and data. Finally, please describe what level of visibility and access a client has into this intelligence, as well as the research team itself.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Examples_of_action_on_threat_intelligence\">Examples of action on threat intelligence<\/span><\/h3>\n<p>Please provide examples of how threat intelligence generated by your organization's research team (or someone else) has been effectively used to protect clients. Also provide examples of organization white papers, use cases, threat reports, or internal write-ups (if available) regarding threat intelligence and its effective use.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Service:_Vulnerability_testing\">Service: Vulnerability testing<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Vulnerability_testing_basics\">Vulnerability testing basics<\/span><\/h3>\n<p>Please describe the architecture behind any vulnerability testing your organization may conduct, including configuration, scoping, and scheduling capabilities. Also describe the origin of testing protocols used. If your architecture supports web application scanning and testing for database vulnerabilities, please provide important details.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Vulnerability_identification_and_confirmation\">Vulnerability identification and confirmation<\/span><\/h3>\n<p>Please describe how vulnerabilities are identified and confirmed. If your organization has a process for identifying and reporting false positives, provide details. Additionally, if a process is in place to escalate and prioritize confirmed vulnerabilities, please describe it. Finally, is vulnerability data incorporated into overall security monitoring processes, and if so, in what ways? For example, can vulnerability testing results be correlated to other monitoring and analysis data to provide a status of being \"on-target\" or \"off-target,\" along with an impact analysis rating?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Vulnerability_testing_process\">Vulnerability testing process<\/span><\/h3>\n<p>Please provide details of how vulnerability testing is scheduled and how associated reports are delivered. Additionally, explain whether or not clients can conduct their own vulnerability testing and upload the results to you.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Internal_and_external_testing\">Internal and external testing<\/span><\/h3>\n<p>Please describe whether or not the vulnerability testing process can be run both internally and externally, and if so, on what infrastructure. If your organization provides internal vulnerability scanning as or supports external vulnerability scanning through a PCI Security Standards Council Approved Scanning Vendor (PCI ASV) for quarterly compliance, please provide details.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Service:_Endpoint_protection\">Service: Endpoint protection<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Endpoint_protection_basics\">Endpoint protection basics<\/span><\/h3>\n<p>Please describe any managed service your organization provides in regard to endpoint security. Address whether or not service agents must be installed at every endpoint and what bandwidth requirements they may have. Also, please describe whether the endpoint protection service is \"always on\" or acts as a schedules service. Also state what management responsibilities are associated with the service, and by whom.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Visibility_and_notifications\">Visibility and notifications<\/span><\/h3>\n<p>Please provide information about how visible endpoint security is to clients. Describe what types of alerts are given in association with endpoint security and what, if any, remediation recommendations are provided.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Data_retention\">Data retention<\/span><\/h3>\n<p>Please describe your organization's data retention policies related to endpoint data collected as part of the endpoint protection service.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Endpoint_protection_features\">Endpoint protection features<\/span><\/h3>\n<p>Please describe:\n<\/p>\n<ul><li>whether or not threat intelligence is integrated into your endpoint protection service;<\/li>\n<li>what operating system (OS) endpoints are covered by the service; and<\/li>\n<li>what level of remote incident response is supported and whether compromised endpoints can be quickly isolated from your organization's network.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Service:_Malware_protection\">Service: Malware protection<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Malware_protection_basics\">Malware protection basics<\/span><\/h3>\n<p>Please describe any managed service your organization provides in regard to malware protection. Address whether or not your service uses sandboxing technology, and if so, what type.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Malware_protection_features\">Malware protection features<\/span><\/h3>\n<p>Please describe:\n<\/p>\n<ul><li>whether or not threat intelligence is integrated into your malware protection service;<\/li>\n<li>whether or not the service is able to detect malware designed to evade a traditional sandbox; and<\/li>\n<li>whether or not the service is able to detect zero-day malware threats.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Service_level_and_support\">Service level and support<\/span><\/h3>\n<p>Please describe whether or not a \"defense in depth\" approach is taken with malware protection, and if so, whether this is a complimentary part of the service or at additional cost. Additionally, describe your policy about assisting clients with remediation in the event of malware compromising client systems.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Service:_Overall_cloud_security\">Service: Overall cloud security<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Company_philosophy_or_approach\">Company philosophy or approach<\/span><\/h3>\n<p>Please describe how your cloud services address the ephemeral nature of cloud computing while at the same time helping clients maintain their overall security posture. Explain your organization's approach to its security team, including whether or not a dedicated team of security researchers are utilized. If such a team exists, also explain how that research from that team is incorporated into MSS activities. Finally, describe your team's overall approach to monitoring, analysis, and correlation of security threats, including how automated and human-based analyses are balanced in their approaches and in their handoff to each other.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Technology_and_security\">Technology and security<\/span><\/h3>\n<p>Please describe:\n<\/p>\n<ul><li>the technical architecture of your MSS in the cloud, including any associated hardware and software agents that are installed;<\/li>\n<li>whether or not you can manage client devices, and if so, how;<\/li>\n<li>how troubleshooting for any managed devices is handled and subsequently validated should changes need to be made;<\/li>\n<li>what firewall performance monitoring your MSS is capable of in the cloud;<\/li>\n<li>how managed and monitored intrusion prevention and detection is implemented as part of your MMS;<\/li>\n<li>how security mechanisms built into your cloud solutions are activated; and<\/li>\n<li>what integration requirements, if any, exist for securely connecting to data analysis, incident management, or other SOAR (security orchestration, automation, and response) tools.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Event_correlations_and_rules\">Event correlations and rules<\/span><\/h3>\n<p>Please explain how event information can be used within your correlation and rules engine. Additionally, describe whether or not event correlations can be made across multiple client device types, across clients, and by user identity.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Vulnerability_testing\">Vulnerability testing<\/span><\/h3>\n<p>Please describe what agreements, if any, your organization has with CSPs to perform different types of vulnerability assessments on their platforms;\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Logging\">Logging<\/span><\/h3>\n<p>Please describe your approach to collecting, analyzing, correlating, and acting upon cloud log and event data and how you're able to gain visibility into anomalous activity. List the log and event data sources and devices you support by clients and other CSPs. Do you enrich log data with your own contextual elements such as IP reputation scores and GeoIP2 data? Finally, provide background on your organizational policy in regards to retaining and making available collected log and event data.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Monitoring\">Monitoring<\/span><\/h3>\n<p>If your MSS provides a cloud monitoring portal to clients, please describe it. Include details on what data is viewable and reportable, as well as whether or not a central dashboard for all types of data is available. If not, explain how are clients are informed of security threats and other service-related activities. Additionally, if a client runs their own red team exercises on their infrastructure, does your organization have the capability of monitoring for and detecting those authorized red team activities, as well as reporting on them?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Incident_response\">Incident response<\/span><\/h3>\n<p>Should a security threat be identified by your monitoring team, please explain how your incident response team cooperates with the monitoring team for efficiency. Additionally, describe how your incident response team works together with clients during a security incident, including the handling of breach notification.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Hybrid_and_multicloud\">Hybrid and multicloud<\/span><\/h3>\n<p>Please describe how your cloud services and their associated technology enable and improve secure integrations in hybrid and multicloud scenarios.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Ancillary_services\">Ancillary services<\/span><\/h3>\n<p>Please describe if your organization is capable of assisting clients with security audits and certifications of their cloud installations. If your organization also provides consulting, technical testing, penetration testing, forensic investigation, and threat remediation services, please describe them, as well as any associated service tiers. How do teams associated with incident response and threat remediation services use their capabilities to provide value to the client?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Reporting\">Reporting<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Approach_to_reporting\">Approach to reporting<\/span><\/h3>\n<p>Please describe your organization's approach to meaningful reporting, including the selection of security metrics. Explain how your MSS reporting provides value to clients by demonstrating security effectiveness and quality return on investment (ROI).\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Reporting_basics\">Reporting basics<\/span><\/h3>\n<p>Please describe your organization's approach to standard reporting, including details such as:\n<\/p>\n<ul><li>report frequency;<\/li>\n<li>access and distribution methods (e.g., portal, app, email, SMS);<\/li>\n<li>format (e.g., PDF, Excel, HTML);<\/li>\n<li>authenticity (i.e., can they be digitally signed and tracked);<\/li>\n<li>the structure of the reporting interface;<\/li>\n<li>whether or not the reporting interface can integrate with other systems, or vice versa;<\/li>\n<li>any integration of reporting across different services; and<\/li>\n<li>available and requestable report types, including pre-built, customizable, compliance, and regulatory reports.<\/li><\/ul>\n<p>If possible, provide examples such as sample reports or screenshots of your web-based interface. If reports can be customized, provide details of how this is accomplished.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Asset-based_and_ad-hoc_reporting\">Asset-based and ad-hoc reporting<\/span><\/h3>\n<p>Please explain any asset-based and ad-hoc reporting capabilities available as part of your managed security services. If asset-based reporting is available to clients, describe whether or not the service allows clients to create and group assets, assign criticality levels to them, scan them, and view events related to them. IF ad-hoc reporting is available to clients, describe the request process and turnaround time (TAT) for such reports.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Availability\">Availability<\/span><\/h3>\n<p>Please explain how long MSS reports and associated data are accessible after creation, as well as whether or not any of that information is archived.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Account_management_and_support\">Account management and support<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Support_basics\">Support basics<\/span><\/h3>\n<p>Please describe your organizational approach to client support and how that support is structured, including the processes and mechanisms for handling client inquiries and issues. Describe the communication mechanisms primarily and secondarily used for support, including mailed documentation, phone calls, electronic communication, and face-to-face communication. Explain how the escalation process for inquiries and reported issues should be handled.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Help_desk_and_support_ticketing\">Help desk and support ticketing<\/span><\/h3>\n<p>Please indicate what help desk or ticketing functionality is available for clients having MSS-related incident and troubleshooting issues. How should clients go about using such tools to initiate the support process?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span id=\"rdp-ebb-Availability,_provisioning,_and_responsiveness\"><\/span><span class=\"mw-headline\" id=\"Availability.2C_provisioning.2C_and_responsiveness\">Availability, provisioning, and responsiveness<\/span><\/h3>\n<p>Please indicate the availability of your organization's support services, including hours offered. Also indicate who is provisioning the service, whether it's in-house or a third party, and from where the service is provisioned. Note whether or not support services change hands at any point. Finally, describe how support quality is guaranteed at all times, including any guarantees on responsiveness.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Client_satisfaction\">Client satisfaction<\/span><\/h3>\n<p>Please describe how your organization measures and reports (including frequency) client satisfaction with support and account services. Describe how deficiencies in client satisfaction are addressed and resolved within the organization.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Ancillary_services_2\">Ancillary services<\/span><\/h3>\n<p>Please indicate whether or not your organization provides value-added support services, and if so what type. Can a dedicated account manager with sufficient technical knowledge be provided, and if so, at what cost?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span id=\"rdp-ebb-Service_level_agreements_(SLAs)_and_contracts\"><\/span><span class=\"mw-headline\" id=\"Service_level_agreements_.28SLAs.29_and_contracts\">Service level agreements (SLAs) and contracts<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"SLA_basics\">SLA basics<\/span><\/h3>\n<p>Please describe the details of your SLAs for the various services you provide, including any negotiable aspects of the SLAs. Provide examples. Any relevant measurements and ranges for work performed by you (e.g., service speed, response times, and accuracy) should also be clearly defined and stated. Explain what the cost implications related to any differing service levels are. Finally, explain whether or not your organization provides clients with a 30-day proof of concept test of the services to ensure your organization can prove its marketing and operational claims.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"SLA_failure\">SLA failure<\/span><\/h3>\n<p>Please explain how your organization monitors and measures its compliance with an SLA. Describe what options are available to clients upon your organization failing to meet an agreed-upon SLA.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Contract_termination\">Contract termination<\/span><\/h3>\n<p>Please describe your policy on archiving, deleting, and helping transition client data from any of your systems upon contract termination, including particulars about data formats, deletion methodologies, and transfer methods. Any explanation should include the respective termination rights of both the organization and the client.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Service_implementation\">Service implementation<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Implementation_basics\">Implementation basics<\/span><\/h3>\n<p>Please describe your approach to implementing your MSS for clients. You should address:\n<\/p>\n<ul><li>the standard timeframe for implementation and onboarding (overall average or last 10 customers);<\/li>\n<li>whether or not a dedicated point of contact will be maintained throughout implementation, to the end of the contract;<\/li>\n<li>what resources clients will require to support the implementation and throughout the contract's duration;<\/li>\n<li>what device and database integrations are supported in an implementation;<\/li>\n<li>whether or not unsupported devices and databases can be added for support;<\/li>\n<li>how the impact or disruption of client resources is minimized during implementation; and<\/li>\n<li>what your normalization and fine-tuning procedures are.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Completion_and_handoff\">Completion and handoff<\/span><\/h3>\n<p>Please describe what steps are taken to ensure the implementation is complete, as well as how the service is handed off to the client afterwards. If your organization provides training and documentation at handoff, describe how this training and documentation is administered, and at what additional cost, if any.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Multi-site_implementations\">Multi-site implementations<\/span><\/h3>\n<p>Please describe the process used when implementing a service to a client with many geographically dispersed facilities.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Pricing\">Pricing<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Pricing_basics\">Pricing basics<\/span><\/h3>\n<p>Please describe how your company's pricing and payment models meet industry standard practices (e.g., payment per actual services consumed, per GB of storage, per server, per annual subscription, etc.). Provide pricing estimates and examples based upon the various services provided using a current published catalog, standard market pricing, and\/or web enabled price calculators. Explain how any metered services are clearly reported and billed. Ensure all costs are accurately reflected, including any:\n<\/p>\n<ul><li>underlying \"implied\" costs,<\/li>\n<li>initial \"stand up\" costs,<\/li>\n<li>ongoing maintenance or subscription costs,<\/li>\n<li>renewal-related price increases<\/li>\n<li>data download costs, and<\/li>\n<li>termination costs.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-HolmesItsAMatch-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-HolmesItsAMatch_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-HolmesItsAMatch_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Holmes, T.. <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/\" target=\"_blank\">\"It's a Match: How to Run a Good RFI, RFP, or RFQ and Find the Right Partner\"<\/a>. <i>AllCloud Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/\" target=\"_blank\">https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=It%27s+a+Match%3A+How+to+Run+a+Good+RFI%2C+RFP%2C+or+RFQ+and+Find+the+Right+Partner&rft.atitle=AllCloud+Blog&rft.aulast=Holmes%2C+T.&rft.au=Holmes%2C+T.&rft_id=https%3A%2F%2Fallcloud.io%2Fblog%2Fits-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Korff12Rev19-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Korff12Rev19_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Korff, Y. (19 February 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/expel.com\/blog\/12-revealing-questions-when-evaluating-mssp-mdr-vendor\/\" target=\"_blank\">\"12 revealing questions to ask when evaluating an MSSP or MDR vendor\"<\/a>. <i>Expel blog<\/i>. Expel, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/expel.com\/blog\/12-revealing-questions-when-evaluating-mssp-mdr-vendor\/\" target=\"_blank\">https:\/\/expel.com\/blog\/12-revealing-questions-when-evaluating-mssp-mdr-vendor\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=12+revealing+questions+to+ask+when+evaluating+an+MSSP+or+MDR+vendor&rft.atitle=Expel+blog&rft.aulast=Korff%2C+Y.&rft.au=Korff%2C+Y.&rft.date=19+February+2019&rft.pub=Expel%2C+Inc&rft_id=https%3A%2F%2Fexpel.com%2Fblog%2F12-revealing-questions-when-evaluating-mssp-mdr-vendor%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NTTSHowTo16-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTSHowTo16_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210508224902\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_whitepaper_mssp_rfp_uea_v1\" target=\"_blank\">\"How to Write an MSSP RDP\"<\/a>. NTT Security. September 2016. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_whitepaper_mssp_rfp_uea_v1\" target=\"_blank\">the original<\/a> on 08 May 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210508224902\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_whitepaper_mssp_rfp_uea_v1\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210508224902\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_whitepaper_mssp_rfp_uea_v1<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+to+Write+an+MSSP+RDP&rft.atitle=&rft.date=September+2016&rft.pub=NTT+Security&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210508224902%2Fhttps%3A%2F%2Fwww.nttsecurity.com%2Fdocs%2Flibrariesprovider3%2Fresources%2Fus_whitepaper_mssp_rfp_uea_v1&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SWGuideToBuild-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SWGuideToBuild_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210508225741\/https:\/\/pcdnscwx001.azureedge.net\/~\/media\/Files\/US\/White%20Papers\/SecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx?modified=20170714201638\" target=\"_blank\">\"Secureworks Guide to Building a Cloud MSSP RFP Template\"<\/a> (DOCX). Secureworks. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/pcdnscwx001.azureedge.net\/~\/media\/Files\/US\/White%20Papers\/SecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx?modified=20170714201638\" target=\"_blank\">the original<\/a> on 08 May 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210508225741\/https:\/\/pcdnscwx001.azureedge.net\/~\/media\/Files\/US\/White%20Papers\/SecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx?modified=20170714201638\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210508225741\/https:\/\/pcdnscwx001.azureedge.net\/~\/media\/Files\/US\/White%20Papers\/SecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx?modified=20170714201638<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Secureworks+Guide+to+Building+a+Cloud+MSSP+RFP+Template&rft.atitle=&rft.pub=Secureworks&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210508225741%2Fhttps%3A%2F%2Fpcdnscwx001.azureedge.net%2F%7E%2Fmedia%2FFiles%2FUS%2FWhite%2520Papers%2FSecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx%3Fmodified%3D20170714201638&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SolutionaryRFP15-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SolutionaryRFP15_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/d.docecity.com\/rfp-sample-questions-for-managed-security-services.html\" target=\"_blank\">\"RFP\/RFI Questions for Managed Security Services: Sample MSSP RFP Template\"<\/a>. Solutionary, Inc. September 2015<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/d.docecity.com\/rfp-sample-questions-for-managed-security-services.html\" target=\"_blank\">https:\/\/d.docecity.com\/rfp-sample-questions-for-managed-security-services.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=RFP%2FRFI+Questions+for+Managed+Security+Services%3A+Sample+MSSP+RFP+Template&rft.atitle=&rft.date=September+2015&rft.pub=Solutionary%2C+Inc&rft_id=https%3A%2F%2Fd.docecity.com%2Frfp-sample-questions-for-managed-security-services.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SAMCloudMiss20-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SAMCloudMiss20_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">U.S. Department of State (24 October 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/beta.sam.gov\/opp\/91dc7217b32b459695b27339f4b5d9aa\/view\" target=\"_blank\">\"Cloud Mission Support Request for Information\"<\/a>. <i>SAM.gov<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/beta.sam.gov\/opp\/91dc7217b32b459695b27339f4b5d9aa\/view\" target=\"_blank\">https:\/\/beta.sam.gov\/opp\/91dc7217b32b459695b27339f4b5d9aa\/view<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 21 August 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Mission+Support+Request+for+Information&rft.atitle=SAM.gov&rft.aulast=U.S.+Department+of+State&rft.au=U.S.+Department+of+State&rft.date=24+October+2020&rft_id=https%3A%2F%2Fbeta.sam.gov%2Fopp%2F91dc7217b32b459695b27339f4b5d9aa%2Fview&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Citation_information_for_this_chapter\">Citation information for this chapter<\/span><\/h2>\n<p><b>Chapter<\/b>: Appendix 3. RFI questions for MSSPs\n<\/p><p><b>Title<\/b>: <i>Choosing and Implementing a Cloud-based Service for Your Laboratory<\/i>\n<\/p><p><b>Edition<\/b>: Second edition\n<\/p><p><b>Author for citation<\/b>: Shawn E. Douglas\n<\/p><p><b>License for content<\/b>: <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/\" target=\"_blank\">Creative Commons Attribution-ShareAlike 4.0 International<\/a>\n<\/p><p><b>Publication date<\/b>: August 2023\n<\/p><p><br \/>\n<\/p>\n<!-- \nNewPP limit report\nCached time: 20230816210909\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.156 seconds\nReal time usage: 0.217 seconds\nPreprocessor visited node count: 4270\/1000000\nPost\u2010expand include size: 61206\/2097152 bytes\nTemplate argument size: 16147\/2097152 bytes\nHighest expansion depth: 19\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 10257\/5000000 bytes\nLua time usage: 0.030\/7 seconds\nLua virtual size: 5328896\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 174.138 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs\n100.00% 174.138 1 -total\n 53.85% 93.767 1 Template:Dead_link\n 52.34% 91.140 1 Template:Fix\n 45.22% 78.742 1 Template:Category_handler\n 41.08% 71.531 1 Template:Reflist\n 32.67% 56.896 6 Template:Cite_web\n 28.94% 50.394 6 Template:Citation\/core\n 6.52% 11.357 4 Template:Date\n 5.23% 9.105 1 Template:Cat_handler\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12985-0!canonical and timestamp 20230816210911 and revision id 52911. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","9cc8b0dd65d5032d00360743f6ef5b8c_images":[],"9cc8b0dd65d5032d00360743f6ef5b8c_timestamp":1692220364,"ed9df165f2657d5bb145909d714c2690_type":"article","ed9df165f2657d5bb145909d714c2690_title":"RFI questions for cloud providers","ed9df165f2657d5bb145909d714c2690_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers","ed9df165f2657d5bb145909d714c2690_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/RFI questions for cloud providersFrom LIMSWikiJump to navigationJump to search-----Return to the beginning of this guide-----\n\r\n\n\n Appendix 3. An RFI\/RFP for evaluating cloud service providers (CSPs) \nWhether conducting the request for information (RFI) or request for proposal (RFP) process, a quality set of questions for potential vendors to respond to provides a solid base for helping evaluate and narrow down a vendor for your service. The RFI in particular is good for this sort of \"fact finding,\" acting as an ideal means for learning more about a potential solution and how it can solve your problems, or when you're not even sure how to solve your problem yet. However, the RFI should not be unduly long and tedious to complete for prospective vendors; it should be concise, direct, and honest. This means not only presenting a clear and humble vision of your own organization and its goals, but also asking just the right amount of questions to allow potential vendors to demonstrate their expertise and provide a clearer picture of who they are. Some take a technical approach to an RFI, using dense language and complicated spreadsheets for fact finding. However, vendors appreciate a slightly more inviting approach, with practical questions or requests that are carefully chosen because they matter to you.[1]\nWhat follows are a carefully selected set of \"questions\" for cloud computing and cloud-related providers posed as, well, requests for information. This collection of questions is admittedly long. Keeping with advice about maintaining a concise RFI, you may not use all of these as part of your RFI process. Remember that an RFI is not meant to answer all of your questions, but rather is meant as a means to help narrow down your search to a few quality candidates while learning more about each other.[1] Feel free to narrow this list down to those questions that are most important to you as part of this fact finding mission.\nSources used to compile this selection of RFI questions include the six sources from section 6.4 (including APHL, Interfocus, Lab Manager, LBMC, and Thomson Reuters)[2][3][4][5][6][7], the five sources from the managed security services provider (MSSP) RFI\/RFP template included in Appendix 3 of this guide (there's a lot of crossover, actually)[8][9][10][11][12][dead link ] , and the following:\n\nCloud Security Alliance's Cloud Controls Matrix v4[13]\nIreland's Office of Government Procurement Cloud Services Procurement Guidance Note[14]\nU.S. Internal Revenue Service RFI Cloud Response document[15]\n\r\n\n\n RFI\/RFP introduction \nIf you're conducting a full RFI or RFP, you're going to lead with the standard components of an RFI or RFP, including:\n\na table of contents;\nan honest introduction and overview of your organization, its goals and problems, and the services sought to solve them;\ndetails on how the RFI or RFP evaluation process will be conducted;\nbasis for award (if an RFP);\nthe calendar schedule (including times) for related events;\nhow to submit the document and any related questions about it, including response format; and\nyour organization's background, business requirements, and current technical environment.\n\r\n\n\nOrganization basics \nPrimary business objectives \nPlease describe the primary business objectives for your organization.\n\r\n\n\r\n\n\r\n\n\nOrganization history \nPlease give some background on your organization's history, including how long it has been offering cloud computing services.\n\r\n\n\r\n\n\r\n\n\nFinancial stability \nPlease provide information concerning the financial stability of your organization. If your organization is public, please include relevant documents such as annual reports and supporting financial statements. If private, please include documentation that supports the representation of your organization as a stable, profitable, and sustainable one. If not profitable, please provide details about your organization's path towards profitability. \n\r\n\n\r\n\n\r\n\n\nCloud services offered \nPlease describe the primary cloud computing or cloud-related services (e.g., software as a service or SaaS) offered by your organization, particularly any of which may be relevant based upon our company's stated needs. If the services are tiered, explain the different levels of service and any significant exceptions and differences separating the levels. Don't forget to describe the capabilities of your hybrid and multicloud offerings.\n\r\n\n\r\n\n\r\n\n\nExpected level of integration or interoperability \nPlease describe how you anticipate your cloud solutions being able to readily integrate or have base interoperability with a client's systems and business processes, while making it easier for the client to perform their tasks in the cloud.\n\r\n\n\r\n\n\r\n\n\nDetails about those cloud services \nPlease provide details about:\n\nnumber of clients specifically using your organization's cloud computing or cloud-related services;\nhow long each of those services has been offered;\nthe growth rate of those services over the prior fiscal year;\nthe average historical downtime of a given cloud service;\nhow those services or your organization overall are ranked by top research firms such as Gartner and Forrester; and\nany awards received for your organization's cloud computing or cloud-related services.\n\r\n\n\r\n\n\r\n\n\nVision and investment in those cloud services \nPlease provide details about the vision and future direction for choosing, developing, and implementing new in-house or third-party technologies as part of your organization's cloud computing initiative. Additionally, discuss the level of investment made by your organization towards researching, adopting, and integrating newer, more secure technologies and processes into your organization's operations.\n\r\n\n\r\n\n\r\n\n\nExperience and references \nPlease provide details on:\n\nhow many clients you provide (or have provided) cloud computing and cloud-related services to in our organization's industry;\nwhether any of them are willing to act as references for your services;\nwhat experience your organization has in meeting the unique regulatory requirements of our industry;\nany examples of clients being a learning source for improving your service; and\nany whitepapers, reports, etc. authored by your organization that are relevant to our industry.\n\r\n\n\r\n\n\r\n\n\n Infrastructure, security, and related policies \nInternal security policy and procedure \nPlease describe your internal policy and procedure (P&P) regarding security within your organization, including any standards your organization has adopted as part of that P&P. Address any ancillary security policies regarding, e.g., acceptable use of technology, remote and from-home work, and security awareness training.\n\r\n\n\r\n\n\r\n\n\nBusiness continuity and disaster recovery policy \nPlease describe your organization's P&P regarding business continuity and disaster recovery.\n\r\n\n\r\n\n\r\n\n\nData centers and related infrastructure \nPlease describe how your organization organizes its data centers and related infrastructure to optimally provide its cloud computing and cloud-related services. Additionally, address concerns about:\n\nwhether or not your organization owns and manages the data centers;\nwhere those data centers are located;\nwhere our data will be located;\nwhat specifications and encryption types are used for in-transit and at-rest data;\nwhat level of availability is guaranteed for each data center;\nwhat level of redundancy is implemented within the data centers;\nwhat disposal and data destruction policies are in place for end-of-life equipment;\nhow that redundancy limits service interruptions should a particular data center go offline;\nwhat level of cloud-based scalability is available to clients with growth or contraction states; and\nwhat qualifications and certifications apply to each data center.\n\r\n\n\r\n\n\r\n\n\nPhysical security at data centers \nPlease describe the physical security (e.g., locks, badges, physical security perimeters, surveillance systems, etc.) and continuity (e.g., fire suppression, backup power, etc.) measures put in place at your organization's data centers. Also address visitor procedures and how they are conducted. How are unauthorized access attempts at data centers responded to?\n\r\n\n\r\n\n\r\n\n\nStaffing at data centers \nPlease describe the staffing procedures at these data centers, including what percentage of overall staff will actually have authorized access to client data. Clearly define any implemented classifications of staff based on level of support or data sensitivity, as well as any related certifications and training required at each support or data sensitivity level. Are contractors treated any differently? Finally, describe what background checks or screening procedures, if any, are implemented towards any organizational personnel and third-parties (e.g., contractors, service technicians) interacting with systems containing client data.\n\r\n\n\r\n\n\r\n\n\nIndependent infrastructure review \nIf your organization has received an independent review of its cloud infrastructure and services (e.g., SOC 2), please provide details of this review, preferably with the full report, but if not, with critical details such as who, what, when, where, scope, frequency of testing, and a summary. If your organization has not completed such an independent review, please provide details of any plans or ongoing efforts towards such a review.\n\r\n\n\r\n\n\r\n\n\nInternal infrastructure review \nIf your organization has performed an internal review of its cloud infrastructure and services, please provide details of this review, with critical details such as who, what, when, where, scope, frequency of testing, and a summary. If your organization has not completed such an internal review, please provide details of any plans or ongoing efforts towards such a review. If your organization conducts internal \"red team\" or \"attack-and-defense\" exercises, describe them, their frequency, and how resulting information is acted upon.\n\r\n\n\r\n\n\r\n\n\nAuditing of your operations \nIf the results of your independent and\/or internal review cannot be shared, will your organization allow us to\u2014on our own or through a third party\u2014audit your operations, with the goal of determining the appropriateness of your organization's implemented safeguards?\n\r\n\n\r\n\n\r\n\n\nAuditing of client data \nPlease describe how your organization handles requests from outside entities for client data and notifies clients when such requests are made. If subpoenas, court orders, search warrants, or other law enforcement actions were to take place, describe how you would maintain any privileged, confidential, or otherwise sensitive information as being protected. Do you have legal representation should these issues arise?\n\r\n\n\r\n\n\r\n\n\nExtraction of client data \nPlease explain how clients may extract data from your cloud service (i.e., address data portability) on-demand, including particulars about data formats and transfer methods.\n\r\n\n\r\n\n\r\n\n\nBase cloud security \nCompany philosophy or approach \nPlease describe how your cloud services address the ephemeral nature of cloud computing while at the same time helping clients maintain their overall security posture. Explain your organization's approach to its security team, including whether or not a dedicated team of security researchers are utilized. If such a team exists, also explain how that research from that team is incorporated into protecting your organization's cloud solution or infrastructure. Finally, describe your team's overall approach to monitoring, analysis, and correlation of security threats, including how automated and human-based analyses are balanced in their approaches and in their handoff to each other.\n\r\n\n\r\n\n\r\n\n\nPhilosophy or approach to client security \nPlease provide relevant considerations a client should have\u2014and primary risks a client should mitigate\u2014when securing information in your organization's cloud infrastructure. Does a clear \"shared responsibility\" model exist, and if so, how is it effectively communicated to potential and existing clients? If you have documented data security policies, please describe how new and existing clients may access them. Additionally, explain how those policies better ensure client data integrity.\n\r\n\n\r\n\n\r\n\n\nTechnology and security \nPlease describe the organizational and client-based availability and use of cloud security technologies such as:\n\ndevice management tools,\nfirewalls and related performance monitoring tools,\nidentity and access management mechanisms,\nintrusion prevention and detection systems,\nintegration tools, and\nany other security-related analysis and prevention tools (e.g., rules engines).\n\r\n\n\r\n\n\r\n\n\nData storage \nPlease describe how sensitive and regulated data is able to be stored on a machine dedicated to complying with the laws and regulations relevant to the data owner. How is that type of data segregated from other clients' data, and will lapses in security of other clients' data affect our own?\n\r\n\n\r\n\n\r\n\n\n Data transmission, sharing, and transfer \nPlease describe how your cloud services allow for secure transmission and sharing of data across network boundaries, including across other cloud provider environments. Additionally, provide details about any dependencies or technical challenges associated with seamlessly transferring an application, system, or database 1. from a client or third-party cloud environment to your cloud environment and 2. from your cloud environment to another cloud environment. What solutions do you provide towards this seamless transfer?\n\r\n\n\r\n\n\r\n\n\nLogging \nPlease describe your approach to collecting, analyzing, correlating, and acting upon cloud log and event data, particularly in relation to client data and services. Describe how thorough those logs are and provide background on your organizational policy in regards to retaining and making available collected log and event data to clients on-demand. Finally, explain how long those logs and associated data are accessible after creation, as well as whether or not any of that information is kept in secure retention.\n\r\n\n\r\n\n\r\n\n\nMonitoring \nIf your organization has its own cloud infrastructure, please describe how your organization monitors that infrastructure for security purposes. What self-monitoring services and tools are made available to clients, if any? \n\r\n\n\r\n\n\r\n\n\nIncident response and reporting \nShould a security threat be identified by your monitoring activities, please explain how your incident response team cooperates with the monitoring team for efficiency. Additionally, describe how your incident response team works together with clients during a security incident. Provide details on how your organization handles reporting of intrusions, hacks, or other types of breaches to effected clients. Also explain how teams associated with incident response and threat remediation use their capabilities to provide value to the client.\n\r\n\n\r\n\n\r\n\n\nHybrid and multicloud security \nPlease explain how your cloud services and their associated technology enable and improve secure integrations and activities in hybrid and multicloud scenarios.\n\r\n\n\r\n\n\r\n\n\nThreat intelligence \nResearch team \nIf your organization has a research team dedicated to discovering cloud threats and vulnerabilities, please describe the team, how it's integrated with the organization's operations, and what services that team supports beyond research. If the research team has a mission, please state that mission. \n\r\n\n\r\n\n\r\n\n\nThreat detection \nPlease describe the information sources the research team (or, if no research team, the overall security team) uses to gather threat intelligence. Provide specifics about any anomaly detection, behavioral analysis, malicious host detection, signature analysis, and volume analysis detection methods.\n\r\n\n\r\n\n\r\n\n\nUse of and access to threat intelligence \nPlease describe how gathered threat intelligence is analyzed and validated. Additionally, describe how that analyzed and validated threat intelligence is used in the management and monitoring of your cloud services and infrastructure. Also describe what level of visibility and access a client has into this intelligence, as well as the research team itself. If any bug bounty programs or the like exist, please explain them here as well.\n\r\n\n\r\n\n\r\n\n\nExamples of action on threat intelligence \nPlease provide examples of how threat intelligence generated by your organization's research team (or someone else) has been effectively used to protect clients. Also provide examples of organization white papers, use cases, threat reports, or internal write-ups (if available) regarding threat intelligence and its effective use in the organizational cloud infrastructure.\n\r\n\n\r\n\n\r\n\n\nVulnerability testing \nVulnerability testing basics \nPlease describe the extent of vulnerability testing your organization may conduct on its cloud infrastructure, including the origin of any testing protocols.\n\r\n\n\r\n\n\r\n\n\nVulnerability identification and confirmation \nPlease describe how vulnerabilities are identified and confirmed within your cloud infrastructure. If your organization has a process for identifying and reporting false positives, provide details. Is vulnerability data incorporated into overall cloud security monitoring processes, and if so, in what ways?\n\r\n\n\r\n\n\r\n\n\nClient-based vulnerability testing \nIf a client or a representative third party of a client is allowed to perform vulnerability testing on your organization's cloud infrastructure, provide details. If your cloud services support web application scanning and testing for database vulnerabilities, please provide important details.\n\r\n\n\r\n\n\r\n\n\nAdditional cloud security \nEndpoint protection \nPlease describe any managed service, software solution, hardware solution, or other mechanism your organization provides or makes available to clients in regard to helping clients maintain endpoint security in the cloud. If such a service or tool is offered, describe what types of alerts are given in association with it and what, if any, remediation recommendations are provided. Be sure to address whether or not threat intelligence is integrated into the service or tool and what operating system (OS) endpoints are covered.\n\r\n\n\r\n\n\r\n\n\nMalware protection \nPlease describe any managed service, software solution, or other mechanism your organization provides or makes available to clients in regard to helping clients with malware protection. If such a service or tool is offered, describe whether or not it uses sandboxing technology, and if so, what type. Be sure to address whether or not threat intelligence is integrated into the service or tool and what zero-day threat capabilities it may have.\n\r\n\n\r\n\n\r\n\n\nOther ancillary services \nPlease describe if your organization is capable of assisting clients with security audits and analyses of their own instances. If your organization also provides consulting, technical testing, penetration testing, forensic investigation, and threat remediation services, please describe them, as well as any associated service tiers. \n\r\n\n\r\n\n\r\n\n\nAccount management and support \nAccount management basics \nPlease describe how accounts are established on your organization's service and what level of visibility clients and their authorized users will have into the cloud services administered, including consumption metrics, security metrics, and various account logs.\n\r\n\n\r\n\n\r\n\n\nSupport basics \nPlease describe your organizational approach to client support and how that support is structured, including the processes and mechanisms for handling client inquiries and issues. Describe the communication mechanisms primarily and secondarily used for support, including mailed documentation, phone calls, electronic communication, and face-to-face communication. Explain how the escalation process for inquiries and reported issues should be handled.\n\r\n\n\r\n\n\r\n\n\nHelp desk and support ticketing \nPlease indicate what help desk or ticketing functionality is available for clients having cloud service issues. Describe how clients should go about using such tools to initiate the support process. Do clients receive comprehensive downtime support in the case of service downtime?\n\r\n\n\r\n\n\r\n\n\n Availability, provisioning, and responsiveness \nPlease indicate the availability of your organization's support services, including hours offered. Also indicate who is provisioning the service, whether it's in-house or a third party, and from where the service is provisioned. Note whether or not support services change hands at any point. Finally, describe how support quality is guaranteed at all times, including any guarantees on responsiveness.\n\r\n\n\r\n\n\r\n\n\nClient satisfaction \nPlease describe how your organization measures and reports (including frequency) client satisfaction with support, account, and overall services. Describe how deficiencies in client satisfaction are addressed and resolved within the organization.\n\r\n\n\r\n\n\r\n\n\nAncillary services \nPlease indicate whether or not your organization provides value-added support services, and if so what type. Can a dedicated account manager with sufficient technical knowledge be provided, and if so, at what cost?\n\r\n\n\r\n\n\r\n\n\n Service level agreements (SLAs) and contracts \nSLA basics \nPlease describe the details of your SLAs for the various services you provide, including any negotiable aspects of the SLAs. Provide examples. Any relevant measurements and ranges for work performed by you (e.g., service speed, response times, and accuracy) should also be clearly defined and stated. Explain what the cost implications related to any differing service levels are. Finally, explain whether or not your organization provides clients with a 30-day proof of concept test of the services to ensure your organization can prove its marketing and operational claims.\n\r\n\n\r\n\n\r\n\n\nSLAs for SaaS \nIn the case of SaaS-related cloud agreements (if applicable) with your organization, please explain how software customization, upgrades, testing, and versioning are addressed in such agreements.\n\r\n\n\r\n\n\r\n\n\nSLA failure \nPlease explain how your organization monitors and measures its compliance with an SLA. Describe what options are available to clients upon your organization failing to meet an agreed-upon SLA.\n\r\n\n\r\n\n\r\n\n\nBusiness associate agreements \nState whether or not your organization will sign a business associate agreement or addendum for purposes of ensuring your organization appropriately safeguards protected health information, as dictated by the Health Insurance Portability and Accountability Act (HIPAA).\n\r\n\n\r\n\n\r\n\n\nContract termination \nPlease describe your policy on archiving, deleting, and helping transition client data from any of your systems upon contract termination, including particulars about data formats, deletion methodologies, and transfer methods. Any explanation should include the respective termination rights of both the organization and the client.\n\r\n\n\r\n\n\r\n\n\nOrganization termination or catastrophic loss \nPlease describe what would happen to a client's data in the event of your organization going out of business or suffering a catastrophic loss.\n\r\n\n\r\n\n\r\n\n\nService implementation \nImplementation basics \nPlease describe your approach to implementing your cloud computing or cloud-based services for clients. You should address:\n\nthe standard timeframe for implementation and onboarding (overall average or last 10 customers);\nwhether or not a dedicated point of contact will be maintained throughout implementation, to the end of the contract;\nwhat resources clients will require to support the implementation and throughout the contract's duration;\nwhat client processes and procedures your organization has found to be vital to optimal cloud implementation and operation;\nwhat device and database integrations are supported in an implementation;\nwhether or not unsupported devices and databases can be added for support;\nhow the impact or disruption of client resources is minimized during implementation; and\nwhat your normalization and fine-tuning procedures are.\n\r\n\n\r\n\n\r\n\n\nCompletion and handoff \nPlease describe what steps are taken to ensure the implementation is complete, as well as how the service is handed off to the client afterwards. If your organization provides training and documentation at handoff, describe how this training and documentation is administered, and at what additional cost, if any.\n\r\n\n\r\n\n\r\n\n\nMulti-site implementations \nPlease describe the process used when implementing a service to a client with many geographically dispersed facilities.\n\r\n\n\r\n\n\r\n\n\nPricing \nPricing basics \nPlease describe how your company's pricing and payment models meet industry standard practices (e.g., payment per actual services consumed, per GB of storage, per server, per annual subscription, etc.). Provide pricing estimates and examples based upon the various services provided using a current published catalog, standard market pricing, and\/or web enabled price calculators. Explain how any metered services are clearly reported and billed. Ensure all costs are accurately reflected, including any:\n\nunderlying \"implied\" costs,\ninitial \"stand up\" costs,\nongoing maintenance or subscription costs,\nrenewal-related price increases\ndata download costs, and\ntermination costs.\n\r\n\n\r\n\n\r\n\n\nReferences \n\n\n\u2191 1.0 1.1 Holmes, T.. \"It's a Match: How to Run a Good RFI, RFP, or RFQ and Find the Right Partner\". AllCloud Blog. https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 Association of Public Health Laboratories (2017). \"Breaking Through the Cloud: A Laboratory Guide to Cloud Computing\" (PDF). Association of Public Health Laboratories. https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf . Retrieved 14 August 2023 .   \n \n\n\u2191 \"A Helpful Guide to Cloud Computing in a Laboratory\". InterFocus Blog. InterFocus Ltd. 5 October 2020. https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 LBMC (24 February 2021). \"Nine Due Diligence Questions to Ask Cloud Service Providers\". LBMC Blog. https:\/\/www.lbmc.com\/blog\/questions-cloud-service-providers\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 Ward, S. (9 October 2019). \"Cloud Computing for the Laboratory: Using data in the cloud - What it means for data security\". Lab Manager. https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736 . Retrieved 14 August 2023 .   \n \n\n\u2191 Eustice, J.C. (2018). \"Understand the intersection between data privacy laws and cloud computing\". Legal Technology, Products, and Services. Thomson Reuters. https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing . Retrieved 14 August 2023 .   \n \n\n\u2191 Thomson Reuters (3 March 2021). \"Three questions you need to ask your cloud vendors\". Thomson Reuters Legal Blog. Archived from the original on 03 March 2021. https:\/\/web.archive.org\/web\/20210406150957\/https:\/\/legal.thomsonreuters.com\/blog\/3-questions-you-need-to-ask-your-cloud-vendors\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 Korff, Y. (19 February 2019). \"12 revealing questions to ask when evaluating an MSSP or MDR vendor\". Expel blog. Expel, Inc. https:\/\/expel.com\/blog\/12-revealing-questions-when-evaluating-mssp-mdr-vendor\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"How to Write an MSSP RDP\" (PDF). NTT Security. September 2016. Archived from the original on 08 May 2021. https:\/\/web.archive.org\/web\/20210508224902\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_whitepaper_mssp_rfp_uea_v1 . Retrieved 14 August 2023 .   \n \n\n\u2191 \"Secureworks Guide to Building a Cloud MSSP RFP Template\" (DOCX). Secureworks. Archived from the original on 08 May 2021. https:\/\/web.archive.org\/web\/20210508225741\/https:\/\/pcdnscwx001.azureedge.net\/~\/media\/Files\/US\/White%20Papers\/SecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx?modified=20170714201638 . Retrieved 14 August 2023 .   \n \n\n\u2191 \"RFP\/RFI Questions for Managed Security Services: Sample MSSP RFP Template\". Solutionary, Inc. September 2015. https:\/\/docecity.com\/rfp-sample-questions-for-managed-security-services.html . Retrieved 14 August 2023 .   \n \n\n\u2191 U.S. Department of State (24 October 2020). \"Cloud Mission Support Request for Information\". SAM.gov. https:\/\/beta.sam.gov\/opp\/91dc7217b32b459695b27339f4b5d9aa\/view . Retrieved 21 August 2021 .   \n \n\n\u2191 \"Cloud Controls Matrix v4\" (xlsx). Cloud Security Alliance. 15 March 2021. https:\/\/cloudsecurityalliance.org\/artifacts\/cloud-controls-matrix-v4\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"Cloud Services Procurement Guidance Note\". Ireland Office of Government Procurement. 9 February 2021. https:\/\/www.gov.ie\/en\/collection\/aa996-guidance-notes\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"IRS RFI Cloud Response\" (DOCX). Internal Revenue Service. January 2018. Archived from the original on 21 April 2021. https:\/\/web.archive.org\/web\/20210421182505\/https:\/\/cic.gsa.gov\/documents\/IRS-Cloud-Services-RFI.docx . Retrieved 14 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 9 February 2022, at 20:46.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 343 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","ed9df165f2657d5bb145909d714c2690_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_RFI_questions_for_cloud_providers rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_RFI_questions_for_cloud_providers skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/RFI questions for cloud providers<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><div align=\"center\">-----Return to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction\" class=\"wiki-link\" data-key=\"a5122d160da552b7fab8ca62d4bc6155\">the beginning<\/a> of this guide-----<\/div>\n<p><br \/>\n<\/p>\n<h1><span id=\"rdp-ebb-Appendix_3._An_RFI\/RFP_for_evaluating_cloud_service_providers_(CSPs)\"><\/span><span class=\"mw-headline\" id=\"Appendix_3._An_RFI.2FRFP_for_evaluating_cloud_service_providers_.28CSPs.29\">Appendix 3. An RFI\/RFP for evaluating cloud service providers (CSPs)<\/span><\/h1>\n<p>Whether conducting the request for information (RFI) or request for proposal (RFP) process, a quality set of questions for potential vendors to respond to provides a solid base for helping evaluate and narrow down a vendor for your service. The RFI in particular is good for this sort of \"fact finding,\" acting as an ideal means for learning more about a potential solution and how it can solve your problems, or when you're not even sure how to solve your problem yet. However, the RFI should not be unduly long and tedious to complete for prospective vendors; it should be concise, direct, and honest. This means not only presenting a clear and humble vision of your own organization and its goals, but also asking just the right amount of questions to allow potential vendors to demonstrate their expertise and provide a clearer picture of who they are. Some take a technical approach to an RFI, using dense language and complicated spreadsheets for fact finding. However, vendors appreciate a slightly more inviting approach, with practical questions or requests that are carefully chosen because they matter to you.<sup id=\"rdp-ebb-cite_ref-HolmesItsAMatch_1-0\" class=\"reference\"><a href=\"#cite_note-HolmesItsAMatch-1\">[1]<\/a><\/sup>\n<\/p><p>What follows are a carefully selected set of \"questions\" for cloud computing and cloud-related providers posed as, well, requests for information. This collection of questions is admittedly long. Keeping with advice about maintaining a concise RFI, you may not use all of these as part of your RFI process. Remember that an RFI is not meant to answer all of your questions, but rather is meant as a means to help narrow down your search to a few quality candidates while learning more about each other.<sup id=\"rdp-ebb-cite_ref-HolmesItsAMatch_1-1\" class=\"reference\"><a href=\"#cite_note-HolmesItsAMatch-1\">[1]<\/a><\/sup> Feel free to narrow this list down to those questions that are most important to you as part of this fact finding mission.\n<\/p><p>Sources used to compile this selection of RFI questions include the six sources from section 6.4 (including APHL, Interfocus, <i>Lab Manager<\/i>, LBMC, and Thomson Reuters)<sup id=\"rdp-ebb-cite_ref-APHLBreaking17_2-0\" class=\"reference\"><a href=\"#cite_note-APHLBreaking17-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-IFAhelp20_3-0\" class=\"reference\"><a href=\"#cite_note-IFAhelp20-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-LBMCNine21_4-0\" class=\"reference\"><a href=\"#cite_note-LBMCNine21-4\">[4]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-WardCloud19_5-0\" class=\"reference\"><a href=\"#cite_note-WardCloud19-5\">[5]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-EusticeUnder18_6-0\" class=\"reference\"><a href=\"#cite_note-EusticeUnder18-6\">[6]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-TRThree21_7-0\" class=\"reference\"><a href=\"#cite_note-TRThree21-7\">[7]<\/a><\/sup>, the five sources from the managed security services provider (MSSP) RFI\/RFP template included in Appendix 3 of this guide (there's a lot of crossover, actually)<sup id=\"rdp-ebb-cite_ref-Korff12Rev19_8-0\" class=\"reference\"><a href=\"#cite_note-Korff12Rev19-8\">[8]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-NTTSHowTo16_9-0\" class=\"reference\"><a href=\"#cite_note-NTTSHowTo16-9\">[9]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-SWGuideToBuild_10-0\" class=\"reference\"><a href=\"#cite_note-SWGuideToBuild-10\">[10]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-SolutionaryRFP15_11-0\" class=\"reference\"><a href=\"#cite_note-SolutionaryRFP15-11\">[11]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-SAMCloudMiss20_12-0\" class=\"reference\"><a href=\"#cite_note-SAMCloudMiss20-12\">[12]<\/a><\/sup><sup class=\"noprint Inline-Template\"><span style=\"white-space: nowrap;\">[<i><a href=\"https:\/\/en.wikipedia.org\/wiki\/Wikipedia:Link_rot\" class=\"extiw wiki-link\" title=\"wikipedia:Wikipedia:Link rot\" data-key=\"8e73a2ff6f82d88817bdd8ee8b302ab7\"><span title=\" Dead link since 14 August 2023\">dead link<\/span><\/a><\/i>]<\/span><\/sup>, and the following:\n<\/p>\n<ul><li>Cloud Security Alliance's <i>Cloud Controls Matrix v4<\/i><sup id=\"rdp-ebb-cite_ref-CSACloudCont4_13-0\" class=\"reference\"><a href=\"#cite_note-CSACloudCont4-13\">[13]<\/a><\/sup><\/li>\n<li>Ireland's Office of Government Procurement <i>Cloud Services Procurement Guidance Note<\/i><sup id=\"rdp-ebb-cite_ref-OGPInform21_14-0\" class=\"reference\"><a href=\"#cite_note-OGPInform21-14\">[14]<\/a><\/sup><\/li>\n<li>U.S. Internal Revenue Service RFI Cloud Response document<sup id=\"rdp-ebb-cite_ref-IRSRFICloud18_15-0\" class=\"reference\"><a href=\"#cite_note-IRSRFICloud18-15\">[15]<\/a><\/sup><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span id=\"rdp-ebb-RFI\/RFP_introduction\"><\/span><span class=\"mw-headline\" id=\"RFI.2FRFP_introduction\">RFI\/RFP introduction<\/span><\/h2>\n<p>If you're conducting a full RFI or RFP, you're going to lead with the standard components of an RFI or RFP, including:\n<\/p>\n<ul><li>a table of contents;<\/li>\n<li>an honest introduction and overview of your organization, its goals and problems, and the services sought to solve them;<\/li>\n<li>details on how the RFI or RFP evaluation process will be conducted;<\/li>\n<li>basis for award (if an RFP);<\/li>\n<li>the calendar schedule (including times) for related events;<\/li>\n<li>how to submit the document and any related questions about it, including response format; and<\/li>\n<li>your organization's background, business requirements, and current technical environment.<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Organization_basics\">Organization basics<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Primary_business_objectives\">Primary business objectives<\/span><\/h3>\n<p>Please describe the primary business objectives for your organization.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Organization_history\">Organization history<\/span><\/h3>\n<p>Please give some background on your organization's history, including how long it has been offering cloud computing services.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Financial_stability\">Financial stability<\/span><\/h3>\n<p>Please provide information concerning the financial stability of your organization. If your organization is public, please include relevant documents such as annual reports and supporting financial statements. If private, please include documentation that supports the representation of your organization as a stable, profitable, and sustainable one. If not profitable, please provide details about your organization's path towards profitability. \n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Cloud_services_offered\">Cloud services offered<\/span><\/h3>\n<p>Please describe the primary cloud computing or cloud-related services (e.g., software as a service or SaaS) offered by your organization, particularly any of which may be relevant based upon our company's stated needs. If the services are tiered, explain the different levels of service and any significant exceptions and differences separating the levels. Don't forget to describe the capabilities of your hybrid and multicloud offerings.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Expected_level_of_integration_or_interoperability\">Expected level of integration or interoperability<\/span><\/h3>\n<p>Please describe how you anticipate your cloud solutions being able to readily integrate or have base interoperability with a client's systems and business processes, while making it easier for the client to perform their tasks in the cloud.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Details_about_those_cloud_services\">Details about those cloud services<\/span><\/h3>\n<p>Please provide details about:\n<\/p>\n<ul><li>number of clients specifically using your organization's cloud computing or cloud-related services;<\/li>\n<li>how long each of those services has been offered;<\/li>\n<li>the growth rate of those services over the prior fiscal year;<\/li>\n<li>the average historical downtime of a given cloud service;<\/li>\n<li>how those services or your organization overall are ranked by top research firms such as Gartner and Forrester; and<\/li>\n<li>any awards received for your organization's cloud computing or cloud-related services.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Vision_and_investment_in_those_cloud_services\">Vision and investment in those cloud services<\/span><\/h3>\n<p>Please provide details about the vision and future direction for choosing, developing, and implementing new in-house or third-party technologies as part of your organization's cloud computing initiative. Additionally, discuss the level of investment made by your organization towards researching, adopting, and integrating newer, more secure technologies and processes into your organization's operations.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Experience_and_references\">Experience and references<\/span><\/h3>\n<p>Please provide details on:\n<\/p>\n<ul><li>how many clients you provide (or have provided) cloud computing and cloud-related services to in our organization's industry;<\/li>\n<li>whether any of them are willing to act as references for your services;<\/li>\n<li>what experience your organization has in meeting the unique regulatory requirements of our industry;<\/li>\n<li>any examples of clients being a learning source for improving your service; and<\/li>\n<li>any whitepapers, reports, etc. authored by your organization that are relevant to our industry.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span id=\"rdp-ebb-Infrastructure,_security,_and_related_policies\"><\/span><span class=\"mw-headline\" id=\"Infrastructure.2C_security.2C_and_related_policies\">Infrastructure, security, and related policies<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Internal_security_policy_and_procedure\">Internal security policy and procedure<\/span><\/h3>\n<p>Please describe your internal policy and procedure (P&P) regarding security within your organization, including any standards your organization has adopted as part of that P&P. Address any ancillary security policies regarding, e.g., acceptable use of technology, remote and from-home work, and security awareness training.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Business_continuity_and_disaster_recovery_policy\">Business continuity and disaster recovery policy<\/span><\/h3>\n<p>Please describe your organization's P&P regarding business continuity and disaster recovery.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Data_centers_and_related_infrastructure\">Data centers and related infrastructure<\/span><\/h3>\n<p>Please describe how your organization organizes its data centers and related infrastructure to optimally provide its cloud computing and cloud-related services. Additionally, address concerns about:\n<\/p>\n<ul><li>whether or not your organization owns and manages the data centers;<\/li>\n<li>where those data centers are located;<\/li>\n<li>where our data will be located;<\/li>\n<li>what specifications and encryption types are used for in-transit and at-rest data;<\/li>\n<li>what level of availability is guaranteed for each data center;<\/li>\n<li>what level of redundancy is implemented within the data centers;<\/li>\n<li>what disposal and data destruction policies are in place for end-of-life equipment;<\/li>\n<li>how that redundancy limits service interruptions should a particular data center go offline;<\/li>\n<li>what level of cloud-based scalability is available to clients with growth or contraction states; and<\/li>\n<li>what qualifications and certifications apply to each data center.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Physical_security_at_data_centers\">Physical security at data centers<\/span><\/h3>\n<p>Please describe the physical security (e.g., locks, badges, physical security perimeters, surveillance systems, etc.) and continuity (e.g., fire suppression, backup power, etc.) measures put in place at your organization's data centers. Also address visitor procedures and how they are conducted. How are unauthorized access attempts at data centers responded to?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Staffing_at_data_centers\">Staffing at data centers<\/span><\/h3>\n<p>Please describe the staffing procedures at these data centers, including what percentage of overall staff will actually have authorized access to client data. Clearly define any implemented classifications of staff based on level of support or data sensitivity, as well as any related certifications and training required at each support or data sensitivity level. Are contractors treated any differently? Finally, describe what background checks or screening procedures, if any, are implemented towards any organizational personnel and third-parties (e.g., contractors, service technicians) interacting with systems containing client data.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Independent_infrastructure_review\">Independent infrastructure review<\/span><\/h3>\n<p>If your organization has received an independent review of its cloud infrastructure and services (e.g., SOC 2), please provide details of this review, preferably with the full report, but if not, with critical details such as who, what, when, where, scope, frequency of testing, and a summary. If your organization has not completed such an independent review, please provide details of any plans or ongoing efforts towards such a review.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Internal_infrastructure_review\">Internal infrastructure review<\/span><\/h3>\n<p>If your organization has performed an internal review of its cloud infrastructure and services, please provide details of this review, with critical details such as who, what, when, where, scope, frequency of testing, and a summary. If your organization has not completed such an internal review, please provide details of any plans or ongoing efforts towards such a review. If your organization conducts internal \"red team\" or \"attack-and-defense\" exercises, describe them, their frequency, and how resulting information is acted upon.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Auditing_of_your_operations\">Auditing of your operations<\/span><\/h3>\n<p>If the results of your independent and\/or internal review cannot be shared, will your organization allow us to\u2014on our own or through a third party\u2014audit your operations, with the goal of determining the appropriateness of your organization's implemented safeguards?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Auditing_of_client_data\">Auditing of client data<\/span><\/h3>\n<p>Please describe how your organization handles requests from outside entities for client data and notifies clients when such requests are made. If subpoenas, court orders, search warrants, or other law enforcement actions were to take place, describe how you would maintain any privileged, confidential, or otherwise sensitive information as being protected. Do you have legal representation should these issues arise?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Extraction_of_client_data\">Extraction of client data<\/span><\/h3>\n<p>Please explain how clients may extract data from your cloud service (i.e., address data portability) on-demand, including particulars about data formats and transfer methods.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Base_cloud_security\">Base cloud security<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Company_philosophy_or_approach\">Company philosophy or approach<\/span><\/h3>\n<p>Please describe how your cloud services address the ephemeral nature of cloud computing while at the same time helping clients maintain their overall security posture. Explain your organization's approach to its security team, including whether or not a dedicated team of security researchers are utilized. If such a team exists, also explain how that research from that team is incorporated into protecting your organization's cloud solution or infrastructure. Finally, describe your team's overall approach to monitoring, analysis, and correlation of security threats, including how automated and human-based analyses are balanced in their approaches and in their handoff to each other.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Philosophy_or_approach_to_client_security\">Philosophy or approach to client security<\/span><\/h3>\n<p>Please provide relevant considerations a client should have\u2014and primary risks a client should mitigate\u2014when securing information in your organization's cloud infrastructure. Does a clear \"shared responsibility\" model exist, and if so, how is it effectively communicated to potential and existing clients? If you have documented data security policies, please describe how new and existing clients may access them. Additionally, explain how those policies better ensure client data integrity.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Technology_and_security\">Technology and security<\/span><\/h3>\n<p>Please describe the organizational and client-based availability and use of cloud security technologies such as:\n<\/p>\n<ul><li>device management tools,<\/li>\n<li>firewalls and related performance monitoring tools,<\/li>\n<li>identity and access management mechanisms,<\/li>\n<li>intrusion prevention and detection systems,<\/li>\n<li>integration tools, and<\/li>\n<li>any other security-related analysis and prevention tools (e.g., rules engines).<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Data_storage\">Data storage<\/span><\/h3>\n<p>Please describe how sensitive and regulated data is able to be stored on a machine dedicated to complying with the laws and regulations relevant to the data owner. How is that type of data segregated from other clients' data, and will lapses in security of other clients' data affect our own?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span id=\"rdp-ebb-Data_transmission,_sharing,_and_transfer\"><\/span><span class=\"mw-headline\" id=\"Data_transmission.2C_sharing.2C_and_transfer\">Data transmission, sharing, and transfer<\/span><\/h3>\n<p>Please describe how your cloud services allow for secure transmission and sharing of data across network boundaries, including across other cloud provider environments. Additionally, provide details about any dependencies or technical challenges associated with seamlessly transferring an application, system, or database 1. from a client or third-party cloud environment to your cloud environment and 2. from your cloud environment to another cloud environment. What solutions do you provide towards this seamless transfer?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Logging\">Logging<\/span><\/h3>\n<p>Please describe your approach to collecting, analyzing, correlating, and acting upon cloud log and event data, particularly in relation to client data and services. Describe how thorough those logs are and provide background on your organizational policy in regards to retaining and making available collected log and event data to clients on-demand. Finally, explain how long those logs and associated data are accessible after creation, as well as whether or not any of that information is kept in secure retention.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Monitoring\">Monitoring<\/span><\/h3>\n<p>If your organization has its own cloud infrastructure, please describe how your organization monitors that infrastructure for security purposes. What self-monitoring services and tools are made available to clients, if any? \n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Incident_response_and_reporting\">Incident response and reporting<\/span><\/h3>\n<p>Should a security threat be identified by your monitoring activities, please explain how your incident response team cooperates with the monitoring team for efficiency. Additionally, describe how your incident response team works together with clients during a security incident. Provide details on how your organization handles reporting of intrusions, hacks, or other types of breaches to effected clients. Also explain how teams associated with incident response and threat remediation use their capabilities to provide value to the client.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Hybrid_and_multicloud_security\">Hybrid and multicloud security<\/span><\/h3>\n<p>Please explain how your cloud services and their associated technology enable and improve secure integrations and activities in hybrid and multicloud scenarios.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Threat_intelligence\">Threat intelligence<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Research_team\">Research team<\/span><\/h3>\n<p>If your organization has a research team dedicated to discovering cloud threats and vulnerabilities, please describe the team, how it's integrated with the organization's operations, and what services that team supports beyond research. If the research team has a mission, please state that mission. \n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Threat_detection\">Threat detection<\/span><\/h3>\n<p>Please describe the information sources the research team (or, if no research team, the overall security team) uses to gather threat intelligence. Provide specifics about any anomaly detection, behavioral analysis, malicious host detection, signature analysis, and volume analysis detection methods.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Use_of_and_access_to_threat_intelligence\">Use of and access to threat intelligence<\/span><\/h3>\n<p>Please describe how gathered threat intelligence is analyzed and validated. Additionally, describe how that analyzed and validated threat intelligence is used in the management and monitoring of your cloud services and infrastructure. Also describe what level of visibility and access a client has into this intelligence, as well as the research team itself. If any bug bounty programs or the like exist, please explain them here as well.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Examples_of_action_on_threat_intelligence\">Examples of action on threat intelligence<\/span><\/h3>\n<p>Please provide examples of how threat intelligence generated by your organization's research team (or someone else) has been effectively used to protect clients. Also provide examples of organization white papers, use cases, threat reports, or internal write-ups (if available) regarding threat intelligence and its effective use in the organizational cloud infrastructure.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Vulnerability_testing\">Vulnerability testing<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Vulnerability_testing_basics\">Vulnerability testing basics<\/span><\/h3>\n<p>Please describe the extent of vulnerability testing your organization may conduct on its cloud infrastructure, including the origin of any testing protocols.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Vulnerability_identification_and_confirmation\">Vulnerability identification and confirmation<\/span><\/h3>\n<p>Please describe how vulnerabilities are identified and confirmed within your cloud infrastructure. If your organization has a process for identifying and reporting false positives, provide details. Is vulnerability data incorporated into overall cloud security monitoring processes, and if so, in what ways?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Client-based_vulnerability_testing\">Client-based vulnerability testing<\/span><\/h3>\n<p>If a client or a representative third party of a client is allowed to perform vulnerability testing on your organization's cloud infrastructure, provide details. If your cloud services support web application scanning and testing for database vulnerabilities, please provide important details.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_cloud_security\">Additional cloud security<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Endpoint_protection\">Endpoint protection<\/span><\/h3>\n<p>Please describe any managed service, software solution, hardware solution, or other mechanism your organization provides or makes available to clients in regard to helping clients maintain endpoint security in the cloud. If such a service or tool is offered, describe what types of alerts are given in association with it and what, if any, remediation recommendations are provided. Be sure to address whether or not threat intelligence is integrated into the service or tool and what operating system (OS) endpoints are covered.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Malware_protection\">Malware protection<\/span><\/h3>\n<p>Please describe any managed service, software solution, or other mechanism your organization provides or makes available to clients in regard to helping clients with malware protection. If such a service or tool is offered, describe whether or not it uses sandboxing technology, and if so, what type. Be sure to address whether or not threat intelligence is integrated into the service or tool and what zero-day threat capabilities it may have.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Other_ancillary_services\">Other ancillary services<\/span><\/h3>\n<p>Please describe if your organization is capable of assisting clients with security audits and analyses of their own instances. If your organization also provides consulting, technical testing, penetration testing, forensic investigation, and threat remediation services, please describe them, as well as any associated service tiers. \n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Account_management_and_support\">Account management and support<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Account_management_basics\">Account management basics<\/span><\/h3>\n<p>Please describe how accounts are established on your organization's service and what level of visibility clients and their authorized users will have into the cloud services administered, including consumption metrics, security metrics, and various account logs.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Support_basics\">Support basics<\/span><\/h3>\n<p>Please describe your organizational approach to client support and how that support is structured, including the processes and mechanisms for handling client inquiries and issues. Describe the communication mechanisms primarily and secondarily used for support, including mailed documentation, phone calls, electronic communication, and face-to-face communication. Explain how the escalation process for inquiries and reported issues should be handled.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Help_desk_and_support_ticketing\">Help desk and support ticketing<\/span><\/h3>\n<p>Please indicate what help desk or ticketing functionality is available for clients having cloud service issues. Describe how clients should go about using such tools to initiate the support process. Do clients receive comprehensive downtime support in the case of service downtime?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span id=\"rdp-ebb-Availability,_provisioning,_and_responsiveness\"><\/span><span class=\"mw-headline\" id=\"Availability.2C_provisioning.2C_and_responsiveness\">Availability, provisioning, and responsiveness<\/span><\/h3>\n<p>Please indicate the availability of your organization's support services, including hours offered. Also indicate who is provisioning the service, whether it's in-house or a third party, and from where the service is provisioned. Note whether or not support services change hands at any point. Finally, describe how support quality is guaranteed at all times, including any guarantees on responsiveness.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Client_satisfaction\">Client satisfaction<\/span><\/h3>\n<p>Please describe how your organization measures and reports (including frequency) client satisfaction with support, account, and overall services. Describe how deficiencies in client satisfaction are addressed and resolved within the organization.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Ancillary_services\">Ancillary services<\/span><\/h3>\n<p>Please indicate whether or not your organization provides value-added support services, and if so what type. Can a dedicated account manager with sufficient technical knowledge be provided, and if so, at what cost?\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span id=\"rdp-ebb-Service_level_agreements_(SLAs)_and_contracts\"><\/span><span class=\"mw-headline\" id=\"Service_level_agreements_.28SLAs.29_and_contracts\">Service level agreements (SLAs) and contracts<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"SLA_basics\">SLA basics<\/span><\/h3>\n<p>Please describe the details of your SLAs for the various services you provide, including any negotiable aspects of the SLAs. Provide examples. Any relevant measurements and ranges for work performed by you (e.g., service speed, response times, and accuracy) should also be clearly defined and stated. Explain what the cost implications related to any differing service levels are. Finally, explain whether or not your organization provides clients with a 30-day proof of concept test of the services to ensure your organization can prove its marketing and operational claims.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"SLAs_for_SaaS\">SLAs for SaaS<\/span><\/h3>\n<p>In the case of SaaS-related cloud agreements (if applicable) with your organization, please explain how software customization, upgrades, testing, and versioning are addressed in such agreements.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"SLA_failure\">SLA failure<\/span><\/h3>\n<p>Please explain how your organization monitors and measures its compliance with an SLA. Describe what options are available to clients upon your organization failing to meet an agreed-upon SLA.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Business_associate_agreements\">Business associate agreements<\/span><\/h3>\n<p>State whether or not your organization will sign a business associate agreement or addendum for purposes of ensuring your organization appropriately safeguards protected health information, as dictated by the Health Insurance Portability and Accountability Act (HIPAA).\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Contract_termination\">Contract termination<\/span><\/h3>\n<p>Please describe your policy on archiving, deleting, and helping transition client data from any of your systems upon contract termination, including particulars about data formats, deletion methodologies, and transfer methods. Any explanation should include the respective termination rights of both the organization and the client.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Organization_termination_or_catastrophic_loss\">Organization termination or catastrophic loss<\/span><\/h3>\n<p>Please describe what would happen to a client's data in the event of your organization going out of business or suffering a catastrophic loss.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Service_implementation\">Service implementation<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Implementation_basics\">Implementation basics<\/span><\/h3>\n<p>Please describe your approach to implementing your cloud computing or cloud-based services for clients. You should address:\n<\/p>\n<ul><li>the standard timeframe for implementation and onboarding (overall average or last 10 customers);<\/li>\n<li>whether or not a dedicated point of contact will be maintained throughout implementation, to the end of the contract;<\/li>\n<li>what resources clients will require to support the implementation and throughout the contract's duration;<\/li>\n<li>what client processes and procedures your organization has found to be vital to optimal cloud implementation and operation;<\/li>\n<li>what device and database integrations are supported in an implementation;<\/li>\n<li>whether or not unsupported devices and databases can be added for support;<\/li>\n<li>how the impact or disruption of client resources is minimized during implementation; and<\/li>\n<li>what your normalization and fine-tuning procedures are.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Completion_and_handoff\">Completion and handoff<\/span><\/h3>\n<p>Please describe what steps are taken to ensure the implementation is complete, as well as how the service is handed off to the client afterwards. If your organization provides training and documentation at handoff, describe how this training and documentation is administered, and at what additional cost, if any.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"Multi-site_implementations\">Multi-site implementations<\/span><\/h3>\n<p>Please describe the process used when implementing a service to a client with many geographically dispersed facilities.\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Pricing\">Pricing<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Pricing_basics\">Pricing basics<\/span><\/h3>\n<p>Please describe how your company's pricing and payment models meet industry standard practices (e.g., payment per actual services consumed, per GB of storage, per server, per annual subscription, etc.). Provide pricing estimates and examples based upon the various services provided using a current published catalog, standard market pricing, and\/or web enabled price calculators. Explain how any metered services are clearly reported and billed. Ensure all costs are accurately reflected, including any:\n<\/p>\n<ul><li>underlying \"implied\" costs,<\/li>\n<li>initial \"stand up\" costs,<\/li>\n<li>ongoing maintenance or subscription costs,<\/li>\n<li>renewal-related price increases<\/li>\n<li>data download costs, and<\/li>\n<li>termination costs.<\/li><\/ul>\n<p><br \/>\n<\/p><p><br \/>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-HolmesItsAMatch-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-HolmesItsAMatch_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-HolmesItsAMatch_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Holmes, T.. <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/\" target=\"_blank\">\"It's a Match: How to Run a Good RFI, RFP, or RFQ and Find the Right Partner\"<\/a>. <i>AllCloud Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/\" target=\"_blank\">https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=It%27s+a+Match%3A+How+to+Run+a+Good+RFI%2C+RFP%2C+or+RFQ+and+Find+the+Right+Partner&rft.atitle=AllCloud+Blog&rft.aulast=Holmes%2C+T.&rft.au=Holmes%2C+T.&rft_id=https%3A%2F%2Fallcloud.io%2Fblog%2Fits-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-APHLBreaking17-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-APHLBreaking17_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Association of Public Health Laboratories (2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf\" target=\"_blank\">\"Breaking Through the Cloud: A Laboratory Guide to Cloud Computing\"<\/a> (PDF). Association of Public Health Laboratories<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf\" target=\"_blank\">https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Breaking+Through+the+Cloud%3A+A+Laboratory+Guide+to+Cloud+Computing&rft.atitle=&rft.aulast=Association+of+Public+Health+Laboratories&rft.au=Association+of+Public+Health+Laboratories&rft.date=2017&rft.pub=Association+of+Public+Health+Laboratories&rft_id=https%3A%2F%2Fwww.aphl.org%2FaboutAPHL%2Fpublications%2FDocuments%2FINFO-2017Jun-Cloud-Computing.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IFAhelp20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IFAhelp20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/\" target=\"_blank\">\"A Helpful Guide to Cloud Computing in a Laboratory\"<\/a>. <i>InterFocus Blog<\/i>. InterFocus Ltd. 5 October 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/\" target=\"_blank\">https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=A+Helpful+Guide+to+Cloud+Computing+in+a+Laboratory&rft.atitle=InterFocus+Blog&rft.date=5+October+2020&rft.pub=InterFocus+Ltd&rft_id=https%3A%2F%2Fwww.mynewlab.com%2Fblog%2Fa-helpful-guide-to-cloud-computing-in-a-laboratory%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LBMCNine21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LBMCNine21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">LBMC (24 February 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.lbmc.com\/blog\/questions-cloud-service-providers\/\" target=\"_blank\">\"Nine Due Diligence Questions to Ask Cloud Service Providers\"<\/a>. <i>LBMC Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.lbmc.com\/blog\/questions-cloud-service-providers\/\" target=\"_blank\">https:\/\/www.lbmc.com\/blog\/questions-cloud-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Nine+Due+Diligence+Questions+to+Ask+Cloud+Service+Providers&rft.atitle=LBMC+Blog&rft.aulast=LBMC&rft.au=LBMC&rft.date=24+February+2021&rft_id=https%3A%2F%2Fwww.lbmc.com%2Fblog%2Fquestions-cloud-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WardCloud19-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WardCloud19_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Ward, S. (9 October 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736\" target=\"_blank\">\"Cloud Computing for the Laboratory: Using data in the cloud - What it means for data security\"<\/a>. <i>Lab Manager<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736\" target=\"_blank\">https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Computing+for+the+Laboratory%3A+Using+data+in+the+cloud+-+What+it+means+for+data+security&rft.atitle=Lab+Manager&rft.aulast=Ward%2C+S.&rft.au=Ward%2C+S.&rft.date=9+October+2019&rft_id=https%3A%2F%2Fwww.labmanager.com%2Fcloud-computing-for-the-laboratory-736&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EusticeUnder18-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-EusticeUnder18_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Eustice, J.C. (2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">\"Understand the intersection between data privacy laws and cloud computing\"<\/a>. <i>Legal Technology, Products, and Services<\/i>. Thomson Reuters<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Understand+the+intersection+between+data+privacy+laws+and+cloud+computing&rft.atitle=Legal+Technology%2C+Products%2C+and+Services&rft.aulast=Eustice%2C+J.C.&rft.au=Eustice%2C+J.C.&rft.date=2018&rft.pub=Thomson+Reuters&rft_id=https%3A%2F%2Flegal.thomsonreuters.com%2Fen%2Finsights%2Farticles%2Funderstanding-data-privacy-and-cloud-computing&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TRThree21-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TRThree21_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Thomson Reuters (3 March 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210406150957\/https:\/\/legal.thomsonreuters.com\/blog\/3-questions-you-need-to-ask-your-cloud-vendors\/\" target=\"_blank\">\"Three questions you need to ask your cloud vendors\"<\/a>. <i>Thomson Reuters Legal Blog<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/legal.thomsonreuters.com\/blog\/3-questions-you-need-to-ask-your-cloud-vendors\/\" target=\"_blank\">the original<\/a> on 03 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210406150957\/https:\/\/legal.thomsonreuters.com\/blog\/3-questions-you-need-to-ask-your-cloud-vendors\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210406150957\/https:\/\/legal.thomsonreuters.com\/blog\/3-questions-you-need-to-ask-your-cloud-vendors\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Three+questions+you+need+to+ask+your+cloud+vendors&rft.atitle=Thomson+Reuters+Legal+Blog&rft.aulast=Thomson+Reuters&rft.au=Thomson+Reuters&rft.date=3+March+2021&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210406150957%2Fhttps%3A%2F%2Flegal.thomsonreuters.com%2Fblog%2F3-questions-you-need-to-ask-your-cloud-vendors%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Korff12Rev19-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Korff12Rev19_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Korff, Y. (19 February 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/expel.com\/blog\/12-revealing-questions-when-evaluating-mssp-mdr-vendor\/\" target=\"_blank\">\"12 revealing questions to ask when evaluating an MSSP or MDR vendor\"<\/a>. <i>Expel blog<\/i>. Expel, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/expel.com\/blog\/12-revealing-questions-when-evaluating-mssp-mdr-vendor\/\" target=\"_blank\">https:\/\/expel.com\/blog\/12-revealing-questions-when-evaluating-mssp-mdr-vendor\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=12+revealing+questions+to+ask+when+evaluating+an+MSSP+or+MDR+vendor&rft.atitle=Expel+blog&rft.aulast=Korff%2C+Y.&rft.au=Korff%2C+Y.&rft.date=19+February+2019&rft.pub=Expel%2C+Inc&rft_id=https%3A%2F%2Fexpel.com%2Fblog%2F12-revealing-questions-when-evaluating-mssp-mdr-vendor%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NTTSHowTo16-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTSHowTo16_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210508224902\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_whitepaper_mssp_rfp_uea_v1\" target=\"_blank\">\"How to Write an MSSP RDP\"<\/a> (PDF). NTT Security. September 2016. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_whitepaper_mssp_rfp_uea_v1\" target=\"_blank\">the original<\/a> on 08 May 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210508224902\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_whitepaper_mssp_rfp_uea_v1\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210508224902\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_whitepaper_mssp_rfp_uea_v1<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+to+Write+an+MSSP+RDP&rft.atitle=&rft.date=September+2016&rft.pub=NTT+Security&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210508224902%2Fhttps%3A%2F%2Fwww.nttsecurity.com%2Fdocs%2Flibrariesprovider3%2Fresources%2Fus_whitepaper_mssp_rfp_uea_v1&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SWGuideToBuild-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SWGuideToBuild_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210508225741\/https:\/\/pcdnscwx001.azureedge.net\/~\/media\/Files\/US\/White%20Papers\/SecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx?modified=20170714201638\" target=\"_blank\">\"Secureworks Guide to Building a Cloud MSSP RFP Template\"<\/a> (DOCX). Secureworks. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/pcdnscwx001.azureedge.net\/~\/media\/Files\/US\/White%20Papers\/SecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx?modified=20170714201638\" target=\"_blank\">the original<\/a> on 08 May 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210508225741\/https:\/\/pcdnscwx001.azureedge.net\/~\/media\/Files\/US\/White%20Papers\/SecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx?modified=20170714201638\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210508225741\/https:\/\/pcdnscwx001.azureedge.net\/~\/media\/Files\/US\/White%20Papers\/SecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx?modified=20170714201638<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Secureworks+Guide+to+Building+a+Cloud+MSSP+RFP+Template&rft.atitle=&rft.pub=Secureworks&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210508225741%2Fhttps%3A%2F%2Fpcdnscwx001.azureedge.net%2F%7E%2Fmedia%2FFiles%2FUS%2FWhite%2520Papers%2FSecureWorksNCO411PGuidetoBuildingaCloudRFPTemplate.ashx%3Fmodified%3D20170714201638&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SolutionaryRFP15-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SolutionaryRFP15_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docecity.com\/rfp-sample-questions-for-managed-security-services.html\" target=\"_blank\">\"RFP\/RFI Questions for Managed Security Services: Sample MSSP RFP Template\"<\/a>. Solutionary, Inc. September 2015<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docecity.com\/rfp-sample-questions-for-managed-security-services.html\" target=\"_blank\">https:\/\/docecity.com\/rfp-sample-questions-for-managed-security-services.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=RFP%2FRFI+Questions+for+Managed+Security+Services%3A+Sample+MSSP+RFP+Template&rft.atitle=&rft.date=September+2015&rft.pub=Solutionary%2C+Inc&rft_id=https%3A%2F%2Fdocecity.com%2Frfp-sample-questions-for-managed-security-services.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SAMCloudMiss20-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SAMCloudMiss20_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">U.S. Department of State (24 October 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/beta.sam.gov\/opp\/91dc7217b32b459695b27339f4b5d9aa\/view\" target=\"_blank\">\"Cloud Mission Support Request for Information\"<\/a>. <i>SAM.gov<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/beta.sam.gov\/opp\/91dc7217b32b459695b27339f4b5d9aa\/view\" target=\"_blank\">https:\/\/beta.sam.gov\/opp\/91dc7217b32b459695b27339f4b5d9aa\/view<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 21 August 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Mission+Support+Request+for+Information&rft.atitle=SAM.gov&rft.aulast=U.S.+Department+of+State&rft.au=U.S.+Department+of+State&rft.date=24+October+2020&rft_id=https%3A%2F%2Fbeta.sam.gov%2Fopp%2F91dc7217b32b459695b27339f4b5d9aa%2Fview&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CSACloudCont4-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CSACloudCont4_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/cloud-controls-matrix-v4\/\" target=\"_blank\">\"Cloud Controls Matrix v4\"<\/a> (xlsx). Cloud Security Alliance. 15 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/cloud-controls-matrix-v4\/\" target=\"_blank\">https:\/\/cloudsecurityalliance.org\/artifacts\/cloud-controls-matrix-v4\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Controls+Matrix+v4&rft.atitle=&rft.date=15+March+2021&rft.pub=Cloud+Security+Alliance&rft_id=https%3A%2F%2Fcloudsecurityalliance.org%2Fartifacts%2Fcloud-controls-matrix-v4%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OGPInform21-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OGPInform21_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gov.ie\/en\/collection\/aa996-guidance-notes\/\" target=\"_blank\">\"Cloud Services Procurement Guidance Note\"<\/a>. Ireland Office of Government Procurement. 9 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.gov.ie\/en\/collection\/aa996-guidance-notes\/\" target=\"_blank\">https:\/\/www.gov.ie\/en\/collection\/aa996-guidance-notes\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Services+Procurement+Guidance+Note&rft.atitle=&rft.date=9+February+2021&rft.pub=Ireland+Office+of+Government+Procurement&rft_id=https%3A%2F%2Fwww.gov.ie%2Fen%2Fcollection%2Faa996-guidance-notes%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IRSRFICloud18-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IRSRFICloud18_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210421182505\/https:\/\/cic.gsa.gov\/documents\/IRS-Cloud-Services-RFI.docx\" target=\"_blank\">\"IRS RFI Cloud Response\"<\/a> (DOCX). Internal Revenue Service. January 2018. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cic.gsa.gov\/documents\/IRS-Cloud-Services-RFI.docx\" target=\"_blank\">the original<\/a> on 21 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210421182505\/https:\/\/cic.gsa.gov\/documents\/IRS-Cloud-Services-RFI.docx\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210421182505\/https:\/\/cic.gsa.gov\/documents\/IRS-Cloud-Services-RFI.docx<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IRS+RFI+Cloud+Response&rft.atitle=&rft.date=January+2018&rft.pub=Internal+Revenue+Service&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210421182505%2Fhttps%3A%2F%2Fcic.gsa.gov%2Fdocuments%2FIRS-Cloud-Services-RFI.docx&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210010\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.240 seconds\nReal time usage: 0.317 seconds\nPreprocessor visited node count: 10644\/1000000\nPost\u2010expand include size: 105212\/2097152 bytes\nTemplate argument size: 35829\/2097152 bytes\nHighest expansion depth: 19\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 24598\/5000000 bytes\nLua time usage: 0.030\/7 seconds\nLua virtual size: 5345280\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 283.606 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\n100.00% 283.606 1 -total\n 53.33% 151.256 1 Template:Reflist\n 46.02% 130.517 15 Template:Cite_web\n 42.28% 119.897 15 Template:Citation\/core\n 40.40% 114.590 1 Template:Dead_link\n 39.15% 111.032 1 Template:Fix\n 33.56% 95.183 1 Template:Category_handler\n 10.13% 28.724 13 Template:Date\n 4.06% 11.514 1 Template:Cat_handler\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12984-0!canonical and timestamp 20230816210010 and revision id 46281. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","ed9df165f2657d5bb145909d714c2690_images":[],"ed9df165f2657d5bb145909d714c2690_timestamp":1692220364,"76e792c8eba6e8589fc26cda5cb6f224_type":"article","76e792c8eba6e8589fc26cda5cb6f224_title":"Wipro Managed Security Services","76e792c8eba6e8589fc26cda5cb6f224_url":"https:\/\/www.limswiki.org\/index.php\/Wipro_Managed_Security_Services","76e792c8eba6e8589fc26cda5cb6f224_plaintext":"\n\nWipro Managed Security ServicesFrom LIMSWikiJump to navigationJump to searchWipro Managed Security Services\nFounder(s)\n \nMohamed PremjiHeadquarters\n \nDoddakannelli, Sarjapur Road, Bengaluru , India Number of locations\n \n100+Area served\n \nWorldwideKey people\n \nThierry Delaporte (CEO)Services\n \nVulnerability scanning, asset visibility, security monitoring, compliance monitoring,\r\nthreat management, incident response, DDoS mitigation, intrusion detection\r\n and prevention, endpoint security, firewall managementRevenue\n \n$2.8 billion (2023, Q4)[1]Website\n \nwipro.com \n\n\r\n\nWipro Managed Security Services is a suite of managed security services (MSS) designed specifically for Amazon Web Services customers, offered by Wipro Limited, a multinational cybersecurity and managed security services provider (MSSP). Wipro describes its AWS-based MSS as being able to \"help reduce business risk, increase cloud security posture, fill cyber skills gaps, and span across the six security domains: vulnerability management, cloud security best practices and compliance, threat detection and response, network security, host and endpoint security, and application security.\"[2] As of August 2023, Wipro is listed among the top 30 MSSPs around the world by multiple entities.[3][4][5]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nSecureworks divides its MSS into ten categories[2]:\n\nVulnerability scanning: \"Regular and automated scanning of your AWS infrastructure assets for software vulnerabilities\"\nAsset visibility: \"Complete visibility across all customer accounts and regions is provided in a consolidated view\"\nSecurity monitoring: \"Provides visibility into cloud misconfigurations and their potential impact on application risk to avoid or reduce potential security breaches\"\nCompliance monitoring: Provides monitoring for regulatory compliance issues\nThreat management: \"Enables organizations to prepare for cyber incidents through effective threat management and defend against and reduce the impact of cyber-attacks for their AWS environment\"\nIncident response: \"Security intelligence services with a combination of automated tools and security experts monitoring AWS asset logs 24\/7\/365 to analyze and triage security events, providing remediation steps and guidance\"\nDDoS mitigation: \"DDoS protection solutions designed to protect everything on cloud and on-premise networks\"\nIntrusion detection and prevention: \"DS\/IPS solution is designed to identify and block malicious traffic, prevent lateral movement of malware, ensure network availability and resiliency, and enhance network performance\"\nEndpoint security: \"Cloud Endpoint Security solution is proficient to safeguard the data and instances on cloud\"\nFirewall management: \"AWS WAF and 3rd-Party WAF vendor solutions to safeguard your site from the latest threats\"\n\r\n\n\nAdditional information \nDocumentation and other media \nExternal links \nManaged security services page\n\r\n\n\nReferences \n\n\n\u2191 \"Wipro Announced Fourth Quarter and Year end Results, Delivers Record Total Bookings\". Wipro. 27 April 2023. https:\/\/www.wipro.com\/newsroom\/press-releases\/2023\/wipro-announces-fourth-quarter-and-year-end-results-delivers-record-total-bookings\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 2.0 2.1 \"AWS Managed Security Services\". Wipro Limited. https:\/\/www.wipro.com\/cybersecurity\/aws-managed-security-services\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 30 to 11\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/23\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 29 May 2021 .   \n \n\n\u2191 \"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\". Software Testing Help. 1 August 2023. https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/ . Retrieved 14 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Wipro_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/Wipro_Managed_Security_Services<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 14 August 2023, at 18:41.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 676 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","76e792c8eba6e8589fc26cda5cb6f224_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Wipro_Managed_Security_Services rootpage-Wipro_Managed_Security_Services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Wipro Managed Security Services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Wipro Managed Security Services<\/b> is a suite of managed security services (MSS) designed specifically for <a href=\"https:\/\/www.limswiki.org\/index.php\/Amazon_Web_Services\" title=\"Amazon Web Services\" class=\"wiki-link\" data-key=\"aa59005d6d3f6c0608f84c7ec811f8d6\">Amazon Web Services<\/a> customers, offered by Wipro Limited, a multinational cybersecurity and managed security services provider (MSSP). Wipro describes its AWS-based MSS as being able to \"help reduce business risk, increase cloud security posture, fill cyber skills gaps, and span across the six security domains: vulnerability management, cloud security best practices and compliance, threat detection and response, network security, host and endpoint security, and application security.\"<sup id=\"rdp-ebb-cite_ref-WiproAWSMSS_2-0\" class=\"reference\"><a href=\"#cite_note-WiproAWSMSS-2\">[2]<\/a><\/sup> As of August 2023, Wipro is listed among the top 30 MSSPs around the world by multiple entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_3-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_4-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-4\">[4]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-STHTop15_21_5-0\" class=\"reference\"><a href=\"#cite_note-STHTop15_21-5\">[5]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Secureworks divides its MSS into ten categories<sup id=\"rdp-ebb-cite_ref-WiproAWSMSS_2-1\" class=\"reference\"><a href=\"#cite_note-WiproAWSMSS-2\">[2]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Vulnerability scanning<\/b>: \"Regular and automated scanning of your AWS infrastructure assets for software vulnerabilities\"<\/li>\n<li><b>Asset visibility<\/b>: \"Complete visibility across all customer accounts and regions is provided in a consolidated view\"<\/li>\n<li><b>Security monitoring<\/b>: \"Provides visibility into cloud misconfigurations and their potential impact on application risk to avoid or reduce potential security breaches\"<\/li>\n<li><b>Compliance monitoring<\/b>: Provides monitoring for regulatory compliance issues<\/li>\n<li><b>Threat management<\/b>: \"Enables organizations to prepare for cyber incidents through effective threat management and defend against and reduce the impact of cyber-attacks for their AWS environment\"<\/li>\n<li><b>Incident response<\/b>: \"Security intelligence services with a combination of automated tools and security experts monitoring AWS asset logs 24\/7\/365 to analyze and triage security events, providing remediation steps and guidance\"<\/li>\n<li><b>DDoS mitigation<\/b>: \"DDoS protection solutions designed to protect everything on cloud and on-premise networks\"<\/li>\n<li><b>Intrusion detection and prevention<\/b>: \"DS\/IPS solution is designed to identify and block malicious traffic, prevent lateral movement of malware, ensure network availability and resiliency, and enhance network performance\"<\/li>\n<li><b>Endpoint security<\/b>: \"Cloud Endpoint Security solution is proficient to safeguard the data and instances on cloud\"<\/li>\n<li><b>Firewall management<\/b>: \"AWS WAF and 3rd-Party WAF vendor solutions to safeguard your site from the latest threats\"<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.wipro.com\/cybersecurity\/aws-managed-security-services\/\" target=\"_blank\">Managed security services page<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-WiproResults21-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WiproResults21_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.wipro.com\/newsroom\/press-releases\/2023\/wipro-announces-fourth-quarter-and-year-end-results-delivers-record-total-bookings\/\" target=\"_blank\">\"Wipro Announced Fourth Quarter and Year end Results, Delivers Record Total Bookings\"<\/a>. Wipro. 27 April 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.wipro.com\/newsroom\/press-releases\/2023\/wipro-announces-fourth-quarter-and-year-end-results-delivers-record-total-bookings\/\" target=\"_blank\">https:\/\/www.wipro.com\/newsroom\/press-releases\/2023\/wipro-announces-fourth-quarter-and-year-end-results-delivers-record-total-bookings\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Wipro+Announced+Fourth+Quarter+and+Year+end+Results%2C+Delivers+Record+Total+Bookings&rft.atitle=&rft.date=27+April+2023&rft.pub=Wipro&rft_id=https%3A%2F%2Fwww.wipro.com%2Fnewsroom%2Fpress-releases%2F2023%2Fwipro-announces-fourth-quarter-and-year-end-results-delivers-record-total-bookings%2F&rfr_id=info:sid\/en.wikipedia.org:Wipro_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WiproAWSMSS-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-WiproAWSMSS_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-WiproAWSMSS_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.wipro.com\/cybersecurity\/aws-managed-security-services\/\" target=\"_blank\">\"AWS Managed Security Services\"<\/a>. Wipro Limited<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.wipro.com\/cybersecurity\/aws-managed-security-services\/\" target=\"_blank\">https:\/\/www.wipro.com\/cybersecurity\/aws-managed-security-services\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AWS+Managed+Security+Services&rft.atitle=&rft.pub=Wipro+Limited&rft_id=https%3A%2F%2Fwww.wipro.com%2Fcybersecurity%2Faws-managed-security-services%2F&rfr_id=info:sid\/en.wikipedia.org:Wipro_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/23\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 30 to 11\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/23\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/23\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+30+to+11&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F23%2F&rfr_id=info:sid\/en.wikipedia.org:Wipro_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 29 May 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:Wipro_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-STHTop15_21-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-STHTop15_21_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">\"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\"<\/a>. Software Testing Help. 1 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+15+Best+Managed+Security+Service+Providers+%28MSSPs%29+In+2023&rft.atitle=&rft.date=1+August+2023&rft.pub=Software+Testing+Help&rft_id=https%3A%2F%2Fwww.softwaretestinghelp.com%2Fmanaged-security-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:Wipro_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210010\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.219 seconds\nReal time usage: 0.284 seconds\nPreprocessor visited node count: 7105\/1000000\nPost\u2010expand include size: 31558\/2097152 bytes\nTemplate argument size: 15021\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 7253\/5000000 bytes\nLua time usage: 0.020\/7 seconds\nLua virtual size: 4939776\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 252.921 1 -total\n 63.60% 160.864 1 Template:Infobox_company\n 61.41% 155.314 1 Template:Infobox\n 55.07% 139.281 81 Template:Infobox\/row\n 45.94% 116.180 1 Template:URL\n 43.24% 109.367 1 Template:Str_right\n 41.95% 106.088 1 Template:Str_sub_long\n 34.94% 88.373 1 Template:Reflist\n 27.65% 69.931 5 Template:Cite_web\n 24.48% 61.913 5 Template:Citation\/core\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12564-0!canonical and timestamp 20230816210010 and revision id 52812. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Wipro_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/Wipro_Managed_Security_Services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","76e792c8eba6e8589fc26cda5cb6f224_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/e\/e2\/Wipro_Primary_Logo_Color_RGB.png"],"76e792c8eba6e8589fc26cda5cb6f224_timestamp":1692220364,"4c4d9521d62404ab1d5925b1ebc635bf_type":"article","4c4d9521d62404ab1d5925b1ebc635bf_title":"Verizon Managed Security Services","4c4d9521d62404ab1d5925b1ebc635bf_url":"https:\/\/www.limswiki.org\/index.php\/Verizon_Managed_Security_Services","4c4d9521d62404ab1d5925b1ebc635bf_plaintext":"\n\nVerizon Managed Security ServicesFrom LIMSWikiJump to navigationJump to searchVerizon Managed Security Services\nFounder(s)\n \nCharles R. Lee and Ivan SeidenbergHeadquarters\n \n1095 Avenue of the Americas, New York, New York , U.S. Number of locations\n \n150+Area served\n \nWorldwideKey people\n \nHans Vestberg (CEO)Services\n \nMSS-Premises and MSS-AnalyticsRevenue\n \n$32.6 billion (Business, Q3, 2023)[1]Website\n \nhhttps:\/\/www.verizon.com\/business\/products\/security\/ \n\n\r\n\nVerizon Managed Security Services is a suite of managed security services (MSS) offered by Verizon Communications, Inc., a multinational telecommunications company. Verizon describes its MSS\u2014referred to as \"Managed Security Information and Event Management\" (SIEM)\u2014that \"gathers threat intelligence from multiple sources, analyzes possible impacts, establishes threat use cases and makes these findings available to you for follow-up.\"[2] As of August 2023, Verizon is listed among the top 30 MSS providers around the world by several entities.[3][4]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nVerizon states the following resources for its SIEM managed SIEM service[2]:\n\nVerizon Managed SIEM Content Library: \"a collection of predefined and proven SIEM content\"\nSecurity Services Advisor: provides training, advisories, sevice help, updates and releases, and recommendations\nSenior SIEM Engineer: \"work with your organization to review your platform configuration and running content set, and provide recommendations on use case creation as well as dashboards, tuning and log source tuning\"\nVerizon Security Operation Centers: \"where our security analysts deliver monitoring and management services on a 24x7 in-region basis\"\nVerizon Threat Research Advisory Center : \"helps to aggregate sources of threat data, using our expansive IP backbone and extensive forensic caseload. We then normalize this data, analyze it and produce actionable intelligence.\"\nAdditional information \nDocumentation and other media \nVerizon Managed SIEM brochure\nVerizon Cybersecurity brochure\nExternal links \nVerizon SIEM page\nReferences \n\n\n\u2191 \"Strong wireless service revenue growth and cash flow highlight Verizon's 2Q results\". Verizon News Center. Verizon Communications, Inc. 25 July 2023. https:\/\/www.verizon.com\/about\/news\/strong-wireless-service-revenue-growth-and-cash-flow-highlight-verizons-2q-results . Retrieved 14 August 2023 .   \n \n\n\u2191 2.0 2.1 \"Managed Security Information and Event Management\". Verizon Communications, Inc. https:\/\/www.verizon.com\/business\/products\/security\/advanced-security-operations-center-services\/managed-security-incident-event-management\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 30 to 21\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/23\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 14 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Verizon_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/Verizon_Managed_Security_Services<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 14 August 2023, at 18:36.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 674 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","4c4d9521d62404ab1d5925b1ebc635bf_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Verizon_Managed_Security_Services rootpage-Verizon_Managed_Security_Services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Verizon Managed Security Services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Verizon Managed Security Services<\/b> is a suite of managed security services (MSS) offered by Verizon Communications, Inc., a multinational telecommunications company. Verizon describes its MSS\u2014referred to as \"Managed Security Information and Event Management\" (SIEM)\u2014that \"gathers threat intelligence from multiple sources, analyzes possible impacts, establishes threat use cases and makes these findings available to you for follow-up.\"<sup id=\"rdp-ebb-cite_ref-VerizonMSSBroch_2-0\" class=\"reference\"><a href=\"#cite_note-VerizonMSSBroch-2\">[2]<\/a><\/sup> As of August 2023, Verizon is listed among the top 30 MSS providers around the world by several entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_3-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_4-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Verizon states the following resources for its SIEM managed SIEM service<sup id=\"rdp-ebb-cite_ref-VerizonMSSBroch_2-1\" class=\"reference\"><a href=\"#cite_note-VerizonMSSBroch-2\">[2]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Verizon Managed SIEM Content Library<\/b>: \"a collection of predefined and proven SIEM content\"<\/li>\n<li><b>Security Services Advisor<\/b>: provides training, advisories, sevice help, updates and releases, and recommendations<\/li>\n<li><b>Senior SIEM Engineer<\/b>: \"work with your organization to review your platform configuration and running content set, and provide recommendations on use case creation as well as dashboards, tuning and log source tuning\"<\/li>\n<li><b>Verizon Security Operation Centers<\/b>: \"where our security analysts deliver monitoring and management services on a 24x7 in-region basis\"<\/li>\n<li><b>Verizon Threat Research Advisory Center <\/b>: \"helps to aggregate sources of threat data, using our expansive IP backbone and extensive forensic caseload. We then normalize this data, analyze it and produce actionable intelligence.\"<\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.verizon.com\/business\/resources\/solutionsbriefs\/2017\/managed-siem-service.pdf\" target=\"_blank\">Verizon Managed SIEM brochure<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.verizon.com\/business\/resources\/factsheets\/2018\/security_and_security_professional_services_overview_en_xg.pdf\" target=\"_blank\">Verizon Cybersecurity brochure<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.verizon.com\/business\/products\/security\/advanced-security-operations-center-services\/managed-security-incident-event-management\/#Features-benefits\" target=\"_blank\">Verizon SIEM page<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-VerizonEnds21-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VerizonEnds21_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.verizon.com\/about\/news\/strong-wireless-service-revenue-growth-and-cash-flow-highlight-verizons-2q-results\" target=\"_blank\">\"Strong wireless service revenue growth and cash flow highlight Verizon's 2Q results\"<\/a>. <i>Verizon News Center<\/i>. Verizon Communications, Inc. 25 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.verizon.com\/about\/news\/strong-wireless-service-revenue-growth-and-cash-flow-highlight-verizons-2q-results\" target=\"_blank\">https:\/\/www.verizon.com\/about\/news\/strong-wireless-service-revenue-growth-and-cash-flow-highlight-verizons-2q-results<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Strong+wireless+service+revenue+growth+and+cash+flow+highlight+Verizon%27s+2Q+results&rft.atitle=Verizon+News+Center&rft.date=25+July+2023&rft.pub=Verizon+Communications%2C+Inc&rft_id=https%3A%2F%2Fwww.verizon.com%2Fabout%2Fnews%2Fstrong-wireless-service-revenue-growth-and-cash-flow-highlight-verizons-2q-results&rfr_id=info:sid\/en.wikipedia.org:Verizon_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VerizonMSSBroch-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-VerizonMSSBroch_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-VerizonMSSBroch_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.verizon.com\/business\/products\/security\/advanced-security-operations-center-services\/managed-security-incident-event-management\/\" target=\"_blank\">\"Managed Security Information and Event Management\"<\/a>. Verizon Communications, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.verizon.com\/business\/products\/security\/advanced-security-operations-center-services\/managed-security-incident-event-management\/\" target=\"_blank\">https:\/\/www.verizon.com\/business\/products\/security\/advanced-security-operations-center-services\/managed-security-incident-event-management\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Security+Information+and+Event+Management&rft.atitle=&rft.pub=Verizon+Communications%2C+Inc&rft_id=https%3A%2F%2Fwww.verizon.com%2Fbusiness%2Fproducts%2Fsecurity%2Fadvanced-security-operations-center-services%2Fmanaged-security-incident-event-management%2F&rfr_id=info:sid\/en.wikipedia.org:Verizon_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/23\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 30 to 21\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/23\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/23\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+30+to+21&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F23%2F&rfr_id=info:sid\/en.wikipedia.org:Verizon_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:Verizon_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210009\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.439 seconds\nReal time usage: 0.952 seconds\nPreprocessor visited node count: 4910\/1000000\nPost\u2010expand include size: 29323\/2097152 bytes\nTemplate argument size: 11695\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 6415\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 102.321 1 -total\n 56.34% 57.648 1 Template:Reflist\n 42.43% 43.410 4 Template:Cite_web\n 41.71% 42.677 1 Template:Infobox_company\n 38.29% 39.175 1 Template:Infobox\n 35.57% 36.396 4 Template:Citation\/core\n 25.78% 26.379 81 Template:Infobox\/row\n 9.99% 10.222 1 Template:URL\n 7.94% 8.127 3 Template:Date\n 4.24% 4.340 7 Template:Citation\/make_link\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12577-0!canonical and timestamp 20230816210008 and revision id 52811. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Verizon_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/Verizon_Managed_Security_Services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","4c4d9521d62404ab1d5925b1ebc635bf_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/4\/4a\/Verizon_Communications_Logo_2015.jpg"],"4c4d9521d62404ab1d5925b1ebc635bf_timestamp":1692220363,"38efc7250147e02845462f279525d6d8_type":"article","38efc7250147e02845462f279525d6d8_title":"Trustwave Managed Security Services","38efc7250147e02845462f279525d6d8_url":"https:\/\/www.limswiki.org\/index.php\/Trustwave_Managed_Security_Services","38efc7250147e02845462f279525d6d8_plaintext":"\n\nTrustwave Managed Security ServicesFrom LIMSWikiJump to navigationJump to searchTrustwave Managed Security Services\nFounder(s)\n \nRobert McCullen and Andrew BokorHeadquarters\n \n70 W. Madison St., Suite 600, Chicago, Illinois , United States Number of locations\n \n10Area served\n \nWorldwideKey people\n \nEric Harmon (CEO)Services\n \nManaged detection and response, threat detection, enterprise security,\r\ndevice management, vulnerability management, SOCaaS, WAFaaSRevenue\n \nUnknown (presumably private)Website\n \ntrustwave.com \n\n\r\n\nTrustwave Managed Security Services is a suite of managed security services (MSS) offered by Trustwave Holdings, Inc., a multinational technology services and managed security services provider (MSSP). Trustwave Holdings, Inc. describes its MSS as helping \"you strengthen your environment quickly and become more resilient over time.\"[1] As of August 2023, Trustwave is listed among the top 10 MSSPs around the world by multiple entities.[2][3][4]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nTrustwave divides its MSS into six categories[1]:\n\nManaged threat detection and response: Provides managed threat consultancy, layered detection and investigation, threat intelligence, managed security control response, and the Trustwave Fusion platform.\nProactive threat hunting: Provides proactive threat hunting and remediation, forensic and incident response, and vulnerability analysis.\nSecurity technology management: Provides device management, change management, health and availability monitoring, and security-based product updates.\nCompliance-based security: Provides essential compliance tools, connectivity tools, and advanced network security tools, depending on the package you select.\nManaged application control: Provides endpoint monitoring and control, real-time threat intelligence, and corporate security policy control.\nTelco security: Provides IP flow analysis, global threat intelligence, monthly network security reports, DDoS notifications and recommendations, antivirus protection, and real-time incident and traffic profile reports.\n\r\n\n\nAdditional information \nDocumentation and other media \nTrustwave MSS document library (many require registration to dowload)\nExternal links \nManaged security services page\n\r\n\n\nReferences \n\n\n\u2191 1.0 1.1 \"Managed Security Services\". Trustwave Holdings, Inc. https:\/\/www.trustwave.com\/en-us\/services\/managed-security-services\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 10 to 01\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/25\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 27 May 2021 .   \n \n\n\u2191 \"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\". Software Testing Help. 1 August 2023. https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/ . Retrieved 14 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Trustwave_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/Trustwave_Managed_Security_Services<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 14 August 2023, at 18:15.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 777 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","38efc7250147e02845462f279525d6d8_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Trustwave_Managed_Security_Services rootpage-Trustwave_Managed_Security_Services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Trustwave Managed Security Services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Trustwave Managed Security Services<\/b> is a suite of managed security services (MSS) offered by Trustwave Holdings, Inc., a multinational technology services and managed security services provider (MSSP). Trustwave Holdings, Inc. describes its MSS as helping \"you strengthen your environment quickly and become more resilient over time.\"<sup id=\"rdp-ebb-cite_ref-TWMSS_1-0\" class=\"reference\"><a href=\"#cite_note-TWMSS-1\">[1]<\/a><\/sup> As of August 2023, Trustwave is listed among the top 10 MSSPs around the world by multiple entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_2-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_3-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-STHTop15_21_4-0\" class=\"reference\"><a href=\"#cite_note-STHTop15_21-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Trustwave divides its MSS into six categories<sup id=\"rdp-ebb-cite_ref-TWMSS_1-1\" class=\"reference\"><a href=\"#cite_note-TWMSS-1\">[1]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Managed threat detection and response<\/b>: Provides managed threat consultancy, layered detection and investigation, threat intelligence, managed security control response, and the Trustwave Fusion platform.<\/li>\n<li><b>Proactive threat hunting<\/b>: Provides proactive threat hunting and remediation, forensic and incident response, and vulnerability analysis.<\/li>\n<li><b>Security technology management<\/b>: Provides device management, change management, health and availability monitoring, and security-based product updates.<\/li>\n<li><b>Compliance-based security<\/b>: Provides essential compliance tools, connectivity tools, and advanced network security tools, depending on the package you select.<\/li>\n<li><b>Managed application control<\/b>: Provides endpoint monitoring and control, real-time threat intelligence, and corporate security policy control.<\/li>\n<li><b>Telco security<\/b>: Provides IP flow analysis, global threat intelligence, monthly network security reports, DDoS notifications and recommendations, antivirus protection, and real-time incident and traffic profile reports.<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/library\/?type=doc&topics=Managed%20Security&categories=&tags=&vidcats=&sort=Newest\" target=\"_blank\">Trustwave MSS document library<\/a> (many require registration to dowload)<\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.trustwave.com\/en-us\/services\/managed-security-services\/\" target=\"_blank\">Managed security services page<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-TWMSS-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-TWMSS_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-TWMSS_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.trustwave.com\/en-us\/services\/managed-security-services\/\" target=\"_blank\">\"Managed Security Services\"<\/a>. Trustwave Holdings, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.trustwave.com\/en-us\/services\/managed-security-services\/\" target=\"_blank\">https:\/\/www.trustwave.com\/en-us\/services\/managed-security-services\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Security+Services&rft.atitle=&rft.pub=Trustwave+Holdings%2C+Inc&rft_id=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fservices%2Fmanaged-security-services%2F&rfr_id=info:sid\/en.wikipedia.org:Trustwave_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/25\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 10 to 01\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/25\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/25\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+10+to+01&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F25%2F&rfr_id=info:sid\/en.wikipedia.org:Trustwave_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 27 May 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:Trustwave_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-STHTop15_21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-STHTop15_21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">\"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\"<\/a>. Software Testing Help. 1 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+15+Best+Managed+Security+Service+Providers+%28MSSPs%29+In+2023&rft.atitle=&rft.date=1+August+2023&rft.pub=Software+Testing+Help&rft_id=https%3A%2F%2Fwww.softwaretestinghelp.com%2Fmanaged-security-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:Trustwave_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210008\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.470 seconds\nReal time usage: 0.979 seconds\nPreprocessor visited node count: 6863\/1000000\nPost\u2010expand include size: 26712\/2097152 bytes\nTemplate argument size: 14534\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 5637\/5000000 bytes\nLua time usage: 0.010\/7 seconds\nLua virtual size: 4939776\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 189.712 1 -total\n 67.23% 127.550 1 Template:Infobox_company\n 65.35% 123.981 1 Template:Infobox\n 58.48% 110.943 81 Template:Infobox\/row\n 50.93% 96.628 1 Template:URL\n 47.62% 90.342 1 Template:Str_right\n 46.17% 87.582 1 Template:Str_sub_long\n 30.50% 57.870 1 Template:Reflist\n 23.12% 43.864 4 Template:Cite_web\n 22.61% 42.886 1 Template:Str_len\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12561-0!canonical and timestamp 20230816210007 and revision id 52810. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Trustwave_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/Trustwave_Managed_Security_Services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","38efc7250147e02845462f279525d6d8_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/7\/7d\/Trustwave_logo_Color.png"],"38efc7250147e02845462f279525d6d8_timestamp":1692220363,"31b12ef9194339383a8a705d36d38777_type":"article","31b12ef9194339383a8a705d36d38777_title":"Secureworks Managed Security Services","31b12ef9194339383a8a705d36d38777_url":"https:\/\/www.limswiki.org\/index.php\/Secureworks_Managed_Security_Services","31b12ef9194339383a8a705d36d38777_plaintext":"\n\nSecureworks Managed Security ServicesFrom LIMSWikiJump to navigationJump to searchSecureworks Managed Security Services\nFounder(s)\n \nMichael Pearson and Joan WilbanksHeadquarters\n \n1 Concourse Pkwy NE, #500, Atlanta, Georgia , United States Number of locations\n \n10Area served\n \nWorldwideKey people\n \nWendy K. Thomas (CEO)Services\n \nSecurity management, advanced threat services, security monitoring, vulnerability managementRevenue\n \n$94.4M (2024, Q1)[1]Website\n \nsecureworks.com \n\n\r\n\nSecureworks Managed Security Services is a suite of managed security services (MSS) offered by SecureWorks, Inc., a multinational cybersecurity and managed security services provider (MSSP). Secureworks describes its MSS as being able to \"extend your security operations to bridge people, processes, and technology for 24x7 support.\"[2] As a whole, Secureworks has undergone a variety of changes, from an acquisition by Dell in 2011[3] to rumors of Dell looking to sell from 2019 onward[4][5], as well as a noticeable shift from cybersecurity services to cybersecurity software.[6][7] As of August 2023, Secureworks is listed among the top 15 MSSPs around the world by multiple entities.[8][9][10]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nSecureworks divides its MSS into four categories[2]:\n\nSecurity management: Provides managed firewall services; monitoring, maintenance, and administration of IDS\/IPS technology; and intrusion prevention.\nAdvanced threat services: Provides advanced endpoint threat detection, prevention, and remediation.\nSecurity monitoring: Provides security event monitoring, as well as log management and compliance reporting.\nVulnerability management: Provides vulnerability program management, vulnerability scanning, PCI scanning, web application scanning, and assistance with IT security policy compliance.\n\r\n\n\nAdditional information \nDocumentation and other media \nSecureworks resource center\nExternal links \nManaged security services page\n\r\n\n\nReferences \n\n\n\u2191 \"SecureWorks Announces First Quarter Fiscal 2024 Results\". Secureworks, Inc. 8 June 2023. https:\/\/investors.secureworks.com\/news\/news-details\/2023\/Secureworks-Announces-First-Quarter-Fiscal-2024-Results\/default.aspx . Retrieved 11 August 2023 .   \n \n\n\u2191 2.0 2.1 \"Managed Security Services\". Secureworks, Inc. https:\/\/www.secureworks.com\/services\/managed-security . Retrieved 11 August 2023 .   \n \n\n\u2191 Dizzy, S. (5 April 2011). \"Dell Paid $612 Million for SecureWorks Cloud Acquisition\". ChannelFutures. https:\/\/www.channelfutures.com\/cloud-2\/dell-paid-612-million-for-secureworks-cloud-acquisition . Retrieved 11 August 2023 .   \n \n\n\u2191 Baker, L.B.; Barbaglia, P. (7 February 2019). \"Exclusive: Dell explores sale of cybersecurity company SecureWorks - sources\". Reuters. https:\/\/www.reuters.com\/article\/us-secureworks-m-a-exclusive\/exclusive-dell-explores-sale-of-cybersecurity-company-secureworks-sources-idUSKCN1PW22J . Retrieved 11 August 2023 .   \n \n\n\u2191 Panettieri, J. (2 February 2021). \"Atos Abandons DXC Technology Acquisition Plan, Buyout Negotiations End\". Channel e2e. https:\/\/www.channele2e.com\/investors\/mergers-acquisitions\/atos-buying-dxc-technology-secureworks\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 Panettieri, J. (5 December 2020). \"Secureworks CEO, CFO: Managed Security Channel Partner Program Buildout Continues\". MSSP Alert. https:\/\/www.msspalert.com\/cybersecurity-companies\/partner-programs\/secureworks-ceo-cfo-channel-partner-program-buildout\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 Felicia (27 December 2020). \"SecureWorks: A Promising But Challenging Software Transition\". Seeking Alpha. https:\/\/seekingalpha.com\/article\/4396324-secureworks-promising-challenging-software-transition . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 20 to 11\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/24\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 29 May 2021 .   \n \n\n\u2191 \"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\". Software Testing Help. 1 August 2023. https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/ . Retrieved 11 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Secureworks_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/Secureworks_Managed_Security_Services<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 August 2023, at 21:57.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 755 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","31b12ef9194339383a8a705d36d38777_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Secureworks_Managed_Security_Services rootpage-Secureworks_Managed_Security_Services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Secureworks Managed Security Services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Secureworks Managed Security Services<\/b> is a suite of managed security services (MSS) offered by SecureWorks, Inc., a multinational cybersecurity and managed security services provider (MSSP). Secureworks describes its MSS as being able to \"extend your security operations to bridge people, processes, and technology for 24x7 support.\"<sup id=\"rdp-ebb-cite_ref-SWManaged_2-0\" class=\"reference\"><a href=\"#cite_note-SWManaged-2\">[2]<\/a><\/sup> As a whole, Secureworks has undergone a variety of changes, from an acquisition by Dell in 2011<sup id=\"rdp-ebb-cite_ref-DizzyDell11_3-0\" class=\"reference\"><a href=\"#cite_note-DizzyDell11-3\">[3]<\/a><\/sup> to rumors of Dell looking to sell from 2019 onward<sup id=\"rdp-ebb-cite_ref-BakerExclusive19_4-0\" class=\"reference\"><a href=\"#cite_note-BakerExclusive19-4\">[4]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-PanattieriAtos21_5-0\" class=\"reference\"><a href=\"#cite_note-PanattieriAtos21-5\">[5]<\/a><\/sup>, as well as a noticeable shift from cybersecurity services to cybersecurity software.<sup id=\"rdp-ebb-cite_ref-PanattieriSecure20_6-0\" class=\"reference\"><a href=\"#cite_note-PanattieriSecure20-6\">[6]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-FeliciaSecure20_7-0\" class=\"reference\"><a href=\"#cite_note-FeliciaSecure20-7\">[7]<\/a><\/sup> As of August 2023, Secureworks is listed among the top 15 MSSPs around the world by multiple entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_8-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-8\">[8]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_9-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-9\">[9]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-STHTop15_21_10-0\" class=\"reference\"><a href=\"#cite_note-STHTop15_21-10\">[10]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Secureworks divides its MSS into four categories<sup id=\"rdp-ebb-cite_ref-SWManaged_2-1\" class=\"reference\"><a href=\"#cite_note-SWManaged-2\">[2]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Security management<\/b>: Provides managed firewall services; monitoring, maintenance, and administration of IDS\/IPS technology; and intrusion prevention.<\/li>\n<li><b>Advanced threat services<\/b>: Provides advanced endpoint threat detection, prevention, and remediation.<\/li>\n<li><b>Security monitoring<\/b>: Provides security event monitoring, as well as log management and compliance reporting.<\/li>\n<li><b>Vulnerability management<\/b>: Provides vulnerability program management, vulnerability scanning, PCI scanning, web application scanning, and assistance with IT security policy compliance.<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.secureworks.com\/resources\" target=\"_blank\">Secureworks resource center<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.secureworks.com\/services\/managed-security\" target=\"_blank\">Managed security services page<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-MFTSecure21-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MFTSecure21_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/investors.secureworks.com\/news\/news-details\/2023\/Secureworks-Announces-First-Quarter-Fiscal-2024-Results\/default.aspx\" target=\"_blank\">\"SecureWorks Announces First Quarter Fiscal 2024 Results\"<\/a>. Secureworks, Inc. 8 June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/investors.secureworks.com\/news\/news-details\/2023\/Secureworks-Announces-First-Quarter-Fiscal-2024-Results\/default.aspx\" target=\"_blank\">https:\/\/investors.secureworks.com\/news\/news-details\/2023\/Secureworks-Announces-First-Quarter-Fiscal-2024-Results\/default.aspx<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SecureWorks+Announces+First+Quarter+Fiscal+2024+Results&rft.atitle=&rft.date=8+June+2023&rft.pub=Secureworks%2C+Inc&rft_id=https%3A%2F%2Finvestors.secureworks.com%2Fnews%2Fnews-details%2F2023%2FSecureworks-Announces-First-Quarter-Fiscal-2024-Results%2Fdefault.aspx&rfr_id=info:sid\/en.wikipedia.org:Secureworks_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SWManaged-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-SWManaged_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-SWManaged_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.secureworks.com\/services\/managed-security\" target=\"_blank\">\"Managed Security Services\"<\/a>. Secureworks, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.secureworks.com\/services\/managed-security\" target=\"_blank\">https:\/\/www.secureworks.com\/services\/managed-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Security+Services&rft.atitle=&rft.pub=Secureworks%2C+Inc&rft_id=https%3A%2F%2Fwww.secureworks.com%2Fservices%2Fmanaged-security&rfr_id=info:sid\/en.wikipedia.org:Secureworks_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DizzyDell11-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DizzyDell11_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Dizzy, S. (5 April 2011). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.channelfutures.com\/cloud-2\/dell-paid-612-million-for-secureworks-cloud-acquisition\" target=\"_blank\">\"Dell Paid $612 Million for SecureWorks Cloud Acquisition\"<\/a>. <i>ChannelFutures<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.channelfutures.com\/cloud-2\/dell-paid-612-million-for-secureworks-cloud-acquisition\" target=\"_blank\">https:\/\/www.channelfutures.com\/cloud-2\/dell-paid-612-million-for-secureworks-cloud-acquisition<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Dell+Paid+%24612+Million+for+SecureWorks+Cloud+Acquisition&rft.atitle=ChannelFutures&rft.aulast=Dizzy%2C+S.&rft.au=Dizzy%2C+S.&rft.date=5+April+2011&rft_id=https%3A%2F%2Fwww.channelfutures.com%2Fcloud-2%2Fdell-paid-612-million-for-secureworks-cloud-acquisition&rfr_id=info:sid\/en.wikipedia.org:Secureworks_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BakerExclusive19-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BakerExclusive19_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Baker, L.B.; Barbaglia, P. (7 February 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.reuters.com\/article\/us-secureworks-m-a-exclusive\/exclusive-dell-explores-sale-of-cybersecurity-company-secureworks-sources-idUSKCN1PW22J\" target=\"_blank\">\"Exclusive: Dell explores sale of cybersecurity company SecureWorks - sources\"<\/a>. <i>Reuters<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.reuters.com\/article\/us-secureworks-m-a-exclusive\/exclusive-dell-explores-sale-of-cybersecurity-company-secureworks-sources-idUSKCN1PW22J\" target=\"_blank\">https:\/\/www.reuters.com\/article\/us-secureworks-m-a-exclusive\/exclusive-dell-explores-sale-of-cybersecurity-company-secureworks-sources-idUSKCN1PW22J<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Exclusive%3A+Dell+explores+sale+of+cybersecurity+company+SecureWorks+-+sources&rft.atitle=Reuters&rft.aulast=Baker%2C+L.B.%3B+Barbaglia%2C+P.&rft.au=Baker%2C+L.B.%3B+Barbaglia%2C+P.&rft.date=7+February+2019&rft_id=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-secureworks-m-a-exclusive%2Fexclusive-dell-explores-sale-of-cybersecurity-company-secureworks-sources-idUSKCN1PW22J&rfr_id=info:sid\/en.wikipedia.org:Secureworks_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PanattieriAtos21-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PanattieriAtos21_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Panettieri, J. (2 February 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.channele2e.com\/investors\/mergers-acquisitions\/atos-buying-dxc-technology-secureworks\/\" target=\"_blank\">\"Atos Abandons DXC Technology Acquisition Plan, Buyout Negotiations End\"<\/a>. <i>Channel e2e<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.channele2e.com\/investors\/mergers-acquisitions\/atos-buying-dxc-technology-secureworks\/\" target=\"_blank\">https:\/\/www.channele2e.com\/investors\/mergers-acquisitions\/atos-buying-dxc-technology-secureworks\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Atos+Abandons+DXC+Technology+Acquisition+Plan%2C+Buyout+Negotiations+End&rft.atitle=Channel+e2e&rft.aulast=Panettieri%2C+J.&rft.au=Panettieri%2C+J.&rft.date=2+February+2021&rft_id=https%3A%2F%2Fwww.channele2e.com%2Finvestors%2Fmergers-acquisitions%2Fatos-buying-dxc-technology-secureworks%2F&rfr_id=info:sid\/en.wikipedia.org:Secureworks_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PanattieriSecure20-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PanattieriSecure20_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Panettieri, J. (5 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/cybersecurity-companies\/partner-programs\/secureworks-ceo-cfo-channel-partner-program-buildout\/\" target=\"_blank\">\"Secureworks CEO, CFO: Managed Security Channel Partner Program Buildout Continues\"<\/a>. <i>MSSP Alert<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/cybersecurity-companies\/partner-programs\/secureworks-ceo-cfo-channel-partner-program-buildout\/\" target=\"_blank\">https:\/\/www.msspalert.com\/cybersecurity-companies\/partner-programs\/secureworks-ceo-cfo-channel-partner-program-buildout\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Secureworks+CEO%2C+CFO%3A+Managed+Security+Channel+Partner+Program+Buildout+Continues&rft.atitle=MSSP+Alert&rft.aulast=Panettieri%2C+J.&rft.au=Panettieri%2C+J.&rft.date=5+December+2020&rft_id=https%3A%2F%2Fwww.msspalert.com%2Fcybersecurity-companies%2Fpartner-programs%2Fsecureworks-ceo-cfo-channel-partner-program-buildout%2F&rfr_id=info:sid\/en.wikipedia.org:Secureworks_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FeliciaSecure20-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FeliciaSecure20_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Felicia (27 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/seekingalpha.com\/article\/4396324-secureworks-promising-challenging-software-transition\" target=\"_blank\">\"SecureWorks: A Promising But Challenging Software Transition\"<\/a>. <i>Seeking Alpha<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/seekingalpha.com\/article\/4396324-secureworks-promising-challenging-software-transition\" target=\"_blank\">https:\/\/seekingalpha.com\/article\/4396324-secureworks-promising-challenging-software-transition<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SecureWorks%3A+A+Promising+But+Challenging+Software+Transition&rft.atitle=Seeking+Alpha&rft.aulast=Felicia&rft.au=Felicia&rft.date=27+December+2020&rft_id=https%3A%2F%2Fseekingalpha.com%2Farticle%2F4396324-secureworks-promising-challenging-software-transition&rfr_id=info:sid\/en.wikipedia.org:Secureworks_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/24\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 20 to 11\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/24\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/24\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+20+to+11&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F24%2F&rfr_id=info:sid\/en.wikipedia.org:Secureworks_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 29 May 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:Secureworks_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-STHTop15_21-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-STHTop15_21_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">\"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\"<\/a>. Software Testing Help. 1 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+15+Best+Managed+Security+Service+Providers+%28MSSPs%29+In+2023&rft.atitle=&rft.date=1+August+2023&rft.pub=Software+Testing+Help&rft_id=https%3A%2F%2Fwww.softwaretestinghelp.com%2Fmanaged-security-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:Secureworks_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210007\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.530 seconds\nReal time usage: 1.385 seconds\nPreprocessor visited node count: 11330\/1000000\nPost\u2010expand include size: 58229\/2097152 bytes\nTemplate argument size: 29881\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 15403\/5000000 bytes\nLua time usage: 0.010\/7 seconds\nLua virtual size: 4931584\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 258.159 1 -total\n 54.26% 140.078 1 Template:Infobox_company\n 52.35% 135.142 1 Template:Infobox\n 46.07% 118.942 81 Template:Infobox\/row\n 44.30% 114.370 1 Template:Reflist\n 38.04% 98.216 1 Template:URL\n 35.70% 92.154 10 Template:Cite_web\n 35.23% 90.940 1 Template:Str_right\n 34.02% 87.814 1 Template:Str_sub_long\n 32.32% 83.425 10 Template:Citation\/core\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12562-0!canonical and timestamp 20230816210006 and revision id 52806. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Secureworks_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/Secureworks_Managed_Security_Services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","31b12ef9194339383a8a705d36d38777_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/2\/25\/Logo-secureworks-200X68.png"],"31b12ef9194339383a8a705d36d38777_timestamp":1692220363,"d0482648d6fc05144a29bf0dc750c89f_type":"article","d0482648d6fc05144a29bf0dc750c89f_title":"Orange Cyberdefense","d0482648d6fc05144a29bf0dc750c89f_url":"https:\/\/www.limswiki.org\/index.php\/Orange_Cyberdefense","d0482648d6fc05144a29bf0dc750c89f_plaintext":"\n\nOrange CyberdefenseFrom LIMSWikiJump to navigationJump to searchOrange Cyberdefense\nFounder(s)\n \nMichel Van Den BergheHeadquarters\n \n54 Place de l\u2019Ellipse, Paris, La D\u00e9fense , France Number of locations\n \n33Area served\n \nWorldwideKey people\n \nHugues Foulon (CEO)Services\n \nThreat anticipation, identification, protection, detection, and responseRevenue\n \nUnknown (private)Parent\n \nOrange GroupWebsite\n \norangecyberdefense.com\/global\/ \n\n\r\n\nOrange Cyberdefense is the cybersecurity business unit of Orange Group, a multinational telecommunications company, as well as a suite of managed security services (MSS). Orange Cyberdefense describes its MSS business as being able to \"offer global protection with local expertise and support our customers throughout the entire threat lifecycle.\"[1] As of August 2023, Orange Cyberdefense is listed among the top 10 MSSPs around the world by several entities.[2][3]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nOrange Cyberdefense divides its MSS into five categories: threat anticipation, identification, protection, detection, and response. Those services include[1]:\n\nAnticipate: Provides threat intelligence and dark web surveillance of digital assets.\nIdentify: Provides cybersecurity consulting and auditing, penetration testing, and red team exercises.\nProtect: Provides multi-network and application security tools, endpoint protection, identity access management, and vulnerability management.\nDetect: Provides managed threat detection and response, threat intelligence, and 24\/7 threat monitoring.\nRespond: Provides incident response and digital forensics.\n\r\n\n\nAdditional information \nDocumentation and other media \nDatasheet library\nExternal links \nManaged security services page\n\r\n\n\nReferences \n\n\n\u2191 1.0 1.1 \"Orange Cyberdefense\". Orange Group. https:\/\/orangecyberdefense.com\/global\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 10 to 01\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/25\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 02 June 2021 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Orange_Cyberdefense\">https:\/\/www.limswiki.org\/index.php\/Orange_Cyberdefense<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 August 2023, at 21:42.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,357 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","d0482648d6fc05144a29bf0dc750c89f_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Orange_Cyberdefense rootpage-Orange_Cyberdefense skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Orange Cyberdefense<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Orange Cyberdefense<\/b> is the cybersecurity business unit of Orange Group, a multinational telecommunications company, as well as a suite of managed security services (MSS). Orange Cyberdefense describes its MSS business as being able to \"offer global protection with local expertise and support our customers throughout the entire threat lifecycle.\"<sup id=\"rdp-ebb-cite_ref-OCGlobal_1-0\" class=\"reference\"><a href=\"#cite_note-OCGlobal-1\">[1]<\/a><\/sup> As of August 2023, Orange Cyberdefense is listed among the top 10 MSSPs around the world by several entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_2-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_3-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-3\">[3]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Orange Cyberdefense divides its MSS into five categories: threat anticipation, identification, protection, detection, and response. Those services include<sup id=\"rdp-ebb-cite_ref-OCGlobal_1-1\" class=\"reference\"><a href=\"#cite_note-OCGlobal-1\">[1]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Anticipate<\/b>: Provides threat intelligence and dark web surveillance of digital assets.<\/li>\n<li><b>Identify<\/b>: Provides cybersecurity consulting and auditing, penetration testing, and red team exercises.<\/li>\n<li><b>Protect<\/b>: Provides multi-network and application security tools, endpoint protection, identity access management, and vulnerability management.<\/li>\n<li><b>Detect<\/b>: Provides managed threat detection and response, threat intelligence, and 24\/7 threat monitoring.<\/li>\n<li><b>Respond<\/b>: Provides incident response and digital forensics.<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/orangecyberdefense.com\/global\/datasheets\/\" target=\"_blank\">Datasheet library<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.orangecyberdefense.com\/global\/all-services\" target=\"_blank\">Managed security services page<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-OCGlobal-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OCGlobal_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-OCGlobal_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/orangecyberdefense.com\/global\/\" target=\"_blank\">\"Orange Cyberdefense\"<\/a>. Orange Group<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/orangecyberdefense.com\/global\/\" target=\"_blank\">https:\/\/orangecyberdefense.com\/global\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Orange+Cyberdefense&rft.atitle=&rft.pub=Orange+Group&rft_id=https%3A%2F%2Forangecyberdefense.com%2Fglobal%2F&rfr_id=info:sid\/en.wikipedia.org:Orange_Cyberdefense\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/25\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 10 to 01\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/25\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/25\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+10+to+01&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F25%2F&rfr_id=info:sid\/en.wikipedia.org:Orange_Cyberdefense\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 June 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:Orange_Cyberdefense\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210006\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.092 seconds\nReal time usage: 0.108 seconds\nPreprocessor visited node count: 4229\/1000000\nPost\u2010expand include size: 21287\/2097152 bytes\nTemplate argument size: 7165\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 4119\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 90.720 1 -total\n 56.64% 51.382 1 Template:Reflist\n 41.77% 37.890 3 Template:Cite_web\n 39.35% 35.695 1 Template:Infobox_company\n 35.59% 32.291 1 Template:Infobox\n 35.42% 32.135 3 Template:Citation\/core\n 22.97% 20.837 81 Template:Infobox\/row\n 8.81% 7.993 2 Template:Date\n 6.94% 6.295 1 Template:URL\n 4.45% 4.036 5 Template:Citation\/make_link\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12574-0!canonical and timestamp 20230816210006 and revision id 52805. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Orange_Cyberdefense\">https:\/\/www.limswiki.org\/index.php\/Orange_Cyberdefense<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","d0482648d6fc05144a29bf0dc750c89f_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/3\/30\/Orange_logo_WC.png"],"d0482648d6fc05144a29bf0dc750c89f_timestamp":1692220363,"4f93d6af27744d1eb3ba7efe21bf81dd_type":"article","4f93d6af27744d1eb3ba7efe21bf81dd_title":"NTT Managed Security Services","4f93d6af27744d1eb3ba7efe21bf81dd_url":"https:\/\/www.limswiki.org\/index.php\/NTT_Managed_Security_Services","4f93d6af27744d1eb3ba7efe21bf81dd_plaintext":"\n\nNTT Managed Security ServicesFrom LIMSWikiJump to navigationJump to searchNTT Managed Security Services\nIndustry\n \nTechnology services\r\nManaged security servicesFounder(s)\n \nGovernment of JapanHeadquarters\n \n2nd Floor, 1 King William Street, London , United Kingdom Number of locations\n \n131Area served\n \nWorldwideKey people\n \nAbhijit Dubey (CEO)Services\n \nCybersecurity consulting, network security, endpoint security, threat detection and responseRevenue\n \nUnknown (NTT Inc. data available, but not Ltd.)Parent\n \nNTT IncorporatedWebsite\n \nservices.global.ntt \n\n\r\n\nNTT Managed Security Services is a suite of managed security services (MSS) offered by NTT Ltd., a multinational technology services and managed security services provider (MSSP) operating as part of NTT Group and NTT Incorporated. NTT Ltd. describes its MSS as providing \"security and visibility to your whole estate, including network, infrastructure and cloud apps ... [through] a powerful combination of security, automation, and observability in a single cloud native platform platform, greatly influencing the speed and quality of your business outcomes.\"[1] As of August 2023, NTT Ltd. is listed among the top 25 MSSPs around the world by several entities.[2][3][4]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nNTT Ltd. divides its managed security services (MSS) into seven categories:\n\nManaged detection and response: Provides network and endpoint visibility, advanced analytics using machine learning and threat intelligence, \"analyst-driven\" attack investigation and disruption, incident reporting, compromised host isolation, and event dashboards[5]\nThreat detection services: Provides threat detection services based upon the service package selected: Standard or Enhanced. Both packages offer 24\/7 detection with updates, analytics, and reports from internal intelligence investigations and modeling. Enhanced adds packet capture data, malware execution reports, host recordings, incident investigation, threat hunting, and more.[6]\nEnterprise security monitoring: Provides enterprise security monitoring based upon the service package selected: Standard or Enhanced. Both packages offer 24\/7 monitoring with analyst-reviewed incident reports, customizable monitoring and reporting schemes, and customizable web portals. Enhanced adds wider global threat intelligence, device support, and optional raw log search.[7]\nSecurity device management: Provides security device management based upon the service package selected: Standard or Enhanced. Both packages offer health and availability monitoring, improvement, and recommendation; incident generation, diagnosis, and reporting; capacity planning, monitoring, reporting, and recommendation; asset tracking and reporting; service request management and information fulfillment; and problem management. Enhanced adds multiple change implementations, incident resolutions, and more.[8]\nSecurity operation center (SOC) as a service: Provides 24\/7 staffed SOC center with incident monitoring and alerts; SIEM platform management and configuration; custom use-cases, dashboards, and reports; NTT's Cyber Threat Sensor; compliance monitoring, notification, and reporting; custom playbooks; and incident lifecycle support.[9]\nWeb application firewall (WAF) as a service: Provides WAF configuration and protection services based upon the service package selected: Standard or Enhanced. Standard provides WAF safeguarding with full web server visibility, 24\/7 access to the NTT SOC for support and engineering, PCI DSS compliance reporting, and enhanced risk management. The Enhanced package provides the same and adds advanced incident detection and analytics, threat intelligence, threat hunting, full security incident reports with remediation recommendations, and business\/regulatory compliance reporting.[10]\nVulnerability management: Provides 24\/7 security monitoring and management across clouds, data centers, and on-premises server; managed or self-service scanning; internal and external vulnerability scanning; virtual machine tools and reports; customizable policy templates; and DHCP support. The service also integrates with its threat detection services at the Enhanced level.[11]\n\r\n\n\nAdditional information \nDocumentation and other media \nCybersecurity brochure\nEnterprise security monitoring brochure\nManaged detection and response brochure\nSecurity device management brochure\nSecurity operation center as a service brochure\nThreat detection services brochure\nVulnerability management brochure\nWeb application firewall as a service brochure\nExternal links \nManaged cloud security services page\n\r\n\n\nReferences \n\n\n\u2191 \"Cloud Security Services\". NTT LTd. https:\/\/services.global.ntt\/en-us\/services-and-products\/cloud\/cloud-security-services . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 20 to 11\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/24\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 27 May 2021 .   \n \n\n\u2191 \"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\". Software Testing Help. 1 August 2023. https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Managed Detection and Response\" (PDF). NTT Ltd. https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/managed-detection-and-response\/mss-v3-datasheet-managed-detection-and-response.pdf . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Threat Detection Services\" (PDF). NTT Ltd. https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/threat-detection-services\/threat-detection-services-datasheet.pdf . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Enterprise Security Monitoring Services\" (PDF). NTT Ltd. https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/enterprise-security-monitoring\/enterprise-security-monitoring-services-datasheet.pdf . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Security Device Management Services\" (PDF). NTT Ltd. https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/security-device-management\/security-device-management-datasheet.pdf . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Security Operation Center as a Service\" (PDF). NTT Ltd. https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/security-operation-center-as-a-service\/mss-v3-datasheet-socaas.pdf . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Web Application Firewall (WAF) as a Service\" (PDF). NTT Ltd. https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/web-application-firewall-as-a-service\/data-sheet_web-application-firewall_as-a-service.pdf . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Vulnerability Management as a Service\" (PDF). NTT Ltd. https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/vulnerability-management\/vulnerability-management-datasheet.pdf . Retrieved 11 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/NTT_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/NTT_Managed_Security_Services<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 August 2023, at 21:31.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,320 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","4f93d6af27744d1eb3ba7efe21bf81dd_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-NTT_Managed_Security_Services rootpage-NTT_Managed_Security_Services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">NTT Managed Security Services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>NTT Managed Security Services<\/b> is a suite of managed security services (MSS) offered by NTT Ltd., a multinational technology services and managed security services provider (MSSP) operating as part of NTT Group and NTT Incorporated. NTT Ltd. describes its MSS as providing \"security and visibility to your whole estate, including network, infrastructure and cloud apps ... [through] a powerful combination of security, automation, and observability in a single cloud native platform platform, greatly influencing the speed and quality of your business outcomes.\"<sup id=\"rdp-ebb-cite_ref-NTTAbout_1-0\" class=\"reference\"><a href=\"#cite_note-NTTAbout-1\">[1]<\/a><\/sup> As of August 2023, NTT Ltd. is listed among the top 25 MSSPs around the world by several entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_2-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_3-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-STHTop15_21_4-0\" class=\"reference\"><a href=\"#cite_note-STHTop15_21-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>NTT Ltd. divides its managed security services (MSS) into seven categories:\n<\/p>\n<ul><li><b>Managed detection and response<\/b>: Provides network and endpoint visibility, advanced analytics using machine learning and threat intelligence, \"analyst-driven\" attack investigation and disruption, incident reporting, compromised host isolation, and event dashboards<sup id=\"rdp-ebb-cite_ref-NTTManaged20_5-0\" class=\"reference\"><a href=\"#cite_note-NTTManaged20-5\">[5]<\/a><\/sup><\/li>\n<li><b>Threat detection services<\/b>: Provides threat detection services based upon the service package selected: Standard or Enhanced. Both packages offer 24\/7 detection with updates, analytics, and reports from internal intelligence investigations and modeling. Enhanced adds packet capture data, malware execution reports, host recordings, incident investigation, threat hunting, and more.<sup id=\"rdp-ebb-cite_ref-NTTThreat20_6-0\" class=\"reference\"><a href=\"#cite_note-NTTThreat20-6\">[6]<\/a><\/sup><\/li>\n<li><b>Enterprise security monitoring<\/b>: Provides enterprise security monitoring based upon the service package selected: Standard or Enhanced. Both packages offer 24\/7 monitoring with analyst-reviewed incident reports, customizable monitoring and reporting schemes, and customizable web portals. Enhanced adds wider global threat intelligence, device support, and optional raw log search.<sup id=\"rdp-ebb-cite_ref-NTTEnterp20_7-0\" class=\"reference\"><a href=\"#cite_note-NTTEnterp20-7\">[7]<\/a><\/sup><\/li>\n<li><b>Security device management<\/b>: Provides security device management based upon the service package selected: Standard or Enhanced. Both packages offer health and availability monitoring, improvement, and recommendation; incident generation, diagnosis, and reporting; capacity planning, monitoring, reporting, and recommendation; asset tracking and reporting; service request management and information fulfillment; and problem management. Enhanced adds multiple change implementations, incident resolutions, and more.<sup id=\"rdp-ebb-cite_ref-NTTSecur20_8-0\" class=\"reference\"><a href=\"#cite_note-NTTSecur20-8\">[8]<\/a><\/sup><\/li>\n<li><b>Security operation center (SOC) as a service<\/b>: Provides 24\/7 staffed SOC center with incident monitoring and alerts; SIEM platform management and configuration; custom use-cases, dashboards, and reports; NTT's Cyber Threat Sensor; compliance monitoring, notification, and reporting; custom playbooks; and incident lifecycle support.<sup id=\"rdp-ebb-cite_ref-NTTSOC20_9-0\" class=\"reference\"><a href=\"#cite_note-NTTSOC20-9\">[9]<\/a><\/sup><\/li>\n<li><b>Web application firewall (WAF) as a service<\/b>: Provides WAF configuration and protection services based upon the service package selected: Standard or Enhanced. Standard provides WAF safeguarding with full web server visibility, 24\/7 access to the NTT SOC for support and engineering, PCI DSS compliance reporting, and enhanced risk management. The Enhanced package provides the same and adds advanced incident detection and analytics, threat intelligence, threat hunting, full security incident reports with remediation recommendations, and business\/regulatory compliance reporting.<sup id=\"rdp-ebb-cite_ref-NTTWAF20_10-0\" class=\"reference\"><a href=\"#cite_note-NTTWAF20-10\">[10]<\/a><\/sup><\/li>\n<li><b>Vulnerability management<\/b>: Provides 24\/7 security monitoring and management across clouds, data centers, and on-premises server; managed or self-service scanning; internal and external vulnerability scanning; virtual machine tools and reports; customizable policy templates; and DHCP support. The service also integrates with its threat detection services at the Enhanced level.<sup id=\"rdp-ebb-cite_ref-NTTVuln19_11-0\" class=\"reference\"><a href=\"#cite_note-NTTVuln19-11\">[11]<\/a><\/sup><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/solutions\/cybersecurity\/cybersecurity-brochure.pdf\" target=\"_blank\">Cybersecurity brochure<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/enterprise-security-monitoring\/enterprise-security-monitoring-services-datasheet.pdf\" target=\"_blank\">Enterprise security monitoring brochure<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/managed-detection-and-response\/mss-v3-datasheet-managed-detection-and-response.pdf\" target=\"_blank\">Managed detection and response brochure<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/security-device-management\/security-device-management-datasheet.pdf\" target=\"_blank\">Security device management brochure<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/security-operation-center-as-a-service\/mss-v3-datasheet-socaas.pdf\" target=\"_blank\">Security operation center as a service brochure<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/threat-detection-services\/threat-detection-services-datasheet.pdf\" target=\"_blank\">Threat detection services brochure<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/vulnerability-management\/vulnerability-management-datasheet.pdf\" target=\"_blank\">Vulnerability management brochure<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/web-application-firewall-as-a-service\/data-sheet_web-application-firewall_as-a-service.pdf\" target=\"_blank\">Web application firewall as a service brochure<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/en-us\/services-and-products\/cloud\/cloud-security-services\" target=\"_blank\">Managed cloud security services page<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-NTTAbout-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTAbout_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/en-us\/services-and-products\/cloud\/cloud-security-services\" target=\"_blank\">\"Cloud Security Services\"<\/a>. NTT LTd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/services.global.ntt\/en-us\/services-and-products\/cloud\/cloud-security-services\" target=\"_blank\">https:\/\/services.global.ntt\/en-us\/services-and-products\/cloud\/cloud-security-services<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Security+Services&rft.atitle=&rft.pub=NTT+LTd&rft_id=https%3A%2F%2Fservices.global.ntt%2Fen-us%2Fservices-and-products%2Fcloud%2Fcloud-security-services&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/24\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 20 to 11\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/24\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/24\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+20+to+11&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F24%2F&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 27 May 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-STHTop15_21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-STHTop15_21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">\"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\"<\/a>. Software Testing Help. 1 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+15+Best+Managed+Security+Service+Providers+%28MSSPs%29+In+2023&rft.atitle=&rft.date=1+August+2023&rft.pub=Software+Testing+Help&rft_id=https%3A%2F%2Fwww.softwaretestinghelp.com%2Fmanaged-security-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NTTManaged20-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTManaged20_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/managed-detection-and-response\/mss-v3-datasheet-managed-detection-and-response.pdf\" target=\"_blank\">\"Managed Detection and Response\"<\/a> (PDF). NTT Ltd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/managed-detection-and-response\/mss-v3-datasheet-managed-detection-and-response.pdf\" target=\"_blank\">https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/managed-detection-and-response\/mss-v3-datasheet-managed-detection-and-response.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Detection+and+Response&rft.atitle=&rft.pub=NTT+Ltd&rft_id=https%3A%2F%2Fservices.global.ntt%2F-%2Fmedia%2Fntt%2Fglobal%2Fproducts-and-services%2Fmanaged-services%2Fmanaged-security-services%2Fmanaged-detection-and-response%2Fmss-v3-datasheet-managed-detection-and-response.pdf&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NTTThreat20-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTThreat20_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/threat-detection-services\/threat-detection-services-datasheet.pdf\" target=\"_blank\">\"Threat Detection Services\"<\/a> (PDF). NTT Ltd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/threat-detection-services\/threat-detection-services-datasheet.pdf\" target=\"_blank\">https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/threat-detection-services\/threat-detection-services-datasheet.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Threat+Detection+Services&rft.atitle=&rft.pub=NTT+Ltd&rft_id=https%3A%2F%2Fservices.global.ntt%2F-%2Fmedia%2Fntt%2Fglobal%2Fproducts-and-services%2Fmanaged-services%2Fmanaged-security-services%2Fthreat-detection-services%2Fthreat-detection-services-datasheet.pdf&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NTTEnterp20-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTEnterp20_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/enterprise-security-monitoring\/enterprise-security-monitoring-services-datasheet.pdf\" target=\"_blank\">\"Enterprise Security Monitoring Services\"<\/a> (PDF). NTT Ltd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/enterprise-security-monitoring\/enterprise-security-monitoring-services-datasheet.pdf\" target=\"_blank\">https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/enterprise-security-monitoring\/enterprise-security-monitoring-services-datasheet.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Enterprise+Security+Monitoring+Services&rft.atitle=&rft.pub=NTT+Ltd&rft_id=https%3A%2F%2Fservices.global.ntt%2F-%2Fmedia%2Fntt%2Fglobal%2Fproducts-and-services%2Fmanaged-services%2Fmanaged-security-services%2Fenterprise-security-monitoring%2Fenterprise-security-monitoring-services-datasheet.pdf&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NTTSecur20-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTSecur20_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/security-device-management\/security-device-management-datasheet.pdf\" target=\"_blank\">\"Security Device Management Services\"<\/a> (PDF). NTT Ltd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/security-device-management\/security-device-management-datasheet.pdf\" target=\"_blank\">https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/security-device-management\/security-device-management-datasheet.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Security+Device+Management+Services&rft.atitle=&rft.pub=NTT+Ltd&rft_id=https%3A%2F%2Fservices.global.ntt%2F-%2Fmedia%2Fntt%2Fglobal%2Fproducts-and-services%2Fmanaged-services%2Fmanaged-security-services%2Fsecurity-device-management%2Fsecurity-device-management-datasheet.pdf&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NTTSOC20-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTSOC20_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/security-operation-center-as-a-service\/mss-v3-datasheet-socaas.pdf\" target=\"_blank\">\"Security Operation Center as a Service\"<\/a> (PDF). NTT Ltd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/security-operation-center-as-a-service\/mss-v3-datasheet-socaas.pdf\" target=\"_blank\">https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/security-operation-center-as-a-service\/mss-v3-datasheet-socaas.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Security+Operation+Center+as+a+Service&rft.atitle=&rft.pub=NTT+Ltd&rft_id=https%3A%2F%2Fservices.global.ntt%2F-%2Fmedia%2Fntt%2Fglobal%2Fproducts-and-services%2Fmanaged-services%2Fmanaged-security-services%2Fsecurity-operation-center-as-a-service%2Fmss-v3-datasheet-socaas.pdf&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NTTWAF20-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTWAF20_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/web-application-firewall-as-a-service\/data-sheet_web-application-firewall_as-a-service.pdf\" target=\"_blank\">\"Web Application Firewall (WAF) as a Service\"<\/a> (PDF). NTT Ltd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/web-application-firewall-as-a-service\/data-sheet_web-application-firewall_as-a-service.pdf\" target=\"_blank\">https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/web-application-firewall-as-a-service\/data-sheet_web-application-firewall_as-a-service.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Web+Application+Firewall+%28WAF%29+as+a+Service&rft.atitle=&rft.pub=NTT+Ltd&rft_id=https%3A%2F%2Fservices.global.ntt%2F-%2Fmedia%2Fntt%2Fglobal%2Fproducts-and-services%2Fmanaged-services%2Fmanaged-security-services%2Fweb-application-firewall-as-a-service%2Fdata-sheet_web-application-firewall_as-a-service.pdf&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NTTVuln19-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTVuln19_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/vulnerability-management\/vulnerability-management-datasheet.pdf\" target=\"_blank\">\"Vulnerability Management as a Service\"<\/a> (PDF). NTT Ltd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/vulnerability-management\/vulnerability-management-datasheet.pdf\" target=\"_blank\">https:\/\/services.global.ntt\/-\/media\/ntt\/global\/products-and-services\/managed-services\/managed-security-services\/vulnerability-management\/vulnerability-management-datasheet.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Vulnerability+Management+as+a+Service&rft.atitle=&rft.pub=NTT+Ltd&rft_id=https%3A%2F%2Fservices.global.ntt%2F-%2Fmedia%2Fntt%2Fglobal%2Fproducts-and-services%2Fmanaged-services%2Fmanaged-security-services%2Fvulnerability-management%2Fvulnerability-management-datasheet.pdf&rfr_id=info:sid\/en.wikipedia.org:NTT_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816140218\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.135 seconds\nReal time usage: 0.149 seconds\nPreprocessor visited node count: 8891\/1000000\nPost\u2010expand include size: 61288\/2097152 bytes\nTemplate argument size: 25307\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 17276\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 126.330 1 -total\n 66.71% 84.280 1 Template:Reflist\n 54.71% 69.119 11 Template:Cite_web\n 48.69% 61.512 11 Template:Citation\/core\n 28.18% 35.597 1 Template:Infobox_company\n 25.81% 32.604 1 Template:Infobox\n 16.01% 20.231 81 Template:Infobox\/row\n 6.69% 8.447 3 Template:Date\n 4.11% 5.188 13 Template:Citation\/make_link\n 3.92% 4.952 1 Template:URL\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12559-0!canonical and timestamp 20230816140218 and revision id 52804. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/NTT_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/NTT_Managed_Security_Services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","4f93d6af27744d1eb3ba7efe21bf81dd_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/6\/64\/NTT.png"],"4f93d6af27744d1eb3ba7efe21bf81dd_timestamp":1692220363,"369c09656e0406646380b45bb4d0ecc1_type":"article","369c09656e0406646380b45bb4d0ecc1_title":"IBM Cloud","369c09656e0406646380b45bb4d0ecc1_url":"https:\/\/www.limswiki.org\/index.php\/IBM_Cloud","369c09656e0406646380b45bb4d0ecc1_plaintext":"\n\nIBM CloudFrom LIMSWikiJump to navigationJump to searchIBM Cloud\nIndustry\n \nComputing, Cloud computing, Web servicesFounder(s)\n \nCharles Ranlett FlintHeadquarters\n \nArmonk, New York , United States Area served\n \nWorldwideKey people\n \nArvind Krishna (CEO)Products\n \nIaaS, PaaS, DBaaS, DaaS, SaaSRevenue\n \n$22.4 billion (2022)[1]Website\n \nibm.com\/cloud \n\n\r\n\nIBM Cloud is a collection of public, private, hybrid, and multicloud cloud computing services offered by IBM, an American multinational information technology company. IBM Cloud deploys to over 46 data centers in various locations around the world, primarily in the U.S. and Europe but also with some representation in the Pacific region and South America.[2] More than 170 different products and services are associated with IBM Cloud, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, data analysis, scientific computing, container management, developer support, blockchain management, internet of things, and artificial intelligence.[3]\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nFew publicly described examples of non-technology laboratories working with IBM Cloud could be found, with only Allegany Ballistics Laboratory[4], a manufacturing and research center for the Department of Defense, being mentioned. One laboratory informatics vendor, L7 Informatics, Inc.[5], could be verified to be using or have used IBM Cloud for its SaaS offerings. An IBM Cloud representative is more likely to be able to supply other examples of laboratories and laboratory informatics developers that use or have used IBM Cloud.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nIt will ultimately be up to your organization to get an answer from IBM tailored to your systems and business processes. However, this much can be said about IBM Cloud integrations. The company provides a wide variety of tools for integration, as outlined on its integration solutions page. Its main tool, IBM Cloud Pak for Integration, \"provides an automated and closed-loop lifecycle across multiple styles of enterprise integration.\"[6] Related integration tools include IBM API Connect, IBM App Connect, and IBM Secure Gateway Service (useful for hybrid cloud deployments).\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nSome public information is made available about historic outages and downtime. IBM Cloud has a systems status page with status history (you have to click on the \"History\" link to the left). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with an IBM Cloud representative may reveal more historical downtime history for the services you are interested in.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nIBM Cloud does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with IBM Cloud what downtime support they provide based on the services your organization are interested in.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nIBM Cloud has 60 data centers spread across six regions and 18 availability zones[2], with three more regions planned (as of April 2021).[7] These zones are distributed in various locations around the world, primarily in the U.S. and Europe but also with some representation in the Pacific region and South America. IBM Cloud uses its Content Delivery Network to deliver content, which \"allows your users to receive the content with less delay, and delivers a better overall experience for your customers.\"[8] Data in motion is protected through IBM Cloud's IBM Security Guardium Data Encryption suite for applying \"data-at-rest and data-in-transit security quickly and consistently.\"[9] As for data localization and residency requirements, IBM Cloud documentation and blog articles address some elements of this topic, partly in the scope of blockchain networks; discuss the topic further with an IBM Cloud representative.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nIBM Cloud addresses this topic partially in its architecture documentation[10]:\n\nEach data center has at least one security entry point that is always staffed and can include one or more access controlled entry ways that are monitored by CCTV. Each controlled area requires at least badge reader based authentication. Sensitive areas such as server rooms, network closets, and utility closets require badge and biometric authentication. Access attempts are logged and logs retained for at least one calendar year. Repeated failed access attempts trigger an alert to the security guards ... Access to the data center does not in turn confer access to the secured rooms within the data center. Employee access is based on job role, for example, so that server technicians do not have access to the network closet, and only trained facility staff have access to power feed termination rooms.\nAs for certifications and training, little is said about certifications. IBM indicates that an \"extensive security training program\" is required of each employee, and they must recertify that training annually. They also receive additional security awareness training based on role.[10] For additional information about roles, certifications, and training, discuss this with an IBM Cloud representative.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nNot all IBM Cloud machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nIt appears some IBM Cloud services may offer a premium \"physical separation\" plan. For example, the Text to Speech offering has a standard multi-tenant plan that provides \"logical separation of data by using common encryption keys,\" and a premium single-tenant plan that provides \"dedicated data storage accounts that use unique encryption keys.\"[11] It's not clear how many other services IBM Cloud services have similar plans associated with them, but a 2020 blog post by IBM indicates they are able to accommodate both single- and multi-tenant environments in more than a few cases. Verify with a representative about physical vs. logical separation for your desired services.\nAs for tenant isolation, the previously mentioned blog post, as well as a few other bits of documentation, talks about tenant isolation security measures. For example, those on multi-tenant environments can take advantage of IBM's Cloud Key Protect, which \"provides a root of trust that is secured by FIPS 140-2 Level 3 certified cloud-based HSMs that protect against theft of information.\"[9] For more details about security measures in tenant isolation, discuss this with an IBM Cloud representative.\n\r\n\n9. Do you have documented data security policies?\nIBM Cloud documents its security practices in several places:\n\nIBM Cloud Security portal\nCloud-native security practices in IBM Cloud\nSecurity architecture for cloud applications\nSome security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an IBM Cloud representative to obtain them.\n\r\n\n10. How do you test your platform's security?\nIBM Cloud notes the following about testing platform security[12]:\n\nIn addition to the regular penetration testing conducted by IBM and our partners, customers can conduct their own penetration testing of their resources on IBM Cloud. No permission is necessary from IBM Cloud for penetration testing of IP addresses allocated to your classic infrastructure account that is set up on classic virtual or bare metal servers. For penetration testing of IBM Cloud VPC or PaaS offerings, or any IBM-owned IP space that is not allocated to your classic infrastructure account, open a support case to get instructions on signing the Client Penetration Testing Authorization Agreement.\nIBM also has IBM X-Force Red, \"a global team of hackers hired to break into organizations and uncover risky vulnerabilities that attackers may use for personal gain.\"[13] However, it's not clear if this same team also tests IBM Cloud's own infrastructure. Discuss this topic more thoroughly with a representative.\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nAudits: IBM Cloud discusses security audits and reviews in its security architecture documentation, under \"Third-party security audits and reviews.\" IBM Cloud's approach to security audits is also demonstrated by its compliance credentials (e.g., see its trust center). \nIntrusion detection and reporting:: IBM Cloud discusses intrusion detection and prevention in-depth in the \"Network Protection\" section of its security architecture documentation. They also note elsewhere[14]:\n\nDetection typically involves a sophisticated analytics engine that assembles the data that is collected in the visibility space. By correlating and assessing this data, you can identify events that are occurring over one or more related platforms and start an investigation and response. Modern analytics engines use AI and machine learning (ML) to identify events and reduce the manual effort to triage events. AI and ML are important in user and end-point behavior analytics (UEBA) that rely on those tools to establish baseline behaviors and recognize anomalies\u2014a fundamental tool in identifying insider threats.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nWhile IBM Cloud offers customers tools like IBM Cloud Log Analysis to analyze their own logs, it's not clear what data logging information IBM collects and uses in relation to customer data. The Privacy Shield documentation notes, however[15]:\n\nThe types of personal data that Privacy Shield-Certified Cloud Services collect will vary based on the type and nature of each offering, and is described in its offering documentation (searchable via this link) or as otherwise provided by IBM. IBM uses such personal data as needed to deliver the Cloud Service, along with additional purposes that may be described in the corresponding TD or Attachment.\nIt's possible the terms of use document for the service you're interested in may discuss data collection and use by IBM. However, you'll have to have this discussion with a representative to confirm.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nCustomers have the ability to audit the logs associated with their own activities. It also appears \"interactions made by IBM Cloud infrastructure support staff\" can also be captured and audited in those logs.[16] However, it's not clear what logs, if any, are collected and maintained by IBM about your data, let alone whether or not you can access them. You'll have to have this discussion with a representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nYes, IBM Cloud will sign a business associate agreement.[17] Consult their cloud compliance page for more details on their approach to HIPAA compliance.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nPer the Cloud Services Agreement[18]:\n\nIBM will return or remove Content from IBM computing resources upon the expiration or cancellation of the Cloud Service, or earlier upon Client\u2019s request. IBM may charge for certain activities performed at Client\u2019s request (such as delivering Content in a specific format). IBM does not archive Content, however some Content may remain in Cloud Service backup files until expiration of such files as governed by IBM\u2019s backup retention practices.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how IBM Cloud would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, like other cloud providers, IBM Cloud uses three zones per region (a multi-zone region or MZR) for redundancy: \"The advantage of an MZR is that it provides consistent cloud services across different zones, better resiliency, availability, higher interconnect speed between data centers for your resources. These features can be critical to your applications. Deploying the application in an MZR rather than a [single-zone region] can increase the availability from 99.9% to 99.99% when deployed over three zones.\"[19] It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with an IBM Cloud representative. (IBM provides some additional insight by discussing its approach to availability and disaster recovery in its documentation.)\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nIBM does talk about moving data between buckets, but documentation about extracting data from their cloud service and moving it to your own private cloud or transferring it to another cloud service can't be found. IBM does note in a blog post that it is \"active in the EU\u2019s Switching Cloud Providers and Porting Data (SWIPO) initiative which lays out requirements for transparency at both infrastructure and software levels.\"[20] However, it's not clear if IBM Cloud has mapped their cloud processes to the voluntary SWIPO codes of conduct. You'll have to discuss the details of data export and migration\u2014including data formats\u2014from IBM Cloud with a representative.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an IBM Cloud representative.\n\nManaged security services \nIBM Managed Security Services is described by IBM as set of services that \"simplifies security and risk with continuous, value-driven monitoring, management, and intelligence backed by global expertise, local delivery, and an integrated security portfolio.\"[21] The company touts both managed cybersecurity services and managed network security services. This includes[22]:\n\nManaged cybersecurity: threat management, managed detection and response, managed cloud security, managed endpoint security, identity management, and command center security\nManaged network security: managed firewall, as well as intrusion detection and prevention management\nIBM Managed Security Services is listed in the top 15 of managed security service provider lists for multiple entities.[23][24][25]\n\r\n\n\nAdditional information \nDocumentation and other media \nDisaster recovery documentation\nHIPAA compliance guide\nClient security whitepaper\nIBM Managed Security Services data sheet\nIBM security and privacy principles\nExternal links \nIBM Cloud architecture framework or description\nIBM Cloud shared responsibility model\nIBM Cloud trust center\nIBM Managed Security Services\nReferences \n\n\n\u2191 \"IBM Releases Fourth-quarter Results\". IBM. 25 January 2023. https:\/\/newsroom.ibm.com\/2023-01-25-IBM-RELEASES-FOURTH-QUARTER-RESULTS . Retrieved 02 August 2023 .   \n \n\n\u2191 2.0 2.1 \"IBM Cloud global data centers\". IBM Cloud. https:\/\/www.ibm.com\/cloud\/data-centers . Retrieved 02 August 2023 .   \n \n\n\u2191 \"IBM Cloud Products\". IBM. https:\/\/www.ibm.com\/cloud\/products . Retrieved 02 August 2023 .   \n \n\n\u2191 \"IBM Achieves Highest U.S. Defense Information Systems Agency Authorization for Cloud Services\". IBM. 11 February 2016. Archived from the original on 24 January 2021. https:\/\/web.archive.org\/web\/20210124035001\/https:\/\/www-03.ibm.com\/press\/us\/en\/pressrelease\/49018.wss . Retrieved 02 August 2023 .   \n \n\n\u2191 Lab7 Systems, Inc (23 May 2017). \"Lab7 Systems Announces High-Performance Cloud For Genomic-Scale Data Management Built On IBM Cloud\". BioSpace. https:\/\/www.biospace.com\/article\/releases\/lab7-systems-announces-high-performance-cloud-for-genomic-scale-data-management-built-on-ibm-cloud-\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"IBM Cloud Pak for Integration\". IBM Cloud. https:\/\/www.ibm.com\/products\/cloud-pak-for-integration . Retrieved 02 August 2023 .   \n \n\n\u2191 \"IBM Cloud Multi-zone region\" (PDF). IBM Cloud. https:\/\/www.ibm.com\/downloads\/cas\/2BWNGJM3 . Retrieved 02 August 2023 .   \n \n\n\u2191 \"About Content Delivery Network\". IBM Cloud Docs - Content Delivery Network (CDN). IBM Cloud. 1 February 2021. https:\/\/cloud.ibm.com\/docs\/CDN?topic=CDN-about-content-delivery-networks-cdn- . Retrieved 02 August 2023 .   \n \n\n\u2191 9.0 9.1 \"Security architecture for cloud applications - Security for Data\". IBM Cloud. Archived from the original on 24 December 2020. https:\/\/web.archive.org\/web\/20201224214242\/https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/securityArchitecture\/security-for-data . Retrieved 02 August 2023 .   \n \n\n\u2191 10.0 10.1 \"Physical security architecture\". IBM Cloud. https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/physical-security-arch . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Data Security\". IBM Cloud Docs - Text to Speech. IBM Cloud. https:\/\/cloud.ibm.com\/docs\/text-to-speech?topic=text-to-speech-data-security . Retrieved 02 August 2023 .   \n \n\n\u2191 \"How do I know that my data is safe?\". IBM Cloud Docs - Getting Started with IBM Cloud. IBM Cloud. 23 March 2021. https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-security . Retrieved 02 August 2023 .   \n \n\n\u2191 \"X-Force Red Offensive Security Services\". IBM. https:\/\/www.ibm.com\/services\/offensive-security . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Threat management: Detection and response\". Security architecture for cloud applications. IBM Cloud. https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/security-threat-management-arch . Retrieved 02 August 2023 .   \n \n\n\u2191 \"IBM Privacy Shield Privacy Policy for Certified IBM Cloud Services\". IBM. 22 June 2023. https:\/\/www.ibm.com\/us-en\/privacy\/privacy-shield . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Auditing system events for classic infrastructure\". IBM Cloud Docs - Managing your account, resources, and access. IBM Cloud. 21 February 2022. https:\/\/cloud.ibm.com\/docs\/account?topic=account-audit-log . Retrieved 02 August 2023 .   \n \n\n\u2191 \"IBM Cloud compliance programs\". IBM Cloud. https:\/\/www.ibm.com\/cloud\/compliance . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Cloud Services Agreement\" (PDF). IBM. March 2018. Archived from the original on 12 January 2022. https:\/\/web.archive.org\/web\/20220112081017\/https:\/\/www.ibm.com\/support\/customer\/pdf\/terms\/csa_th.pdf . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Locations for resource deployment\". IBM Cloud Docs - Getting Started with IBM Cloud. IBM Cloud. 22 June 2023. https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-locations&locale=en . Retrieved 02 August 2023 .   \n \n\n\u2191 Nott, C. (20 October 2020). \"Cloud portability and interoperability\". IBM THINK Blog. IBM. Archived from the original on 22 October 2021. https:\/\/web.archive.org\/web\/20211022233200\/https:\/\/www.ibm.com\/blogs\/think\/fi-fi\/2020\/10\/20\/cloud-portability-and-interoperability\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"IBM Managed Security Services\" (PDF). IBM. 2019. https:\/\/www.ibm.com\/downloads\/cas\/BVWMRDGY . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Managed Security Services (MSS)\". IBM. https:\/\/www.ibm.com\/services\/managed-security . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2023: Companies 20 to 11\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/24\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\". Software Testing Help. 1 August 2023. https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 02 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/IBM_Cloud\">https:\/\/www.limswiki.org\/index.php\/IBM_Cloud<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 2 August 2023, at 19:45.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,544 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","369c09656e0406646380b45bb4d0ecc1_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-IBM_Cloud rootpage-IBM_Cloud skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">IBM Cloud<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>IBM Cloud<\/b> is a collection of public, private, hybrid, and multicloud <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> services offered by IBM, an American multinational information technology company. IBM Cloud deploys to over 46 data centers in various locations around the world, primarily in the U.S. and Europe but also with some representation in the Pacific region and South America.<sup id=\"rdp-ebb-cite_ref-IBMGlobalLocs_2-0\" class=\"reference\"><a href=\"#cite_note-IBMGlobalLocs-2\">[2]<\/a><\/sup> More than 170 different products and services are associated with IBM Cloud, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, <a href=\"https:\/\/www.limswiki.org\/index.php\/Data_analysis\" title=\"Data analysis\" class=\"wiki-link\" data-key=\"545c95e40ca67c9e63cd0a16042a5bd1\">data analysis<\/a>, scientific computing, container management, developer support, <a href=\"https:\/\/www.limswiki.org\/index.php\/Blockchain\" title=\"Blockchain\" class=\"wiki-link\" data-key=\"ae8b186c311716aca561aaee91944f8e\">blockchain<\/a> management, <a href=\"https:\/\/www.limswiki.org\/index.php\/Internet_of_things\" title=\"Internet of things\" class=\"wiki-link\" data-key=\"13e0b826fa1770fe4bea72e3cb942f0f\">internet of things<\/a>, and <a href=\"https:\/\/www.limswiki.org\/index.php\/Artificial_intelligence\" title=\"Artificial intelligence\" class=\"wiki-link\" data-key=\"0c45a597361ca47e1cd8112af676276e\">artificial intelligence<\/a>.<sup id=\"rdp-ebb-cite_ref-IBMCloudProds_3-0\" class=\"reference\"><a href=\"#cite_note-IBMCloudProds-3\">[3]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>Few publicly described examples of non-technology <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a> working with IBM Cloud could be found, with only Allegany Ballistics Laboratory<sup id=\"rdp-ebb-cite_ref-IBMAchieves16_4-0\" class=\"reference\"><a href=\"#cite_note-IBMAchieves16-4\">[4]<\/a><\/sup>, a manufacturing and research center for the Department of Defense, being mentioned. One <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory_informatics\" title=\"Laboratory informatics\" class=\"wiki-link\" data-key=\"00edfa43edcde538a695f6d429280301\">laboratory informatics<\/a> vendor, <a href=\"https:\/\/www.limswiki.org\/index.php\/L7_Informatics,_Inc.\" title=\"L7 Informatics, Inc.\" class=\"wiki-link\" data-key=\"ae1e0f933010a008daa9d74438f84838\">L7 Informatics, Inc.<\/a><sup id=\"rdp-ebb-cite_ref-BSLab717_5-0\" class=\"reference\"><a href=\"#cite_note-BSLab717-5\">[5]<\/a><\/sup>, could be verified to be using or have used IBM Cloud for its SaaS offerings. An IBM Cloud representative is more likely to be able to supply other examples of laboratories and laboratory informatics developers that use or have used IBM Cloud.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>It will ultimately be up to your organization to get an answer from IBM tailored to your systems and business processes. However, this much can be said about IBM Cloud integrations. The company provides a wide variety of tools for integration, as outlined on its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/integration\" target=\"_blank\">integration solutions page<\/a>. Its main tool, IBM Cloud Pak for Integration, \"provides an automated and closed-loop lifecycle across multiple styles of enterprise integration.\"<sup id=\"rdp-ebb-cite_ref-IBMCloudPak_6-0\" class=\"reference\"><a href=\"#cite_note-IBMCloudPak-6\">[6]<\/a><\/sup> Related integration tools include IBM API Connect, IBM App Connect, and IBM Secure Gateway Service (useful for hybrid cloud deployments).\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Some public information is made available about historic outages and downtime. IBM Cloud has a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/status\/\" target=\"_blank\">systems status page<\/a> with status history (you have to click on the \"History\" link to the left). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with an IBM Cloud representative may reveal more historical downtime history for the services you are interested in.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>IBM Cloud does not make this answer clear. However, the answer is likely tied to what <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/get-support?topic=get-support-support-plans\" target=\"_blank\">after-sales support plan<\/a> you choose. Confirm with IBM Cloud what downtime support they provide based on the services your organization are interested in.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>IBM Cloud has 60 data centers spread across six regions and 18 availability zones<sup id=\"rdp-ebb-cite_ref-IBMGlobalLocs_2-1\" class=\"reference\"><a href=\"#cite_note-IBMGlobalLocs-2\">[2]<\/a><\/sup>, with three more regions planned (as of April 2021).<sup id=\"rdp-ebb-cite_ref-IBMCloudMulti21_7-0\" class=\"reference\"><a href=\"#cite_note-IBMCloudMulti21-7\">[7]<\/a><\/sup> These zones <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/data-centers\" target=\"_blank\">are distributed<\/a> in various locations around the world, primarily in the U.S. and Europe but also with some representation in the Pacific region and South America. IBM Cloud uses its Content Delivery Network to deliver content, which \"allows your users to receive the content with less delay, and delivers a better overall experience for your customers.\"<sup id=\"rdp-ebb-cite_ref-IBMAboutContent21_8-0\" class=\"reference\"><a href=\"#cite_note-IBMAboutContent21-8\">[8]<\/a><\/sup> Data in motion is protected through IBM Cloud's <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/data-security-arch\" target=\"_blank\">IBM Security Guardium Data Encryption<\/a> suite for applying \"data-at-rest and data-in-transit security quickly and consistently.\"<sup id=\"rdp-ebb-cite_ref-IBMSecArchSecData_9-0\" class=\"reference\"><a href=\"#cite_note-IBMSecArchSecData-9\">[9]<\/a><\/sup> As for data localization and residency requirements, IBM Cloud <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/blockchain?topic=blockchain-console-icp-about-data-residency\" target=\"_blank\">documentation<\/a> and <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20211206220042\/https:\/\/www.ibm.com\/blogs\/cloud-computing\/2015\/07\/21\/how-hybrid-cloud-solves-data-localization-and-regional-compliance-challenges\/\" target=\"_blank\">blog articles<\/a> address some elements of this topic, partly in the scope of blockchain networks; discuss the topic further with an IBM Cloud representative.\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>IBM Cloud addresses this topic partially in its architecture documentation<sup id=\"rdp-ebb-cite_ref-IBMSecArchPhysical_10-0\" class=\"reference\"><a href=\"#cite_note-IBMSecArchPhysical-10\">[10]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Each data center has at least one security entry point that is always staffed and can include one or more access controlled entry ways that are monitored by CCTV. Each controlled area requires at least badge reader based authentication. Sensitive areas such as server rooms, network closets, and utility closets require badge and biometric authentication. Access attempts are logged and logs retained for at least one calendar year. Repeated failed access attempts trigger an alert to the security guards ... Access to the data center does not in turn confer access to the secured rooms within the data center. Employee access is based on job role, for example, so that server technicians do not have access to the network closet, and only trained facility staff have access to power feed termination rooms.<\/p><\/blockquote>\n<p>As for certifications and training, little is said about certifications. IBM indicates that an \"extensive security training program\" is required of each employee, and they must recertify that training annually. They also receive additional security awareness training based on role.<sup id=\"rdp-ebb-cite_ref-IBMSecArchPhysical_10-1\" class=\"reference\"><a href=\"#cite_note-IBMSecArchPhysical-10\">[10]<\/a><\/sup> For additional information about roles, certifications, and training, discuss this with an IBM Cloud representative.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Not all <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/data-centers\" target=\"_blank\">IBM Cloud machines<\/a> have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>It appears some IBM Cloud services may offer a premium \"physical separation\" plan. For example, the Text to Speech offering has a standard multi-tenant plan that provides \"logical separation of data by using common encryption keys,\" and a premium single-tenant plan that provides \"dedicated data storage accounts that use unique <a href=\"https:\/\/www.limswiki.org\/index.php\/Encryption\" title=\"Encryption\" class=\"wiki-link\" data-key=\"86a503652ed5cc9d8e2b0252a480b5e1\">encryption<\/a> keys.\"<sup id=\"rdp-ebb-cite_ref-IBMDataSec21_11-0\" class=\"reference\"><a href=\"#cite_note-IBMDataSec21-11\">[11]<\/a><\/sup> It's not clear how many other services IBM Cloud services have similar plans associated with them, but a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/blog\/single-tenant-cloud-vs-multi-tenant-cloud\/\" target=\"_blank\">2020 blog post<\/a> by IBM indicates they are able to accommodate both single- and multi-tenant environments in more than a few cases. Verify with a representative about physical vs. logical separation for your desired services.\n<\/p><p>As for tenant isolation, the previously mentioned blog post, as well as a few other bits of documentation, talks about tenant isolation security measures. For example, those on multi-tenant environments can take advantage of IBM's Cloud Key Protect, which \"provides a root of trust that is secured by FIPS 140-2 Level 3 certified cloud-based HSMs that protect against theft of information.\"<sup id=\"rdp-ebb-cite_ref-IBMSecArchSecData_9-1\" class=\"reference\"><a href=\"#cite_note-IBMSecArchSecData-9\">[9]<\/a><\/sup> For more details about security measures in tenant isolation, discuss this with an IBM Cloud representative.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>IBM Cloud documents its security practices in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/security\" target=\"_blank\">IBM Cloud Security portal<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/files\/ibm-cloud-security-white-paper.pdf\" target=\"_blank\">Cloud-native security practices in IBM Cloud<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/securityArchitecture\/\" target=\"_blank\">Security architecture for cloud applications<\/a><\/li><\/ul>\n<p>Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an IBM Cloud representative to obtain them.\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>IBM Cloud notes the following about testing platform security<sup id=\"rdp-ebb-cite_ref-IBMHowDoI21_12-0\" class=\"reference\"><a href=\"#cite_note-IBMHowDoI21-12\">[12]<\/a><\/sup>:\n<\/p>\n<blockquote><p>In addition to the regular penetration testing conducted by IBM and our partners, customers can conduct their own penetration testing of their resources on IBM Cloud. No permission is necessary from IBM Cloud for penetration testing of IP addresses allocated to your classic infrastructure account that is set up on classic virtual or bare metal servers. For penetration testing of IBM Cloud VPC or PaaS offerings, or any IBM-owned IP space that is not allocated to your classic infrastructure account, open a support case to get instructions on signing the Client Penetration Testing Authorization Agreement.<\/p><\/blockquote>\n<p>IBM also has IBM X-Force Red, \"a global team of hackers hired to break into organizations and uncover risky vulnerabilities that attackers may use for personal gain.\"<sup id=\"rdp-ebb-cite_ref-IBMXForceRed_13-0\" class=\"reference\"><a href=\"#cite_note-IBMXForceRed-13\">[13]<\/a><\/sup> However, it's not clear if this same team also tests IBM Cloud's own infrastructure. Discuss this topic more thoroughly with a representative.\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p><i>Audits<\/i>: IBM Cloud discusses security audits and reviews in its security architecture documentation, under \"<a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/physical-security-arch\" target=\"_blank\">Third-party security audits and reviews<\/a>.\" IBM Cloud's approach to security audits is also demonstrated by its compliance credentials (e.g., see its trust center). \n<\/p><p><i>Intrusion detection and reporting:<\/i>: IBM Cloud discusses intrusion detection and prevention in-depth in the \"<a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/network-security-arch#networkprotection\" target=\"_blank\">Network Protection<\/a>\" section of its security architecture documentation. They also note elsewhere<sup id=\"rdp-ebb-cite_ref-IBMMonitor_14-0\" class=\"reference\"><a href=\"#cite_note-IBMMonitor-14\">[14]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Detection typically involves a sophisticated analytics engine that assembles the data that is collected in the visibility space. By correlating and assessing this data, you can identify events that are occurring over one or more related platforms and start an investigation and response. Modern analytics engines use AI and machine learning (ML) to identify events and reduce the manual effort to triage events. AI and ML are important in user and end-point behavior analytics (UEBA) that rely on those tools to establish baseline behaviors and recognize anomalies\u2014a fundamental tool in identifying insider threats.<\/p><\/blockquote>\n<p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>While IBM Cloud offers customers tools like <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/log-analysis\" target=\"_blank\">IBM Cloud Log Analysis<\/a> to analyze their own logs, it's not clear what data logging information IBM collects and uses in relation to customer data. The Privacy Shield documentation notes, however<sup id=\"rdp-ebb-cite_ref-IBMPrivacyShield_15-0\" class=\"reference\"><a href=\"#cite_note-IBMPrivacyShield-15\">[15]<\/a><\/sup>:\n<\/p>\n<blockquote><p>The types of personal data that Privacy Shield-Certified Cloud Services collect will vary based on the type and nature of each offering, and is described in its offering documentation (searchable via <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/support\/customer\/csol\/terms\/\" target=\"_blank\">this link<\/a>) or as otherwise provided by IBM. IBM uses such personal data as needed to deliver the Cloud Service, along with additional purposes that may be described in the corresponding TD or Attachment.<\/p><\/blockquote>\n<p>It's possible the terms of use document for the service you're interested in may discuss data collection and use by IBM. However, you'll have to have this discussion with a representative to confirm.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>Customers have the ability to audit the logs associated with their own activities. It also appears \"interactions made by IBM Cloud infrastructure support staff\" can also be captured and audited in those logs.<sup id=\"rdp-ebb-cite_ref-IBMAuditing21_16-0\" class=\"reference\"><a href=\"#cite_note-IBMAuditing21-16\">[16]<\/a><\/sup> However, it's not clear what logs, if any, are collected and maintained by IBM about your data, let alone whether or not you can access them. You'll have to have this discussion with a representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>Yes, IBM Cloud will sign a business associate agreement.<sup id=\"rdp-ebb-cite_ref-IBMCompianceInd_17-0\" class=\"reference\"><a href=\"#cite_note-IBMCompianceInd-17\">[17]<\/a><\/sup> Consult their <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/compliance\" target=\"_blank\">cloud compliance page<\/a> for more details on their approach to HIPAA compliance.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>Per the Cloud Services Agreement<sup id=\"rdp-ebb-cite_ref-IBMCSA18_18-0\" class=\"reference\"><a href=\"#cite_note-IBMCSA18-18\">[18]<\/a><\/sup>:\n<\/p>\n<blockquote><p>IBM will return or remove Content from IBM computing resources upon the expiration or cancellation of the Cloud Service, or earlier upon Client\u2019s request. IBM may charge for certain activities performed at Client\u2019s request (such as delivering Content in a specific format). IBM does not archive Content, however some Content may remain in Cloud Service backup files until expiration of such files as governed by IBM\u2019s backup retention practices.<\/p><\/blockquote>\n<p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how IBM Cloud would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, like other cloud providers, IBM Cloud uses three zones per region (a multi-zone region or MZR) for redundancy: \"The advantage of an MZR is that it provides consistent cloud services across different zones, better resiliency, availability, higher interconnect speed between data centers for your resources. These features can be critical to your applications. Deploying the application in an MZR rather than a [single-zone region] can increase the availability from 99.9% to 99.99% when deployed over three zones.\"<sup id=\"rdp-ebb-cite_ref-IBMLocationsRes21_19-0\" class=\"reference\"><a href=\"#cite_note-IBMLocationsRes21-19\">[19]<\/a><\/sup> It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with an IBM Cloud representative. (IBM provides some additional insight by discussing its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-zero-downtime\" target=\"_blank\">approach to availability and disaster recovery<\/a> in its documentation.)\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>IBM does talk about <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/cloud-object-storage?topic=cloud-object-storage-region-copy\" target=\"_blank\">moving data between buckets<\/a>, but documentation about extracting data from their cloud service and moving it to your own private cloud or transferring it to another cloud service can't be found. IBM does note in a blog post that it is \"active in the EU\u2019s Switching Cloud Providers and Porting Data (SWIPO) initiative which lays out requirements for transparency at both infrastructure and software levels.\"<sup id=\"rdp-ebb-cite_ref-NottCloud20_20-0\" class=\"reference\"><a href=\"#cite_note-NottCloud20-20\">[20]<\/a><\/sup> However, it's not clear if IBM Cloud has mapped their cloud processes to the voluntary SWIPO codes of conduct. You'll have to discuss the details of data export and migration\u2014including data formats\u2014from IBM Cloud with a representative.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an IBM Cloud representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>IBM Managed Security Services is described by IBM as set of services that \"simplifies security and risk with continuous, value-driven monitoring, management, and intelligence backed by global expertise, local delivery, and an integrated security portfolio.\"<sup id=\"rdp-ebb-cite_ref-IBMManaged19_21-0\" class=\"reference\"><a href=\"#cite_note-IBMManaged19-21\">[21]<\/a><\/sup> The company touts both managed cybersecurity services and managed network security services. This includes<sup id=\"rdp-ebb-cite_ref-IBMMSS_22-0\" class=\"reference\"><a href=\"#cite_note-IBMMSS-22\">[22]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Managed cybersecurity<\/b>: threat management, managed detection and response, managed cloud security, managed endpoint security, identity management, and command center security<\/li>\n<li><b>Managed network security<\/b>: managed firewall, as well as intrusion detection and prevention management<\/li><\/ul>\n<p>IBM Managed Security Services is listed in the top 15 of managed security service provider lists for multiple entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_23-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-23\">[23]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-STHTop15_21_24-0\" class=\"reference\"><a href=\"#cite_note-STHTop15_21-24\">[24]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_25-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-25\">[25]<\/a><\/sup>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-zero-downtime\" target=\"_blank\">Disaster recovery documentation<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/downloads\/cas\/3NXVRXG9\" target=\"_blank\">HIPAA compliance guide<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/files\/ibm-cloud-security-white-paper.pdf\" target=\"_blank\">Client security whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/downloads\/cas\/BVWMRDGY\" target=\"_blank\">IBM Managed Security Services data sheet<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/support\/customer\/csol\/terms\/?cat=data-security#detail-document\" target=\"_blank\">IBM security and privacy principles<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\" target=\"_blank\">IBM Cloud architecture framework or description<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-shared-responsibilities\" target=\"_blank\">IBM Cloud shared responsibility model<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/trust\" target=\"_blank\">IBM Cloud trust center<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/services\/managed-security\" target=\"_blank\">IBM Managed Security Services<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-EvansIBM21-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-EvansIBM21_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/newsroom.ibm.com\/2023-01-25-IBM-RELEASES-FOURTH-QUARTER-RESULTS\" target=\"_blank\">\"IBM Releases Fourth-quarter Results\"<\/a>. IBM. 25 January 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/newsroom.ibm.com\/2023-01-25-IBM-RELEASES-FOURTH-QUARTER-RESULTS\" target=\"_blank\">https:\/\/newsroom.ibm.com\/2023-01-25-IBM-RELEASES-FOURTH-QUARTER-RESULTS<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IBM+Releases+Fourth-quarter+Results&rft.atitle=&rft.date=25+January+2023&rft.pub=IBM&rft_id=https%3A%2F%2Fnewsroom.ibm.com%2F2023-01-25-IBM-RELEASES-FOURTH-QUARTER-RESULTS&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMGlobalLocs-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-IBMGlobalLocs_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-IBMGlobalLocs_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/data-centers\" target=\"_blank\">\"IBM Cloud global data centers\"<\/a>. IBM Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/cloud\/data-centers\" target=\"_blank\">https:\/\/www.ibm.com\/cloud\/data-centers<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IBM+Cloud+global+data+centers&rft.atitle=&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fwww.ibm.com%2Fcloud%2Fdata-centers&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMCloudProds-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMCloudProds_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/products\" target=\"_blank\">\"IBM Cloud Products\"<\/a>. IBM<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/cloud\/products\" target=\"_blank\">https:\/\/www.ibm.com\/cloud\/products<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IBM+Cloud+Products&rft.atitle=&rft.pub=IBM&rft_id=https%3A%2F%2Fwww.ibm.com%2Fcloud%2Fproducts&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMAchieves16-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMAchieves16_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210124035001\/https:\/\/www-03.ibm.com\/press\/us\/en\/pressrelease\/49018.wss\" target=\"_blank\">\"IBM Achieves Highest U.S. Defense Information Systems Agency Authorization for Cloud Services\"<\/a>. IBM. 11 February 2016. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www-03.ibm.com\/press\/us\/en\/pressrelease\/49018.wss\" target=\"_blank\">the original<\/a> on 24 January 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210124035001\/https:\/\/www-03.ibm.com\/press\/us\/en\/pressrelease\/49018.wss\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210124035001\/https:\/\/www-03.ibm.com\/press\/us\/en\/pressrelease\/49018.wss<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IBM+Achieves+Highest+U.S.+Defense+Information+Systems+Agency+Authorization+for+Cloud+Services&rft.atitle=&rft.date=11+February+2016&rft.pub=IBM&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210124035001%2Fhttps%3A%2F%2Fwww-03.ibm.com%2Fpress%2Fus%2Fen%2Fpressrelease%2F49018.wss&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BSLab717-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BSLab717_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lab7 Systems, Inc (23 May 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.biospace.com\/article\/releases\/lab7-systems-announces-high-performance-cloud-for-genomic-scale-data-management-built-on-ibm-cloud-\/\" target=\"_blank\">\"Lab7 Systems Announces High-Performance Cloud For Genomic-Scale Data Management Built On IBM Cloud\"<\/a>. <i>BioSpace<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.biospace.com\/article\/releases\/lab7-systems-announces-high-performance-cloud-for-genomic-scale-data-management-built-on-ibm-cloud-\/\" target=\"_blank\">https:\/\/www.biospace.com\/article\/releases\/lab7-systems-announces-high-performance-cloud-for-genomic-scale-data-management-built-on-ibm-cloud-\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Lab7+Systems+Announces+High-Performance+Cloud+For+Genomic-Scale+Data+Management+Built+On+IBM+Cloud&rft.atitle=BioSpace&rft.aulast=Lab7+Systems%2C+Inc&rft.au=Lab7+Systems%2C+Inc&rft.date=23+May+2017&rft_id=https%3A%2F%2Fwww.biospace.com%2Farticle%2Freleases%2Flab7-systems-announces-high-performance-cloud-for-genomic-scale-data-management-built-on-ibm-cloud-%2F&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMCloudPak-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMCloudPak_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/products\/cloud-pak-for-integration\" target=\"_blank\">\"IBM Cloud Pak for Integration\"<\/a>. IBM Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/products\/cloud-pak-for-integration\" target=\"_blank\">https:\/\/www.ibm.com\/products\/cloud-pak-for-integration<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IBM+Cloud+Pak+for+Integration&rft.atitle=&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fwww.ibm.com%2Fproducts%2Fcloud-pak-for-integration&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMCloudMulti21-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMCloudMulti21_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/downloads\/cas\/2BWNGJM3\" target=\"_blank\">\"IBM Cloud Multi-zone region\"<\/a> (PDF). IBM Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/downloads\/cas\/2BWNGJM3\" target=\"_blank\">https:\/\/www.ibm.com\/downloads\/cas\/2BWNGJM3<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IBM+Cloud+Multi-zone+region&rft.atitle=&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fwww.ibm.com%2Fdownloads%2Fcas%2F2BWNGJM3&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMAboutContent21-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMAboutContent21_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/CDN?topic=CDN-about-content-delivery-networks-cdn-\" target=\"_blank\">\"About Content Delivery Network\"<\/a>. <i>IBM Cloud Docs - Content Delivery Network (CDN)<\/i>. IBM Cloud. 1 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.ibm.com\/docs\/CDN?topic=CDN-about-content-delivery-networks-cdn-\" target=\"_blank\">https:\/\/cloud.ibm.com\/docs\/CDN?topic=CDN-about-content-delivery-networks-cdn-<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=About+Content+Delivery+Network&rft.atitle=IBM+Cloud+Docs+-+Content+Delivery+Network+%28CDN%29&rft.date=1+February+2021&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fcloud.ibm.com%2Fdocs%2FCDN%3Ftopic%3DCDN-about-content-delivery-networks-cdn-&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMSecArchSecData-9\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-IBMSecArchSecData_9-0\">9.0<\/a><\/sup> <sup><a href=\"#cite_ref-IBMSecArchSecData_9-1\">9.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201224214242\/https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/securityArchitecture\/security-for-data\" target=\"_blank\">\"Security architecture for cloud applications - Security for Data\"<\/a>. IBM Cloud. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/securityArchitecture\/security-for-data\" target=\"_blank\">the original<\/a> on 24 December 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20201224214242\/https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/securityArchitecture\/security-for-data\" target=\"_blank\">https:\/\/web.archive.org\/web\/20201224214242\/https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/securityArchitecture\/security-for-data<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Security+architecture+for+cloud+applications+-+Security+for+Data&rft.atitle=&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20201224214242%2Fhttps%3A%2F%2Fwww.ibm.com%2Fcloud%2Farchitecture%2Farchitectures%2FsecurityArchitecture%2Fsecurity-for-data&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMSecArchPhysical-10\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-IBMSecArchPhysical_10-0\">10.0<\/a><\/sup> <sup><a href=\"#cite_ref-IBMSecArchPhysical_10-1\">10.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/physical-security-arch\" target=\"_blank\">\"Physical security architecture\"<\/a>. IBM Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/physical-security-arch\" target=\"_blank\">https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/physical-security-arch<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Physical+security+architecture&rft.atitle=&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fwww.ibm.com%2Fcloud%2Farchitecture%2Farchitectures%2Fphysical-security-arch&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMDataSec21-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMDataSec21_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/text-to-speech?topic=text-to-speech-data-security\" target=\"_blank\">\"Data Security\"<\/a>. <i>IBM Cloud Docs - Text to Speech<\/i>. IBM Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.ibm.com\/docs\/text-to-speech?topic=text-to-speech-data-security\" target=\"_blank\">https:\/\/cloud.ibm.com\/docs\/text-to-speech?topic=text-to-speech-data-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+Security&rft.atitle=IBM+Cloud+Docs+-+Text+to+Speech&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fcloud.ibm.com%2Fdocs%2Ftext-to-speech%3Ftopic%3Dtext-to-speech-data-security&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMHowDoI21-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMHowDoI21_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-security\" target=\"_blank\">\"How do I know that my data is safe?\"<\/a>. <i>IBM Cloud Docs - Getting Started with IBM Cloud<\/i>. IBM Cloud. 23 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-security\" target=\"_blank\">https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+do+I+know+that+my+data+is+safe%3F&rft.atitle=IBM+Cloud+Docs+-+Getting+Started+with+IBM+Cloud&rft.date=23+March+2021&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fcloud.ibm.com%2Fdocs%2Foverview%3Ftopic%3Doverview-security&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMXForceRed-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMXForceRed_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/services\/offensive-security\" target=\"_blank\">\"X-Force Red Offensive Security Services\"<\/a>. IBM<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/services\/offensive-security\" target=\"_blank\">https:\/\/www.ibm.com\/services\/offensive-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=X-Force+Red+Offensive+Security+Services&rft.atitle=&rft.pub=IBM&rft_id=https%3A%2F%2Fwww.ibm.com%2Fservices%2Foffensive-security&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMMonitor-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMMonitor_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/security-threat-management-arch\" target=\"_blank\">\"Threat management: Detection and response\"<\/a>. <i>Security architecture for cloud applications<\/i>. IBM Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/security-threat-management-arch\" target=\"_blank\">https:\/\/www.ibm.com\/cloud\/architecture\/architectures\/security-threat-management-arch<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Threat+management%3A+Detection+and+response&rft.atitle=Security+architecture+for+cloud+applications&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fwww.ibm.com%2Fcloud%2Farchitecture%2Farchitectures%2Fsecurity-threat-management-arch&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMPrivacyShield-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMPrivacyShield_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/us-en\/privacy\/privacy-shield\" target=\"_blank\">\"IBM Privacy Shield Privacy Policy for Certified IBM Cloud Services\"<\/a>. IBM. 22 June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/us-en\/privacy\/privacy-shield\" target=\"_blank\">https:\/\/www.ibm.com\/us-en\/privacy\/privacy-shield<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IBM+Privacy+Shield+Privacy+Policy+for+Certified+IBM+Cloud+Services&rft.atitle=&rft.date=22+June+2023&rft.pub=IBM&rft_id=https%3A%2F%2Fwww.ibm.com%2Fus-en%2Fprivacy%2Fprivacy-shield&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMAuditing21-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMAuditing21_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/account?topic=account-audit-log\" target=\"_blank\">\"Auditing system events for classic infrastructure\"<\/a>. <i>IBM Cloud Docs - Managing your account, resources, and access<\/i>. IBM Cloud. 21 February 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.ibm.com\/docs\/account?topic=account-audit-log\" target=\"_blank\">https:\/\/cloud.ibm.com\/docs\/account?topic=account-audit-log<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Auditing+system+events+for+classic+infrastructure&rft.atitle=IBM+Cloud+Docs+-+Managing+your+account%2C+resources%2C+and+access&rft.date=21+February+2022&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fcloud.ibm.com%2Fdocs%2Faccount%3Ftopic%3Daccount-audit-log&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMCompianceInd-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMCompianceInd_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/compliance\" target=\"_blank\">\"IBM Cloud compliance programs\"<\/a>. IBM Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/cloud\/compliance\" target=\"_blank\">https:\/\/www.ibm.com\/cloud\/compliance<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IBM+Cloud+compliance+programs&rft.atitle=&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fwww.ibm.com%2Fcloud%2Fcompliance&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMCSA18-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMCSA18_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20220112081017\/https:\/\/www.ibm.com\/support\/customer\/pdf\/terms\/csa_th.pdf\" target=\"_blank\">\"Cloud Services Agreement\"<\/a> (PDF). IBM. March 2018. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/support\/customer\/pdf\/terms\/csa_th.pdf\" target=\"_blank\">the original<\/a> on 12 January 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20220112081017\/https:\/\/www.ibm.com\/support\/customer\/pdf\/terms\/csa_th.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20220112081017\/https:\/\/www.ibm.com\/support\/customer\/pdf\/terms\/csa_th.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Services+Agreement&rft.atitle=&rft.date=March+2018&rft.pub=IBM&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20220112081017%2Fhttps%3A%2F%2Fwww.ibm.com%2Fsupport%2Fcustomer%2Fpdf%2Fterms%2Fcsa_th.pdf&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMLocationsRes21-19\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMLocationsRes21_19-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-locations&locale=en\" target=\"_blank\">\"Locations for resource deployment\"<\/a>. <i>IBM Cloud Docs - Getting Started with IBM Cloud<\/i>. IBM Cloud. 22 June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-locations&locale=en\" target=\"_blank\">https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-locations&locale=en<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Locations+for+resource+deployment&rft.atitle=IBM+Cloud+Docs+-+Getting+Started+with+IBM+Cloud&rft.date=22+June+2023&rft.pub=IBM+Cloud&rft_id=https%3A%2F%2Fcloud.ibm.com%2Fdocs%2Foverview%3Ftopic%3Doverview-locations%26locale%3Den&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NottCloud20-20\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NottCloud20_20-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Nott, C. (20 October 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20211022233200\/https:\/\/www.ibm.com\/blogs\/think\/fi-fi\/2020\/10\/20\/cloud-portability-and-interoperability\/\" target=\"_blank\">\"Cloud portability and interoperability\"<\/a>. <i>IBM THINK Blog<\/i>. IBM. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/blogs\/think\/fi-fi\/2020\/10\/20\/cloud-portability-and-interoperability\/\" target=\"_blank\">the original<\/a> on 22 October 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20211022233200\/https:\/\/www.ibm.com\/blogs\/think\/fi-fi\/2020\/10\/20\/cloud-portability-and-interoperability\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20211022233200\/https:\/\/www.ibm.com\/blogs\/think\/fi-fi\/2020\/10\/20\/cloud-portability-and-interoperability\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+portability+and+interoperability&rft.atitle=IBM+THINK+Blog&rft.aulast=Nott%2C+C.&rft.au=Nott%2C+C.&rft.date=20+October+2020&rft.pub=IBM&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20211022233200%2Fhttps%3A%2F%2Fwww.ibm.com%2Fblogs%2Fthink%2Ffi-fi%2F2020%2F10%2F20%2Fcloud-portability-and-interoperability%2F&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMManaged19-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMManaged19_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/downloads\/cas\/BVWMRDGY\" target=\"_blank\">\"IBM Managed Security Services\"<\/a> (PDF). IBM. 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/downloads\/cas\/BVWMRDGY\" target=\"_blank\">https:\/\/www.ibm.com\/downloads\/cas\/BVWMRDGY<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IBM+Managed+Security+Services&rft.atitle=&rft.date=2019&rft.pub=IBM&rft_id=https%3A%2F%2Fwww.ibm.com%2Fdownloads%2Fcas%2FBVWMRDGY&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMMSS-22\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMMSS_22-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/services\/managed-security\" target=\"_blank\">\"Managed Security Services (MSS)\"<\/a>. IBM<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/services\/managed-security\" target=\"_blank\">https:\/\/www.ibm.com\/services\/managed-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Security+Services+%28MSS%29&rft.atitle=&rft.pub=IBM&rft_id=https%3A%2F%2Fwww.ibm.com%2Fservices%2Fmanaged-security&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-23\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_23-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/24\/\" target=\"_blank\">\"Top 250 MSSPs for 2023: Companies 20 to 11\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/24\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/24\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2023%3A+Companies+20+to+11&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F24%2F&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-STHTop15_21-24\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-STHTop15_21_24-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">\"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\"<\/a>. Software Testing Help. 1 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+15+Best+Managed+Security+Service+Providers+%28MSSPs%29+In+2023&rft.atitle=&rft.date=1+August+2023&rft.pub=Software+Testing+Help&rft_id=https%3A%2F%2Fwww.softwaretestinghelp.com%2Fmanaged-security-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-25\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_25-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:IBM_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230815232551\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.581 seconds\nReal time usage: 1.095 seconds\nPreprocessor visited node count: 19731\/1000000\nPost\u2010expand include size: 105706\/2097152 bytes\nTemplate argument size: 46860\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 33947\/5000000 bytes\nLua time usage: 0.020\/7 seconds\nLua virtual size: 4927488\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 294.237 1 -total\n 58.54% 172.244 1 Template:Reflist\n 50.48% 148.525 25 Template:Cite_web\n 46.72% 137.480 25 Template:Citation\/core\n 38.10% 112.110 1 Template:Infobox_company\n 36.90% 108.588 1 Template:Infobox\n 33.43% 98.370 81 Template:Infobox\/row\n 28.35% 83.421 1 Template:URL\n 26.67% 78.480 1 Template:Str_right\n 25.88% 76.148 1 Template:Str_sub_long\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12483-0!canonical and timestamp 20230815232550 and revision id 52740. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/IBM_Cloud\">https:\/\/www.limswiki.org\/index.php\/IBM_Cloud<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","369c09656e0406646380b45bb4d0ecc1_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/2\/24\/IBM_Cloud_logo.png"],"369c09656e0406646380b45bb4d0ecc1_timestamp":1692220361,"3c094564b036ad5e513e0a6350ca7206_type":"article","3c094564b036ad5e513e0a6350ca7206_title":"Foresite Managed Cybersecurity","3c094564b036ad5e513e0a6350ca7206_url":"https:\/\/www.limswiki.org\/index.php\/Foresite_Managed_Cybersecurity","3c094564b036ad5e513e0a6350ca7206_plaintext":"\n\nForesite Managed CybersecurityFrom LIMSWikiJump to navigationJump to searchForesite Managed Cybersecurity\nFounder(s)\n \nMarc Brungardt and Robin MayoHeadquarters\n \n7311 W. 132nd St., Ste. 305, Overland Park, Kansas , United States Number of locations\n \n2Area served\n \nWorldwideKey people\n \nMatt Gyde (CEO)Services\n \nMonitoring and alerting, device management, patch management, breach response, ProVision software packageRevenue\n \nUnknown (private)Website\n \nforesite.com \n\n\r\n\nForesite Managed Cybersecurity is a suite of managed security services (MSS) offered by Foresite MSP, LLC, a multinational cybersecurity and managed security services provider (MSSP). Foresite describes its MSS as being able to \"help you take control of your security tools and alerts so your team can focus on generating business.\"[1] As of August 2023, Foresite is listed among the top 70 MSSPs around the world by multiple entities.[2][3][4]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nForesite divides its MSS into five categories[1]:\n\nMonitoring and alerting: Provides 24\/7 network monitoring, alerting, and analysis; log management; threat intelligence; incident management; asset classification and customizable reporting\nDevice management: Provides 24\/7 firewall monitoring, event analysis, and remediation; device configuration and tuning; device updates and patching; forensic data analysis\nPatch management: Provides patch management as a service, including discovery of missing or necessary patches, automated patch assessment and scheduling, and customized reporting\nBreach response: Provides 24\/7 access to breach reporting and incident response; cyber insurance inclusion; dark web monitoring; security risk assessments; security training\nProVision software package: Scalable security management software with customizable dashboard, asset management module, log management module, event management module, and ticket management module for monitoring and analyzing security information\nThe company appears to also provide testing and assessment services such as vulnerability and penetration testing, web application testing, enterprise risk assessments, third-party risk assessments, social engineering assessments, phishing assessments, and network security audits.[5]\n\r\n\n\nAdditional information \nDocumentation and other media \nForesite resource center\nExternal links \nManaged security services page\n\r\n\n\nReferences \n\n\n\u2191 1.0 1.1 \"Managed Cybersecurity Services\". Foresite MSP, LLC. https:\/\/foresite.com\/solutions\/cybersecurity-management\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 70 to 61\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 20202. https:\/\/www.msspalert.com\/top250\/list-2022\/19\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\". Software Testing Help. 1 August 2023. https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 30 May 2021 .   \n \n\n\u2191 \"Network Security Assessment\". Foresite MSP, LLC. https:\/\/foresite.com\/network-security-assessment-audit\/ . Retrieved 01 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Foresite_Managed_Cybersecurity\">https:\/\/www.limswiki.org\/index.php\/Foresite_Managed_Cybersecurity<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 August 2023, at 20:30.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 782 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","3c094564b036ad5e513e0a6350ca7206_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Foresite_Managed_Cybersecurity rootpage-Foresite_Managed_Cybersecurity skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Foresite Managed Cybersecurity<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Foresite Managed Cybersecurity<\/b> is a suite of managed security services (MSS) offered by Foresite MSP, LLC, a multinational cybersecurity and managed security services provider (MSSP). Foresite describes its MSS as being able to \"help you take control of your security tools and alerts so your team can focus on generating business.\"<sup id=\"rdp-ebb-cite_ref-ForesiteMSS_1-0\" class=\"reference\"><a href=\"#cite_note-ForesiteMSS-1\">[1]<\/a><\/sup> As of August 2023, Foresite is listed among the top 70 MSSPs around the world by multiple entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_2-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-STHTop15_21_3-0\" class=\"reference\"><a href=\"#cite_note-STHTop15_21-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_4-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Foresite divides its MSS into five categories<sup id=\"rdp-ebb-cite_ref-ForesiteMSS_1-1\" class=\"reference\"><a href=\"#cite_note-ForesiteMSS-1\">[1]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Monitoring and alerting<\/b>: Provides 24\/7 network monitoring, alerting, and analysis; log management; threat intelligence; incident management; asset classification and customizable reporting<\/li>\n<li><b>Device management<\/b>: Provides 24\/7 firewall monitoring, event analysis, and remediation; device configuration and tuning; device updates and patching; forensic data analysis<\/li>\n<li><b>Patch management<\/b>: Provides patch management as a service, including discovery of missing or necessary patches, automated patch assessment and scheduling, and customized reporting<\/li>\n<li><b>Breach response<\/b>: Provides 24\/7 access to breach reporting and incident response; cyber insurance inclusion; dark web monitoring; security risk assessments; security training<\/li>\n<li><b>ProVision software package<\/b>: Scalable security management software with customizable dashboard, asset management module, log management module, event management module, and ticket management module for monitoring and analyzing security information<\/li><\/ul>\n<p>The company appears to also provide testing and assessment services such as vulnerability and penetration testing, web application testing, enterprise risk assessments, third-party risk assessments, social engineering assessments, phishing assessments, and network security audits.<sup id=\"rdp-ebb-cite_ref-ForesiteAss_5-0\" class=\"reference\"><a href=\"#cite_note-ForesiteAss-5\">[5]<\/a><\/sup>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/foresite.com\/resources\/\" target=\"_blank\">Foresite resource center<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/foresite.com\/solutions\/cybersecurity-management\/\" target=\"_blank\">Managed security services page<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-ForesiteMSS-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-ForesiteMSS_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-ForesiteMSS_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/foresite.com\/solutions\/cybersecurity-management\/\" target=\"_blank\">\"Managed Cybersecurity Services\"<\/a>. Foresite MSP, LLC<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/foresite.com\/solutions\/cybersecurity-management\/\" target=\"_blank\">https:\/\/foresite.com\/solutions\/cybersecurity-management\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Cybersecurity+Services&rft.atitle=&rft.pub=Foresite+MSP%2C+LLC&rft_id=https%3A%2F%2Fforesite.com%2Fsolutions%2Fcybersecurity-management%2F&rfr_id=info:sid\/en.wikipedia.org:Foresite_Managed_Cybersecurity\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/19\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 70 to 61\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 20202<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/19\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/19\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+70+to+61&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+20202&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F19%2F&rfr_id=info:sid\/en.wikipedia.org:Foresite_Managed_Cybersecurity\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-STHTop15_21-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-STHTop15_21_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">\"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\"<\/a>. Software Testing Help. 1 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+15+Best+Managed+Security+Service+Providers+%28MSSPs%29+In+2023&rft.atitle=&rft.date=1+August+2023&rft.pub=Software+Testing+Help&rft_id=https%3A%2F%2Fwww.softwaretestinghelp.com%2Fmanaged-security-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:Foresite_Managed_Cybersecurity\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 30 May 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:Foresite_Managed_Cybersecurity\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ForesiteAss-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ForesiteAss_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/foresite.com\/network-security-assessment-audit\/\" target=\"_blank\">\"Network Security Assessment\"<\/a>. Foresite MSP, LLC<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/foresite.com\/network-security-assessment-audit\/\" target=\"_blank\">https:\/\/foresite.com\/network-security-assessment-audit\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Network+Security+Assessment&rft.atitle=&rft.pub=Foresite+MSP%2C+LLC&rft_id=https%3A%2F%2Fforesite.com%2Fnetwork-security-assessment-audit%2F&rfr_id=info:sid\/en.wikipedia.org:Foresite_Managed_Cybersecurity\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816181511\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.126 seconds\nReal time usage: 0.151 seconds\nPreprocessor visited node count: 5390\/1000000\nPost\u2010expand include size: 27762\/2097152 bytes\nTemplate argument size: 9749\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 6754\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 118.689 1 -total\n 59.31% 70.397 1 Template:Reflist\n 44.92% 53.312 5 Template:Cite_web\n 38.79% 46.041 5 Template:Citation\/core\n 36.47% 43.285 1 Template:Infobox_company\n 32.33% 38.371 1 Template:Infobox\n 19.72% 23.404 81 Template:Infobox\/row\n 9.52% 11.294 3 Template:Date\n 6.64% 7.886 1 Template:URL\n 4.23% 5.015 7 Template:Citation\/make_link\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12566-0!canonical and timestamp 20230816181511 and revision id 52797. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Foresite_Managed_Cybersecurity\">https:\/\/www.limswiki.org\/index.php\/Foresite_Managed_Cybersecurity<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","3c094564b036ad5e513e0a6350ca7206_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/a\/a3\/Foresite.png"],"3c094564b036ad5e513e0a6350ca7206_timestamp":1692220363,"258671573c3552d254229a052a931c9d_type":"article","258671573c3552d254229a052a931c9d_title":"Cyderes Managed Services","258671573c3552d254229a052a931c9d_url":"https:\/\/www.limswiki.org\/index.php\/Cyderes_Managed_Services","258671573c3552d254229a052a931c9d_plaintext":"\n\nCyderes Managed ServicesFrom LIMSWikiJump to navigationJump to searchCyderes Managed Services\nPredecessor\n \nHerjavec Group, Fistech GroupFounder(s)\n \nRobert Herjavec, Gary FishHeadquarters\n \n180 Duncan Mill Rd., 7th Floor, Toronto, Ontario , Canada Number of locations\n \n4Area served\n \nWorldwideKey people\n \nRobert Herjavec (CEO)Services\n \nSecurity monitoring and management, technology support, device management, threat research, incident response, vulnerability scanning, etc.Revenue\n \nUnknown (private)Website\n \ncyderes.com \n\n\r\n\nCyderes Managed Services\u2014formerly Herjavec Group and Fistech Group\u2014is a suite of managed security services (MSS) offered by Cyderes, a multinational cybersecurity and managed security services provider (MSSP). Cyderes describes its MSS as enabling \"customers to focus their resources on growing their business while we help address their threats in a way that\u2019s better, faster, more cost effective, and more scalable than in-house solutions.\"[1] As of August 2023, Cyderes is listed among the top 20 MSSPs around the world by multiple entities.[2][3]\nIn February 2021, Herjavec Group expanded its operations with its acquisition by private equity firm Apax Partners in February 2021, with Apax making the acquisition \"to drive the business forward, investing in continued product innovation and growth acceleration while maintaining the company\u2019s number one priority: its customer centricity.\"[4]\nIn late December 2021, Herjavec Group and cybersecurity provider Fishtech Group announced intents to merge their companies into a newly branded single cybersecurity entity in early 2022, with Robert Herjavec retaining the CEO position and Gary Fish serving as chairman of the board.[5] The merger was wrapped up in early 2022, revealing the new name of the merged entities as \"Cyderes.\"[6]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nCyderes splits its managed services into three categories on its MSS page[1]:\n\nManaged security: security operations centers, threat detection and triage, playbook development, and endpoint detection and response\nCloud security: full cloud-native monitoring, multi-cloud workload coverage, security governance and compliance monitoring\nGoogle: Google-specific analytics and platform-as-a-service, security analytics, dashboards, correlation logic\nThe company has key offerings associated with each category. See the offerings page for more.\n\r\n\n\nAdditional information \nDocumentation and other media \nCyderes resources page\nExternal links \nManaged security services page\n\r\n\n\nReferences \n\n\n\u2191 1.0 1.1 \"Managed Services\". Cyderes. https:\/\/www.cyderes.com\/managed-services\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 20 to 11\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/24\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"The 22 Best Managed Security Service Providers Ranked\". Network Assured. https:\/\/networkassured.com\/vendors\/managed-security\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 Panettieri, J. (11 February 2021). \"MSSP Herjavec Group Acquired by Private Equity Firm Apax Partners\". MSSP Alert. https:\/\/www.msspalert.com\/cybersecurity-news\/herjavec-group-acquired-by-apax-partners\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 Starland News Staff (30 December 2021). \"Merger alert: \u2018Shark Tank\u2019 star teams with Gary Fish, Fishtech to form new cybersecurity powerhouse\". Startland News. https:\/\/www.startlandnews.com\/2021\/12\/fishtech-herjavec\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 Starland News Staff (7 June 2022). \"\u2018Cyderes\u2019 emerges from Fishtech, Herjavec merger; new cybersecurity powerhouse aims to reshape market\". Startland News. https:\/\/www.startlandnews.com\/2022\/06\/cyderes-fishtech-herjavec\/ . Retrieved 11 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Cyderes_Managed_Services\">https:\/\/www.limswiki.org\/index.php\/Cyderes_Managed_Services<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 August 2023, at 21:10.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 842 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","258671573c3552d254229a052a931c9d_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Cyderes_Managed_Services rootpage-Cyderes_Managed_Services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Cyderes Managed Services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Cyderes Managed Services<\/b>\u2014formerly Herjavec Group and Fistech Group\u2014is a suite of managed security services (MSS) offered by Cyderes, a multinational cybersecurity and managed security services provider (MSSP). Cyderes describes its MSS as enabling \"customers to focus their resources on growing their business while we help address their threats in a way that\u2019s better, faster, more cost effective, and more scalable than in-house solutions.\"<sup id=\"rdp-ebb-cite_ref-HGMSS_1-0\" class=\"reference\"><a href=\"#cite_note-HGMSS-1\">[1]<\/a><\/sup> As of August 2023, Cyderes is listed among the top 20 MSSPs around the world by multiple entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_2-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_3-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-3\">[3]<\/a><\/sup>\n<\/p><p>In February 2021, Herjavec Group expanded its operations with its acquisition by private equity firm Apax Partners in February 2021, with Apax making the acquisition \"to drive the business forward, investing in continued product innovation and growth acceleration while maintaining the company\u2019s number one priority: its customer centricity.\"<sup id=\"rdp-ebb-cite_ref-PanettieriMSSP21_4-0\" class=\"reference\"><a href=\"#cite_note-PanettieriMSSP21-4\">[4]<\/a><\/sup>\n<\/p><p>In late December 2021, Herjavec Group and cybersecurity provider Fishtech Group announced intents to merge their companies into a newly branded single cybersecurity entity in early 2022, with Robert Herjavec retaining the CEO position and Gary Fish serving as chairman of the board.<sup id=\"rdp-ebb-cite_ref-StartlandMerger21_5-0\" class=\"reference\"><a href=\"#cite_note-StartlandMerger21-5\">[5]<\/a><\/sup> The merger was wrapped up in early 2022, revealing the new name of the merged entities as \"Cyderes.\"<sup id=\"rdp-ebb-cite_ref-StartlandCyderes22_6-0\" class=\"reference\"><a href=\"#cite_note-StartlandCyderes22-6\">[6]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Cyderes splits its managed services into three categories on its MSS page<sup id=\"rdp-ebb-cite_ref-HGMSS_1-1\" class=\"reference\"><a href=\"#cite_note-HGMSS-1\">[1]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Managed security<\/b>: security operations centers, threat detection and triage, playbook development, and endpoint detection and response<\/li>\n<li><b>Cloud security<\/b>: full cloud-native monitoring, multi-cloud workload coverage, security governance and compliance monitoring<\/li>\n<li><b>Google<\/b>: Google-specific analytics and platform-as-a-service, security analytics, dashboards, correlation logic<\/li><\/ul>\n<p>The company has key offerings associated with each category. See the <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyderes.com\/managed-services\/\" target=\"_blank\">offerings page<\/a> for more.\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyderes.com\/blog\/category\/resources\/\" target=\"_blank\">Cyderes resources page<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyderes.com\/managed-services\/\" target=\"_blank\">Managed security services page<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-HGMSS-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-HGMSS_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-HGMSS_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyderes.com\/managed-services\/\" target=\"_blank\">\"Managed Services\"<\/a>. Cyderes<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyderes.com\/managed-services\/\" target=\"_blank\">https:\/\/www.cyderes.com\/managed-services\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Services&rft.atitle=&rft.pub=Cyderes&rft_id=https%3A%2F%2Fwww.cyderes.com%2Fmanaged-services%2F&rfr_id=info:sid\/en.wikipedia.org:Cyderes_Managed_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/24\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 20 to 11\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/24\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/24\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+20+to+11&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F24%2F&rfr_id=info:sid\/en.wikipedia.org:Cyderes_Managed_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/networkassured.com\/vendors\/managed-security\/\" target=\"_blank\">\"The 22 Best Managed Security Service Providers Ranked\"<\/a>. Network Assured<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/networkassured.com\/vendors\/managed-security\/\" target=\"_blank\">https:\/\/networkassured.com\/vendors\/managed-security\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+22+Best+Managed+Security+Service+Providers+Ranked&rft.atitle=&rft.pub=Network+Assured&rft_id=https%3A%2F%2Fnetworkassured.com%2Fvendors%2Fmanaged-security%2F&rfr_id=info:sid\/en.wikipedia.org:Cyderes_Managed_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PanettieriMSSP21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PanettieriMSSP21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Panettieri, J. (11 February 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/cybersecurity-news\/herjavec-group-acquired-by-apax-partners\/\" target=\"_blank\">\"MSSP Herjavec Group Acquired by Private Equity Firm Apax Partners\"<\/a>. <i>MSSP Alert<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/cybersecurity-news\/herjavec-group-acquired-by-apax-partners\/\" target=\"_blank\">https:\/\/www.msspalert.com\/cybersecurity-news\/herjavec-group-acquired-by-apax-partners\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=MSSP+Herjavec+Group+Acquired+by+Private+Equity+Firm+Apax+Partners&rft.atitle=MSSP+Alert&rft.aulast=Panettieri%2C+J.&rft.au=Panettieri%2C+J.&rft.date=11+February+2021&rft_id=https%3A%2F%2Fwww.msspalert.com%2Fcybersecurity-news%2Fherjavec-group-acquired-by-apax-partners%2F&rfr_id=info:sid\/en.wikipedia.org:Cyderes_Managed_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-StartlandMerger21-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-StartlandMerger21_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Starland News Staff (30 December 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.startlandnews.com\/2021\/12\/fishtech-herjavec\/\" target=\"_blank\">\"Merger alert: \u2018Shark Tank\u2019 star teams with Gary Fish, Fishtech to form new cybersecurity powerhouse\"<\/a>. <i>Startland News<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.startlandnews.com\/2021\/12\/fishtech-herjavec\/\" target=\"_blank\">https:\/\/www.startlandnews.com\/2021\/12\/fishtech-herjavec\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Merger+alert%3A+%E2%80%98Shark+Tank%E2%80%99+star+teams+with+Gary+Fish%2C+Fishtech+to+form+new+cybersecurity+powerhouse&rft.atitle=Startland+News&rft.aulast=Starland+News+Staff&rft.au=Starland+News+Staff&rft.date=30+December+2021&rft_id=https%3A%2F%2Fwww.startlandnews.com%2F2021%2F12%2Ffishtech-herjavec%2F&rfr_id=info:sid\/en.wikipedia.org:Cyderes_Managed_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-StartlandCyderes22-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-StartlandCyderes22_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Starland News Staff (7 June 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.startlandnews.com\/2022\/06\/cyderes-fishtech-herjavec\/\" target=\"_blank\">\"\u2018Cyderes\u2019 emerges from Fishtech, Herjavec merger; new cybersecurity powerhouse aims to reshape market\"<\/a>. <i>Startland News<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.startlandnews.com\/2022\/06\/cyderes-fishtech-herjavec\/\" target=\"_blank\">https:\/\/www.startlandnews.com\/2022\/06\/cyderes-fishtech-herjavec\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=%E2%80%98Cyderes%E2%80%99+emerges+from+Fishtech%2C+Herjavec+merger%3B+new+cybersecurity+powerhouse+aims+to+reshape+market&rft.atitle=Startland+News&rft.aulast=Starland+News+Staff&rft.au=Starland+News+Staff&rft.date=7+June+2022&rft_id=https%3A%2F%2Fwww.startlandnews.com%2F2022%2F06%2Fcyderes-fishtech-herjavec%2F&rfr_id=info:sid\/en.wikipedia.org:Cyderes_Managed_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210005\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.248 seconds\nReal time usage: 0.335 seconds\nPreprocessor visited node count: 7974\/1000000\nPost\u2010expand include size: 35511\/2097152 bytes\nTemplate argument size: 17061\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 8414\/5000000 bytes\nLua time usage: 0.010\/7 seconds\nLua virtual size: 4943872\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 193.483 1 -total\n 61.48% 118.946 1 Template:Infobox_company\n 59.78% 115.657 1 Template:Infobox\n 52.87% 102.290 81 Template:Infobox\/row\n 45.83% 88.676 1 Template:URL\n 42.60% 82.425 1 Template:Str_right\n 41.24% 79.801 1 Template:Str_sub_long\n 36.00% 69.650 1 Template:Reflist\n 28.41% 54.969 6 Template:Cite_web\n 25.02% 48.413 6 Template:Citation\/core\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12572-0!canonical and timestamp 20230816210005 and revision id 52801. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Cyderes_Managed_Services\">https:\/\/www.limswiki.org\/index.php\/Cyderes_Managed_Services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","258671573c3552d254229a052a931c9d_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/0\/0f\/Cyderes-Logo.png"],"258671573c3552d254229a052a931c9d_timestamp":1692220363,"e709b991d697c3abce9eb27a11117834_type":"article","e709b991d697c3abce9eb27a11117834_title":"Cisco Cloudcenter and UCS Director","e709b991d697c3abce9eb27a11117834_url":"https:\/\/www.limswiki.org\/index.php\/Cisco_Cloudcenter_and_UCS_Director","e709b991d697c3abce9eb27a11117834_plaintext":"\n\nCisco Cloudcenter and UCS DirectorFrom LIMSWikiJump to navigationJump to searchCisco Cloudcenter and UCS Director\nIndustry\n \nCloud computing, Web servicesFounder(s)\n \nSandy Lerner, Leonard BosackHeadquarters\n \nSan Jose, California , United States Area served\n \nWorldwideKey people\n \nChuck Robbins (CEO)Products\n \nSaaSRevenue\n \n$13.6 billion (2023, Q2)[1]Website\n \nCloudCenter and USC Director\n\n\r\n\nCisco Cloudcenter and UCS Director are hybrid and multicloud software solutions provided by Ciscos Systems, Inc., a multinational technology conglomerate. While not providing public cloud services, Cisco acts as the \"Switzerland of the cloud\" by providing management, security, analytics, and advanced networking cloud solutions and services.[2] Cisco CloudCenter and UCS Director are representative of that approach.\nCisco describes Cisco CloudCenter as a \"software solution [that] helps you modernize and automate your data center or add public cloud application deployment to your service offering.\"[3] USC Director is described as \"a heterogeneous platform for private cloud infrastructure as a service (IaaS) ... [that] supports a variety of hypervisors along with Cisco and third-party servers, network, storage, converged and hyperconverged infrastructure across bare-metal and virtualized environments.\"[4] These solutions support the Alibaba, Amazon, Google, IBM, Microsoft, and (presumably, with the acquisition of VMware vCloud Air[5]) OVHcloud public clouds.[6]\nIn November 2020, Cisco announced the end-of-sale and end-of-life of Cisco CloudCenter. The software would no longer be sold as of May 7, 2021, and existing contracts running on Cisco CloudCenter could extend or renew the service until August 3, 2023. Last date of support for CloudCenter is May 31, 2024, when it will officially become obsolete.[7] As of August 2023[update], UCS Director still appears to be actively developed and sold.\n\r\n\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nNOTE: Due to the end-of-life announcement of CloudCenter[7], much of the following material is no longer relevant. However, it is still left here for historical purposes. It has been slightly modified to take into account the end-of-life status.\nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a provider of cloud-based software solutions for hybrid and multicloud management, some of the questions from Chapter 5 may not be relevant, as they are not providing public cloud services but software as a service (SaaS) (or local installs) of cloud management software.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nIt's not clear what laboratories, if any, have adopted Cisco CloudCenter or UCS Director. A Cisco representative is likely to be able to supply examples of laboratories that use or have used these SaaS cloud options.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nPer Cisco's CloudCenter Suite architecture document, \"Cisco CloudCenter is built to integrate with and extend a wide range of other data center and cloud management platforms and tools that are found in the typical IT enterprise.\"[8] The document then goes on to discuss content integration, platform integration, tool integration, and cloud integration[8]; read the white paper to learn more. As for UCS Director, it acts as a tool \"to operationally integrate the bare-metal and virtual data center infrastructure stack to address complex, time-consuming, manual, and compartmentalized management processes.\"[9] These tools' inherent purposes are to help integrate your on-premises with public and private cloud offerings.\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nThere doesn't appear to be an uptime status tracker for CloudCenter and UCS Director. According to Cisco's trust center document for CloudCenter, they used to have an uptime status page at http:\/\/status.cloudcenter.cisco.com\/[10], but that URL is no longer functional, due to the end-of-life state of the product.[7]\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nIt's not clear if there are support tiers or plans for CloudCenter and UCS Director. You'll have to discuss support plans and provided support during downtime with a Cisco representative.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nThe Cisco CloudCenter Suite Privacy Data Sheet indicates \"datacenters are currently located in the following countries: United States, Germany, and Ireland.\" They add that \"customer information is stored in the data center closest to the Customer's location as provided during the ordering process.\"[11] You'll have to discuss this with a Cisco representative. Cisco documentation does add a little insight into secure data transfers using its solutions. The CloudCenter architecture document notes that CloudCenter \"encrypts data at rest and in motion and offers a range of critical management, authentication, and authorization features that don\u2019t just secure the Cisco CloudCenter solution, but also the clouds to which it connects.\"[8] Other security measures include SAML 2.0 support, LDAP and Active Directory support, randomly generated REST API keys, and more.[8] It's not clear what data transfer security measures are in place for UCS Director. Consult with a Cisco representative to learn more.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nIt's not fully clear what personnel protocols Cisco follows for its SaaS solutions. However, the trust center document for CloudCenter notes that \"[a]ll employees are required to undergo annual security training and must comply with Cisco\u2019s Global Personal Data Protection and Privacy Policy and binding corporate rules.\"[10] They add, in regards to third-parties, that \"our team performs due diligence reviews of each third party's information security program, privacy practices, confidentiality commitments and puts appropriate contractual terms in place to ensure that the processing will meet the high standards required by our team, and applicable laws.\"[10] Cisco's brochure on the product life cycle at Cisco may also prove useful. For more about this topic, discuss it with a Cisco representative.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nCisco doesn't clearly state what compliance standards are in place for those servers in the U.S., Germany, and Ireland. You'll have to have a discussion about this with a Cisco representative.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nIn a 2016 white paper, Cisco describes in-depth the concept of multitenancy and tenant isolation in regards to CloudCenter. However, it's not clear if there is a bare-metal option for users of CloudCenter or UCS Director. You'll have to have a discussion with a representative to learn more about their SaaS servers, etc.\n\r\n\n9. Do you have documented data security policies?\nCisco documents its security practices regarding CloudCenter in several places:\n\nCisco CloudCenter trust center document\nCisco CloudCenter architecture document\nCisco CloudCenter Suite Privacy Data Sheet\nCisco secure development lifecycle document\nCisco Transparency Service Center FAQ\nSecurity documentation concerning UCS Director could not be found. Discuss this with a Cisco representative.\n\r\n\n10. How do you test your platform's security?\nCisco tests its systems in multiple ways, as stated in its secure development document[12]:\n\n\"When modeling threats, Cisco engineers follow the flow of data through a system and identify trust boundaries and inflection points where the data might be compromised. Once potential vulnerabilities and threats are identified, mitigation strategies can be put in place to minimize the risk. Cisco\u2019s Threat Modeling tool facilitates the process by exposing applicable threats based on the developers\u2019 diagram of the data flow and trust boundaries.\"\n\"Cisco SDL identifies key security checkers for Static Analysis (SA) tools to detect source code vulnerabilities in both C and Java source code. Through internal analysis, field trials, and limited business unit deployments, a set of checkers has been identified to maximize detection of security issues.\"\nCisco uses vulnerability testing methods \"to determine their ability to withstand probes and attacks.\" They also have \"[d]edicated penetration testing and security risk assessment engineers ... available to further identify and resolve potential security weaknesses.\"\nAdditionally, Cisco customers are able to \"access, review, and test Cisco source code and other intellectual property\u2014including hardware, software and firmware\u2014in a dedicated, secure facility at a Cisco site,\" via its Transparency Service Center.[13]\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nIn their trust document for CloudCenter, Cisco states: \"We are targeting ISO 27001 certification in early 2020, having undergone audits with minimal findings in calendar year 2019. We are evaluating SOC2 as a potential roadmap item.\"[10] You'll have to discuss where their security auditing of their solutions stands in 2021. As for intrusion detection, that same document adds[10]:\n\nOur security operations team is responsible for continuously monitoring the day-to-day security of the SaaS solution. From endpoints to networks, crossfunctional teams are continuously observing the operational environments for anomalous events, behaviors, and malware. As threats emerge, the focus shifts to investigating suspicious alerts, events, and incidents. We are vigilant about keeping your data and systems secure.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nCisco states in its trust document for CloudCenter that \"[o]ur Cloud Operations and TAC teams have access to SaaS infrastructure and application log data. We provide limited assistance with audit requests.\"[10] The Cisco CloudCenter Suite Privacy Data Sheet also indicates that its \"configuration logs and Support Information are stored in the U.S. region.\" However, it's not clear how they act upon this log data. Discuss this with a Cisco representative.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nIt's not clear how thorough the logs are. Cisco will presumably let you audit those logs, but you'll have to verify this with a representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nAs Cisco is providing cloud management solutions via SaaS, your sensitive data should not, in theory, be exposed to their solutions. That said, Cisco does provide an older 2014 guide with \"insight into the Cisco enterprise architecture and the controls used to address HIPAA Security Rule technical safeguards.\"[14] However, it's not clear if a business associate agreement is required if HIPAA-eligible data doesn't touch their solution.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nThe Cisco Universal Cloud Services Agreement states[15]:\n\nIf this Agreement is terminated for any reason:\na. Cisco will make your stored Content available to you for a reasonable period of time (subject to the AUP);\n\nb. You will pay the fees for the SaaS provided up to the effective date of termination.\nIt's not clear what \"a reasonable period of time\" is. Consult with a Cisco representative to learn more.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how Cisco would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, in its Cisco CloudCenter Suite Privacy Data Sheet, the company notes \"[i]f disaster recovery is needed, Customer information is restored within the region\" in regards to its designated data center locations.[11] Little else is said, and more clarification may be required of a representative.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nIt's not clear how and when information can be extracted from either SaaS-based Cisco solution. Discuss this with a representative.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a Cisco representative.\n\nManaged security services \nCustomers of Cisco Cloudcenter and UCS Director may also want to consider the managed security services (MSS) provided by Cisco. Those services appear to primarily be offered by its Active Threat Analytics team, which is advertised as combining \"people, intelligence, analysis, and technology to provide you with end-to-end security monitoring, threat detection, and incident response.\"[16] The primary services touted are managed detection and response, active threat analytics, and related incident response. This includes[16]:\n\nManaged detection and response: cloud monitoring; threat intelligence analysis; data-driven investigation; and security orchestration, automation, and response (SOAR)-based incident response\nActive threat analytics: policy management, device monitoring, architecture management, incident analysis, device support, and detailed reporting\nCisco is listed in the top 70 of managed security service provider lists for multiple entities.[17][18]\n\r\n\n\nAdditional information \nDocumentation and other media \nCisco development and auditing practices\nCisco CloudCenter Suite at a glance\nCisco CloudCenter Suite architecture overview\nCisco CloudCenter Suite multitenancy white paper\nCisco CloudCenter Suite trust document\nCisco UCS Director at a glance\nCisco UCS Director administration guide\nExternal links \nCisco trust center\nReferences \n\n\n\u2191 \"Cisco Reports Second Quarter Earnings\". Cisco Systems, Inc. 15 February 2023. https:\/\/investor.cisco.com\/news\/news-details\/2023\/CISCO-REPORTS-SECOND-QUARTER-EARNINGS\/default.aspx . Retrieved 01 August 2023 .   \n \n\n\u2191 Butler, B. (27 February 2017). \"How Cisco wants to become the Switzerland of the cloud\". NetworkWorld. https:\/\/www.networkworld.com\/article\/3174944\/how-cisco-wants-to-become-the-switzerland-of-the-cloud.html . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Cisco CloudCenter (formerly CliQr)\". Cisco. Archived from the original on 15 April 2021. https:\/\/web.archive.org\/web\/20210415162756\/https:\/\/www.cisco.com\/c\/en\/us\/products\/cloud-systems-management\/cloudcenter\/index.html . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Cisco UCS Director\". Cisco. https:\/\/www.cisco.com\/c\/en\/us\/products\/servers-unified-computing\/ucs-director\/index.html . Retrieved 01 August 2023 .   \n \n\n\u2191 \"OVH Completes Acquisition of VMware\u2019s vCloud Air Business\". OVH News. OVHcloud. 8 May 2017. Archived from the original on 20 March 2019. https:\/\/web.archive.org\/web\/20190320060231\/https:\/\/www.ovh.com\/world\/news\/press\/cp2456.ovh_completes_acquisition_of_vmwares_vcloud_air_business . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Cisco CloudCenter Suite\" (PDF). Cisco. 2019. Archived from the original on 30 October 2020. https:\/\/web.archive.org\/web\/20201030181821\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/at-a-glance-c45-741883.pdf . Retrieved 01 August 2023 .   \n \n\n\u2191 7.0 7.1 7.2 \"End-of-Sale and End-of-Life Announcement for the Cisco CloudCenter\". Cisco Systems, Inc. 16 July 2021. https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/eos-eol-notice-c51-744447.html . Retrieved 01 August 2023 .   \n \n\n\u2191 8.0 8.1 8.2 8.3 \"Cisco CloudCenter Solution: Architecture Overview\" (PDF). Cisco. 2017. Archived from the original on 23 April 2021. https:\/\/web.archive.org\/web\/20210423212205\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/white-paper-c11-737224.pdf . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Cisco - Cisco UCS Director CUIC Offerings\". A&T Networks. https:\/\/www.atnetworks.com\/Products\/overview\/M010354449 . Retrieved 01 August 2023 .   \n \n\n\u2191 10.0 10.1 10.2 10.3 10.4 10.5 \"Cisco CloudCenter Suite Trust Center\" (PDF). Cisco. 2019. https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/cc-suite-saas-trust-center.pdf . Retrieved 01 August 2023 .   \n \n\n\u2191 11.0 11.1 \"Cisco CloudCenter Suite Privacy Data Sheet\". Trust Portal. Cisco. https:\/\/trustportal.cisco.com\/c\/r\/ctp\/trust-portal.html . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Secure Development Lifecycle\". Cisco. 2016. https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-secure-development-lifecycle.pdf . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Cisco Transparency Service Center FAQ\" (PDF). Cisco. 2020. https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-transparency-service-center-faq.pdf . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Chapter: Solution Overview\". Cisco Compliance Solution for HIPAA Security Rule Design and Implementation Guide. Cisco. 3 March 2014. Archived from the original on 10 September 2015. https:\/\/web.archive.org\/web\/20150910005155\/https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/solutions\/Enterprise\/Compliance\/HIPAA\/default\/ch1_HIP.html . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Cisco Universal Cloud Services Agreement\" (PDF). Cisco. 2016. https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/legal\/docs\/universal-cloud-services-agreement.pdf . Retrieved 01 August 2023 .   \n \n\n\u2191 16.0 16.1 \"Services for Security\". Cisco. https:\/\/www.cisco.com\/site\/us\/en\/products\/security\/services\/index.html . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 70 to 61\". Top 250 MSSPs: Cybersecurity Company List and Research for 2020. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/19\/ . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 01 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Cisco_Cloudcenter_and_UCS_Director\">https:\/\/www.limswiki.org\/index.php\/Cisco_Cloudcenter_and_UCS_Director<\/a>\nCategories: Articles containing potentially dated statements from August 2023Articles with invalid date parameter in templateAll articles containing potentially dated statementsNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 1 August 2023, at 23:48.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,609 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","e709b991d697c3abce9eb27a11117834_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Cisco_Cloudcenter_and_UCS_Director rootpage-Cisco_Cloudcenter_and_UCS_Director skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Cisco Cloudcenter and UCS Director<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Cisco Cloudcenter<\/b> and <b>UCS Director<\/b> are hybrid and multicloud software solutions provided by Ciscos Systems, Inc., a multinational technology conglomerate. While not providing public cloud services, Cisco acts as the \"Switzerland of the cloud\" by providing management, security, analytics, and advanced networking cloud solutions and services.<sup id=\"rdp-ebb-cite_ref-ButlerHowCisco17_2-0\" class=\"reference\"><a href=\"#cite_note-ButlerHowCisco17-2\">[2]<\/a><\/sup> Cisco CloudCenter and UCS Director are representative of that approach.\n<\/p><p>Cisco describes Cisco CloudCenter as a \"software solution [that] helps you modernize and automate your data center or add public cloud application deployment to your service offering.\"<sup id=\"rdp-ebb-cite_ref-CiscoCloudCenter_3-0\" class=\"reference\"><a href=\"#cite_note-CiscoCloudCenter-3\">[3]<\/a><\/sup> USC Director is described as \"a heterogeneous platform for private cloud infrastructure as a service (IaaS) ... [that] supports a variety of hypervisors along with Cisco and third-party servers, network, storage, converged and hyperconverged infrastructure across bare-metal and virtualized environments.\"<sup id=\"rdp-ebb-cite_ref-CiscoUCSDirector_4-0\" class=\"reference\"><a href=\"#cite_note-CiscoUCSDirector-4\">[4]<\/a><\/sup> These solutions support the Alibaba, Amazon, Google, IBM, Microsoft, and (presumably, with the acquisition of VMware vCloud Air<sup id=\"rdp-ebb-cite_ref-OVHCompletes17_5-0\" class=\"reference\"><a href=\"#cite_note-OVHCompletes17-5\">[5]<\/a><\/sup>) OVHcloud public clouds.<sup id=\"rdp-ebb-cite_ref-CiscoCCSuiteGlance_6-0\" class=\"reference\"><a href=\"#cite_note-CiscoCCSuiteGlance-6\">[6]<\/a><\/sup>\n<\/p><p>In November 2020, Cisco announced the end-of-sale and end-of-life of Cisco CloudCenter. The software would no longer be sold as of May 7, 2021, and existing contracts running on Cisco CloudCenter could extend or renew the service until August 3, 2023. Last date of support for CloudCenter is May 31, 2024, when it will officially become obsolete.<sup id=\"rdp-ebb-cite_ref-CiscoCloudCenterEoL21_7-0\" class=\"reference\"><a href=\"#cite_note-CiscoCloudCenterEoL21-7\">[7]<\/a><\/sup> As of August 2023<sup class=\"plainlinks noprint asof-tag update\" style=\"display:none;\"><\/sup>, UCS Director still appears to be actively developed and sold.\n<\/p><p><br \/>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p><b>NOTE<\/b>: Due to the end-of-life announcement of CloudCenter<sup id=\"rdp-ebb-cite_ref-CiscoCloudCenterEoL21_7-1\" class=\"reference\"><a href=\"#cite_note-CiscoCloudCenterEoL21-7\">[7]<\/a><\/sup>, much of the following material is no longer relevant. However, it is still left here for historical purposes. It has been slightly modified to take into account the end-of-life status.\n<\/p><p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a provider of cloud-based software solutions for hybrid and multicloud management, some of the questions from Chapter 5 may not be relevant, as they are not providing public cloud services but software as a service (SaaS) (or local installs) of cloud management software.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>It's not clear what <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a>, if any, have adopted Cisco CloudCenter or UCS Director. A Cisco representative is likely to be able to supply examples of laboratories that use or have used these SaaS cloud options.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>Per Cisco's CloudCenter Suite architecture document, \"Cisco CloudCenter is built to integrate with and extend a wide range of other data center and cloud management platforms and tools that are found in the typical IT enterprise.\"<sup id=\"rdp-ebb-cite_ref-CiscoCloudArch17_8-0\" class=\"reference\"><a href=\"#cite_note-CiscoCloudArch17-8\">[8]<\/a><\/sup> The document then goes on to discuss content integration, platform integration, tool integration, and cloud integration<sup id=\"rdp-ebb-cite_ref-CiscoCloudArch17_8-1\" class=\"reference\"><a href=\"#cite_note-CiscoCloudArch17-8\">[8]<\/a><\/sup>; read the white paper to learn more. As for UCS Director, it acts as a tool \"to operationally integrate the bare-metal and virtual data center infrastructure stack to address complex, time-consuming, manual, and compartmentalized management processes.\"<sup id=\"rdp-ebb-cite_ref-A.26TCiscoUCS_9-0\" class=\"reference\"><a href=\"#cite_note-A.26TCiscoUCS-9\">[9]<\/a><\/sup> These tools' inherent purposes are to help integrate your on-premises with public and private cloud offerings.\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>There doesn't appear to be an uptime status tracker for CloudCenter and UCS Director. According to Cisco's trust center document for CloudCenter, they used to have an uptime status page at <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/status.cloudcenter.cisco.com\/\" target=\"_blank\">http:\/\/status.cloudcenter.cisco.com\/<\/a><sup id=\"rdp-ebb-cite_ref-CiscoCloudTrust19_10-0\" class=\"reference\"><a href=\"#cite_note-CiscoCloudTrust19-10\">[10]<\/a><\/sup>, but that URL is no longer functional, due to the end-of-life state of the product.<sup id=\"rdp-ebb-cite_ref-CiscoCloudCenterEoL21_7-2\" class=\"reference\"><a href=\"#cite_note-CiscoCloudCenterEoL21-7\">[7]<\/a><\/sup>\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>It's not clear if there are support tiers or plans for CloudCenter and UCS Director. You'll have to discuss support plans and provided support during downtime with a Cisco representative.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>The Cisco CloudCenter Suite Privacy Data Sheet indicates \"datacenters are currently located in the following countries: United States, Germany, and Ireland.\" They add that \"customer information is stored in the data center closest to the Customer's location as provided during the ordering process.\"<sup id=\"rdp-ebb-cite_ref-CiscoTrustPortal_11-0\" class=\"reference\"><a href=\"#cite_note-CiscoTrustPortal-11\">[11]<\/a><\/sup> You'll have to discuss this with a Cisco representative. Cisco documentation does add a little insight into secure data transfers using its solutions. The CloudCenter architecture document notes that CloudCenter \"<a href=\"https:\/\/www.limswiki.org\/index.php\/Encryption\" title=\"Encryption\" class=\"wiki-link\" data-key=\"86a503652ed5cc9d8e2b0252a480b5e1\">encrypts<\/a> data at rest and in motion and offers a range of critical management, authentication, and authorization features that don\u2019t just secure the Cisco CloudCenter solution, but also the clouds to which it connects.\"<sup id=\"rdp-ebb-cite_ref-CiscoCloudArch17_8-2\" class=\"reference\"><a href=\"#cite_note-CiscoCloudArch17-8\">[8]<\/a><\/sup> Other security measures include SAML 2.0 support, LDAP and Active Directory support, randomly generated REST API keys, and more.<sup id=\"rdp-ebb-cite_ref-CiscoCloudArch17_8-3\" class=\"reference\"><a href=\"#cite_note-CiscoCloudArch17-8\">[8]<\/a><\/sup> It's not clear what data transfer security measures are in place for UCS Director. Consult with a Cisco representative to learn more.\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>It's not fully clear what personnel protocols Cisco follows for its SaaS solutions. However, the trust center document for CloudCenter notes that \"[a]ll employees are required to undergo annual security training and must comply with Cisco\u2019s Global Personal Data Protection and Privacy Policy and binding corporate rules.\"<sup id=\"rdp-ebb-cite_ref-CiscoCloudTrust19_10-1\" class=\"reference\"><a href=\"#cite_note-CiscoCloudTrust19-10\">[10]<\/a><\/sup> They add, in regards to third-parties, that \"our team performs due diligence reviews of each third party's information security program, privacy practices, confidentiality commitments and puts appropriate contractual terms in place to ensure that the processing will meet the high standards required by our team, and applicable laws.\"<sup id=\"rdp-ebb-cite_ref-CiscoCloudTrust19_10-2\" class=\"reference\"><a href=\"#cite_note-CiscoCloudTrust19-10\">[10]<\/a><\/sup> Cisco's brochure on the <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-secure-development-lifecycle.pdf\" target=\"_blank\">product life cycle<\/a> at Cisco may also prove useful. For more about this topic, discuss it with a Cisco representative.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Cisco doesn't clearly state what compliance standards are in place for those servers in the U.S., Germany, and Ireland. You'll have to have a discussion about this with a Cisco representative.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>In a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/white-paper-c11-737223.pdf\" target=\"_blank\">2016 white paper<\/a>, Cisco describes in-depth the concept of multitenancy and tenant isolation in regards to CloudCenter. However, it's not clear if there is a bare-metal option for users of CloudCenter or UCS Director. You'll have to have a discussion with a representative to learn more about their SaaS servers, etc.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>Cisco documents its security practices regarding CloudCenter in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/cc-suite-saas-trust-center.pdf\" target=\"_blank\">Cisco CloudCenter trust center document<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210423212205\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/white-paper-c11-737224.pdf\" target=\"_blank\">Cisco CloudCenter architecture document<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/trustportal.cisco.com\/c\/r\/ctp\/trust-portal.html#\/\" target=\"_blank\">Cisco CloudCenter Suite Privacy Data Sheet<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-secure-development-lifecycle.pdf\" target=\"_blank\">Cisco secure development lifecycle document<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-transparency-service-center-faq.pdf\" target=\"_blank\">Cisco Transparency Service Center FAQ<\/a><\/li><\/ul>\n<p>Security documentation concerning UCS Director could not be found. Discuss this with a Cisco representative.\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>Cisco tests its systems in multiple ways, as stated in its secure development document<sup id=\"rdp-ebb-cite_ref-CiscoSecureDev16_12-0\" class=\"reference\"><a href=\"#cite_note-CiscoSecureDev16-12\">[12]<\/a><\/sup>:\n<\/p>\n<ul><li>\"When modeling threats, Cisco engineers follow the flow of data through a system and identify trust boundaries and inflection points where the data might be compromised. Once potential vulnerabilities and threats are identified, mitigation strategies can be put in place to minimize the risk. Cisco\u2019s Threat Modeling tool facilitates the process by exposing applicable threats based on the developers\u2019 diagram of the data flow and trust boundaries.\"<\/li>\n<li>\"Cisco SDL identifies key security checkers for Static Analysis (SA) tools to detect source code vulnerabilities in both C and Java source code. Through internal analysis, field trials, and limited business unit deployments, a set of checkers has been identified to maximize detection of security issues.\"<\/li>\n<li>Cisco uses vulnerability testing methods \"to determine their ability to withstand probes and attacks.\" They also have \"[d]edicated penetration testing and security risk assessment engineers ... available to further identify and resolve potential security weaknesses.\"<\/li><\/ul>\n<p>Additionally, Cisco customers are able to \"access, review, and test Cisco source code and other intellectual property\u2014including hardware, software and firmware\u2014in a dedicated, secure facility at a Cisco site,\" via its Transparency Service Center.<sup id=\"rdp-ebb-cite_ref-CiscoTransp20_13-0\" class=\"reference\"><a href=\"#cite_note-CiscoTransp20-13\">[13]<\/a><\/sup>\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p>In their trust document for CloudCenter, Cisco states: \"We are targeting ISO 27001 certification in early 2020, having undergone audits with minimal findings in calendar year 2019. We are evaluating SOC2 as a potential roadmap item.\"<sup id=\"rdp-ebb-cite_ref-CiscoCloudTrust19_10-3\" class=\"reference\"><a href=\"#cite_note-CiscoCloudTrust19-10\">[10]<\/a><\/sup> You'll have to discuss where their security auditing of their solutions stands in 2021. As for intrusion detection, that same document adds<sup id=\"rdp-ebb-cite_ref-CiscoCloudTrust19_10-4\" class=\"reference\"><a href=\"#cite_note-CiscoCloudTrust19-10\">[10]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Our security operations team is responsible for continuously monitoring the day-to-day security of the SaaS solution. From endpoints to networks, crossfunctional teams are continuously observing the operational environments for anomalous events, behaviors, and malware. As threats emerge, the focus shifts to investigating suspicious alerts, events, and incidents. We are vigilant about keeping your data and systems secure.<\/p><\/blockquote>\n<p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>Cisco states in its trust document for CloudCenter that \"[o]ur Cloud Operations and TAC teams have access to SaaS infrastructure and application log data. We provide limited assistance with audit requests.\"<sup id=\"rdp-ebb-cite_ref-CiscoCloudTrust19_10-5\" class=\"reference\"><a href=\"#cite_note-CiscoCloudTrust19-10\">[10]<\/a><\/sup> The Cisco CloudCenter Suite Privacy Data Sheet also indicates that its \"configuration logs and Support Information are stored in the U.S. region.\" However, it's not clear how they act upon this log data. Discuss this with a Cisco representative.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>It's not clear how thorough the logs are. Cisco will presumably let you audit those logs, but you'll have to verify this with a representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>As Cisco is providing cloud management solutions via SaaS, your sensitive data should not, in theory, be exposed to their solutions. That said, Cisco does provide an older 2014 guide with \"insight into the Cisco enterprise architecture and the controls used to address <a href=\"https:\/\/www.limswiki.org\/index.php\/HIPAA\" class=\"mw-redirect wiki-link\" title=\"HIPAA\" data-key=\"70050974d1eda9ff8cf9ecf7e4fcd015\">HIPAA<\/a> Security Rule technical safeguards.\"<sup id=\"rdp-ebb-cite_ref-CiscoComplianceHIPAA14_14-0\" class=\"reference\"><a href=\"#cite_note-CiscoComplianceHIPAA14-14\">[14]<\/a><\/sup> However, it's not clear if a business associate agreement is required if HIPAA-eligible data doesn't touch their solution.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>The Cisco Universal Cloud Services Agreement states<sup id=\"rdp-ebb-cite_ref-CiscoUniversal16_15-0\" class=\"reference\"><a href=\"#cite_note-CiscoUniversal16-15\">[15]<\/a><\/sup>:\n<\/p>\n<blockquote><p>If this Agreement is terminated for any reason:\n<\/p><p>a. Cisco will make your stored Content available to you for a reasonable period of time (subject to the AUP);\n<\/p><p>\nb. You will pay the fees for the SaaS provided up to the effective date of termination.<\/p><\/blockquote>\n<p>It's not clear what \"a reasonable period of time\" is. Consult with a Cisco representative to learn more.\n<\/p><p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how Cisco would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, in its Cisco CloudCenter Suite Privacy Data Sheet, the company notes \"[i]f disaster recovery is needed, Customer information is restored within the region\" in regards to its designated data center locations.<sup id=\"rdp-ebb-cite_ref-CiscoTrustPortal_11-1\" class=\"reference\"><a href=\"#cite_note-CiscoTrustPortal-11\">[11]<\/a><\/sup> Little else is said, and more clarification may be required of a representative.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>It's not clear how and when information can be extracted from either SaaS-based Cisco solution. Discuss this with a representative.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a Cisco representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Customers of Cisco Cloudcenter and UCS Director may also want to consider the managed security services (MSS) provided by Cisco. Those services appear to primarily be offered by its Active Threat Analytics team, which is advertised as combining \"people, intelligence, analysis, and technology to provide you with end-to-end security monitoring, threat detection, and incident response.\"<sup id=\"rdp-ebb-cite_ref-CiscoMSS_16-0\" class=\"reference\"><a href=\"#cite_note-CiscoMSS-16\">[16]<\/a><\/sup> The primary services touted are managed detection and response, active threat analytics, and related incident response. This includes<sup id=\"rdp-ebb-cite_ref-CiscoMSS_16-1\" class=\"reference\"><a href=\"#cite_note-CiscoMSS-16\">[16]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Managed detection and response<\/b>: cloud monitoring; threat intelligence analysis; data-driven investigation; and security orchestration, automation, and response (SOAR)-based incident response<\/li>\n<li><b>Active threat analytics<\/b>: policy management, device monitoring, architecture management, incident analysis, device support, and detailed reporting<\/li><\/ul>\n<p>Cisco is listed in the top 70 of managed security service provider lists for multiple entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_17-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-17\">[17]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_18-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-18\">[18]<\/a><\/sup>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-secure-development-lifecycle.pdf\" target=\"_blank\">Cisco development and auditing practices<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201030181821\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/at-a-glance-c45-741883.pdf\" target=\"_blank\">Cisco CloudCenter Suite at a glance<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210423212205\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/white-paper-c11-737224.pdf\" target=\"_blank\">Cisco CloudCenter Suite architecture overview<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/white-paper-c11-737223.pdf\" target=\"_blank\">Cisco CloudCenter Suite multitenancy white paper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/cc-suite-saas-trust-center.pdf\" target=\"_blank\">Cisco CloudCenter Suite trust document<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/servers-unified-computing\/ucs-director\/at-a-glance-c45-740657.pdf\" target=\"_blank\">Cisco UCS Director at a glance<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/unified_computing\/ucs\/ucs-director\/administration-guide\/6-7\/cisco-ucs-director-administration-67\/cisco-ucs-director-administration-67_chapter_010.html\" target=\"_blank\">Cisco UCS Director administration guide<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/about\/trust-center.html\" target=\"_blank\">Cisco trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-CiscoReports20-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CiscoReports20_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/investor.cisco.com\/news\/news-details\/2023\/CISCO-REPORTS-SECOND-QUARTER-EARNINGS\/default.aspx\" target=\"_blank\">\"Cisco Reports Second Quarter Earnings\"<\/a>. Cisco Systems, Inc. 15 February 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/investor.cisco.com\/news\/news-details\/2023\/CISCO-REPORTS-SECOND-QUARTER-EARNINGS\/default.aspx\" target=\"_blank\">https:\/\/investor.cisco.com\/news\/news-details\/2023\/CISCO-REPORTS-SECOND-QUARTER-EARNINGS\/default.aspx<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cisco+Reports+Second+Quarter+Earnings&rft.atitle=&rft.date=15+February+2023&rft.pub=Cisco+Systems%2C+Inc&rft_id=https%3A%2F%2Finvestor.cisco.com%2Fnews%2Fnews-details%2F2023%2FCISCO-REPORTS-SECOND-QUARTER-EARNINGS%2Fdefault.aspx&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ButlerHowCisco17-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ButlerHowCisco17_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Butler, B. (27 February 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.networkworld.com\/article\/3174944\/how-cisco-wants-to-become-the-switzerland-of-the-cloud.html\" target=\"_blank\">\"How Cisco wants to become the Switzerland of the cloud\"<\/a>. <i>NetworkWorld<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.networkworld.com\/article\/3174944\/how-cisco-wants-to-become-the-switzerland-of-the-cloud.html\" target=\"_blank\">https:\/\/www.networkworld.com\/article\/3174944\/how-cisco-wants-to-become-the-switzerland-of-the-cloud.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+Cisco+wants+to+become+the+Switzerland+of+the+cloud&rft.atitle=NetworkWorld&rft.aulast=Butler%2C+B.&rft.au=Butler%2C+B.&rft.date=27+February+2017&rft_id=https%3A%2F%2Fwww.networkworld.com%2Farticle%2F3174944%2Fhow-cisco-wants-to-become-the-switzerland-of-the-cloud.html&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoCloudCenter-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CiscoCloudCenter_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210415162756\/https:\/\/www.cisco.com\/c\/en\/us\/products\/cloud-systems-management\/cloudcenter\/index.html\" target=\"_blank\">\"Cisco CloudCenter (formerly CliQr)\"<\/a>. Cisco. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/cloud-systems-management\/cloudcenter\/index.html\" target=\"_blank\">the original<\/a> on 15 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210415162756\/https:\/\/www.cisco.com\/c\/en\/us\/products\/cloud-systems-management\/cloudcenter\/index.html\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210415162756\/https:\/\/www.cisco.com\/c\/en\/us\/products\/cloud-systems-management\/cloudcenter\/index.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cisco+CloudCenter+%28formerly+CliQr%29&rft.atitle=&rft.pub=Cisco&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210415162756%2Fhttps%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fproducts%2Fcloud-systems-management%2Fcloudcenter%2Findex.html&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoUCSDirector-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CiscoUCSDirector_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/servers-unified-computing\/ucs-director\/index.html\" target=\"_blank\">\"Cisco UCS Director\"<\/a>. Cisco<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/servers-unified-computing\/ucs-director\/index.html\" target=\"_blank\">https:\/\/www.cisco.com\/c\/en\/us\/products\/servers-unified-computing\/ucs-director\/index.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cisco+UCS+Director&rft.atitle=&rft.pub=Cisco&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fproducts%2Fservers-unified-computing%2Fucs-director%2Findex.html&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHCompletes17-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OVHCompletes17_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20190320060231\/https:\/\/www.ovh.com\/world\/news\/press\/cp2456.ovh_completes_acquisition_of_vmwares_vcloud_air_business\" target=\"_blank\">\"OVH Completes Acquisition of VMware\u2019s vCloud Air Business\"<\/a>. <i>OVH News<\/i>. OVHcloud. 8 May 2017. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovh.com\/world\/news\/press\/cp2456.ovh_completes_acquisition_of_vmwares_vcloud_air_business\" target=\"_blank\">the original<\/a> on 20 March 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20190320060231\/https:\/\/www.ovh.com\/world\/news\/press\/cp2456.ovh_completes_acquisition_of_vmwares_vcloud_air_business\" target=\"_blank\">https:\/\/web.archive.org\/web\/20190320060231\/https:\/\/www.ovh.com\/world\/news\/press\/cp2456.ovh_completes_acquisition_of_vmwares_vcloud_air_business<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=OVH+Completes+Acquisition+of+VMware%E2%80%99s+vCloud+Air+Business&rft.atitle=OVH+News&rft.date=8+May+2017&rft.pub=OVHcloud&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20190320060231%2Fhttps%3A%2F%2Fwww.ovh.com%2Fworld%2Fnews%2Fpress%2Fcp2456.ovh_completes_acquisition_of_vmwares_vcloud_air_business&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoCCSuiteGlance-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CiscoCCSuiteGlance_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201030181821\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/at-a-glance-c45-741883.pdf\" target=\"_blank\">\"Cisco CloudCenter Suite\"<\/a> (PDF). Cisco. 2019. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/at-a-glance-c45-741883.pdf\" target=\"_blank\">the original<\/a> on 30 October 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20201030181821\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/at-a-glance-c45-741883.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20201030181821\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/at-a-glance-c45-741883.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cisco+CloudCenter+Suite&rft.atitle=&rft.date=2019&rft.pub=Cisco&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20201030181821%2Fhttps%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Fproducts%2Fcollateral%2Fcloud-systems-management%2Fcloudcenter-suite%2Fat-a-glance-c45-741883.pdf&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoCloudCenterEoL21-7\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CiscoCloudCenterEoL21_7-0\">7.0<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoCloudCenterEoL21_7-1\">7.1<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoCloudCenterEoL21_7-2\">7.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/eos-eol-notice-c51-744447.html\" target=\"_blank\">\"End-of-Sale and End-of-Life Announcement for the Cisco CloudCenter\"<\/a>. Cisco Systems, Inc. 16 July 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/eos-eol-notice-c51-744447.html\" target=\"_blank\">https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/eos-eol-notice-c51-744447.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=End-of-Sale+and+End-of-Life+Announcement+for+the+Cisco+CloudCenter&rft.atitle=&rft.date=16+July+2021&rft.pub=Cisco+Systems%2C+Inc&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fproducts%2Fcollateral%2Fcloud-systems-management%2Fcloudcenter%2Feos-eol-notice-c51-744447.html&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoCloudArch17-8\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CiscoCloudArch17_8-0\">8.0<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoCloudArch17_8-1\">8.1<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoCloudArch17_8-2\">8.2<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoCloudArch17_8-3\">8.3<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210423212205\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/white-paper-c11-737224.pdf\" target=\"_blank\">\"Cisco CloudCenter Solution: Architecture Overview\"<\/a> (PDF). Cisco. 2017. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/white-paper-c11-737224.pdf\" target=\"_blank\">the original<\/a> on 23 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210423212205\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/white-paper-c11-737224.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210423212205\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/white-paper-c11-737224.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cisco+CloudCenter+Solution%3A+Architecture+Overview&rft.atitle=&rft.date=2017&rft.pub=Cisco&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210423212205%2Fhttps%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Fproducts%2Fcollateral%2Fcloud-systems-management%2Fcloudcenter%2Fwhite-paper-c11-737224.pdf&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-A.26TCiscoUCS-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-A.26TCiscoUCS_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.atnetworks.com\/Products\/overview\/M010354449\" target=\"_blank\">\"Cisco - Cisco UCS Director CUIC Offerings\"<\/a>. A&T Networks<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.atnetworks.com\/Products\/overview\/M010354449\" target=\"_blank\">https:\/\/www.atnetworks.com\/Products\/overview\/M010354449<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cisco+-+Cisco+UCS+Director+CUIC+Offerings&rft.atitle=&rft.pub=A%26T+Networks&rft_id=https%3A%2F%2Fwww.atnetworks.com%2FProducts%2Foverview%2FM010354449&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoCloudTrust19-10\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CiscoCloudTrust19_10-0\">10.0<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoCloudTrust19_10-1\">10.1<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoCloudTrust19_10-2\">10.2<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoCloudTrust19_10-3\">10.3<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoCloudTrust19_10-4\">10.4<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoCloudTrust19_10-5\">10.5<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/cc-suite-saas-trust-center.pdf\" target=\"_blank\">\"Cisco CloudCenter Suite Trust Center\"<\/a> (PDF). Cisco. 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/cc-suite-saas-trust-center.pdf\" target=\"_blank\">https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/cc-suite-saas-trust-center.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cisco+CloudCenter+Suite+Trust+Center&rft.atitle=&rft.date=2019&rft.pub=Cisco&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Fproducts%2Fcollateral%2Fcloud-systems-management%2Fcloudcenter-suite%2Fcc-suite-saas-trust-center.pdf&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoTrustPortal-11\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CiscoTrustPortal_11-0\">11.0<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoTrustPortal_11-1\">11.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/trustportal.cisco.com\/c\/r\/ctp\/trust-portal.html\" target=\"_blank\">\"Cisco CloudCenter Suite Privacy Data Sheet\"<\/a>. <i>Trust Portal<\/i>. Cisco<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/trustportal.cisco.com\/c\/r\/ctp\/trust-portal.html\" target=\"_blank\">https:\/\/trustportal.cisco.com\/c\/r\/ctp\/trust-portal.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cisco+CloudCenter+Suite+Privacy+Data+Sheet&rft.atitle=Trust+Portal&rft.pub=Cisco&rft_id=https%3A%2F%2Ftrustportal.cisco.com%2Fc%2Fr%2Fctp%2Ftrust-portal.html&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoSecureDev16-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CiscoSecureDev16_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-secure-development-lifecycle.pdf\" target=\"_blank\">\"Secure Development Lifecycle\"<\/a>. Cisco. 2016<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-secure-development-lifecycle.pdf\" target=\"_blank\">https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-secure-development-lifecycle.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Secure+Development+Lifecycle&rft.atitle=&rft.date=2016&rft.pub=Cisco&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen_us%2Fabout%2Fdoing_business%2Ftrust-center%2Fdocs%2Fcisco-secure-development-lifecycle.pdf&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoTransp20-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CiscoTransp20_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-transparency-service-center-faq.pdf\" target=\"_blank\">\"Cisco Transparency Service Center FAQ\"<\/a> (PDF). Cisco. 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-transparency-service-center-faq.pdf\" target=\"_blank\">https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-transparency-service-center-faq.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cisco+Transparency+Service+Center+FAQ&rft.atitle=&rft.date=2020&rft.pub=Cisco&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen_us%2Fabout%2Fdoing_business%2Ftrust-center%2Fdocs%2Fcisco-transparency-service-center-faq.pdf&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoComplianceHIPAA14-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CiscoComplianceHIPAA14_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20150910005155\/https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/solutions\/Enterprise\/Compliance\/HIPAA\/default\/ch1_HIP.html\" target=\"_blank\">\"Chapter: Solution Overview\"<\/a>. <i>Cisco Compliance Solution for HIPAA Security Rule Design and Implementation Guide<\/i>. Cisco. 3 March 2014. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/solutions\/Enterprise\/Compliance\/HIPAA\/default\/ch1_HIP.html\" target=\"_blank\">the original<\/a> on 10 September 2015<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20150910005155\/https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/solutions\/Enterprise\/Compliance\/HIPAA\/default\/ch1_HIP.html\" target=\"_blank\">https:\/\/web.archive.org\/web\/20150910005155\/https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/solutions\/Enterprise\/Compliance\/HIPAA\/default\/ch1_HIP.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Chapter%3A+Solution+Overview&rft.atitle=Cisco+Compliance+Solution+for+HIPAA+Security+Rule+Design+and+Implementation+Guide&rft.date=3+March+2014&rft.pub=Cisco&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20150910005155%2Fhttps%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fsolutions%2FEnterprise%2FCompliance%2FHIPAA%2Fdefault%2Fch1_HIP.html&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoUniversal16-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CiscoUniversal16_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/legal\/docs\/universal-cloud-services-agreement.pdf\" target=\"_blank\">\"Cisco Universal Cloud Services Agreement\"<\/a> (PDF). Cisco. 2016<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/legal\/docs\/universal-cloud-services-agreement.pdf\" target=\"_blank\">https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/legal\/docs\/universal-cloud-services-agreement.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cisco+Universal+Cloud+Services+Agreement&rft.atitle=&rft.date=2016&rft.pub=Cisco&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen_us%2Fabout%2Fdoing_business%2Flegal%2Fdocs%2Funiversal-cloud-services-agreement.pdf&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CiscoMSS-16\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CiscoMSS_16-0\">16.0<\/a><\/sup> <sup><a href=\"#cite_ref-CiscoMSS_16-1\">16.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/site\/us\/en\/products\/security\/services\/index.html\" target=\"_blank\">\"Services for Security\"<\/a>. Cisco<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cisco.com\/site\/us\/en\/products\/security\/services\/index.html\" target=\"_blank\">https:\/\/www.cisco.com\/site\/us\/en\/products\/security\/services\/index.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Services+for+Security&rft.atitle=&rft.pub=Cisco&rft_id=https%3A%2F%2Fwww.cisco.com%2Fsite%2Fus%2Fen%2Fproducts%2Fsecurity%2Fservices%2Findex.html&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/19\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 70 to 61\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2020<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/19\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/19\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+70+to+61&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2020&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F19%2F&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:Cisco_Cloudcenter_and_UCS_Director\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230815232557\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.227 seconds\nReal time usage: 0.260 seconds\nPreprocessor visited node count: 14227\/1000000\nPost\u2010expand include size: 93713\/2097152 bytes\nTemplate argument size: 43506\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 1\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 29903\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 223.745 1 -total\n 67.58% 151.215 1 Template:Reflist\n 57.50% 128.657 18 Template:Cite_web\n 53.03% 118.662 18 Template:Citation\/core\n 18.36% 41.085 1 Template:Infobox_company\n 16.51% 36.950 1 Template:Infobox\n 10.13% 22.673 81 Template:Infobox\/row\n 9.30% 20.801 13 Template:Date\n 8.44% 18.881 1 Template:As_of\n 6.24% 13.969 1 Template:DMCA\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12476-0!canonical and timestamp 20230815232557 and revision id 52731. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Cisco_Cloudcenter_and_UCS_Director\">https:\/\/www.limswiki.org\/index.php\/Cisco_Cloudcenter_and_UCS_Director<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","e709b991d697c3abce9eb27a11117834_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/3\/34\/320px-Cisco_logo_blue_2016.png"],"e709b991d697c3abce9eb27a11117834_timestamp":1692220361,"794978c8e53749fa1f92692f96d6809b_type":"article","794978c8e53749fa1f92692f96d6809b_title":"BT Cyber Security Platform","794978c8e53749fa1f92692f96d6809b_url":"https:\/\/www.limswiki.org\/index.php\/BT_Cyber_Security_Platform","794978c8e53749fa1f92692f96d6809b_plaintext":"\n\nBT Cyber Security PlatformFrom LIMSWikiJump to navigationJump to searchBT Cyber Security Platform\nFounder(s)\n \nSir William Fothergill Cooke, George Parker Bidder, and Joseph Lewis RicardoHeadquarters\n \n1 Braham Street, London , United Kingdom Number of locations\n \nHundredsArea served\n \nWorldwideKey people\n \nPhilip Jansen (CEO)Services\n \nSecurity management, advanced threat services, security monitoring, vulnerability managementRevenue\n \n\u00a320.7 billion (2023)[1]Website\n \nglobalservices.bt.com \n\n\r\n\nBT Cyber Security Platform is a suite of \"selected integrated technologies from across the industry to bring you scalable, adaptable [cybersecurity] services,\"[2] which presumably (though not entirely clear) acts as the base of managed security services (MSS) offered by BT Group, a multinational cybersecurity and managed security services provider (MSSP). The platform appears to be a blending of software technologies and cybersecurity services by BT, as the company adds in its data sheet about BT Cyber Security Platform: \"Our cyber-security services are not a piece of software or hardware. They\u2019re a confluence of people, technology and process.\"[2] \nAs of August 2023, BT Group is listed among the top 12 MSSPs around the world by multiple entities.[3][4][5]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nThe BT website is a bit confusing, but it appears that the BT Cyber Security Platform is essentially acting as the base of BT's managed security services. This \"platform\" is understood to be able to provide a number of services, including:\n\nreal-time behavior analytics and data visualization\n24\/7 threat monitoring, assessment, and response\nalert dashboards\nHowever, BT appears to have a wide breadth of 25 other related security services, including managed cloud security, cloud security consulting, endpoint security, security vulnerability scanning, and more.[6] Consult its list of security services for more.\n\r\n\n\nAdditional information \nDocumentation and other media \nCyber Security Platform datasheet\nManaged Cloud Security datasheet\nExternal links \nBroad security services page\n\r\n\n\nReferences \n\n\n\u2191 BT Group (18 May 2023). \"Results for the full year to 31 March 2023\". https:\/\/newsroom.bt.com\/results-for-the-full-year-to-31-march-2023\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 2.0 2.1 \"Cyber Security Platform\" (PDF). BT Group. 2020. https:\/\/www.globalservices.bt.com\/content\/dam\/globalservices\/documents\/datasheets\/Cyber-Security-Platform-Jan2020.pdf . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 10 to 1\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/25\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 30 May 2021 .   \n \n\n\u2191 \"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\". Software Testing Help. 1 August 2023. https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/ . Retrieved 11 August 2023 .   \n \n\n\u2191 \"Products and services - Security\". BT Group. https:\/\/www.globalservices.bt.com\/en\/solutions\/products?sector=all&technology=security&page=3#section_2 . Retrieved 11 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/BT_Cyber_Security_Platform\">https:\/\/www.limswiki.org\/index.php\/BT_Cyber_Security_Platform<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 August 2023, at 20:25.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 814 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","794978c8e53749fa1f92692f96d6809b_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-BT_Cyber_Security_Platform rootpage-BT_Cyber_Security_Platform skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">BT Cyber Security Platform<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>BT Cyber Security Platform<\/b> is a suite of \"selected integrated technologies from across the industry to bring you scalable, adaptable [cybersecurity] services,\"<sup id=\"rdp-ebb-cite_ref-BTCyber20_2-0\" class=\"reference\"><a href=\"#cite_note-BTCyber20-2\">[2]<\/a><\/sup> which presumably (though not entirely clear) acts as the base of managed security services (MSS) offered by BT Group, a multinational cybersecurity and managed security services provider (MSSP). The platform appears to be a blending of software technologies and cybersecurity services by BT, as the company adds in its data sheet about BT Cyber Security Platform: \"Our cyber-security services are not a piece of software or hardware. They\u2019re a confluence of people, technology and process.\"<sup id=\"rdp-ebb-cite_ref-BTCyber20_2-1\" class=\"reference\"><a href=\"#cite_note-BTCyber20-2\">[2]<\/a><\/sup> \n<\/p><p>As of August 2023, BT Group is listed among the top 12 MSSPs around the world by multiple entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_3-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_4-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-4\">[4]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-STHTop15_21_5-0\" class=\"reference\"><a href=\"#cite_note-STHTop15_21-5\">[5]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>The BT website is a bit confusing, but it appears that the BT Cyber Security Platform is essentially acting as the base of BT's managed security services. This \"platform\" is understood to be able to provide a number of services, including:\n<\/p>\n<ul><li>real-time behavior analytics and data visualization<\/li>\n<li>24\/7 threat monitoring, assessment, and response<\/li>\n<li>alert dashboards<\/li><\/ul>\n<p>However, BT appears to have a wide breadth of 25 other related security services, including managed cloud security, cloud security consulting, endpoint security, security vulnerability scanning, and more.<sup id=\"rdp-ebb-cite_ref-BTSecServ_6-0\" class=\"reference\"><a href=\"#cite_note-BTSecServ-6\">[6]<\/a><\/sup> Consult its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.globalservices.bt.com\/en\/solutions\/products?sector=all&technology=security&page=3#section_2\" target=\"_blank\">list of security services<\/a> for more.\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.globalservices.bt.com\/content\/dam\/globalservices\/documents\/datasheets\/Cyber-Security-Platform-Jan2020.pdf\" target=\"_blank\">Cyber Security Platform datasheet<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.globalservices.bt.com\/content\/dam\/globalservices\/documents\/datasheets\/Managed-Cloud-Security-Jan2020.pdf\" target=\"_blank\">Managed Cloud Security datasheet<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.globalservices.bt.com\/en\/solutions\/products?sector=all&technology=security&page=3#section_2\" target=\"_blank\">Broad security services page<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-BTRev23-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BTRev23_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">BT Group (18 May 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/newsroom.bt.com\/results-for-the-full-year-to-31-march-2023\/\" target=\"_blank\">\"Results for the full year to 31 March 2023\"<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/newsroom.bt.com\/results-for-the-full-year-to-31-march-2023\/\" target=\"_blank\">https:\/\/newsroom.bt.com\/results-for-the-full-year-to-31-march-2023\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Results+for+the+full+year+to+31+March+2023&rft.atitle=&rft.aulast=BT+Group&rft.au=BT+Group&rft.date=18+May+2023&rft_id=https%3A%2F%2Fnewsroom.bt.com%2Fresults-for-the-full-year-to-31-march-2023%2F&rfr_id=info:sid\/en.wikipedia.org:BT_Cyber_Security_Platform\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BTCyber20-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-BTCyber20_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-BTCyber20_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.globalservices.bt.com\/content\/dam\/globalservices\/documents\/datasheets\/Cyber-Security-Platform-Jan2020.pdf\" target=\"_blank\">\"Cyber Security Platform\"<\/a> (PDF). BT Group. 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.globalservices.bt.com\/content\/dam\/globalservices\/documents\/datasheets\/Cyber-Security-Platform-Jan2020.pdf\" target=\"_blank\">https:\/\/www.globalservices.bt.com\/content\/dam\/globalservices\/documents\/datasheets\/Cyber-Security-Platform-Jan2020.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cyber+Security+Platform&rft.atitle=&rft.date=2020&rft.pub=BT+Group&rft_id=https%3A%2F%2Fwww.globalservices.bt.com%2Fcontent%2Fdam%2Fglobalservices%2Fdocuments%2Fdatasheets%2FCyber-Security-Platform-Jan2020.pdf&rfr_id=info:sid\/en.wikipedia.org:BT_Cyber_Security_Platform\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/25\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 10 to 1\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/25\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/25\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+10+to+1&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F25%2F&rfr_id=info:sid\/en.wikipedia.org:BT_Cyber_Security_Platform\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 30 May 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:BT_Cyber_Security_Platform\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-STHTop15_21-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-STHTop15_21_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">\"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\"<\/a>. Software Testing Help. 1 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+15+Best+Managed+Security+Service+Providers+%28MSSPs%29+In+2023&rft.atitle=&rft.date=1+August+2023&rft.pub=Software+Testing+Help&rft_id=https%3A%2F%2Fwww.softwaretestinghelp.com%2Fmanaged-security-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:BT_Cyber_Security_Platform\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BTSecServ-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BTSecServ_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"nofollow\" class=\"external text\" href=\"#section_2\">\"Products and services - Security\"<\/a>. BT Group<span class=\"printonly\">. <a rel=\"nofollow\" class=\"external free\" href=\"#section_2\">https:\/\/www.globalservices.bt.com\/en\/solutions\/products?sector=all&technology=security&page=3#section_2<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 11 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Products+and+services+-+Security&rft.atitle=&rft.pub=BT+Group&rft_id=https%3A%2F%2Fwww.globalservices.bt.com%2Fen%2Fsolutions%2Fproducts%3Fsector%3Dall%26technology%3Dsecurity%26page%3D3%23section_2&rfr_id=info:sid\/en.wikipedia.org:BT_Cyber_Security_Platform\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816173401\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.467 seconds\nReal time usage: 1.011 seconds\nPreprocessor visited node count: 8973\/1000000\nPost\u2010expand include size: 36027\/2097152 bytes\nTemplate argument size: 23823\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 8429\/5000000 bytes\nLua time usage: 0.010\/7 seconds\nLua virtual size: 4939776\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 189.769 1 -total\n 65.51% 124.320 1 Template:Infobox_company\n 63.69% 120.870 1 Template:Infobox\n 56.93% 108.045 81 Template:Infobox\/row\n 48.86% 92.723 1 Template:URL\n 46.22% 87.709 1 Template:Str_right\n 45.03% 85.457 1 Template:Str_sub_long\n 33.02% 62.657 1 Template:Reflist\n 26.19% 49.708 6 Template:Cite_web\n 23.09% 43.821 6 Template:Citation\/core\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12567-0!canonical and timestamp 20230816173400 and revision id 52796. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/BT_Cyber_Security_Platform\">https:\/\/www.limswiki.org\/index.php\/BT_Cyber_Security_Platform<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","794978c8e53749fa1f92692f96d6809b_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/6\/67\/BT_logo_2019.png"],"794978c8e53749fa1f92692f96d6809b_timestamp":1692220363,"0ca2df43ef997aefcef0ad7903656b3e_type":"article","0ca2df43ef997aefcef0ad7903656b3e_title":"Atos Managed Security Services","0ca2df43ef997aefcef0ad7903656b3e_url":"https:\/\/www.limswiki.org\/index.php\/Atos_Managed_Security_Services","0ca2df43ef997aefcef0ad7903656b3e_plaintext":"\n\nAtos Managed Security ServicesFrom LIMSWikiJump to navigationJump to searchAtos Managed Security Services\nFounder(s)\n \nBernard BourigeaudHeadquarters\n \nRiver Ouest, 80 quai Voltaire, Bezons cedex , France Number of locations\n \n200+Area served\n \nWorldwideKey people\n \nNourdine Bihmane (CEO)Services\n \nManaged detection and response, security operation center,\r\nand CERT servicesRevenue\n \n\u20ac1.334 billion (Big data and cybersecurity division, Q1, 2023)[1]Website\n \natos.net \n\n\r\n\nAtos Managed Security Services is a suite of managed security services (MSS) offered by Atos SE, a multinational cybersecurity and managed security services provider (MSSP). Accenture describes its MSS as providing \"continuous protection in a rapidly changing world of threat\" and being available \"around the clock and across the globe.\"[2] As of August 2023, Atos is listed among the top 40 MSS providers around the world by several entities.[3][4]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nAtos divides its MSS into three categories: managed detection and response, security operation center (SOC), and CERT services. Those services include[2]:\n\nManaged detection and response: Provides 24\/7 threat monitoring, hunting, and full-service response.\nSOC services: Provides threat detection, analysis, and triage.\nCERT services: Provides computer emergency readiness team (CERT) services, including policy definition, vulnerability management, incident response, threat intelligence, and vulnerability management.\n\r\n\n\nAdditional information \nDocumentation and other media \nAtos whitepapers\nExternal links \nManaged security services page\nManaged detection and response page\nSOC page\n\r\n\n\nReferences \n\n\n\u2191 \"Q1 2023: Strategic transformation continues to drive stronger performance\". Atos Group. 27 April 2023. https:\/\/atos.net\/en\/2023\/press-release_2023_04_27\/q1-2023-strategic-transformation-continues-to-drive-stronger-performance . Retrieved 04 August 2023 .   \n \n\n\u2191 2.0 2.1 \"Managed Security Services\". Atos SE. https:\/\/atos.net\/en\/solutions\/cyber-security\/managed-security-services . Retrieved 03 June 2021 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 10 to 01\". Top 250 MSSPs: Cybersecurity Company List and Research for 2022. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/22\/ . Retrieved 03 June 2021 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 03 June 2021 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Atos_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/Atos_Managed_Security_Services<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 4 August 2023, at 22:07.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 827 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","0ca2df43ef997aefcef0ad7903656b3e_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Atos_Managed_Security_Services rootpage-Atos_Managed_Security_Services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Atos Managed Security Services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Atos Managed Security Services<\/b> is a suite of managed security services (MSS) offered by Atos SE, a multinational cybersecurity and managed security services provider (MSSP). Accenture describes its MSS as providing \"continuous protection in a rapidly changing world of threat\" and being available \"around the clock and across the globe.\"<sup id=\"rdp-ebb-cite_ref-AtosMSS_2-0\" class=\"reference\"><a href=\"#cite_note-AtosMSS-2\">[2]<\/a><\/sup> As of August 2023, Atos is listed among the top 40 MSS providers around the world by several entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_3-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_4-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Atos divides its MSS into three categories: managed detection and response, security operation center (SOC), and CERT services. Those services include<sup id=\"rdp-ebb-cite_ref-AtosMSS_2-1\" class=\"reference\"><a href=\"#cite_note-AtosMSS-2\">[2]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Managed detection and response<\/b>: Provides 24\/7 threat monitoring, hunting, and full-service response.<\/li>\n<li><b>SOC services<\/b>: Provides threat detection, analysis, and triage.<\/li>\n<li><b>CERT services<\/b>: Provides computer emergency readiness team (CERT) services, including policy definition, vulnerability management, incident response, threat intelligence, and vulnerability management.<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/atos.net\/en\/atos-blog\/thought-leadership-white-papers\" target=\"_blank\">Atos whitepapers<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/atos.net\/en\/solutions\/cyber-security\/managed-security-services\" target=\"_blank\">Managed security services page<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/atos.net\/en\/solutions\/cyber-security\/managed-detection-and-response\" target=\"_blank\">Managed detection and response page<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/atos.net\/en\/solutions\/cyber-security\/managed-security-services\/soc-security-operation-center\" target=\"_blank\">SOC page<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-IntradoAtos21-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IntradoAtos21_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/atos.net\/en\/2023\/press-release_2023_04_27\/q1-2023-strategic-transformation-continues-to-drive-stronger-performance\" target=\"_blank\">\"Q1 2023: Strategic transformation continues to drive stronger performance\"<\/a>. <i>Atos Group<\/i>. 27 April 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/atos.net\/en\/2023\/press-release_2023_04_27\/q1-2023-strategic-transformation-continues-to-drive-stronger-performance\" target=\"_blank\">https:\/\/atos.net\/en\/2023\/press-release_2023_04_27\/q1-2023-strategic-transformation-continues-to-drive-stronger-performance<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Q1+2023%3A+Strategic+transformation+continues+to+drive+stronger+performance&rft.atitle=Atos+Group&rft.date=27+April+2023&rft_id=https%3A%2F%2Fatos.net%2Fen%2F2023%2Fpress-release_2023_04_27%2Fq1-2023-strategic-transformation-continues-to-drive-stronger-performance&rfr_id=info:sid\/en.wikipedia.org:Atos_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AtosMSS-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AtosMSS_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-AtosMSS_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/atos.net\/en\/solutions\/cyber-security\/managed-security-services\" target=\"_blank\">\"Managed Security Services\"<\/a>. Atos SE<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/atos.net\/en\/solutions\/cyber-security\/managed-security-services\" target=\"_blank\">https:\/\/atos.net\/en\/solutions\/cyber-security\/managed-security-services<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 03 June 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Security+Services&rft.atitle=&rft.pub=Atos+SE&rft_id=https%3A%2F%2Fatos.net%2Fen%2Fsolutions%2Fcyber-security%2Fmanaged-security-services&rfr_id=info:sid\/en.wikipedia.org:Atos_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/22\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 10 to 01\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2022<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/22\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/22\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 03 June 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+10+to+01&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2022&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F22%2F&rfr_id=info:sid\/en.wikipedia.org:Atos_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 03 June 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:Atos_Managed_Security_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816193925\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.412 seconds\nReal time usage: 0.875 seconds\nPreprocessor visited node count: 4893\/1000000\nPost\u2010expand include size: 26407\/2097152 bytes\nTemplate argument size: 9911\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 5882\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 119.754 1 -total\n 49.85% 59.698 1 Template:Reflist\n 48.13% 57.639 1 Template:Infobox_company\n 44.37% 53.137 1 Template:Infobox\n 37.99% 45.500 4 Template:Cite_web\n 32.47% 38.879 4 Template:Citation\/core\n 29.17% 34.931 81 Template:Infobox\/row\n 8.88% 10.634 1 Template:URL\n 8.02% 9.608 3 Template:Date\n 4.18% 5.007 7 Template:Citation\/make_link\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12576-0!canonical and timestamp 20230816193925 and revision id 52751. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Atos_Managed_Security_Services\">https:\/\/www.limswiki.org\/index.php\/Atos_Managed_Security_Services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","0ca2df43ef997aefcef0ad7903656b3e_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/7\/7c\/Atos_S.A..jpg"],"0ca2df43ef997aefcef0ad7903656b3e_timestamp":1692220362,"3fc9d3c781ba7f6a3482fd37b0d694e1_type":"article","3fc9d3c781ba7f6a3482fd37b0d694e1_title":"AT&T C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443","3fc9d3c781ba7f6a3482fd37b0d694e1_url":"https:\/\/www.limswiki.org\/index.php\/AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83","3fc9d3c781ba7f6a3482fd37b0d694e1_plaintext":"\n\nAT&T C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443From LIMSWikiJump to navigationJump to searchAT&T C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443\nIndustry\n \nManaged security servicesFounder(s)\n \nAlexander Graham Bell\r\nGardiner Greene Hubbard\r\nThomas SandersHeadquarters\n \n208 South Akard Street, Dallas, Texas , United States Number of locations\n \n5Area served\n \nWorldwideKey people\n \nBarmak Meftah (President)Services\n \nCybersecurity consulting, network security, endpoint security,\r\nthreat detection and responseRevenue\n \n$29.9 billion (2023, Q2)[1]Parent\n \nAT&TWebsite\n \ncybersecurity.att.com \n\n\r\n\nAT&T C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443 is a multinational managed security services provider (MSSP) operating as a division of AT&T. The division describes its operations as being able \"to help businesses safeguard digital assets and innovate with confidence.\"[2] The AT&T Cybersecurity division was founded out of the merging of AlienVault, AT&T Cybersecurity Consulting, and AT&T Managed Security Services sometime in 2019.[3] As of August 2023, the MSSP is listed among the top 10 MSSPs around the world by multiple entities.[4][5][6]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nAT&T Cybersecurity divides its managed security services (MSS) into four categories: cybersecurity consulting, network security, endpoint security, and threat detection and response.[7] From those categories, the following services have been identified[7]:\n\nCybersecurity consulting: strategy and roadmap planning, enterprise security assessment, risk-based cyber posture assessment, security compliance review, vulnerability scanning, penetration testing, adversary simulation services, and cybersecurity IQ training\nNetwork security: AT&T Secure Web Gateway, AT&T Secure Remote Access, AT&T SASE Branch with Fortinet, cloud-based firewall, on-premises firewall, enhanced cybersecurity network detection services, distributed denial of service defense, and application layer security\nEndpoint security: SentinelOne, VMware Workspace ONE, IBM MaaS360, MobileIron, Lookout Mobile Endpoint Security, and McAfee Endpoint Protection\nThreat detection and response: 24x7 security monitoring, upgraded security monitoring for government, USM Anywhere, USM Anywhere advisory services, USM for MSSP's, forensic analysis and incident response, Open Threat Exchange, and OSSIM\nAdditional information \nDocumentation and other media \nAT&T Cybersecurity Consulting - Cloud Security Threat and Vulnerability Management product brief\nAT&T Information & Network Security Customer Reference Guide\nExternal links \nAlien Labs Blog\nProduct portal\nReferences \n\n\n\u2191 \"AT&T\u2019s Sustainable Growth Strategy Pays off with Strong 2Q Results\". AT&T. 26 July 2023. https:\/\/about.att.com\/story\/2023\/q2-earnings.html . Retrieved 04 August 2023 .   \n \n\n\u2191 \"AT&T Cybersecurity\". AT&T. https:\/\/cybersecurity.att.com\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 Metfah, B. (2019). \"AT&T Cybersecurity is born\". Top Voices. AT&T. https:\/\/www.business.att.com\/learn\/top-voices\/att-cybersecurity-is-born.html . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2023: Companies 10 to 01\". Top 250 MSSPs: Cybersecurity Company List and Research for 2020. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/25\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\". Software Testing Help. 1 August 2023. https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 7.0 7.1 \"AT&T Cybersecurity Products and Services\". AT&T. https:\/\/cybersecurity.att.com\/products . Retrieved 04 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83\">https:\/\/www.limswiki.org\/index.php\/AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 4 August 2023, at 22:03.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,025 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","3fc9d3c781ba7f6a3482fd37b0d694e1_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-AT_T_C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443 rootpage-AT_T_C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443 skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">AT&T C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>AT&T C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443<\/b> is a multinational managed security services provider (MSSP) operating as a division of AT&T. The division describes its operations as being able \"to help businesses safeguard digital assets and innovate with confidence.\"<sup id=\"rdp-ebb-cite_ref-ATTCyberHome_2-0\" class=\"reference\"><a href=\"#cite_note-ATTCyberHome-2\">[2]<\/a><\/sup> The AT&T Cybersecurity division was founded out of the merging of AlienVault, AT&T Cybersecurity Consulting, and AT&T Managed Security Services sometime in 2019.<sup id=\"rdp-ebb-cite_ref-MetfahAT.26TCyber19_3-0\" class=\"reference\"><a href=\"#cite_note-MetfahAT.26TCyber19-3\">[3]<\/a><\/sup> As of August 2023, the MSSP is listed among the top 10 MSSPs around the world by multiple entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_4-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-4\">[4]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-STHTop15_21_5-0\" class=\"reference\"><a href=\"#cite_note-STHTop15_21-5\">[5]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_6-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-6\">[6]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>AT&T Cybersecurity divides its managed security services (MSS) into four categories: cybersecurity consulting, network security, endpoint security, and threat detection and response.<sup id=\"rdp-ebb-cite_ref-ATTCyberProds_7-0\" class=\"reference\"><a href=\"#cite_note-ATTCyberProds-7\">[7]<\/a><\/sup> From those categories, the following services have been identified<sup id=\"rdp-ebb-cite_ref-ATTCyberProds_7-1\" class=\"reference\"><a href=\"#cite_note-ATTCyberProds-7\">[7]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Cybersecurity consulting<\/b>: strategy and roadmap planning, enterprise security assessment, risk-based cyber posture assessment, security compliance review, vulnerability scanning, penetration testing, adversary simulation services, and cybersecurity IQ training<\/li>\n<li><b>Network security<\/b>: AT&T Secure Web Gateway, AT&T Secure Remote Access, AT&T SASE Branch with Fortinet, cloud-based firewall, on-premises firewall, enhanced cybersecurity network detection services, distributed denial of service defense, and application layer security<\/li>\n<li><b>Endpoint security<\/b>: SentinelOne, VMware Workspace ONE, IBM MaaS360, MobileIron, Lookout Mobile Endpoint Security, and McAfee Endpoint Protection<\/li>\n<li><b>Threat detection and response<\/b>: 24x7 security monitoring, upgraded security monitoring for government, USM Anywhere, USM Anywhere advisory services, USM for MSSP's, forensic analysis and incident response, Open Threat Exchange, and OSSIM<\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.business.att.com\/content\/dam\/attbusiness\/briefs\/cloud-security-assessment-product-brief.pdf\" target=\"_blank\">AT&T Cybersecurity Consulting - Cloud Security Threat and Vulnerability Management product brief<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.business.att.com\/content\/dam\/attbusiness\/guides\/att-information-and-network-security-customer-reference-guide.pdf\" target=\"_blank\">AT&T Information & Network Security Customer Reference Guide<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cybersecurity.att.com\/blogs\/labs-research\" target=\"_blank\">Alien Labs Blog<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cybersecurity.att.com\/products\" target=\"_blank\">Product portal<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-ATTEarn21-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ATTEarn21_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/about.att.com\/story\/2023\/q2-earnings.html\" target=\"_blank\">\"AT&T\u2019s Sustainable Growth Strategy Pays off with Strong 2Q Results\"<\/a>. AT&T. 26 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/about.att.com\/story\/2023\/q2-earnings.html\" target=\"_blank\">https:\/\/about.att.com\/story\/2023\/q2-earnings.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AT%26T%E2%80%99s+Sustainable+Growth+Strategy+Pays+off+with+Strong+2Q+Results&rft.atitle=&rft.date=26+July+2023&rft.pub=AT%26T&rft_id=https%3A%2F%2Fabout.att.com%2Fstory%2F2023%2Fq2-earnings.html&rfr_id=info:sid\/en.wikipedia.org:AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ATTCyberHome-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ATTCyberHome_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cybersecurity.att.com\/\" target=\"_blank\">\"AT&T Cybersecurity\"<\/a>. AT&T<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cybersecurity.att.com\/\" target=\"_blank\">https:\/\/cybersecurity.att.com\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AT%26T+Cybersecurity&rft.atitle=&rft.pub=AT%26T&rft_id=https%3A%2F%2Fcybersecurity.att.com%2F&rfr_id=info:sid\/en.wikipedia.org:AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MetfahAT.26TCyber19-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MetfahAT.26TCyber19_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Metfah, B. (2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.business.att.com\/learn\/top-voices\/att-cybersecurity-is-born.html\" target=\"_blank\">\"AT&T Cybersecurity is born\"<\/a>. <i>Top Voices<\/i>. AT&T<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.business.att.com\/learn\/top-voices\/att-cybersecurity-is-born.html\" target=\"_blank\">https:\/\/www.business.att.com\/learn\/top-voices\/att-cybersecurity-is-born.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AT%26T+Cybersecurity+is+born&rft.atitle=Top+Voices&rft.aulast=Metfah%2C+B.&rft.au=Metfah%2C+B.&rft.date=2019&rft.pub=AT%26T&rft_id=https%3A%2F%2Fwww.business.att.com%2Flearn%2Ftop-voices%2Fatt-cybersecurity-is-born.html&rfr_id=info:sid\/en.wikipedia.org:AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/25\/\" target=\"_blank\">\"Top 250 MSSPs for 2023: Companies 10 to 01\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2020<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/25\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/25\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2023%3A+Companies+10+to+01&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2020&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F25%2F&rfr_id=info:sid\/en.wikipedia.org:AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-STHTop15_21-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-STHTop15_21_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">\"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\"<\/a>. Software Testing Help. 1 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+15+Best+Managed+Security+Service+Providers+%28MSSPs%29+In+2023&rft.atitle=&rft.date=1+August+2023&rft.pub=Software+Testing+Help&rft_id=https%3A%2F%2Fwww.softwaretestinghelp.com%2Fmanaged-security-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ATTCyberProds-7\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-ATTCyberProds_7-0\">7.0<\/a><\/sup> <sup><a href=\"#cite_ref-ATTCyberProds_7-1\">7.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cybersecurity.att.com\/products\" target=\"_blank\">\"AT&T Cybersecurity Products and Services\"<\/a>. AT&T<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cybersecurity.att.com\/products\" target=\"_blank\">https:\/\/cybersecurity.att.com\/products<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AT%26T+Cybersecurity+Products+and+Services&rft.atitle=&rft.pub=AT%26T&rft_id=https%3A%2F%2Fcybersecurity.att.com%2Fproducts&rfr_id=info:sid\/en.wikipedia.org:AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210004\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.107 seconds\nReal time usage: 0.121 seconds\nPreprocessor visited node count: 6866\/1000000\nPost\u2010expand include size: 36792\/2097152 bytes\nTemplate argument size: 12755\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 9374\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 99.469 1 -total\n 63.91% 63.571 1 Template:Reflist\n 52.29% 52.017 7 Template:Cite_web\n 47.17% 46.915 7 Template:Citation\/core\n 33.41% 33.231 1 Template:Infobox_company\n 30.24% 30.078 1 Template:Infobox\n 20.28% 20.170 81 Template:Infobox\/row\n 10.27% 10.219 5 Template:Date\n 4.79% 4.769 10 Template:Citation\/make_link\n 4.70% 4.675 1 Template:URL\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12557-0!canonical and timestamp 20230816210004 and revision id 52749. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83\">https:\/\/www.limswiki.org\/index.php\/AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","3fc9d3c781ba7f6a3482fd37b0d694e1_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/a\/a0\/AT%26T_Cybersecurity.png"],"3fc9d3c781ba7f6a3482fd37b0d694e1_timestamp":1692220362,"75c190ac91f9652b9b27abf5aaf9058d_type":"article","75c190ac91f9652b9b27abf5aaf9058d_title":"Accenture Security Managed Security","75c190ac91f9652b9b27abf5aaf9058d_url":"https:\/\/www.limswiki.org\/index.php\/Accenture_Security_Managed_Security","75c190ac91f9652b9b27abf5aaf9058d_plaintext":"\n\nAccenture Security Managed SecurityFrom LIMSWikiJump to navigationJump to searchAccenture Security Managed Security\nFounder(s)\n \nClarence DeLanyHeadquarters\n \n1 Grand Canal Square, Dublin , Ireland Number of locations\n \n300+Area served\n \nWorldwideKey people\n \nJulie Sweet (CEO)Services\n \nManaged application security, cloud security, digital identity,\r\nsecurity risk, and detection and responseRevenue\n \n$16.6 billion (Q3, 2023)[1]Website\n \naccenture.com \n\n\r\n\nAccenture Security Managed Security is a suite of managed security services (MSS) offered by Accenture, a multinational technology and business consulting services company. Accenture describes its MSS as one that can \"help your organization achieve operational resilience in the AWS cloud.\"[2] As of August 2023, Accenture is listed among the top 10 MSS providers around the world by several entities.[3][4]\n\nContents \n\n1 Managed security services \n2 Additional information \n\n2.1 Documentation and other media \n2.2 External links \n\n\n3 References \n\n\n\nManaged security services \nAccenture divides its MSS into five categories: managed application security, cloud security, digital identity, security risk, and detection and response. Those services include[2]:\n\nApplication security: Provides tools and assistance with embedding security into applications, tooling, and processes, as well as identifying security gaps in those applications, tools, and processes.\nCloud security: Provides tools and assistance to determine baseline existing cloud security, automate deployment of security, identify risks to regulatory compliance, and monitor overall security in the cloud.\nDigital identity: Provides tools and assistance with access management of cloud and enterprise services.\nSecurity risk: Provides tools and assistance with identifying and mitigating risks to on-premises and cloud infrastructure.\nDetection and response: Provides tools and assistance with threat monitoring and detection, endpoint protection, log management, network management, vulnerability management, threat analysis, and threat management.\n\r\n\n\nAdditional information \nDocumentation and other media \nExternal links \nManaged security services page\n\r\n\n\nReferences \n\n\n\u2191 \"Accenture Reports Strong Third-Quarter Fiscal 2023 Results\" (PDF). Accenture. 22 June 2023. https:\/\/newsroom.accenture.com\/news\/accenture-reports-strong-third-quarter-fiscal-2023-results.tekdownload . Retrieved 04 August 2023 .   \n \n\n\u2191 2.0 2.1 \"Comprehensive, fully managed security in the cloud\". Accenture. https:\/\/www.accenture.com\/us-en\/services\/cloud\/managed-security-service-provider . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Top 250 MSSPs for 2022: Companies 10 to 01\". Top 250 MSSPs: Cybersecurity Company List and Research for 2020. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/25\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 04 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Accenture_Security_Managed_Security\">https:\/\/www.limswiki.org\/index.php\/Accenture_Security_Managed_Security<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 4 August 2023, at 22:04.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 921 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","75c190ac91f9652b9b27abf5aaf9058d_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Accenture_Security_Managed_Security rootpage-Accenture_Security_Managed_Security skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Accenture Security Managed Security<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Accenture Security Managed Security<\/b> is a suite of managed security services (MSS) offered by Accenture, a multinational technology and business consulting services company. Accenture describes its MSS as one that can \"help your organization achieve operational resilience in the AWS cloud.\"<sup id=\"rdp-ebb-cite_ref-AccentureMSS_2-0\" class=\"reference\"><a href=\"#cite_note-AccentureMSS-2\">[2]<\/a><\/sup> As of August 2023, Accenture is listed among the top 10 MSS providers around the world by several entities.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_3-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_4-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Accenture divides its MSS into five categories: managed application security, cloud security, digital identity, security risk, and detection and response. Those services include<sup id=\"rdp-ebb-cite_ref-AccentureMSS_2-1\" class=\"reference\"><a href=\"#cite_note-AccentureMSS-2\">[2]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Application security<\/b>: Provides tools and assistance with embedding security into applications, tooling, and processes, as well as identifying security gaps in those applications, tools, and processes.<\/li>\n<li><b>Cloud security<\/b>: Provides tools and assistance to determine baseline existing cloud security, automate deployment of security, identify risks to regulatory compliance, and monitor overall security in the cloud.<\/li>\n<li><b>Digital identity<\/b>: Provides tools and assistance with access management of cloud and enterprise services.<\/li>\n<li><b>Security risk<\/b>: Provides tools and assistance with identifying and mitigating risks to on-premises and cloud infrastructure.<\/li>\n<li><b>Detection and response<\/b>: Provides tools and assistance with threat monitoring and detection, endpoint protection, log management, network management, vulnerability management, threat analysis, and threat management.<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.accenture.com\/us-en\/services\/cloud\/managed-security-service-provider\" target=\"_blank\">Managed security services page<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-AccentureQ420-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AccentureQ420_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/newsroom.accenture.com\/news\/accenture-reports-strong-third-quarter-fiscal-2023-results.tekdownload\" target=\"_blank\">\"Accenture Reports Strong Third-Quarter Fiscal 2023 Results\"<\/a> (PDF). Accenture. 22 June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/newsroom.accenture.com\/news\/accenture-reports-strong-third-quarter-fiscal-2023-results.tekdownload\" target=\"_blank\">https:\/\/newsroom.accenture.com\/news\/accenture-reports-strong-third-quarter-fiscal-2023-results.tekdownload<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Accenture+Reports+Strong+Third-Quarter+Fiscal+2023+Results&rft.atitle=&rft.date=22+June+2023&rft.pub=Accenture&rft_id=https%3A%2F%2Fnewsroom.accenture.com%2Fnews%2Faccenture-reports-strong-third-quarter-fiscal-2023-results.tekdownload&rfr_id=info:sid\/en.wikipedia.org:Accenture_Security_Managed_Security\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AccentureMSS-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AccentureMSS_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-AccentureMSS_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.accenture.com\/us-en\/services\/cloud\/managed-security-service-provider\" target=\"_blank\">\"Comprehensive, fully managed security in the cloud\"<\/a>. Accenture<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.accenture.com\/us-en\/services\/cloud\/managed-security-service-provider\" target=\"_blank\">https:\/\/www.accenture.com\/us-en\/services\/cloud\/managed-security-service-provider<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Comprehensive%2C+fully+managed+security+in+the+cloud&rft.atitle=&rft.pub=Accenture&rft_id=https%3A%2F%2Fwww.accenture.com%2Fus-en%2Fservices%2Fcloud%2Fmanaged-security-service-provider&rfr_id=info:sid\/en.wikipedia.org:Accenture_Security_Managed_Security\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSSPCyber20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/25\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 10 to 01\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2020<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/25\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/25\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+10+to+01&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2020&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F25%2F&rfr_id=info:sid\/en.wikipedia.org:Accenture_Security_Managed_Security\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:Accenture_Security_Managed_Security\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210004\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.458 seconds\nReal time usage: 0.975 seconds\nPreprocessor visited node count: 6748\/1000000\nPost\u2010expand include size: 27256\/2097152 bytes\nTemplate argument size: 14501\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 5883\/5000000 bytes\nLua time usage: 0.010\/7 seconds\nLua virtual size: 4935680\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 180.133 1 -total\n 68.30% 123.027 1 Template:Infobox_company\n 66.50% 119.787 1 Template:Infobox\n 59.57% 107.303 81 Template:Infobox\/row\n 50.61% 91.164 1 Template:URL\n 47.09% 84.828 1 Template:Str_right\n 45.63% 82.191 1 Template:Str_sub_long\n 30.65% 55.203 1 Template:Reflist\n 23.23% 41.840 4 Template:Cite_web\n 22.04% 39.707 1 Template:Str_len\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12575-0!canonical and timestamp 20230816210003 and revision id 52750. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Accenture_Security_Managed_Security\">https:\/\/www.limswiki.org\/index.php\/Accenture_Security_Managed_Security<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","75c190ac91f9652b9b27abf5aaf9058d_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/2\/2f\/Accenture.png"],"75c190ac91f9652b9b27abf5aaf9058d_timestamp":1692220362,"14cb097560fe3787a43bd1ce90d349f8_type":"article","14cb097560fe3787a43bd1ce90d349f8_title":"VMware Cloud","14cb097560fe3787a43bd1ce90d349f8_url":"https:\/\/www.limswiki.org\/index.php\/VMware_Cloud","14cb097560fe3787a43bd1ce90d349f8_plaintext":"\n\nVMware CloudFrom LIMSWikiJump to navigationJump to searchVMware Cloud\nIndustry\n \nComputing, Cloud computing, Web servicesFounder(s)\n \nMendel Rosenblum\r\nDiane Greene\r\nScott Devine\r\nEllen Wang\r\nEdouard BugnionHeadquarters\n \nPalo Alto, California , United States Area served\n \nWorldwideKey people\n \nRaghu Raghuram (CEO)Products\n \nSaaSRevenue\n \n$3.71 billion (2023, Q4)[1]Website\n \ncloud.vmware.com \n\n\r\n\nVMware Cloud is a collection of hybrid and multicloud software solutions offered as a service by VMware that give you the \"flexibility to migrate to any cloud, run apps on every major hyperscale cloud, and access hundreds of innovative cloud-native services to drive app modernization.\"[2] Additionally, the solutions allow you to \"choose the optimal cloud for your apps with the option to deploy natively or on proven VMware infrastructure.\"[2] Solutions include VMware Cloud Foundation, VMware Cloud on AWS, VMware Cloud on Dell EMC, VRealize Cloud Management, and VMware Cloud Universal.[2] The VMware Cloud solutions support the Amazon, Google, IBM, Microsoft, Oracle public clouds, among others.[3]\nVMware Cloud is also notable for its VMware Cloud Verified program. VMware notes: \"VMware Cloud Provider Partners deliver VMware Cloud Infrastructure in services worldwide with the VMware Cloud Verified designation. Gain support for your apps\u2014from existing to cloud-native to SaaS\u2014across private, public, and hybrid clouds using services by partners displaying the VMware Cloud Verified logo.\"[4] As of late April 2021, VMware Cloud boasts more than 360 VMware Cloud Verified providers around the world, with some 85 percent of them offering some flavor of infrastructure as a service (IaaS) offering and 39 percent of them offering some flavor of platform as a service (PaaS) offering.[5] This includes major public cloud providers such as OVH. Interested parties can consult the search filters available for these providers to filter by data center location, region, validated service, compliance and certifications, services offered, and vertical markets.\n\r\n\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 Further reading \n5 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a hybrid cloud provider, some of the questions from Chapter 5 (e.g., \"How segregated is our cloud data from another customer's\") are not relevant, as they are not providing public cloud services. Note that VMware Cloud offers some of its cloud services on the AWS IaaS and is not a public cloud provider itself, with VMware Cloud on AWS replacing its public cloud business in mid-2017.[6][7]\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nVMware Cloud services have been used or are currently being used by laboratories such as Centre National de la Recherche Scientifique[8], Charles River Laboratories[9], and ESC Lab Sciences.[10] A VMware Cloud representative is likely to be able to supply more examples of laboratories that use or have used VMware Cloud.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nVMware speaks broadly of the importance of integration in hybrid cloud computing, but it doesn't appear to go into lengthy discussion of how its solution facilitates integrating with your systems and business practices. The company does discuss its VMware Cloud Director solution as an integration tool, though outside of features and benefits the company doesn't clearly say what the solution is other than calling it a \"cloud service delivery platform.\" You'll have to discuss how VMware cloud can integrated with your systems and processes with a VMware Cloud representative.\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nSome public information is made available about historic outages and downtime. VMware Cloud has a systems status page with status history (scroll down to the bottom and click on the \"Incident History\" link). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a VMware Cloud representative may reveal more historical downtime history for the services you are interested in.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nVMware Cloud does not make this answer clear. However, the answer is likely tied to what support plan you choose. Confirm with VMware Cloud what downtime support they provide based on the services your organization are interested in.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nVMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, it will be useful to understand the underlying technology supplied by VMware in regards to data transmission to public and private cloud instances. VMware says this about data transfer security[6]:\n\nFor data that is required to move through public networks, VMware provides customers with the ability to create IPsec and SSL VPN tunnels from their environments that support the most common encryption methods, including 128-byte and 256-byte AES. Data in transit (authentications, administrative access, customer information, etc.) is encrypted with standard encryption mechanisms (i.e., SSH, TLS and Secure RDP). Communication that transports sensitive information (authentications, administrative access, customer information, etc.) is encrypted with standard encryption mechanisms.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nVMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, VMware says this about access to customer data specifically in regards to VMware Cloud for AWS[6]:\n\nAccess to customer environments where a customer\u2019s data is stored requires an authorized VMware operator to authenticate via two-factor authentication to an access control system to generate a user-specific time-based credential. Generation of these temporary credentials must be tied to a specific incident, and all activity performed by the users is logged. The VMware Security Operations Center uses log capture, security monitoring technologies and intrusion detection tools to monitor VMware personnel accessing customer data and to look for unauthorized access attempts.\nAs for training and certifications for VMware Cloud for AWS offerings[6]:\n\nIn alignment with the ISO 27001 standard, all VMware personnel are required to complete annual security awareness training. Personnel supporting VMware managed services receive additional role-based security training to perform their job functions in a secure manner. Compliance audits are periodically performed to validate that employees understand and follow the established policies. \nConsult the VMware Cloud for AWS security guide or a representative to learn more.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nVMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. However, the company notes that \"VMware builds security into the foundations of every one of our cloud solutions. This means our offerings align with major compliance certifications to maintain standards that meet industry best-practices.\"[11]\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nVMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. However, VMware says this about segregation specifically in regards to VMware Cloud for AWS[6]:\n\nProduction and non-production environments are logically and physically segregated. Development, quality assurance (QA) and production use separate equipment and environments, and are managed by separate teams. \nTo learn more, discuss this with a VMware Cloud representative.\n\r\n\n9. Do you have documented data security policies?\nVMware Cloud documents its thoughts and practices on security in several places:\n\nVMware Cloud Services security overview for offerings running on AWS IaaS\nVMware Cloud security page\nVMware multicloud security page\n\r\n\n10. How do you test your platform's security?\nBroadly speaking, VMware briefly notes that its security development lifecycle (SDL) includes \"product security assessments, threat modeling, static and dynamic scans, and penetration testing.\"[12] In regards to VMware Cloud for AWS, VMware discusses the security development lifecycle program it uses, with[6]:\n\ncode undergoing \"a rigorous review for code security and quality\"\nthe software development lifecycle catching \"security issues early in the lifecycle\"\nverification that \"all software suppliers adhere to industry standards for security development lifecycle security using its comprehensive vendor risk management process\"\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nVMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. The company says little about intrusion detection and reporting outside of its NSX Distributed IDS\/IPS. In regards to its VMware Cloud for AWS, \"VMware has an intrusion detection system and other tools in place that continuously monitor for deviations in production from our baseline configurations and generate notifications.\"[6] Their security document adds[6]:\n\nThe logging and monitoring framework for VMware Cloud Services allows for the identification of incidents to specific tenants. A SIEM system is in place and merges data sources for granular analysis and alerting, and is used by the VMware Security Operations Center.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nIn its terms of service, VMware indicates[13]:\n\nWe monitor and collect configuration, performance, and usage data relating to your use of the Service Offering: (a) to facilitate delivery of the Service Offering (such as (i) tracking entitlements, (ii) providing support, (iii) monitoring the performance, integrity, and stability of the Service Offering\u2019s infrastructure, and (iv) preventing or addressing service or technical issues); and (b) to improve our products and services, and your experience. You must not interfere with that monitoring. We will not access Your Content except as necessary to provide the Service Offering, or pursuant to Section 1.9 (\u201cRequired Disclosures\u201d).\nFor further details, discuss this with a VMware representative.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nLike the prior question, discuss this with a VMware representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nVMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, it's worth noting that the VMware Cloud for AWS offering is \"completed an independent third-party examination against applicable controls of HIPAA, and a Business Associate Agreement (BAA) is also available.\"[14]\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nPer the terms of service, \"[d]eletion of any Content remaining in the Service Offering will occur as specified in the applicable Service Description. As between you and us, you are responsible for ensuring that you have necessary copies of all Your Content prior to the effective date of any termination.\"[13] Presumably you'll be backing up your data and information elsewhere before then. However, discuss with a representative to learn more.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how VMware would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, VMware Cloud on AWS and VMware Site Recovery provide means for proactive disaster avoidance.[15] This is a topic for further discussion with a representative.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nAs a hybrid solution, you should be able to extract data at whim to another private of public cloud location. Extracting data for the VMware Cloud for AWS offering may be different. Consult with a VMware Cloud representative.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a VMware Cloud representative.\n\nManaged security services \nVMware Cloud doesn't appear to explicitly advertise \"managed security services.\" VMware does, however, offer professional services through its VMware Professional Services offering.[16] Under its \"Intrinsic Security\" section, VMware notes several categories of services[17]:\n\nAdvisory services: security rule and policy review, audits of remediation and threat intelligence, and system optimization\nSystem health check: analysis of system configuration and components, penetration testing, and configuration validation\nOperational services: gap analysis in business operations and security decision tree development\nMigration services: migration oversight and review of imported security profiles, automations, etc.\nDesign and deploy: integration management, threat protection and prevention optimization, risk management, and policy implementation\nNetwork security: security policy and firewall rule development, antivirus and endpoint protection, micro-segmentation assistance, and security group and profile configuration\n\r\n\n\nAdditional information \nDocumentation and other media \nVMware Cloud Services security overview for offerings running on AWS IaaS\nExternal links \nVMware Cloud development and auditing practices\nVMware Cloud Verified provider search and filters\nVMware Cloud trust center\nVMware Professional Services\nFurther reading \nRouse, M.; Moore, N. (April 2018). \"VMware Cloud on AWS\". TechTarget - SearchVMware. Archived from the original on 14 August 2020. https:\/\/web.archive.org\/web\/20200814113334\/https:\/\/searchvmware.techtarget.com\/definition\/VMware-Cloud-on-AWS .   \n\r\n\n\nReferences \n\n\n\u2191 \"VMware Reports Fourth Quarter and Fiscal Year 2023 Results\" (PDF). VMware. 2 March 2023. https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/earnings\/vmw-earnings-release-nongaap-q423.pdf . Retrieved 04 August 2023 .   \n \n\n\u2191 2.0 2.1 2.2 \"Transform Your Apps and Cloud Faster with VMware Cloud\". VMware. https:\/\/www.vmware.com\/cloud-solutions.html . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Hybrid Cloud Solutions\". VMware. https:\/\/www.vmware.com\/cloud-solutions\/hybrid-cloud.html . Retrieved 04 August 2023 .   \n \n\n\u2191 \"VMware Cloud Verified\". VMware. https:\/\/www.vmware.com\/vmware-cloud-verified.html . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Find A VMware Cloud Services Provider\". VMware. https:\/\/cloud.vmware.com\/providers\/search-result . Retrieved 04 August 2023 .   \n \n\n\u2191 6.0 6.1 6.2 6.3 6.4 6.5 6.6 6.7 \"VMware Cloud Services Security Overview\" (PDF). VMware. August 2019. Archived from the original on 21 February 2020. https:\/\/web.archive.org\/web\/20200221063600\/https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/products\/cloud-services\/vmware-cloud-services-on-aws-security-overview-white-paper.pdf . Retrieved 04 August 2023 .   \n \n\n\u2191 \"What is VMware Cloud? Benefits for Service Providers\". Acronis. 20 April 2020. https:\/\/www.acronis.com\/en-us\/blog\/posts\/vmware-cloud\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 Hudson, A. (11 January 2019). \"CNRS renews their IT infrastructure with private cloud\". VMware Cloud Management Blog. VMware. https:\/\/blogs.vmware.com\/management\/2019\/01\/cnrs-renews-their-it-infrastructure-with-private-cloud.html . Retrieved 04 August 2023 .   \n \n\n\u2191 VMware Cloud Provider Team (8 May 2012). \"Another VMware Cloud: Charles River Laboratories Runs Their Hybrid Cloud on VMware\". VMware Cloud Provider Blog. VMware. https:\/\/blogs.vmware.com\/cloudprovider\/2012\/05\/another-vmware-cloud-charles-river-laboratories-runs-their-hybrid-cloud-on-vmware.html . Retrieved 04 August 2023 .   \n \n\n\u2191 VMware Cloud Provider Team (2 March 2016). \"Another VMware Cloud in Action \u2014 ESC Lab Sciences Turns to VMware for Durable Disaster Recovery\". VMware Cloud Provider Blog. VMware. https:\/\/blogs.vmware.com\/cloudprovider\/2016\/03\/another-vmware-cloud-in-action-esc-lab-sciences-turns-to-vmware-for-durable-disaster-recovery.html . Retrieved 04 August 2023 .   \n \n\n\u2191 \"VMware Cloud Trust Center - Security\". VMware. https:\/\/www.vmware.com\/products\/trust-center.html#security . Retrieved 04 August 2023 .   \n \n\n\u2191 \"VMware Security Development Lifecycle\". VMware. https:\/\/www.vmware.com\/security\/sdl.html . Retrieved 04 August 2023 .   \n \n\n\u2191 13.0 13.1 \"Terms of Service\" (PDF). VMware. 20 September 2020. https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/downloads\/eula\/vmware-cloud-services-universal-tos.pdf . Retrieved 04 August 2023 .   \n \n\n\u2191 Millington, J. (26 June 2018). \"VMware Cloud on AWS Supports HIPAA Regulated Apps and Data for Healthcare Organizations\". VMware Industry Solutions Blog. VMware. https:\/\/blogs.vmware.com\/industry-solutions\/2018\/06\/26\/vmware-cloud-on-aws-supports-hipaa-regulated-apps-and-data-for-healthcare-organizations\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 Morgan, M. (24 March 2020). \"Rapidly respond to business continuity challenges with VMware Cloud on AWS\". VMware Cloud Community. VMware. https:\/\/cloud.vmware.com\/community\/2020\/03\/24\/rapidly-respond-business-continuity-challenges-vmware-cloud-aws\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Professional Services\". VMware. https:\/\/www.vmware.com\/professional-services.html . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Intrinsic Security\". VMware. https:\/\/www.vmware.com\/professional-services\/security.html . Retrieved 04 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/VMware_Cloud\">https:\/\/www.limswiki.org\/index.php\/VMware_Cloud<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 4 August 2023, at 21:14.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,224 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","14cb097560fe3787a43bd1ce90d349f8_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-VMware_Cloud rootpage-VMware_Cloud skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">VMware Cloud<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>VMware Cloud<\/b> is a collection of hybrid and multicloud software solutions offered as a service by VMware that give you the \"flexibility to migrate to any cloud, run apps on every major hyperscale cloud, and access hundreds of innovative cloud-native services to drive app modernization.\"<sup id=\"rdp-ebb-cite_ref-VMwareTransform_2-0\" class=\"reference\"><a href=\"#cite_note-VMwareTransform-2\">[2]<\/a><\/sup> Additionally, the solutions allow you to \"choose the optimal cloud for your apps with the option to deploy natively or on proven VMware infrastructure.\"<sup id=\"rdp-ebb-cite_ref-VMwareTransform_2-1\" class=\"reference\"><a href=\"#cite_note-VMwareTransform-2\">[2]<\/a><\/sup> Solutions include VMware Cloud Foundation, VMware Cloud on AWS, VMware Cloud on Dell EMC, VRealize Cloud Management, and VMware Cloud Universal.<sup id=\"rdp-ebb-cite_ref-VMwareTransform_2-2\" class=\"reference\"><a href=\"#cite_note-VMwareTransform-2\">[2]<\/a><\/sup> The VMware Cloud solutions support the Amazon, Google, IBM, Microsoft, Oracle public clouds, among others.<sup id=\"rdp-ebb-cite_ref-VMwareHybrid_3-0\" class=\"reference\"><a href=\"#cite_note-VMwareHybrid-3\">[3]<\/a><\/sup>\n<\/p><p>VMware Cloud is also notable for its VMware Cloud Verified program. VMware notes: \"VMware Cloud Provider Partners deliver VMware Cloud Infrastructure in services worldwide with the VMware Cloud Verified designation. Gain support for your apps\u2014from existing to cloud-native to SaaS\u2014across private, public, and hybrid clouds using services by partners displaying the VMware Cloud Verified logo.\"<sup id=\"rdp-ebb-cite_ref-VMwareCloudVerified_4-0\" class=\"reference\"><a href=\"#cite_note-VMwareCloudVerified-4\">[4]<\/a><\/sup> As of late April 2021, VMware Cloud boasts more than 360 VMware Cloud Verified providers around the world, with some 85 percent of them offering some flavor of <a href=\"https:\/\/www.limswiki.org\/index.php\/Infrastructure_as_a_service\" title=\"Infrastructure as a service\" class=\"wiki-link\" data-key=\"70b93c66f23363688d45f0d354e5c032\">infrastructure as a service<\/a> (IaaS) offering and 39 percent of them offering some flavor of <a href=\"https:\/\/www.limswiki.org\/index.php\/Platform_as_a_service\" title=\"Platform as a service\" class=\"wiki-link\" data-key=\"abad55890b97c6a6153458ad3d62762f\">platform as a service<\/a> (PaaS) offering.<sup id=\"rdp-ebb-cite_ref-VMWareCSPs_5-0\" class=\"reference\"><a href=\"#cite_note-VMWareCSPs-5\">[5]<\/a><\/sup> This includes major public cloud providers such as <a href=\"https:\/\/www.limswiki.org\/index.php\/OVHcloud\" title=\"OVHcloud\" class=\"wiki-link\" data-key=\"2ac2c388e2c6489bde4dc23edc83d436\">OVH<\/a>. Interested parties can consult the <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.vmware.com\/providers\/search-result\" target=\"_blank\">search filters<\/a> available for these providers to filter by data center location, region, validated service, compliance and certifications, services offered, and vertical markets.\n<\/p><p><br \/>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a hybrid cloud provider, some of the questions from Chapter 5 (e.g., \"How segregated is our cloud data from another customer's\") are not relevant, as they are not providing public cloud services. <i>Note that VMware Cloud offers some of its cloud services on the AWS IaaS and is not a public cloud provider itself, with VMware Cloud on AWS replacing its public cloud business in mid-2017.<\/i><sup id=\"rdp-ebb-cite_ref-VMwareCloudServSec19_6-0\" class=\"reference\"><a href=\"#cite_note-VMwareCloudServSec19-6\">[6]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AcronisWhatIs_7-0\" class=\"reference\"><a href=\"#cite_note-AcronisWhatIs-7\">[7]<\/a><\/sup>\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>VMware Cloud services have been used or are currently being used by <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a> such as Centre National de la Recherche Scientifique<sup id=\"rdp-ebb-cite_ref-HudsonCNRS19_8-0\" class=\"reference\"><a href=\"#cite_note-HudsonCNRS19-8\">[8]<\/a><\/sup>, Charles River Laboratories<sup id=\"rdp-ebb-cite_ref-VMwareAnother12_9-0\" class=\"reference\"><a href=\"#cite_note-VMwareAnother12-9\">[9]<\/a><\/sup>, and ESC Lab Sciences.<sup id=\"rdp-ebb-cite_ref-VMwareAnotherESC16_10-0\" class=\"reference\"><a href=\"#cite_note-VMwareAnotherESC16-10\">[10]<\/a><\/sup> A VMware Cloud representative is likely to be able to supply more examples of laboratories that use or have used VMware Cloud.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>VMware speaks broadly of the importance of <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/topics\/glossary\/content\/hybrid-cloud.html\" target=\"_blank\">integration in hybrid cloud<\/a> computing, but it doesn't appear to go into lengthy discussion of how its solution facilitates integrating with your systems and business practices. The company does discuss its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/products\/cloud-director.html\" target=\"_blank\">VMware Cloud Director<\/a> solution as an integration tool, though outside of features and benefits the company doesn't clearly say what the solution is other than calling it a \"cloud service delivery platform.\" You'll have to discuss how VMware cloud can integrated with your systems and processes with a VMware Cloud representative.\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Some public information is made available about historic outages and downtime. VMware Cloud has a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/status.vmware-services.io\/\" target=\"_blank\">systems status page<\/a> with status history (scroll down to the bottom and click on the \"Incident History\" link). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a VMware Cloud representative may reveal more historical downtime history for the services you are interested in.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>VMware Cloud does not make this answer clear. However, the answer is likely tied to what <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/support\/services.html\" target=\"_blank\">support plan<\/a> you choose. Confirm with VMware Cloud what downtime support they provide based on the services your organization are interested in.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, it will be useful to understand the underlying technology supplied by VMware in regards to data transmission to public and private cloud instances. VMware says this about data transfer security<sup id=\"rdp-ebb-cite_ref-VMwareCloudServSec19_6-1\" class=\"reference\"><a href=\"#cite_note-VMwareCloudServSec19-6\">[6]<\/a><\/sup>:\n<\/p>\n<blockquote><p>For data that is required to move through public networks, VMware provides customers with the ability to create IPsec and SSL VPN tunnels from their environments that support the most common encryption methods, including 128-byte and 256-byte AES. Data in transit (authentications, administrative access, customer information, etc.) is encrypted with standard encryption mechanisms (i.e., SSH, TLS and Secure RDP). Communication that transports sensitive information (authentications, administrative access, customer information, etc.) is encrypted with standard encryption mechanisms.<\/p><\/blockquote>\n<p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, VMware says this about access to customer data specifically in regards to VMware Cloud for AWS<sup id=\"rdp-ebb-cite_ref-VMwareCloudServSec19_6-2\" class=\"reference\"><a href=\"#cite_note-VMwareCloudServSec19-6\">[6]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Access to customer environments where a customer\u2019s data is stored requires an authorized VMware operator to authenticate via two-factor authentication to an access control system to generate a user-specific time-based credential. Generation of these temporary credentials must be tied to a specific incident, and all activity performed by the users is logged. The VMware Security Operations Center uses log capture, security monitoring technologies and intrusion detection tools to monitor VMware personnel accessing customer data and to look for unauthorized access attempts.<\/p><\/blockquote>\n<p>As for training and certifications for VMware Cloud for AWS offerings<sup id=\"rdp-ebb-cite_ref-VMwareCloudServSec19_6-3\" class=\"reference\"><a href=\"#cite_note-VMwareCloudServSec19-6\">[6]<\/a><\/sup>:\n<\/p>\n<blockquote><p>In alignment with the ISO 27001 standard, all VMware personnel are required to complete annual security awareness training. Personnel supporting VMware managed services receive additional role-based security training to perform their job functions in a secure manner. Compliance audits are periodically performed to validate that employees understand and follow the established policies.<\/p><\/blockquote> \n<p>Consult the VMware Cloud for AWS <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20200221063600\/https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/products\/cloud-services\/vmware-cloud-services-on-aws-security-overview-white-paper.pdf\" target=\"_blank\">security guide<\/a> or a representative to learn more.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. However, the company notes that \"VMware builds security into the foundations of every one of our cloud solutions. This means our offerings align with major compliance certifications to maintain standards that meet industry best-practices.\"<sup id=\"rdp-ebb-cite_ref-VMwareSecurityTrust_11-0\" class=\"reference\"><a href=\"#cite_note-VMwareSecurityTrust-11\">[11]<\/a><\/sup>\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. However, VMware says this about segregation specifically in regards to VMware Cloud for AWS<sup id=\"rdp-ebb-cite_ref-VMwareCloudServSec19_6-4\" class=\"reference\"><a href=\"#cite_note-VMwareCloudServSec19-6\">[6]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Production and non-production environments are logically and physically segregated. Development, quality assurance (QA) and production use separate equipment and environments, and are managed by separate teams.<\/p><\/blockquote> \n<p>To learn more, discuss this with a VMware Cloud representative.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>VMware Cloud documents its thoughts and practices on security in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20200221063600\/https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/products\/cloud-services\/vmware-cloud-services-on-aws-security-overview-white-paper.pdf\" target=\"_blank\">VMware Cloud Services security overview for offerings running on AWS IaaS<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/products\/trust-center.html#security\" target=\"_blank\">VMware Cloud security page<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/solutions\/multi-cloud-security.html\" target=\"_blank\">VMware multicloud security page<\/a><\/li><\/ul>\n<p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>Broadly speaking, VMware briefly notes that its security development lifecycle (SDL) includes \"product security assessments, threat modeling, static and dynamic scans, and penetration testing.\"<sup id=\"rdp-ebb-cite_ref-VMwareSDL_12-0\" class=\"reference\"><a href=\"#cite_note-VMwareSDL-12\">[12]<\/a><\/sup> In regards to VMware Cloud for AWS, VMware discusses the security development lifecycle program it uses, with<sup id=\"rdp-ebb-cite_ref-VMwareCloudServSec19_6-5\" class=\"reference\"><a href=\"#cite_note-VMwareCloudServSec19-6\">[6]<\/a><\/sup>:\n<\/p>\n<ul><li>code undergoing \"a rigorous review for code security and quality\"<\/li>\n<li>the software development lifecycle catching \"security issues early in the lifecycle\"<\/li>\n<li>verification that \"all software suppliers adhere to industry standards for security development lifecycle security using its comprehensive vendor risk management process\"<\/li><\/ul>\n<p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p>VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. The company says little about intrusion detection and reporting outside of its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/products\/nsx-advanced-threat-prevention.html\" target=\"_blank\">NSX Distributed IDS\/IPS<\/a>. In regards to its VMware Cloud for AWS, \"VMware has an intrusion detection system and other tools in place that continuously monitor for deviations in production from our baseline configurations and generate notifications.\"<sup id=\"rdp-ebb-cite_ref-VMwareCloudServSec19_6-6\" class=\"reference\"><a href=\"#cite_note-VMwareCloudServSec19-6\">[6]<\/a><\/sup> Their security document adds<sup id=\"rdp-ebb-cite_ref-VMwareCloudServSec19_6-7\" class=\"reference\"><a href=\"#cite_note-VMwareCloudServSec19-6\">[6]<\/a><\/sup>:\n<\/p>\n<blockquote><p>The logging and monitoring framework for VMware Cloud Services allows for the identification of incidents to specific tenants. A SIEM system is in place and merges data sources for granular analysis and alerting, and is used by the VMware Security Operations Center.<\/p><\/blockquote>\n<p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>In its terms of service, VMware indicates<sup id=\"rdp-ebb-cite_ref-VMwareTermsServ_13-0\" class=\"reference\"><a href=\"#cite_note-VMwareTermsServ-13\">[13]<\/a><\/sup>:\n<\/p>\n<blockquote><p>We monitor and collect configuration, performance, and usage data relating to your use of the Service Offering: (a) to facilitate delivery of the Service Offering (such as (i) tracking entitlements, (ii) providing support, (iii) monitoring the performance, integrity, and stability of the Service Offering\u2019s infrastructure, and (iv) preventing or addressing service or technical issues); and (b) to improve our products and services, and your experience. You must not interfere with that monitoring. We will not access Your Content except as necessary to provide the Service Offering, or pursuant to Section 1.9 (\u201cRequired Disclosures\u201d).<\/p><\/blockquote>\n<p>For further details, discuss this with a VMware representative.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>Like the prior question, discuss this with a VMware representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, it's worth noting that the VMware Cloud for AWS offering is \"completed an independent third-party examination against applicable controls of HIPAA, and a Business Associate Agreement (BAA) is also available.\"<sup id=\"rdp-ebb-cite_ref-MillingtonVMwareHIPAA18_14-0\" class=\"reference\"><a href=\"#cite_note-MillingtonVMwareHIPAA18-14\">[14]<\/a><\/sup>\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>Per the terms of service, \"[d]eletion of any Content remaining in the Service Offering will occur as specified in the applicable Service Description. As between you and us, you are responsible for ensuring that you have necessary copies of all Your Content prior to the effective date of any termination.\"<sup id=\"rdp-ebb-cite_ref-VMwareTermsServ_13-1\" class=\"reference\"><a href=\"#cite_note-VMwareTermsServ-13\">[13]<\/a><\/sup> Presumably you'll be backing up your data and information elsewhere before then. However, discuss with a representative to learn more.\n<\/p><p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how VMware would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, VMware Cloud on AWS and VMware Site Recovery provide means for proactive disaster avoidance.<sup id=\"rdp-ebb-cite_ref-MorganRapidly20_15-0\" class=\"reference\"><a href=\"#cite_note-MorganRapidly20-15\">[15]<\/a><\/sup> This is a topic for further discussion with a representative.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>As a hybrid solution, you should be able to extract data at whim to another private of public cloud location. Extracting data for the VMware Cloud for AWS offering may be different. Consult with a VMware Cloud representative.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a VMware Cloud representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>VMware Cloud doesn't appear to explicitly advertise \"managed security services.\" VMware does, however, offer professional services through its VMware Professional Services offering.<sup id=\"rdp-ebb-cite_ref-VMwarePro_16-0\" class=\"reference\"><a href=\"#cite_note-VMwarePro-16\">[16]<\/a><\/sup> Under its \"Intrinsic Security\" section, VMware notes several categories of services<sup id=\"rdp-ebb-cite_ref-VMwareProSec_17-0\" class=\"reference\"><a href=\"#cite_note-VMwareProSec-17\">[17]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Advisory services<\/b>: security rule and policy review, audits of remediation and threat intelligence, and system optimization<\/li>\n<li><b>System health check<\/b>: analysis of system configuration and components, penetration testing, and configuration validation<\/li>\n<li><b>Operational services<\/b>: gap analysis in business operations and security decision tree development<\/li>\n<li><b>Migration services<\/b>: migration oversight and review of imported security profiles, automations, etc.<\/li>\n<li><b>Design and deploy<\/b>: integration management, threat protection and prevention optimization, risk management, and policy implementation<\/li>\n<li><b>Network security<\/b>: security policy and firewall rule development, antivirus and endpoint protection, micro-segmentation assistance, and security group and profile configuration<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20200221063600\/https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/products\/cloud-services\/vmware-cloud-services-on-aws-security-overview-white-paper.pdf\" target=\"_blank\">VMware Cloud Services security overview for offerings running on AWS IaaS<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/security\/sdl.html\" target=\"_blank\">VMware Cloud development and auditing practices<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.vmware.com\/providers\/search-result\" target=\"_blank\">VMware Cloud Verified provider search and filters<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/products\/trust-center.html\" target=\"_blank\">VMware Cloud trust center<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/professional-services.html\" target=\"_blank\">VMware Professional Services<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"Further_reading\">Further reading<\/span><\/h2>\n<p><span class=\"citation web\">Rouse, M.; Moore, N. (April 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20200814113334\/https:\/\/searchvmware.techtarget.com\/definition\/VMware-Cloud-on-AWS\" target=\"_blank\">\"VMware Cloud on AWS\"<\/a>. <i>TechTarget - SearchVMware<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20200814113334\/https:\/\/searchvmware.techtarget.com\/definition\/VMware-Cloud-on-AWS\" target=\"_blank\">the original<\/a> on 14 August 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20200814113334\/https:\/\/searchvmware.techtarget.com\/definition\/VMware-Cloud-on-AWS\" target=\"_blank\">https:\/\/web.archive.org\/web\/20200814113334\/https:\/\/searchvmware.techtarget.com\/definition\/VMware-Cloud-on-AWS<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=VMware+Cloud+on+AWS&rft.atitle=TechTarget+-+SearchVMware&rft.aulast=Rouse%2C+M.%3B+Moore%2C+N.&rft.au=Rouse%2C+M.%3B+Moore%2C+N.&rft.date=April+2018&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20200814113334%2Fhttps%3A%2F%2Fsearchvmware.techtarget.com%2Fdefinition%2FVMware-Cloud-on-AWS&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-VMwareQ421-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VMwareQ421_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/earnings\/vmw-earnings-release-nongaap-q423.pdf\" target=\"_blank\">\"VMware Reports Fourth Quarter and Fiscal Year 2023 Results\"<\/a> (PDF). VMware. 2 March 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/earnings\/vmw-earnings-release-nongaap-q423.pdf\" target=\"_blank\">https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/earnings\/vmw-earnings-release-nongaap-q423.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=VMware+Reports+Fourth+Quarter+and+Fiscal+Year+2023+Results&rft.atitle=&rft.date=2+March+2023&rft.pub=VMware&rft_id=https%3A%2F%2Fwww.vmware.com%2Fcontent%2Fdam%2Fdigitalmarketing%2Fvmware%2Fen%2Fpdf%2Fearnings%2Fvmw-earnings-release-nongaap-q423.pdf&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwareTransform-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-VMwareTransform_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-VMwareTransform_2-1\">2.1<\/a><\/sup> <sup><a href=\"#cite_ref-VMwareTransform_2-2\">2.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/cloud-solutions.html\" target=\"_blank\">\"Transform Your Apps and Cloud Faster with VMware Cloud\"<\/a>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.vmware.com\/cloud-solutions.html\" target=\"_blank\">https:\/\/www.vmware.com\/cloud-solutions.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Transform+Your+Apps+and+Cloud+Faster+with+VMware+Cloud&rft.atitle=&rft.pub=VMware&rft_id=https%3A%2F%2Fwww.vmware.com%2Fcloud-solutions.html&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwareHybrid-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VMwareHybrid_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/cloud-solutions\/hybrid-cloud.html\" target=\"_blank\">\"Hybrid Cloud Solutions\"<\/a>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.vmware.com\/cloud-solutions\/hybrid-cloud.html\" target=\"_blank\">https:\/\/www.vmware.com\/cloud-solutions\/hybrid-cloud.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Hybrid+Cloud+Solutions&rft.atitle=&rft.pub=VMware&rft_id=https%3A%2F%2Fwww.vmware.com%2Fcloud-solutions%2Fhybrid-cloud.html&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwareCloudVerified-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VMwareCloudVerified_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/vmware-cloud-verified.html\" target=\"_blank\">\"VMware Cloud Verified\"<\/a>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.vmware.com\/vmware-cloud-verified.html\" target=\"_blank\">https:\/\/www.vmware.com\/vmware-cloud-verified.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=VMware+Cloud+Verified&rft.atitle=&rft.pub=VMware&rft_id=https%3A%2F%2Fwww.vmware.com%2Fvmware-cloud-verified.html&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMWareCSPs-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VMWareCSPs_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.vmware.com\/providers\/search-result\" target=\"_blank\">\"Find A VMware Cloud Services Provider\"<\/a>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.vmware.com\/providers\/search-result\" target=\"_blank\">https:\/\/cloud.vmware.com\/providers\/search-result<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Find+A+VMware+Cloud+Services+Provider&rft.atitle=&rft.pub=VMware&rft_id=https%3A%2F%2Fcloud.vmware.com%2Fproviders%2Fsearch-result&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwareCloudServSec19-6\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-VMwareCloudServSec19_6-0\">6.0<\/a><\/sup> <sup><a href=\"#cite_ref-VMwareCloudServSec19_6-1\">6.1<\/a><\/sup> <sup><a href=\"#cite_ref-VMwareCloudServSec19_6-2\">6.2<\/a><\/sup> <sup><a href=\"#cite_ref-VMwareCloudServSec19_6-3\">6.3<\/a><\/sup> <sup><a href=\"#cite_ref-VMwareCloudServSec19_6-4\">6.4<\/a><\/sup> <sup><a href=\"#cite_ref-VMwareCloudServSec19_6-5\">6.5<\/a><\/sup> <sup><a href=\"#cite_ref-VMwareCloudServSec19_6-6\">6.6<\/a><\/sup> <sup><a href=\"#cite_ref-VMwareCloudServSec19_6-7\">6.7<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20200221063600\/https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/products\/cloud-services\/vmware-cloud-services-on-aws-security-overview-white-paper.pdf\" target=\"_blank\">\"VMware Cloud Services Security Overview\"<\/a> (PDF). VMware. August 2019. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/products\/cloud-services\/vmware-cloud-services-on-aws-security-overview-white-paper.pdf\" target=\"_blank\">the original<\/a> on 21 February 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20200221063600\/https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/products\/cloud-services\/vmware-cloud-services-on-aws-security-overview-white-paper.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20200221063600\/https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/products\/cloud-services\/vmware-cloud-services-on-aws-security-overview-white-paper.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=VMware+Cloud+Services+Security+Overview&rft.atitle=&rft.date=August+2019&rft.pub=VMware&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20200221063600%2Fhttps%3A%2F%2Fwww.vmware.com%2Fcontent%2Fdam%2Fdigitalmarketing%2Fvmware%2Fen%2Fpdf%2Fproducts%2Fcloud-services%2Fvmware-cloud-services-on-aws-security-overview-white-paper.pdf&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AcronisWhatIs-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AcronisWhatIs_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.acronis.com\/en-us\/blog\/posts\/vmware-cloud\/\" target=\"_blank\">\"What is VMware Cloud? Benefits for Service Providers\"<\/a>. Acronis. 20 April 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.acronis.com\/en-us\/blog\/posts\/vmware-cloud\/\" target=\"_blank\">https:\/\/www.acronis.com\/en-us\/blog\/posts\/vmware-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+VMware+Cloud%3F+Benefits+for+Service+Providers&rft.atitle=&rft.date=20+April+2020&rft.pub=Acronis&rft_id=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Fblog%2Fposts%2Fvmware-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HudsonCNRS19-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HudsonCNRS19_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Hudson, A. (11 January 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blogs.vmware.com\/management\/2019\/01\/cnrs-renews-their-it-infrastructure-with-private-cloud.html\" target=\"_blank\">\"CNRS renews their IT infrastructure with private cloud\"<\/a>. <i>VMware Cloud Management Blog<\/i>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blogs.vmware.com\/management\/2019\/01\/cnrs-renews-their-it-infrastructure-with-private-cloud.html\" target=\"_blank\">https:\/\/blogs.vmware.com\/management\/2019\/01\/cnrs-renews-their-it-infrastructure-with-private-cloud.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=CNRS+renews+their+IT+infrastructure+with+private+cloud&rft.atitle=VMware+Cloud+Management+Blog&rft.aulast=Hudson%2C+A.&rft.au=Hudson%2C+A.&rft.date=11+January+2019&rft.pub=VMware&rft_id=https%3A%2F%2Fblogs.vmware.com%2Fmanagement%2F2019%2F01%2Fcnrs-renews-their-it-infrastructure-with-private-cloud.html&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwareAnother12-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VMwareAnother12_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">VMware Cloud Provider Team (8 May 2012). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blogs.vmware.com\/cloudprovider\/2012\/05\/another-vmware-cloud-charles-river-laboratories-runs-their-hybrid-cloud-on-vmware.html\" target=\"_blank\">\"Another VMware Cloud: Charles River Laboratories Runs Their Hybrid Cloud on VMware\"<\/a>. <i>VMware Cloud Provider Blog<\/i>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blogs.vmware.com\/cloudprovider\/2012\/05\/another-vmware-cloud-charles-river-laboratories-runs-their-hybrid-cloud-on-vmware.html\" target=\"_blank\">https:\/\/blogs.vmware.com\/cloudprovider\/2012\/05\/another-vmware-cloud-charles-river-laboratories-runs-their-hybrid-cloud-on-vmware.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Another+VMware+Cloud%3A+Charles+River+Laboratories+Runs+Their+Hybrid+Cloud+on+VMware&rft.atitle=VMware+Cloud+Provider+Blog&rft.aulast=VMware+Cloud+Provider+Team&rft.au=VMware+Cloud+Provider+Team&rft.date=8+May+2012&rft.pub=VMware&rft_id=https%3A%2F%2Fblogs.vmware.com%2Fcloudprovider%2F2012%2F05%2Fanother-vmware-cloud-charles-river-laboratories-runs-their-hybrid-cloud-on-vmware.html&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwareAnotherESC16-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VMwareAnotherESC16_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">VMware Cloud Provider Team (2 March 2016). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blogs.vmware.com\/cloudprovider\/2016\/03\/another-vmware-cloud-in-action-esc-lab-sciences-turns-to-vmware-for-durable-disaster-recovery.html\" target=\"_blank\">\"Another VMware Cloud in Action \u2014 ESC Lab Sciences Turns to VMware for Durable Disaster Recovery\"<\/a>. <i>VMware Cloud Provider Blog<\/i>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blogs.vmware.com\/cloudprovider\/2016\/03\/another-vmware-cloud-in-action-esc-lab-sciences-turns-to-vmware-for-durable-disaster-recovery.html\" target=\"_blank\">https:\/\/blogs.vmware.com\/cloudprovider\/2016\/03\/another-vmware-cloud-in-action-esc-lab-sciences-turns-to-vmware-for-durable-disaster-recovery.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Another+VMware+Cloud+in+Action+%E2%80%94+ESC+Lab+Sciences+Turns+to+VMware+for+Durable+Disaster+Recovery&rft.atitle=VMware+Cloud+Provider+Blog&rft.aulast=VMware+Cloud+Provider+Team&rft.au=VMware+Cloud+Provider+Team&rft.date=2+March+2016&rft.pub=VMware&rft_id=https%3A%2F%2Fblogs.vmware.com%2Fcloudprovider%2F2016%2F03%2Fanother-vmware-cloud-in-action-esc-lab-sciences-turns-to-vmware-for-durable-disaster-recovery.html&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwareSecurityTrust-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VMwareSecurityTrust_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"nofollow\" class=\"external text\" href=\"#security\">\"VMware Cloud Trust Center - Security\"<\/a>. VMware<span class=\"printonly\">. <a rel=\"nofollow\" class=\"external free\" href=\"#security\">https:\/\/www.vmware.com\/products\/trust-center.html#security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=VMware+Cloud+Trust+Center+-+Security&rft.atitle=&rft.pub=VMware&rft_id=https%3A%2F%2Fwww.vmware.com%2Fproducts%2Ftrust-center.html%23security&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwareSDL-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VMwareSDL_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/security\/sdl.html\" target=\"_blank\">\"VMware Security Development Lifecycle\"<\/a>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.vmware.com\/security\/sdl.html\" target=\"_blank\">https:\/\/www.vmware.com\/security\/sdl.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=VMware+Security+Development+Lifecycle&rft.atitle=&rft.pub=VMware&rft_id=https%3A%2F%2Fwww.vmware.com%2Fsecurity%2Fsdl.html&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwareTermsServ-13\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-VMwareTermsServ_13-0\">13.0<\/a><\/sup> <sup><a href=\"#cite_ref-VMwareTermsServ_13-1\">13.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/downloads\/eula\/vmware-cloud-services-universal-tos.pdf\" target=\"_blank\">\"Terms of Service\"<\/a> (PDF). VMware. 20 September 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/downloads\/eula\/vmware-cloud-services-universal-tos.pdf\" target=\"_blank\">https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/downloads\/eula\/vmware-cloud-services-universal-tos.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Terms+of+Service&rft.atitle=&rft.date=20+September+2020&rft.pub=VMware&rft_id=https%3A%2F%2Fwww.vmware.com%2Fcontent%2Fdam%2Fdigitalmarketing%2Fvmware%2Fen%2Fpdf%2Fdownloads%2Feula%2Fvmware-cloud-services-universal-tos.pdf&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MillingtonVMwareHIPAA18-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MillingtonVMwareHIPAA18_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Millington, J. (26 June 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blogs.vmware.com\/industry-solutions\/2018\/06\/26\/vmware-cloud-on-aws-supports-hipaa-regulated-apps-and-data-for-healthcare-organizations\/\" target=\"_blank\">\"VMware Cloud on AWS Supports HIPAA Regulated Apps and Data for Healthcare Organizations\"<\/a>. <i>VMware Industry Solutions Blog<\/i>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blogs.vmware.com\/industry-solutions\/2018\/06\/26\/vmware-cloud-on-aws-supports-hipaa-regulated-apps-and-data-for-healthcare-organizations\/\" target=\"_blank\">https:\/\/blogs.vmware.com\/industry-solutions\/2018\/06\/26\/vmware-cloud-on-aws-supports-hipaa-regulated-apps-and-data-for-healthcare-organizations\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=VMware+Cloud+on+AWS+Supports+HIPAA+Regulated+Apps+and+Data+for+Healthcare+Organizations&rft.atitle=VMware+Industry+Solutions+Blog&rft.aulast=Millington%2C+J.&rft.au=Millington%2C+J.&rft.date=26+June+2018&rft.pub=VMware&rft_id=https%3A%2F%2Fblogs.vmware.com%2Findustry-solutions%2F2018%2F06%2F26%2Fvmware-cloud-on-aws-supports-hipaa-regulated-apps-and-data-for-healthcare-organizations%2F&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MorganRapidly20-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MorganRapidly20_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Morgan, M. (24 March 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.vmware.com\/community\/2020\/03\/24\/rapidly-respond-business-continuity-challenges-vmware-cloud-aws\/\" target=\"_blank\">\"Rapidly respond to business continuity challenges with VMware Cloud on AWS\"<\/a>. <i>VMware Cloud Community<\/i>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.vmware.com\/community\/2020\/03\/24\/rapidly-respond-business-continuity-challenges-vmware-cloud-aws\/\" target=\"_blank\">https:\/\/cloud.vmware.com\/community\/2020\/03\/24\/rapidly-respond-business-continuity-challenges-vmware-cloud-aws\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Rapidly+respond+to+business+continuity+challenges+with+VMware+Cloud+on+AWS&rft.atitle=VMware+Cloud+Community&rft.aulast=Morgan%2C+M.&rft.au=Morgan%2C+M.&rft.date=24+March+2020&rft.pub=VMware&rft_id=https%3A%2F%2Fcloud.vmware.com%2Fcommunity%2F2020%2F03%2F24%2Frapidly-respond-business-continuity-challenges-vmware-cloud-aws%2F&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwarePro-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VMwarePro_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/professional-services.html\" target=\"_blank\">\"Professional Services\"<\/a>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.vmware.com\/professional-services.html\" target=\"_blank\">https:\/\/www.vmware.com\/professional-services.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Professional+Services&rft.atitle=&rft.pub=VMware&rft_id=https%3A%2F%2Fwww.vmware.com%2Fprofessional-services.html&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VMwareProSec-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-VMwareProSec_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/professional-services\/security.html\" target=\"_blank\">\"Intrinsic Security\"<\/a>. VMware<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.vmware.com\/professional-services\/security.html\" target=\"_blank\">https:\/\/www.vmware.com\/professional-services\/security.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Intrinsic+Security&rft.atitle=&rft.pub=VMware&rft_id=https%3A%2F%2Fwww.vmware.com%2Fprofessional-services%2Fsecurity.html&rfr_id=info:sid\/en.wikipedia.org:VMware_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816021705\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.193 seconds\nReal time usage: 0.211 seconds\nPreprocessor visited node count: 14004\/1000000\nPost\u2010expand include size: 84330\/2097152 bytes\nTemplate argument size: 37039\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 25892\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 175.069 1 -total\n 63.77% 111.634 18 Template:Cite_web\n 60.49% 105.904 1 Template:Reflist\n 58.30% 102.073 18 Template:Citation\/core\n 19.92% 34.880 1 Template:Infobox_company\n 18.04% 31.588 1 Template:Infobox\n 11.37% 19.912 81 Template:Infobox\/row\n 10.56% 18.484 10 Template:Date\n 4.22% 7.395 26 Template:Citation\/make_link\n 2.93% 5.132 1 Template:URL\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12494-0!canonical and timestamp 20230816021705 and revision id 52746. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/VMware_Cloud\">https:\/\/www.limswiki.org\/index.php\/VMware_Cloud<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","14cb097560fe3787a43bd1ce90d349f8_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/4\/45\/320px-Vmware.png"],"14cb097560fe3787a43bd1ce90d349f8_timestamp":1692220362,"7d1e0e86edde46ec0b4105e48540bbcc_type":"article","7d1e0e86edde46ec0b4105e48540bbcc_title":"Tencent Cloud","7d1e0e86edde46ec0b4105e48540bbcc_url":"https:\/\/www.limswiki.org\/index.php\/Tencent_Cloud","7d1e0e86edde46ec0b4105e48540bbcc_plaintext":"\n\nTencent CloudFrom LIMSWikiJump to navigationJump to searchTencent Cloud\nIndustry\n \nCloud computing, Web servicesFounder(s)\n \nMa Huateng\r\nZhang Zhidong\r\nXu Chenye\r\nChen Yidan\r\nZeng LiqingHeadquarters\n \nShenzhen, Guangdong , China Area served\n \nWorldwideKey people\n \nDowson Tong (CEO)Products\n \nIaaS, PaaS, DBaaS, DaaSRevenue\n \n$21.4 billion (Q1 2023)[1]Website\n \nintl.cloud.tencent.com\n\n\r\n\nTencent Cloud is a collection of public, private, hybrid, and multicloud cloud computing services offered by Tencent, a Chinese multinational technology conglomerate. Tencent Cloud deploys to an unknown number of data centers in 26 regions and 70 availability zones around the world.[2] More than 70 different products and services are associated with Tencent Cloud, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, data analysis, container and middleware management, developer support, blockchain management, media management, and artificial intelligence.[2]\n\r\n\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nTencent Cloud has been implemented in the laboratories of the National Institute of Biological Sciences, Beijing[3], Shenzhen Technology University[4], Tsinghua University Institute of Biomedicine[5], and ZhongShan University.[3] It's not clear if any laboratory informatics vendors have turned to Tencent Cloud to host their SaaS solutions. A discussion with a Tencent Cloud representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Tencent Cloud.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nIt will ultimately be up to your organization to get an answer from Tencent tailored to your systems and business processes. However, this much can be said about Tencent Cloud integrations. Tencent Cloud doesn't discuss integration approaches extensively, but it does make reference to its API, which \"can greatly improve efficiency in performing frequently called functions, and different APIs can be combined to achieve more advanced features, easier automation and remote call as well as higher compatibility.\" They add that \"Tencent Cloud provides an [software development kit] compatible with multiple languages that uniformly encapsulates the APIs of all of its products, allowing you to integrate Tencent Cloud services into your applications, databases or automation scripts with greater efficiency and convenience.\"[6]\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nLittle public information is made available about historic outages and downtime. You'll largely have to ask this of Tencent and see what response they give you. Tencent has demonstrated a desire to maintain a high level availability, stating \"[t]he Service Availability Across Availability Zones in A Single Region of the Service provided by Tencent Cloud will be no less than 99.995%.\"[7] You may wish to consult a Tencent Cloud representative on the historic downtime of its solutions. That said, data losses have been reported in 2018[8], though no downtime or outage reports could be found.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nTencent Cloud does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with Tencent Cloud what downtime support they provide based on the services your organization are interested in.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nTencent Cloud has 61 availability zones spread across 26 regions made up of China, the United States, South America, Europe, Asia Pacific and other areas. Tencent Cloud uses its Content Delivery Network to \"store your content based on caching policies. When a user makes a content request, it will be routed to the node closest to the user, reducing access delay and improving availability.\"[9] As for data transfer, Tencent Cloud has tools like Data Transfer Service to \"securely and easily migrate your database onto the cloud.\"[10] As for the security of data in transit across servers, Tencent Cloud says little on their website. You'll have to discuss security for data in transit with a representative.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nIn its security whitepaper, Tencent addresses data management personnel and their training in the context of physical security in a few ways[11]\n\n\n\"Each data center has strict infrastructure and environment access controls based on different levels of regional security requirements. According to the data center personnel category and access rights, a complete personnel access control matrix is established in the access control authorization system to effectively control the access and operation behavior of various personnel in the data center.\"\n\"Tencent Cloud also requires all data center operators and builders to have the corresponding work qualifications and experience, and conducts regular security awareness and ability training for relevant personnel.\"\n\"Tencent Cloud also requires all data center personnel to regularly receive business continuity drill training to ensure the implementation of data center infrastructure security is effective.\"\nFor more information about the specific personnel who may have access to your data, discuss this with a Tencent representative.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nNot all Tencent Cloud machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nTencent appears use standard virtual machines, hypervisors, and network isolation rules for logical separation.[11] Although it's not 100 percent clear, it appears Tencent Cloud may also has bare metal (physical separation) options in the form of Cloud Physical Machines, \"an on-demand physical server rental service provided on a pay-by-usage basis, designed to offer high-performance, securely isolated physical clusters dedicated to cloud.\"[12] For further information, discuss the topic with a Tencent Cloud representative.\n\r\n\n9. Do you have documented data security policies?\nTencent Cloud documents its security practices in several places:\n\nCloud security whitepaper\nDocumentation for security products\nSome security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with a Tencent Cloud representative to obtain them.\n\r\n\n10. How do you test your platform's security?\nThe Tencent website and documentation doesn't appear to even mention penetration testing or red team exercises. It makes reference to its Security Operations Center for customers, but it doesn't appear to talk about its own internal testing. A conversation with a Tencent representative will be necessary to learn more.\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nAudits: Tencent gives several tools for customers to test the security of their own accounts, including CloudAudit. As for its own security audits, Tencent is audited by the SOC[13], though it's not clear at what frequency. A discussion of Tencent's internal security audits will be necessary, along with requests for their SOC reports.\nIntrusion detection and reporting: Tencent Cloud provides a tool called Cloud Workload Protection, which \"leverages the massive amount of threat data accumulated by Tencent Security and uses machine learning algorithms to provide security services such as intrusion detection and vulnerability alerts.[14] However, it's not clear if Tencent uses the same product internally for its own intrusion detection and alerts. This will be a question for a representative.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nThe company says that \"Tencent Cloud keeps detailed logs of all operations in both internal and external management systems for effective risk traceability.\"[15] However, it gives no further details. A discussion with a Tencent representative will be required to learn more about this topic.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nWhile information is provided about customers viewing their own logs via solutions such as Cloud Log Service, no information appears to be provided about how customers can view internal logs collected by Tencent on their own infrastructure. You'll have to discuss this with a Tencent representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nTencent states that they release \"self-assessment reports for HIPAA compliance, which explain its ability to protect users' personal information and the effectiveness of the control measures taken.\"[16] However, they make no mention of a business associate agreement in their documentation. You'll have to discuss this topic with a representative.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nAfter scanning the terms of service and general service level agreements, no information was found concerning what happens to your data. Those or other documents may make reference to that information, but it was unable to be found if it exists. Consult with a Tencent representative to get a clear picture of what happens to your data after contract expiration or termination.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\n\"Tencent Cloud has the unique all-purpose placement cluster, which not only provides multiple availability zones in the same region, but also three-layer disaster recovery across physical machines, racks, and switches in an availability zone. Therefore, it has comprehensive disaster tolerance.\"[11]\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nTencent discusses data extraction in in the context of material stored in your Cloud Object Storage, where \"you can extract data from individual files stored in buckets using the standard SQL templates we provide or by specifying statements that comply with syntax rules.\"[17] They also make reference to data extraction in some of its other products. Little is said about the format the data will be in, however. Discuss this with a Tencent representative.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a Tencent Cloud representative.\n\nManaged security services \nTencent Cloud doesn't appear to provide managed security services for customers.\n\r\n\n\nAdditional information \nDocumentation and other media \nCloud Object Storage documentation\nProduct documentation\nSecurity whitepaper\nExternal links \nTencent Cloud architecture framework or description\nTencent Cloud shared responsibility model\nTencent Cloud trust center\nReferences \n\n\n\u2191 Browne, R. (17 May 2023). \"Tencent posts fastest jump in quarterly revenue in more than a year after China reopens\". CNBC. https:\/\/www.cnbc.com\/2023\/05\/17\/tencent-q1-earnings-report-2023-.html . Retrieved 04 August 2023 .   \n \n\n\u2191 2.0 2.1 \"Tencent Cloud Global Infrastructure\". Tencent. https:\/\/www.tencentcloud.com\/global-infrastructure . Retrieved 04 August 2023 .   \n \n\n\u2191 3.0 3.1 Lau, S.Y. (2020). \"\u201cLeveraging ICTs and Digital Government for Innovative Solutions to Address the COVID-19 Pandemic Responses in Africa\" (PDF). United Nations. http:\/\/www.unpog.org\/file\/download.asp?sn=345 . Retrieved 04 August 2023 .   \n \n\n\u2191 Leah; Brian (17 May 2019). \"SZTU, Tencent join hands in establishing college and laboratories\". Shenzhen Technology University. https:\/\/english.sztu.edu.cn\/info\/1004\/1186.htm . Retrieved 04 August 2023 .   \n \n\n\u2191 Feifei, F. (28 September 2020). \"Tsinghua University, Tencent sign in-depth cooperation agreement\". ChinaDaily.com. https:\/\/www.chinadaily.com.cn\/a\/202009\/28\/WS5f71da3fa31024ad0ba7c6d8.html . Retrieved 04 August 2023 .   \n \n\n\u2191 \"TencentCloud API\". Tencent. https:\/\/www.tencentcloud.com\/products\/api . Retrieved 04 August 2023 .   \n \n\n\u2191 \"CVM Service Level Agreement\". Tencent. 1 November 2020. https:\/\/www.tencentcloud.com\/document\/product\/301\/30393 . Retrieved 04 August 2023 .   \n \n\n\u2191 Qianqian, D. (7 August 2018). \"Media Firm Demands USD1.6 Million From Tencent Over Cloud Data Loss\". Yicai Global. https:\/\/www.yicaiglobal.com\/news\/media-firm-demands-usd16-million-from-tencent-over-cloud-data-loss . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Product Overview\". Tencent Cloud Documentation - Content Delivery Network. Tencent. 15 November 2021. https:\/\/www.tencentcloud.com\/document\/product\/228\/2939 . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Data Transmission Service\". Tencent. https:\/\/www.tencentcloud.com\/products\/dts . Retrieved 04 August 2023 .   \n \n\n\u2191 11.0 11.1 11.2 \"Tencent Cloud Security White Paper\" (PDF). Tencent. June 2019. https:\/\/main.qcloudimg.com\/raw\/ea77661307adc3825990e159d851d406.pdf . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Brief\". Tencent Documentation. Tencent. 9 May 2017. https:\/\/www.tencentcloud.com\/document\/api\/386\/7031 . Retrieved 04 August 2023 .   \n \n\n\u2191 \"SOC Audit\". Tencent. 19 March 2021. https:\/\/intl.cloud.tencent.com\/document\/product\/363\/11543 . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Product Introduction\". Tencent Cloud Documentation - Cloud Workload Protection. Tencent. 5 September 2022. https:\/\/www.tencentcloud.com\/document\/product\/296\/2221 . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Notes on Information Security\". Tencent Cloud Documentation - TencentDB for MariaDB. Tencent. 9 March 2021. https:\/\/www.tencentcloud.com\/document\/product\/237\/7478 . Retrieved 04 August 2023 .   \n \n\n\u2191 \"HIPAA\". Tencent Cloud Documentation - Compliance. Tencent. 19 February 2020. https:\/\/intl.cloud.tencent.com\/document\/product\/363\/34541?lang=en . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Data Extraction\". Tencent Cloud Documentation - Cloud Object Storage. Tencent. 28 December 2022. https:\/\/www.tencentcloud.com\/document\/product\/436\/32538 . Retrieved 04 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Tencent_Cloud\">https:\/\/www.limswiki.org\/index.php\/Tencent_Cloud<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 4 August 2023, at 20:20.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,222 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","7d1e0e86edde46ec0b4105e48540bbcc_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Tencent_Cloud rootpage-Tencent_Cloud skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Tencent Cloud<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Tencent Cloud<\/b> is a collection of public, private, hybrid, and multicloud <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> services offered by Tencent, a Chinese multinational technology conglomerate. Tencent Cloud deploys to an unknown number of data centers in 26 regions and 70 availability zones around the world.<sup id=\"rdp-ebb-cite_ref-TencentGlobalInfra_2-0\" class=\"reference\"><a href=\"#cite_note-TencentGlobalInfra-2\">[2]<\/a><\/sup> More than 70 different products and services are associated with Tencent Cloud, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, <a href=\"https:\/\/www.limswiki.org\/index.php\/Data_analysis\" title=\"Data analysis\" class=\"wiki-link\" data-key=\"545c95e40ca67c9e63cd0a16042a5bd1\">data analysis<\/a>, container and middleware management, developer support, <a href=\"https:\/\/www.limswiki.org\/index.php\/Blockchain\" title=\"Blockchain\" class=\"wiki-link\" data-key=\"ae8b186c311716aca561aaee91944f8e\">blockchain<\/a> management, media management, and <a href=\"https:\/\/www.limswiki.org\/index.php\/Artificial_intelligence\" title=\"Artificial intelligence\" class=\"wiki-link\" data-key=\"0c45a597361ca47e1cd8112af676276e\">artificial intelligence<\/a>.<sup id=\"rdp-ebb-cite_ref-TencentGlobalInfra_2-1\" class=\"reference\"><a href=\"#cite_note-TencentGlobalInfra-2\">[2]<\/a><\/sup>\n<\/p><p><br \/>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>Tencent Cloud has been implemented in the <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a> of the National Institute of Biological Sciences, Beijing<sup id=\"rdp-ebb-cite_ref-LauLeveraging20_3-0\" class=\"reference\"><a href=\"#cite_note-LauLeveraging20-3\">[3]<\/a><\/sup>, Shenzhen Technology University<sup id=\"rdp-ebb-cite_ref-LeahSZTU19_4-0\" class=\"reference\"><a href=\"#cite_note-LeahSZTU19-4\">[4]<\/a><\/sup>, Tsinghua University Institute of Biomedicine<sup id=\"rdp-ebb-cite_ref-FeifeiTsinghua20_5-0\" class=\"reference\"><a href=\"#cite_note-FeifeiTsinghua20-5\">[5]<\/a><\/sup>, and ZhongShan University.<sup id=\"rdp-ebb-cite_ref-LauLeveraging20_3-1\" class=\"reference\"><a href=\"#cite_note-LauLeveraging20-3\">[3]<\/a><\/sup> It's not clear if any laboratory informatics vendors have turned to Tencent Cloud to host their SaaS solutions. A discussion with a Tencent Cloud representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Tencent Cloud.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>It will ultimately be up to your organization to get an answer from Tencent tailored to your systems and business processes. However, this much can be said about Tencent Cloud integrations. Tencent Cloud doesn't discuss integration approaches extensively, but it does make reference to its API, which \"can greatly improve efficiency in performing frequently called functions, and different APIs can be combined to achieve more advanced features, easier automation and remote call as well as higher compatibility.\" They add that \"Tencent Cloud provides an [software development kit] compatible with multiple languages that uniformly encapsulates the APIs of all of its products, allowing you to integrate Tencent Cloud services into your applications, databases or automation scripts with greater efficiency and convenience.\"<sup id=\"rdp-ebb-cite_ref-TencentCloudAPI_6-0\" class=\"reference\"><a href=\"#cite_note-TencentCloudAPI-6\">[6]<\/a><\/sup>\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Little public information is made available about historic outages and downtime. You'll largely have to ask this of Tencent and see what response they give you. Tencent has demonstrated a desire to maintain a high level availability, stating \"[t]he Service Availability Across Availability Zones in A Single Region of the Service provided by Tencent Cloud will be no less than 99.995%.\"<sup id=\"rdp-ebb-cite_ref-TencentCVMSer20_7-0\" class=\"reference\"><a href=\"#cite_note-TencentCVMSer20-7\">[7]<\/a><\/sup> You may wish to consult a Tencent Cloud representative on the historic downtime of its solutions. That said, data losses have been reported in 2018<sup id=\"rdp-ebb-cite_ref-QianqianMEdia18_8-0\" class=\"reference\"><a href=\"#cite_note-QianqianMEdia18-8\">[8]<\/a><\/sup>, though no downtime or outage reports could be found.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>Tencent Cloud does not make this answer clear. However, the answer is likely tied to what <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/render\/support-plan\" target=\"_blank\">after-sales support plan<\/a> you choose. Confirm with Tencent Cloud what downtime support they provide based on the services your organization are interested in.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>Tencent Cloud has 61 availability zones spread across 26 regions made up of China, the United States, South America, Europe, Asia Pacific and other areas. Tencent Cloud uses its Content Delivery Network to \"store your content based on caching policies. When a user makes a content request, it will be routed to the node closest to the user, reducing access delay and improving availability.\"<sup id=\"rdp-ebb-cite_ref-TencentCDNDoc_9-0\" class=\"reference\"><a href=\"#cite_note-TencentCDNDoc-9\">[9]<\/a><\/sup> As for data transfer, Tencent Cloud has tools like Data Transfer Service to \"securely and easily migrate your database onto the cloud.\"<sup id=\"rdp-ebb-cite_ref-TencentDataTrans_10-0\" class=\"reference\"><a href=\"#cite_note-TencentDataTrans-10\">[10]<\/a><\/sup> As for the security of data in transit across servers, Tencent Cloud says little on their website. You'll have to discuss security for data in transit with a representative.\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>In its security whitepaper, Tencent addresses data management personnel and their training in the context of physical security in a few ways<sup id=\"rdp-ebb-cite_ref-TencentCloud19_11-0\" class=\"reference\"><a href=\"#cite_note-TencentCloud19-11\">[11]<\/a><\/sup>\n<\/p>\n<dl><dd><\/dd><\/dl>\n<ul><li>\"Each data center has strict infrastructure and environment access controls based on different levels of regional security requirements. According to the data center personnel category and access rights, a complete personnel access control matrix is established in the access control authorization system to effectively control the access and operation behavior of various personnel in the data center.\"<\/li>\n<li>\"Tencent Cloud also requires all data center operators and builders to have the corresponding work qualifications and experience, and conducts regular security awareness and ability training for relevant personnel.\"<\/li>\n<li>\"Tencent Cloud also requires all data center personnel to regularly receive business continuity drill training to ensure the implementation of data center infrastructure security is effective.\"<\/li><\/ul>\n<p>For more information about the specific personnel who may have access to your data, discuss this with a Tencent representative.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Not all <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/global-infrastructure?lang=en\" target=\"_blank\">Tencent Cloud machines<\/a> have the same <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/services\/compliance\" target=\"_blank\">controls<\/a> on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>Tencent appears use standard virtual machines, hypervisors, and network isolation rules for logical separation.<sup id=\"rdp-ebb-cite_ref-TencentCloud19_11-1\" class=\"reference\"><a href=\"#cite_note-TencentCloud19-11\">[11]<\/a><\/sup> Although it's not 100 percent clear, it appears Tencent Cloud may also has bare metal (physical separation) options in the form of Cloud Physical Machines, \"an on-demand physical server rental service provided on a pay-by-usage basis, designed to offer high-performance, securely isolated physical clusters dedicated to cloud.\"<sup id=\"rdp-ebb-cite_ref-TencentBriefCPM_12-0\" class=\"reference\"><a href=\"#cite_note-TencentBriefCPM-12\">[12]<\/a><\/sup> For further information, discuss the topic with a Tencent Cloud representative.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>Tencent Cloud documents its security practices in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/main.qcloudimg.com\/raw\/ea77661307adc3825990e159d851d406.pdf\" target=\"_blank\">Cloud security whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/document\/product\" target=\"_blank\">Documentation for security products<\/a><\/li><\/ul>\n<p>Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with a Tencent Cloud representative to obtain them.\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>The Tencent website and documentation doesn't appear to even mention penetration testing or red team exercises. It makes reference to its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/products\/soc\" target=\"_blank\">Security Operations Center<\/a> for customers, but it doesn't appear to talk about its own internal testing. A conversation with a Tencent representative will be necessary to learn more.\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p><i>Audits<\/i>: Tencent gives several tools for customers to test the security of their own accounts, including <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/products\/cloudaudit\" target=\"_blank\">CloudAudit<\/a>. As for its own security audits, Tencent is audited by the SOC<sup id=\"rdp-ebb-cite_ref-TenCentSOC21_13-0\" class=\"reference\"><a href=\"#cite_note-TenCentSOC21-13\">[13]<\/a><\/sup>, though it's not clear at what frequency. A discussion of Tencent's internal security audits will be necessary, along with requests for their SOC reports.\n<\/p><p><i>Intrusion detection and reporting<\/i>: Tencent Cloud provides a tool called Cloud Workload Protection, which \"leverages the massive amount of threat data accumulated by Tencent Security and uses machine learning algorithms to provide security services such as intrusion detection and vulnerability alerts.<sup id=\"rdp-ebb-cite_ref-TencentProduct20_14-0\" class=\"reference\"><a href=\"#cite_note-TencentProduct20-14\">[14]<\/a><\/sup> However, it's not clear if Tencent uses the same product internally for its own intrusion detection and alerts. This will be a question for a representative.\n<\/p><p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>The company says that \"Tencent Cloud keeps detailed logs of all operations in both internal and external management systems for effective risk traceability.\"<sup id=\"rdp-ebb-cite_ref-TencentNotes21_15-0\" class=\"reference\"><a href=\"#cite_note-TencentNotes21-15\">[15]<\/a><\/sup> However, it gives no further details. A discussion with a Tencent representative will be required to learn more about this topic.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>While information is provided about customers viewing their own logs via solutions such as <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/products\/cls\" target=\"_blank\">Cloud Log Service<\/a>, no information appears to be provided about how customers can view internal logs collected by Tencent on their own infrastructure. You'll have to discuss this with a Tencent representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>Tencent states that they release \"self-assessment reports for HIPAA compliance, which explain its ability to protect users' personal information and the effectiveness of the control measures taken.\"<sup id=\"rdp-ebb-cite_ref-TencentHIPAA20_16-0\" class=\"reference\"><a href=\"#cite_note-TencentHIPAA20-16\">[16]<\/a><\/sup> However, they make no mention of a business associate agreement in their documentation. You'll have to discuss this topic with a representative.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>After scanning the terms of service and general service level agreements, no information was found concerning what happens to your data. Those or other documents may make reference to that information, but it was unable to be found if it exists. Consult with a Tencent representative to get a clear picture of what happens to your data after contract expiration or termination.\n<\/p><p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>\"Tencent Cloud has the unique all-purpose placement cluster, which not only provides multiple availability zones in the same region, but also three-layer disaster recovery across physical machines, racks, and switches in an availability zone. Therefore, it has comprehensive disaster tolerance.\"<sup id=\"rdp-ebb-cite_ref-TencentCloud19_11-2\" class=\"reference\"><a href=\"#cite_note-TencentCloud19-11\">[11]<\/a><\/sup>\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>Tencent discusses data extraction in in the context of material stored in your Cloud Object Storage, where \"you can extract data from individual files stored in buckets using the standard SQL templates we provide or by specifying statements that comply with syntax rules.\"<sup id=\"rdp-ebb-cite_ref-TencentDataExt20_17-0\" class=\"reference\"><a href=\"#cite_note-TencentDataExt20-17\">[17]<\/a><\/sup> They also make reference to data extraction in some of its other products. Little is said about the format the data will be in, however. Discuss this with a Tencent representative.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a Tencent Cloud representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Tencent Cloud doesn't appear to provide managed security services for customers.\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/436\/6222\" target=\"_blank\">Cloud Object Storage documentation<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/document\/product\" target=\"_blank\">Product documentation<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/main.qcloudimg.com\/raw\/ea77661307adc3825990e159d851d406.pdf\" target=\"_blank\">Security whitepaper<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/global-infrastructure\" target=\"_blank\">Tencent Cloud architecture framework or description<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/main.qcloudimg.com\/raw\/ea77661307adc3825990e159d851d406.pdf\" target=\"_blank\">Tencent Cloud shared responsibility model<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/services\/compliance\" target=\"_blank\">Tencent Cloud trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-TencentQ123-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TencentQ123_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Browne, R. (17 May 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cnbc.com\/2023\/05\/17\/tencent-q1-earnings-report-2023-.html\" target=\"_blank\">\"Tencent posts fastest jump in quarterly revenue in more than a year after China reopens\"<\/a>. <i>CNBC<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cnbc.com\/2023\/05\/17\/tencent-q1-earnings-report-2023-.html\" target=\"_blank\">https:\/\/www.cnbc.com\/2023\/05\/17\/tencent-q1-earnings-report-2023-.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Tencent+posts+fastest+jump+in+quarterly+revenue+in+more+than+a+year+after+China+reopens&rft.atitle=CNBC&rft.aulast=Browne%2C+R.&rft.au=Browne%2C+R.&rft.date=17+May+2023&rft_id=https%3A%2F%2Fwww.cnbc.com%2F2023%2F05%2F17%2Ftencent-q1-earnings-report-2023-.html&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentGlobalInfra-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-TencentGlobalInfra_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-TencentGlobalInfra_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/global-infrastructure\" target=\"_blank\">\"Tencent Cloud Global Infrastructure\"<\/a>. Tencent<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tencentcloud.com\/global-infrastructure\" target=\"_blank\">https:\/\/www.tencentcloud.com\/global-infrastructure<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Tencent+Cloud+Global+Infrastructure&rft.atitle=&rft.pub=Tencent&rft_id=https%3A%2F%2Fwww.tencentcloud.com%2Fglobal-infrastructure&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LauLeveraging20-3\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-LauLeveraging20_3-0\">3.0<\/a><\/sup> <sup><a href=\"#cite_ref-LauLeveraging20_3-1\">3.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lau, S.Y. (2020). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.unpog.org\/file\/download.asp?sn=345\" target=\"_blank\">\"\u201cLeveraging ICTs and Digital Government for Innovative Solutions to Address the COVID-19 Pandemic Responses in Africa\"<\/a> (PDF). United Nations<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.unpog.org\/file\/download.asp?sn=345\" target=\"_blank\">http:\/\/www.unpog.org\/file\/download.asp?sn=345<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=%E2%80%9CLeveraging+ICTs+and+Digital+Government+for+Innovative+Solutions+to+Address+the+COVID-19+Pandemic+Responses+in+Africa&rft.atitle=&rft.aulast=Lau%2C+S.Y.&rft.au=Lau%2C+S.Y.&rft.date=2020&rft.pub=United+Nations&rft_id=http%3A%2F%2Fwww.unpog.org%2Ffile%2Fdownload.asp%3Fsn%3D345&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LeahSZTU19-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LeahSZTU19_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Leah; Brian (17 May 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/english.sztu.edu.cn\/info\/1004\/1186.htm\" target=\"_blank\">\"SZTU, Tencent join hands in establishing college and laboratories\"<\/a>. Shenzhen Technology University<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/english.sztu.edu.cn\/info\/1004\/1186.htm\" target=\"_blank\">https:\/\/english.sztu.edu.cn\/info\/1004\/1186.htm<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SZTU%2C+Tencent+join+hands+in+establishing+college+and+laboratories&rft.atitle=&rft.aulast=Leah%3B+Brian&rft.au=Leah%3B+Brian&rft.date=17+May+2019&rft.pub=Shenzhen+Technology+University&rft_id=https%3A%2F%2Fenglish.sztu.edu.cn%2Finfo%2F1004%2F1186.htm&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FeifeiTsinghua20-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FeifeiTsinghua20_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Feifei, F. (28 September 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.chinadaily.com.cn\/a\/202009\/28\/WS5f71da3fa31024ad0ba7c6d8.html\" target=\"_blank\">\"Tsinghua University, Tencent sign in-depth cooperation agreement\"<\/a>. <i>ChinaDaily.com<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.chinadaily.com.cn\/a\/202009\/28\/WS5f71da3fa31024ad0ba7c6d8.html\" target=\"_blank\">https:\/\/www.chinadaily.com.cn\/a\/202009\/28\/WS5f71da3fa31024ad0ba7c6d8.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Tsinghua+University%2C+Tencent+sign+in-depth+cooperation+agreement&rft.atitle=ChinaDaily.com&rft.aulast=Feifei%2C+F.&rft.au=Feifei%2C+F.&rft.date=28+September+2020&rft_id=https%3A%2F%2Fwww.chinadaily.com.cn%2Fa%2F202009%2F28%2FWS5f71da3fa31024ad0ba7c6d8.html&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentCloudAPI-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TencentCloudAPI_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/products\/api\" target=\"_blank\">\"TencentCloud API\"<\/a>. Tencent<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tencentcloud.com\/products\/api\" target=\"_blank\">https:\/\/www.tencentcloud.com\/products\/api<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=TencentCloud+API&rft.atitle=&rft.pub=Tencent&rft_id=https%3A%2F%2Fwww.tencentcloud.com%2Fproducts%2Fapi&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentCVMSer20-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TencentCVMSer20_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/301\/30393\" target=\"_blank\">\"CVM Service Level Agreement\"<\/a>. Tencent. 1 November 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/301\/30393\" target=\"_blank\">https:\/\/www.tencentcloud.com\/document\/product\/301\/30393<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=CVM+Service+Level+Agreement&rft.atitle=&rft.date=1+November+2020&rft.pub=Tencent&rft_id=https%3A%2F%2Fwww.tencentcloud.com%2Fdocument%2Fproduct%2F301%2F30393&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-QianqianMEdia18-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-QianqianMEdia18_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Qianqian, D. (7 August 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.yicaiglobal.com\/news\/media-firm-demands-usd16-million-from-tencent-over-cloud-data-loss\" target=\"_blank\">\"Media Firm Demands USD1.6 Million From Tencent Over Cloud Data Loss\"<\/a>. <i>Yicai Global<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.yicaiglobal.com\/news\/media-firm-demands-usd16-million-from-tencent-over-cloud-data-loss\" target=\"_blank\">https:\/\/www.yicaiglobal.com\/news\/media-firm-demands-usd16-million-from-tencent-over-cloud-data-loss<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Media+Firm+Demands+USD1.6+Million+From+Tencent+Over+Cloud+Data+Loss&rft.atitle=Yicai+Global&rft.aulast=Qianqian%2C+D.&rft.au=Qianqian%2C+D.&rft.date=7+August+2018&rft_id=https%3A%2F%2Fwww.yicaiglobal.com%2Fnews%2Fmedia-firm-demands-usd16-million-from-tencent-over-cloud-data-loss&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentCDNDoc-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TencentCDNDoc_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/228\/2939\" target=\"_blank\">\"Product Overview\"<\/a>. <i>Tencent Cloud Documentation - Content Delivery Network<\/i>. Tencent. 15 November 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/228\/2939\" target=\"_blank\">https:\/\/www.tencentcloud.com\/document\/product\/228\/2939<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Product+Overview&rft.atitle=Tencent+Cloud+Documentation+-+Content+Delivery+Network&rft.date=15+November+2021&rft.pub=Tencent&rft_id=https%3A%2F%2Fwww.tencentcloud.com%2Fdocument%2Fproduct%2F228%2F2939&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentDataTrans-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TencentDataTrans_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/products\/dts\" target=\"_blank\">\"Data Transmission Service\"<\/a>. Tencent<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tencentcloud.com\/products\/dts\" target=\"_blank\">https:\/\/www.tencentcloud.com\/products\/dts<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+Transmission+Service&rft.atitle=&rft.pub=Tencent&rft_id=https%3A%2F%2Fwww.tencentcloud.com%2Fproducts%2Fdts&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentCloud19-11\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-TencentCloud19_11-0\">11.0<\/a><\/sup> <sup><a href=\"#cite_ref-TencentCloud19_11-1\">11.1<\/a><\/sup> <sup><a href=\"#cite_ref-TencentCloud19_11-2\">11.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/main.qcloudimg.com\/raw\/ea77661307adc3825990e159d851d406.pdf\" target=\"_blank\">\"Tencent Cloud Security White Paper\"<\/a> (PDF). Tencent. June 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/main.qcloudimg.com\/raw\/ea77661307adc3825990e159d851d406.pdf\" target=\"_blank\">https:\/\/main.qcloudimg.com\/raw\/ea77661307adc3825990e159d851d406.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Tencent+Cloud+Security+White+Paper&rft.atitle=&rft.date=June+2019&rft.pub=Tencent&rft_id=https%3A%2F%2Fmain.qcloudimg.com%2Fraw%2Fea77661307adc3825990e159d851d406.pdf&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentBriefCPM-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TencentBriefCPM_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/document\/api\/386\/7031\" target=\"_blank\">\"Brief\"<\/a>. <i>Tencent Documentation<\/i>. Tencent. 9 May 2017<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tencentcloud.com\/document\/api\/386\/7031\" target=\"_blank\">https:\/\/www.tencentcloud.com\/document\/api\/386\/7031<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Brief&rft.atitle=Tencent+Documentation&rft.date=9+May+2017&rft.pub=Tencent&rft_id=https%3A%2F%2Fwww.tencentcloud.com%2Fdocument%2Fapi%2F386%2F7031&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TenCentSOC21-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TenCentSOC21_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/intl.cloud.tencent.com\/document\/product\/363\/11543\" target=\"_blank\">\"SOC Audit\"<\/a>. Tencent. 19 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/intl.cloud.tencent.com\/document\/product\/363\/11543\" target=\"_blank\">https:\/\/intl.cloud.tencent.com\/document\/product\/363\/11543<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SOC+Audit&rft.atitle=&rft.date=19+March+2021&rft.pub=Tencent&rft_id=https%3A%2F%2Fintl.cloud.tencent.com%2Fdocument%2Fproduct%2F363%2F11543&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentProduct20-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TencentProduct20_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/296\/2221\" target=\"_blank\">\"Product Introduction\"<\/a>. <i>Tencent Cloud Documentation - Cloud Workload Protection<\/i>. Tencent. 5 September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/296\/2221\" target=\"_blank\">https:\/\/www.tencentcloud.com\/document\/product\/296\/2221<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Product+Introduction&rft.atitle=Tencent+Cloud+Documentation+-+Cloud+Workload+Protection&rft.date=5+September+2022&rft.pub=Tencent&rft_id=https%3A%2F%2Fwww.tencentcloud.com%2Fdocument%2Fproduct%2F296%2F2221&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentNotes21-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TencentNotes21_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/237\/7478\" target=\"_blank\">\"Notes on Information Security\"<\/a>. <i>Tencent Cloud Documentation - TencentDB for MariaDB<\/i>. Tencent. 9 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/237\/7478\" target=\"_blank\">https:\/\/www.tencentcloud.com\/document\/product\/237\/7478<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Notes+on+Information+Security&rft.atitle=Tencent+Cloud+Documentation+-+TencentDB+for+MariaDB&rft.date=9+March+2021&rft.pub=Tencent&rft_id=https%3A%2F%2Fwww.tencentcloud.com%2Fdocument%2Fproduct%2F237%2F7478&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentHIPAA20-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TencentHIPAA20_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/intl.cloud.tencent.com\/document\/product\/363\/34541?lang=en\" target=\"_blank\">\"HIPAA\"<\/a>. <i>Tencent Cloud Documentation - Compliance<\/i>. Tencent. 19 February 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/intl.cloud.tencent.com\/document\/product\/363\/34541?lang=en\" target=\"_blank\">https:\/\/intl.cloud.tencent.com\/document\/product\/363\/34541?lang=en<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=HIPAA&rft.atitle=Tencent+Cloud+Documentation+-+Compliance&rft.date=19+February+2020&rft.pub=Tencent&rft_id=https%3A%2F%2Fintl.cloud.tencent.com%2Fdocument%2Fproduct%2F363%2F34541%3Flang%3Den&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TencentDataExt20-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TencentDataExt20_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/436\/32538\" target=\"_blank\">\"Data Extraction\"<\/a>. <i>Tencent Cloud Documentation - Cloud Object Storage<\/i>. Tencent. 28 December 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tencentcloud.com\/document\/product\/436\/32538\" target=\"_blank\">https:\/\/www.tencentcloud.com\/document\/product\/436\/32538<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+Extraction&rft.atitle=Tencent+Cloud+Documentation+-+Cloud+Object+Storage&rft.date=28+December+2022&rft.pub=Tencent&rft_id=https%3A%2F%2Fwww.tencentcloud.com%2Fdocument%2Fproduct%2F436%2F32538&rfr_id=info:sid\/en.wikipedia.org:Tencent_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210003\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.245 seconds\nReal time usage: 0.270 seconds\nPreprocessor visited node count: 13710\/1000000\nPost\u2010expand include size: 71478\/2097152 bytes\nTemplate argument size: 26460\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 22735\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 229.948 1 -total\n 76.80% 176.608 1 Template:Reflist\n 64.82% 149.045 17 Template:Cite_web\n 59.65% 137.171 17 Template:Citation\/core\n 19.27% 44.300 1 Template:Infobox_company\n 16.65% 38.295 1 Template:Infobox\n 13.44% 30.910 14 Template:Date\n 9.32% 21.437 81 Template:Infobox\/row\n 4.74% 10.892 26 Template:Citation\/make_link\n 1.61% 3.707 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12492-0!canonical and timestamp 20230816210002 and revision id 52745. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Tencent_Cloud\">https:\/\/www.limswiki.org\/index.php\/Tencent_Cloud<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","7d1e0e86edde46ec0b4105e48540bbcc_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/c\/c5\/Tencent_Logo.png"],"7d1e0e86edde46ec0b4105e48540bbcc_timestamp":1692220362,"2ac2c388e2c6489bde4dc23edc83d436_type":"article","2ac2c388e2c6489bde4dc23edc83d436_title":"OVHcloud","2ac2c388e2c6489bde4dc23edc83d436_url":"https:\/\/www.limswiki.org\/index.php\/OVHcloud","2ac2c388e2c6489bde4dc23edc83d436_plaintext":"\n\nOVHcloudFrom LIMSWikiJump to navigationJump to searchOVHcloud\nIndustry\n \nCloud computing, Web servicesFounder(s)\n \nOctave KlabaHeadquarters\n \nRoubaix , France Area served\n \nWorldwideKey people\n \nMichel Paulin (CEO)Products\n \nIaaS, DBaaS, DaaSRevenue\n \nPrivate (IPO planned[1])Website\n \novhcloud.com \n\n\r\n\nOVHcloud is a collection of public, private, hybrid, and multicloud cloud computing services offered by OVH, a private French information technology company. OVHcloud deploys to over 37 data centers\u2014enhanced by the acquisition of VMware's vCloud Air business[2]\u2014in seven countries, largely represented by the North America, Europe, and Asia Pacific regions.[3] Numerous products and services are associated with OVHcloud, representing computing, networking, content delivery, data storage, database management, security management, enterprise management, container management, and developer support.[4]\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nLittle information can be found regarding non-tech laboratories working with OVHcloud. One example, Pacific Rim Laboratories[5], was found. As for laboratory informatics companies that have deployed or are deploying their software in OVHcloud, ALTIK SAS (acquired by Limseo SARL)[6] and BioAware[7] were identified. An OVHcloud representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used OVHcloud.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nIt will ultimately be up to your organization to get an answer from OVHcloud tailored to your systems and business processes. However, this much can be said about OVHcloud. The company recognizes that \"enterprise solutions must integrate seamlessly with a company's existing environment to reduce any disruption and ensure prior investments in IT have not gone to waste. This is why OVHcloud bases its technology on open standards to guarantee portability and interoperability.\"[8] OVHcloud also provides case studies, like that of Touchstone Solutions, and how they have integrated their cloud and on-premises hardware solutions with OVHcloud.\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nSome public information is made available about historic outages and downtime. OVHcloud has a systems status page with status history (you have to scroll past all the planned maintenance items, down to the bottom, and click on the \"History\" link). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with an OVHcloud representative may reveal more historical downtime history for the services you are interested in.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nOVHcloud does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with OVHcloud what downtime support they provide based on the services your organization are interested in.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nOVHcloud has 28 data centers in seven countries, largely represented by the North America, Europe, and Asia Pacific regions.[3] There are availability zones or areas associated with those regions[9], though OVHcloud doesn't appear to discuss these zones or areas much in its literature. As for the security of transferred data SSL certificates[10] and other \"security protocols and practices\" are used.[11] You'll have to discuss the specifics with an OVHcloud representative.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nOVHcloud says this about physical access[12]:\n\nWe have full control over physical security in our datacentres, as we are the sole operator. Access to buildings is limited and controlled in compliance with the very strictest standards and requirements, to ensure maximum security within the site. To access the premises and physical servers, only employees assigned to the building and carrying a badge are allowed to enter. 24\/7 video surveillance and security ensure full control of each site.\nThe company doesn't make clear who has access to the servers where your data is located. As for credentials, certifications, and training, they note that \"OVH personnel follow security awareness training and are trained in compliance rules for personal data processing.\"[13] For more details, discuss this with an OVHcloud representative.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nNot all OVHcloud machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nOVHcloud states \"[t]he Storage Resources allocated to the Customer are logically isolated from those allocated to other OVHcloud customers, and are physically separated from the Infrastructure in which the Customer has set up their Hosted Private Cloud Premier.\"[14] This statement coincides with its public, bare metal, and hosted private cloud solutions, giving the customer the option for running in a multitenant environment or on their own isolated machine. For more about the specifics based upon your needs for isolating data, contact a representative.\n\r\n\n9. Do you have documented data security policies?\nOVHcloud documents its security practices in several places:\n\nCompany network security page\nCompany physical security page\nData security page\nService specific terms\nSome security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an OVHcloud representative to obtain them.\n\r\n\n10. How do you test your platform's security?\nOn its data security page, OVHcloud states the following[15]:\n\nTo verify compliance and evaluate our systems' performance, OVHcloud conducts security audits on a periodic basis. These security audits include the following:\nExternal audits (certifications and attestations);\nInternal audits, carried out by internal or external auditors;\nTechnical audits (penetration testing, vulnerability scans, and policy compliance audits), carried out by internal or external Auditors;\nData Center audits carried out by internal and external auditors\nIf an instance of non-compliance is identified, corrective measures are applied to action plans, as applicable. Corrective measures are also tracked and regularly reviewed, to verify their effectiveness.\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nSee the previous question in regards to security audits. As for intrusion detection and reporting, OVHcloud has a logging policy for its servers and equipment, which includes \"[n]etwork intrusion detection logs and alerts, if appropriate.\"[15] On the customer end, \"[c]ustomers can carry out technical audits (intrusion tests) on services hosted for them, as well as on service management blocks. The terms and conditions for carrying out audits are set out in each contract, or handled on an ad hoc basis, on request.\"[13] It's not clear what intrusion detection tools OVHcloud give the customer to help monitor intrusion on their cloud service. Discuss this with a representative.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nOVHcloud's data security page discusses its audit logging policy. It includes a list of all the logging activities it conducts, noting that \"[l]ogs are consulted and analyzed by a limited number of authorized personnel, in accordance with the authorization and access management policy.\"[15] \n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nIt's not clear exactly what data is included, let alone if you, the customer, are able to audit their logs on demand. Discuss this with an OVHcloud representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nOVHcloud discusses HIPAA and which services and data centers comply. However, nothing is said about a business agreement. You'll have to discuss this topic with a representative to learn more.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nOVHcloud doesn't elaborate on this in their public cloud agreement, only to say \"[a]t the end of this Contract, regardless of the reason for termination, the Client\u2019s Instances, Object Storage Containers and any associated components and stored data shall be deleted.\"[16] This policy will need to be cleary explained by a representative before undertaking operations with OVHcloud.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how OVHc would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, one could turn to the March 2021 fire which destroyed one of OVHcloud's data centers.[17] While they indicated that \"all impacted US customers have been contacted individually and offered solutions to address their situation\" in April[18], the hard reality is that, per their public cloud agreement[16]:\n\nOVHcloud does not backup specific data on the Instances or Object Storage Containers of the Client. It is therefore the responsibility of the Client to take all the necessary measures to back up their data in the event of data loss or deterioration of entrusted data, whatever the cause, including causes not expressly mentioned in this Contract. OVHcloud does not provide any guarantees related to the Client\u2019s use of the Services, in particular guarantees related to the security and preservation of this data.\nThis policy was subtly alluded to in an April article in ComputerWeekly.[17] The customer is ultimately responsible for having backups of their data.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nOVHcloud discusses migrating data to their service and migrating data from one data center to another, but they make little mention of extracting or migrating data out of their services. You'll have to have this conversation with a representative.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an OVHcloud representative.\n\nManaged security services \nOVHcloud doesn't appear to provide managed security services for customers.\n\r\n\n\nAdditional information \nDocumentation and other media \nBenefits of OVHcloud-hosted private cloud\nSpecific Conditions for Public Cloud\nExternal links \nOVHcloud architecture framework or description\nOVHcloud shared responsibility model\nOVHcloud trust center\nReferences \n\n\n\u2191 Belezou, M. (11 September 2020). \"French Cloud Hosting Provider OVH Plans IPO Next Year\". Bloomberg Quint. https:\/\/www.bloombergquint.com\/markets\/french-cloud-hosting-provider-ovh-is-said-to-plan-ipo-next-year . Retrieved 04 August 2023 .   \n \n\n\u2191 \"OVH Completes Acquisition of VMware\u2019s vCloud Air Business\". OVH. 8 May 2017. https:\/\/us.ovhcloud.com\/press\/press-releases\/2017\/ovh-completes-acquisition-vmwares-vcloud-air-business\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 3.0 3.1 \"About OVHcloud\". OVH. https:\/\/us.ovhcloud.com\/about\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Cloud solutions to meet all your needs\". OVH. https:\/\/us.ovhcloud.com\/solutions\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Pacific Rim Laboratories\". ZoomInfo. https:\/\/www.zoominfo.com\/c\/pacific-rim-laboratories-inc\/86590452 . Retrieved 04 August 2023 .   \n \n\n\u2191 \"ALTIK SAS\". ZoomInfo. https:\/\/www.zoominfo.com\/c\/altik-sas\/351858262 . Retrieved 04 August 2023 .   \n \n\n\u2191 Webmaster (15 March 2021). \"Major hosting services issues\". BioAware news. Archived from the original on 04 August 2023. https:\/\/web.archive.org\/web\/20210424154816\/https:\/\/www.bio-aware.com\/news . Retrieved 04 August 2023 .   \n \n\n\u2191 \"The Right Solutions and Products for your Business\". OVHcloud. https:\/\/us.ovhcloud.com\/enterprise\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Working with zones\". OVHcloud. https:\/\/help.ovhcloud.com\/csm\/en-load-balancer-zones?id=kb_article_view&sysparm_article=KB0044267 . Retrieved 04 August 2023 .   \n \n\n\u2191 \"SSL Certificates - How does an SSL certificate work?\". OVHcloud. https:\/\/www.ovhcloud.com\/en-gb\/web-hosting\/options\/ssl\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"An open trusted cloud that meets the very strictest security standards\". OVHcloud. https:\/\/www.ovhcloud.com\/en\/stories\/open-cloud-security-standards\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"OVHcloud datacentres\". OVH. https:\/\/www.ovhcloud.com\/en\/datacenters-ovhcloud\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 13.0 13.1 \"Data security and GDPR\". OVHcloud. https:\/\/www.ovhcloud.com\/en-gb\/personal-data-protection\/security\/?lsdDoc=security.xml . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Service Specific Terms\". OVHcloud. https:\/\/us.ovhcloud.com\/legal\/service-specific-terms . Retrieved 04 August 2023 .   \n \n\n\u2191 15.0 15.1 15.2 \"Data Security\". OVHcloud. https:\/\/us.ovhcloud.com\/personal-data-protection\/security\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 16.0 16.1 \"Specific Conditions for Public Cloud\" (PDF). OVHcloud. https:\/\/www.ovh.com\/world\/support\/termsofservice\/specific_conditions_public_cloud.pdf . Retrieved 04 August 2023 .   \n \n\n\u2191 17.0 17.1 Donnelly, C. (8 April 2021). \"The OVHCloud fire: Assessing the after-effects on datacentre operators and cloud users\". ComputerWeekly. Archived from the original on 08 April 2021. https:\/\/web.archive.org\/web\/20210408103340\/https:\/\/www.computerweekly.com\/news\/252498983\/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users . Retrieved 04 August 2023 .   \n \n\n\u2191 \"System Status Page\". OVHcloud. Archived from the original on 04 August 2023. https:\/\/web.archive.org\/web\/20210424190835\/https:\/\/status.us.ovhcloud.com\/ . Retrieved 04 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/OVHcloud\">https:\/\/www.limswiki.org\/index.php\/OVHcloud<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 4 August 2023, at 19:53.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,492 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","2ac2c388e2c6489bde4dc23edc83d436_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-OVHcloud rootpage-OVHcloud skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">OVHcloud<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>OVHcloud<\/b> is a collection of public, private, hybrid, and multicloud <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> services offered by OVH, a private French information technology company. OVHcloud deploys to over 37 data centers\u2014enhanced by the acquisition of VMware's vCloud Air business<sup id=\"rdp-ebb-cite_ref-OVHComplete17_2-0\" class=\"reference\"><a href=\"#cite_note-OVHComplete17-2\">[2]<\/a><\/sup>\u2014in seven countries, largely represented by the North America, Europe, and Asia Pacific regions.<sup id=\"rdp-ebb-cite_ref-OVHcloudDataCent_3-0\" class=\"reference\"><a href=\"#cite_note-OVHcloudDataCent-3\">[3]<\/a><\/sup> Numerous products and services are associated with OVHcloud, representing computing, networking, content delivery, data storage, database management, security management, enterprise management, container management, and developer support.<sup id=\"rdp-ebb-cite_ref-OVHcloudSolutions_4-0\" class=\"reference\"><a href=\"#cite_note-OVHcloudSolutions-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>Little information can be found regarding non-tech <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a> working with OVHcloud. One example, Pacific Rim Laboratories<sup id=\"rdp-ebb-cite_ref-ZoomInfoPacific_5-0\" class=\"reference\"><a href=\"#cite_note-ZoomInfoPacific-5\">[5]<\/a><\/sup>, was found. As for laboratory informatics companies that have deployed or are deploying their software in OVHcloud, <a href=\"https:\/\/www.limswiki.org\/index.php\/ALTIK_SAS\" title=\"ALTIK SAS\" class=\"wiki-link\" data-key=\"7442fe6260e22e1a6afdb1f00081d881\">ALTIK SAS<\/a> (acquired by Limseo SARL)<sup id=\"rdp-ebb-cite_ref-ZoomInfoAltik_6-0\" class=\"reference\"><a href=\"#cite_note-ZoomInfoAltik-6\">[6]<\/a><\/sup> and BioAware<sup id=\"rdp-ebb-cite_ref-BAMajor21_7-0\" class=\"reference\"><a href=\"#cite_note-BAMajor21-7\">[7]<\/a><\/sup> were identified. An OVHcloud representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used OVHcloud.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>It will ultimately be up to your organization to get an answer from OVHcloud tailored to your systems and business processes. However, this much can be said about OVHcloud. The company recognizes that \"enterprise solutions must integrate seamlessly with a company's existing environment to reduce any disruption and ensure prior investments in IT have not gone to waste. This is why OVHcloud bases its technology on open standards to guarantee portability and interoperability.\"<sup id=\"rdp-ebb-cite_ref-OVHTheRightSol_8-0\" class=\"reference\"><a href=\"#cite_note-OVHTheRightSol-8\">[8]<\/a><\/sup> OVHcloud also provides case studies, like that of <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovhcloud.com\/en\/case-studies\/touchstone\/\" target=\"_blank\">Touchstone Solutions<\/a>, and how they have integrated their cloud and on-premises hardware solutions with OVHcloud.\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Some public information is made available about historic outages and downtime. OVHcloud has a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/status.us.ovhcloud.com\/\" target=\"_blank\">systems status page<\/a> with status history (you have to scroll past all the planned maintenance items, down to the bottom, and click on the \"History\" link). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with an OVHcloud representative may reveal more historical downtime history for the services you are interested in.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>OVHcloud does not make this answer clear. However, the answer is likely tied to what after-sales <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovhcloud.com\/en\/support-levels\/plans\/\" target=\"_blank\">support plan<\/a> you choose. Confirm with OVHcloud what downtime support they provide based on the services your organization are interested in.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>OVHcloud has 28 data centers in seven countries, largely represented by the North America, Europe, and Asia Pacific regions.<sup id=\"rdp-ebb-cite_ref-OVHcloudDataCent_3-1\" class=\"reference\"><a href=\"#cite_note-OVHcloudDataCent-3\">[3]<\/a><\/sup> There are availability zones or areas associated with those regions<sup id=\"rdp-ebb-cite_ref-OVHWorking_9-0\" class=\"reference\"><a href=\"#cite_note-OVHWorking-9\">[9]<\/a><\/sup>, though OVHcloud doesn't appear to discuss these zones or areas much in its literature. As for the security of transferred data SSL certificates<sup id=\"rdp-ebb-cite_ref-OVHHowDoesSSL_10-0\" class=\"reference\"><a href=\"#cite_note-OVHHowDoesSSL-10\">[10]<\/a><\/sup> and other \"security protocols and practices\" are used.<sup id=\"rdp-ebb-cite_ref-OVHAReliable_11-0\" class=\"reference\"><a href=\"#cite_note-OVHAReliable-11\">[11]<\/a><\/sup> You'll have to discuss the specifics with an OVHcloud representative.\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>OVHcloud says this about physical access<sup id=\"rdp-ebb-cite_ref-OVHPriorityData_12-0\" class=\"reference\"><a href=\"#cite_note-OVHPriorityData-12\">[12]<\/a><\/sup>:\n<\/p>\n<blockquote><p>We have full control over physical security in our datacentres, as we are the sole operator. Access to buildings is limited and controlled in compliance with the very strictest standards and requirements, to ensure maximum security within the site. To access the premises and physical servers, only employees assigned to the building and carrying a badge are allowed to enter. 24\/7 video surveillance and security ensure full control of each site.<\/p><\/blockquote>\n<p>The company doesn't make clear who has access to the servers where your data is located. As for credentials, certifications, and training, they note that \"OVH personnel follow security awareness training and are trained in compliance rules for personal data processing.\"<sup id=\"rdp-ebb-cite_ref-OVHDataSecGDPR_13-0\" class=\"reference\"><a href=\"#cite_note-OVHDataSecGDPR-13\">[13]<\/a><\/sup> For more details, discuss this with an OVHcloud representative.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Not all <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/about\/company\/data-centers\" target=\"_blank\">OVHcloud machines<\/a> have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>OVHcloud states \"[t]he Storage Resources allocated to the Customer are logically isolated from those allocated to other OVHcloud customers, and are physically separated from the Infrastructure in which the Customer has set up their Hosted Private Cloud Premier.\"<sup id=\"rdp-ebb-cite_ref-OVHServiceSpecTerms_14-0\" class=\"reference\"><a href=\"#cite_note-OVHServiceSpecTerms-14\">[14]<\/a><\/sup> This statement coincides with its public, bare metal, and hosted private cloud solutions, giving the customer the option for running in a multitenant environment or on their own isolated machine. For more about the specifics based upon your needs for isolating data, contact a representative.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>OVHcloud documents its security practices in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/security\/\" target=\"_blank\">Company network security page<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovhcloud.com\/en\/datacenters-ovhcloud\/\" target=\"_blank\">Company physical security page<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/personal-data-protection\/security\/\" target=\"_blank\">Data security page<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/legal\/service-specific-terms\/\" target=\"_blank\">Service specific terms<\/a><\/li><\/ul>\n<p>Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an OVHcloud representative to obtain them.\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>On its data security page, OVHcloud states the following<sup id=\"rdp-ebb-cite_ref-OVHDataSec_15-0\" class=\"reference\"><a href=\"#cite_note-OVHDataSec-15\">[15]<\/a><\/sup>:\n<\/p>\n<blockquote><p>To verify compliance and evaluate our systems' performance, OVHcloud conducts security audits on a periodic basis. These security audits include the following:\n<\/p><ul><li>External audits (certifications and attestations);<\/li>\n<li>Internal audits, carried out by internal or external auditors;<\/li>\n<li>Technical audits (penetration testing, vulnerability scans, and policy compliance audits), carried out by internal or external Auditors;<\/li>\n<li>Data Center audits carried out by internal and external auditors<\/li><\/ul><p>\nIf an instance of non-compliance is identified, corrective measures are applied to action plans, as applicable. Corrective measures are also tracked and regularly reviewed, to verify their effectiveness.<\/p><\/blockquote>\n<p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p>See the previous question in regards to security audits. As for intrusion detection and reporting, OVHcloud has a logging policy for its servers and equipment, which includes \"[n]etwork intrusion detection logs and alerts, if appropriate.\"<sup id=\"rdp-ebb-cite_ref-OVHDataSec_15-1\" class=\"reference\"><a href=\"#cite_note-OVHDataSec-15\">[15]<\/a><\/sup> On the customer end, \"[c]ustomers can carry out technical audits (intrusion tests) on services hosted for them, as well as on service management blocks. The terms and conditions for carrying out audits are set out in each contract, or handled on an ad hoc basis, on request.\"<sup id=\"rdp-ebb-cite_ref-OVHDataSecGDPR_13-1\" class=\"reference\"><a href=\"#cite_note-OVHDataSecGDPR-13\">[13]<\/a><\/sup> It's not clear what intrusion detection tools OVHcloud give the customer to help monitor intrusion on their cloud service. Discuss this with a representative.\n<\/p><p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>OVHcloud's <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/personal-data-protection\/security\/\" target=\"_blank\">data security page<\/a> discusses its audit logging policy. It includes a list of all the logging activities it conducts, noting that \"[l]ogs are consulted and analyzed by a limited number of authorized personnel, in accordance with the authorization and access management policy.\"<sup id=\"rdp-ebb-cite_ref-OVHDataSec_15-2\" class=\"reference\"><a href=\"#cite_note-OVHDataSec-15\">[15]<\/a><\/sup> \n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>It's not clear exactly what data is included, let alone if you, the customer, are able to audit their logs on demand. Discuss this with an OVHcloud representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>OVHcloud <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/enterprise\/certification-conformity\/hipaa-hitech\/\" target=\"_blank\">discusses HIPAA<\/a> and which services and data centers comply. However, nothing is said about a business agreement. You'll have to discuss this topic with a representative to learn more.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>OVHcloud doesn't elaborate on this in their <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovh.com\/world\/support\/termsofservice\/specific_conditions_public_cloud.pdf\" target=\"_blank\">public cloud agreement<\/a>, only to say \"[a]t the end of this Contract, regardless of the reason for termination, the Client\u2019s Instances, Object Storage Containers and any associated components and stored data shall be deleted.\"<sup id=\"rdp-ebb-cite_ref-OVHSpecificCondPC_16-0\" class=\"reference\"><a href=\"#cite_note-OVHSpecificCondPC-16\">[16]<\/a><\/sup> This policy will need to be cleary explained by a representative before undertaking operations with OVHcloud.\n<\/p><p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how OVHc would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, one could turn to the March 2021 fire which destroyed one of OVHcloud's data centers.<sup id=\"rdp-ebb-cite_ref-DonnellyTheOVH21_17-0\" class=\"reference\"><a href=\"#cite_note-DonnellyTheOVH21-17\">[17]<\/a><\/sup> While they indicated that \"all impacted US customers have been contacted individually and offered solutions to address their situation\" in April<sup id=\"rdp-ebb-cite_ref-OVHStatusArch_18-0\" class=\"reference\"><a href=\"#cite_note-OVHStatusArch-18\">[18]<\/a><\/sup>, the hard reality is that, per their public cloud agreement<sup id=\"rdp-ebb-cite_ref-OVHSpecificCondPC_16-1\" class=\"reference\"><a href=\"#cite_note-OVHSpecificCondPC-16\">[16]<\/a><\/sup>:\n<\/p>\n<blockquote><p>OVHcloud does not backup specific data on the Instances or Object Storage Containers of the Client. It is therefore the responsibility of the Client to take all the necessary measures to back up their data in the event of data loss or deterioration of entrusted data, whatever the cause, including causes not expressly mentioned in this Contract. OVHcloud does not provide any guarantees related to the Client\u2019s use of the Services, in particular guarantees related to the security and preservation of this data.<\/p><\/blockquote>\n<p>This policy was subtly alluded to in an April article in <i>ComputerWeekly<\/i>.<sup id=\"rdp-ebb-cite_ref-DonnellyTheOVH21_17-1\" class=\"reference\"><a href=\"#cite_note-DonnellyTheOVH21-17\">[17]<\/a><\/sup> The customer is ultimately responsible for having backups of their data.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>OVHcloud discusses <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/solutions\/data-center-migration\/\" target=\"_blank\">migrating data to their service<\/a> and migrating data from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/help.ovhcloud.com\/csm\/en-public-cloud-compute-transfer-instance-backup-between-datacenters?id=kb_article_view&sysparm_article=KB0051282\" target=\"_blank\">one data center to another<\/a>, but they make little mention of extracting or migrating data out of their services. You'll have to have this conversation with a representative.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an OVHcloud representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>OVHcloud doesn't appear to provide managed security services for customers.\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovhcloud.com\/sites\/default\/files\/2020-05\/TEI_of_OVHcloud_Hosted_Private_Cloud.pdf\" target=\"_blank\">Benefits of OVHcloud-hosted private cloud<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovh.com\/world\/support\/termsofservice\/specific_conditions_public_cloud.pdf\" target=\"_blank\">Specific Conditions for Public Cloud<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/about\/data-centers\/\" target=\"_blank\">OVHcloud architecture framework or description<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/legal\/service-specific-terms\/\" target=\"_blank\">OVHcloud shared responsibility model<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/enterprise\/certification-conformity\/\" target=\"_blank\">OVHcloud trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-BalezouFrench20-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BalezouFrench20_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Belezou, M. (11 September 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.bloombergquint.com\/markets\/french-cloud-hosting-provider-ovh-is-said-to-plan-ipo-next-year\" target=\"_blank\">\"French Cloud Hosting Provider OVH Plans IPO Next Year\"<\/a>. <i>Bloomberg Quint<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.bloombergquint.com\/markets\/french-cloud-hosting-provider-ovh-is-said-to-plan-ipo-next-year\" target=\"_blank\">https:\/\/www.bloombergquint.com\/markets\/french-cloud-hosting-provider-ovh-is-said-to-plan-ipo-next-year<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=French+Cloud+Hosting+Provider+OVH+Plans+IPO+Next+Year&rft.atitle=Bloomberg+Quint&rft.aulast=Belezou%2C+M.&rft.au=Belezou%2C+M.&rft.date=11+September+2020&rft_id=https%3A%2F%2Fwww.bloombergquint.com%2Fmarkets%2Ffrench-cloud-hosting-provider-ovh-is-said-to-plan-ipo-next-year&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHComplete17-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OVHComplete17_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/press\/press-releases\/2017\/ovh-completes-acquisition-vmwares-vcloud-air-business\/\" target=\"_blank\">\"OVH Completes Acquisition of VMware\u2019s vCloud Air Business\"<\/a>. OVH. 8 May 2017<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/us.ovhcloud.com\/press\/press-releases\/2017\/ovh-completes-acquisition-vmwares-vcloud-air-business\/\" target=\"_blank\">https:\/\/us.ovhcloud.com\/press\/press-releases\/2017\/ovh-completes-acquisition-vmwares-vcloud-air-business\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=OVH+Completes+Acquisition+of+VMware%E2%80%99s+vCloud+Air+Business&rft.atitle=&rft.date=8+May+2017&rft.pub=OVH&rft_id=https%3A%2F%2Fus.ovhcloud.com%2Fpress%2Fpress-releases%2F2017%2Fovh-completes-acquisition-vmwares-vcloud-air-business%2F&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHcloudDataCent-3\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OVHcloudDataCent_3-0\">3.0<\/a><\/sup> <sup><a href=\"#cite_ref-OVHcloudDataCent_3-1\">3.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/about\/\" target=\"_blank\">\"About OVHcloud\"<\/a>. OVH<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/us.ovhcloud.com\/about\/\" target=\"_blank\">https:\/\/us.ovhcloud.com\/about\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=About+OVHcloud&rft.atitle=&rft.pub=OVH&rft_id=https%3A%2F%2Fus.ovhcloud.com%2Fabout%2F&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHcloudSolutions-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OVHcloudSolutions_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/solutions\/\" target=\"_blank\">\"Cloud solutions to meet all your needs\"<\/a>. OVH<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/us.ovhcloud.com\/solutions\/\" target=\"_blank\">https:\/\/us.ovhcloud.com\/solutions\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+solutions+to+meet+all+your+needs&rft.atitle=&rft.pub=OVH&rft_id=https%3A%2F%2Fus.ovhcloud.com%2Fsolutions%2F&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ZoomInfoPacific-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ZoomInfoPacific_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.zoominfo.com\/c\/pacific-rim-laboratories-inc\/86590452\" target=\"_blank\">\"Pacific Rim Laboratories\"<\/a>. <i>ZoomInfo<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.zoominfo.com\/c\/pacific-rim-laboratories-inc\/86590452\" target=\"_blank\">https:\/\/www.zoominfo.com\/c\/pacific-rim-laboratories-inc\/86590452<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Pacific+Rim+Laboratories&rft.atitle=ZoomInfo&rft_id=https%3A%2F%2Fwww.zoominfo.com%2Fc%2Fpacific-rim-laboratories-inc%2F86590452&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ZoomInfoAltik-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ZoomInfoAltik_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.zoominfo.com\/c\/altik-sas\/351858262\" target=\"_blank\">\"ALTIK SAS\"<\/a>. <i>ZoomInfo<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.zoominfo.com\/c\/altik-sas\/351858262\" target=\"_blank\">https:\/\/www.zoominfo.com\/c\/altik-sas\/351858262<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=ALTIK+SAS&rft.atitle=ZoomInfo&rft_id=https%3A%2F%2Fwww.zoominfo.com%2Fc%2Faltik-sas%2F351858262&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BAMajor21-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BAMajor21_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Webmaster (15 March 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210424154816\/https:\/\/www.bio-aware.com\/news\" target=\"_blank\">\"Major hosting services issues\"<\/a>. <i>BioAware news<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.bio-aware.com\/news\" target=\"_blank\">the original<\/a> on 04 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210424154816\/https:\/\/www.bio-aware.com\/news\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210424154816\/https:\/\/www.bio-aware.com\/news<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Major+hosting+services+issues&rft.atitle=BioAware+news&rft.aulast=Webmaster&rft.au=Webmaster&rft.date=15+March+2021&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210424154816%2Fhttps%3A%2F%2Fwww.bio-aware.com%2Fnews&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHTheRightSol-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OVHTheRightSol_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/enterprise\/\" target=\"_blank\">\"The Right Solutions and Products for your Business\"<\/a>. OVHcloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/us.ovhcloud.com\/enterprise\/\" target=\"_blank\">https:\/\/us.ovhcloud.com\/enterprise\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+Right+Solutions+and+Products+for+your+Business&rft.atitle=&rft.pub=OVHcloud&rft_id=https%3A%2F%2Fus.ovhcloud.com%2Fenterprise%2F&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHWorking-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OVHWorking_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/help.ovhcloud.com\/csm\/en-load-balancer-zones?id=kb_article_view&sysparm_article=KB0044267\" target=\"_blank\">\"Working with zones\"<\/a>. OVHcloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/help.ovhcloud.com\/csm\/en-load-balancer-zones?id=kb_article_view&sysparm_article=KB0044267\" target=\"_blank\">https:\/\/help.ovhcloud.com\/csm\/en-load-balancer-zones?id=kb_article_view&sysparm_article=KB0044267<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Working+with+zones&rft.atitle=&rft.pub=OVHcloud&rft_id=https%3A%2F%2Fhelp.ovhcloud.com%2Fcsm%2Fen-load-balancer-zones%3Fid%3Dkb_article_view%26sysparm_article%3DKB0044267&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHHowDoesSSL-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OVHHowDoesSSL_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovhcloud.com\/en-gb\/web-hosting\/options\/ssl\/\" target=\"_blank\">\"SSL Certificates - How does an SSL certificate work?\"<\/a>. OVHcloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ovhcloud.com\/en-gb\/web-hosting\/options\/ssl\/\" target=\"_blank\">https:\/\/www.ovhcloud.com\/en-gb\/web-hosting\/options\/ssl\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SSL+Certificates+-+How+does+an+SSL+certificate+work%3F&rft.atitle=&rft.pub=OVHcloud&rft_id=https%3A%2F%2Fwww.ovhcloud.com%2Fen-gb%2Fweb-hosting%2Foptions%2Fssl%2F&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHAReliable-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OVHAReliable_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovhcloud.com\/en\/stories\/open-cloud-security-standards\/\" target=\"_blank\">\"An open trusted cloud that meets the very strictest security standards\"<\/a>. OVHcloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ovhcloud.com\/en\/stories\/open-cloud-security-standards\/\" target=\"_blank\">https:\/\/www.ovhcloud.com\/en\/stories\/open-cloud-security-standards\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=An+open+trusted+cloud+that+meets+the+very+strictest+security+standards&rft.atitle=&rft.pub=OVHcloud&rft_id=https%3A%2F%2Fwww.ovhcloud.com%2Fen%2Fstories%2Fopen-cloud-security-standards%2F&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHPriorityData-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OVHPriorityData_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovhcloud.com\/en\/datacenters-ovhcloud\/\" target=\"_blank\">\"OVHcloud datacentres\"<\/a>. OVH<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ovhcloud.com\/en\/datacenters-ovhcloud\/\" target=\"_blank\">https:\/\/www.ovhcloud.com\/en\/datacenters-ovhcloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=OVHcloud+datacentres&rft.atitle=&rft.pub=OVH&rft_id=https%3A%2F%2Fwww.ovhcloud.com%2Fen%2Fdatacenters-ovhcloud%2F&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHDataSecGDPR-13\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OVHDataSecGDPR_13-0\">13.0<\/a><\/sup> <sup><a href=\"#cite_ref-OVHDataSecGDPR_13-1\">13.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovhcloud.com\/en-gb\/personal-data-protection\/security\/?lsdDoc=security.xml\" target=\"_blank\">\"Data security and GDPR\"<\/a>. OVHcloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ovhcloud.com\/en-gb\/personal-data-protection\/security\/?lsdDoc=security.xml\" target=\"_blank\">https:\/\/www.ovhcloud.com\/en-gb\/personal-data-protection\/security\/?lsdDoc=security.xml<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+security+and+GDPR&rft.atitle=&rft.pub=OVHcloud&rft_id=https%3A%2F%2Fwww.ovhcloud.com%2Fen-gb%2Fpersonal-data-protection%2Fsecurity%2F%3FlsdDoc%3Dsecurity.xml&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHServiceSpecTerms-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OVHServiceSpecTerms_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/legal\/service-specific-terms\" target=\"_blank\">\"Service Specific Terms\"<\/a>. OVHcloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/us.ovhcloud.com\/legal\/service-specific-terms\" target=\"_blank\">https:\/\/us.ovhcloud.com\/legal\/service-specific-terms<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Service+Specific+Terms&rft.atitle=&rft.pub=OVHcloud&rft_id=https%3A%2F%2Fus.ovhcloud.com%2Flegal%2Fservice-specific-terms&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHDataSec-15\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OVHDataSec_15-0\">15.0<\/a><\/sup> <sup><a href=\"#cite_ref-OVHDataSec_15-1\">15.1<\/a><\/sup> <sup><a href=\"#cite_ref-OVHDataSec_15-2\">15.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/personal-data-protection\/security\/\" target=\"_blank\">\"Data Security\"<\/a>. OVHcloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/us.ovhcloud.com\/personal-data-protection\/security\/\" target=\"_blank\">https:\/\/us.ovhcloud.com\/personal-data-protection\/security\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+Security&rft.atitle=&rft.pub=OVHcloud&rft_id=https%3A%2F%2Fus.ovhcloud.com%2Fpersonal-data-protection%2Fsecurity%2F&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHSpecificCondPC-16\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OVHSpecificCondPC_16-0\">16.0<\/a><\/sup> <sup><a href=\"#cite_ref-OVHSpecificCondPC_16-1\">16.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ovh.com\/world\/support\/termsofservice\/specific_conditions_public_cloud.pdf\" target=\"_blank\">\"Specific Conditions for Public Cloud\"<\/a> (PDF). OVHcloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ovh.com\/world\/support\/termsofservice\/specific_conditions_public_cloud.pdf\" target=\"_blank\">https:\/\/www.ovh.com\/world\/support\/termsofservice\/specific_conditions_public_cloud.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Specific+Conditions+for+Public+Cloud&rft.atitle=&rft.pub=OVHcloud&rft_id=https%3A%2F%2Fwww.ovh.com%2Fworld%2Fsupport%2Ftermsofservice%2Fspecific_conditions_public_cloud.pdf&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DonnellyTheOVH21-17\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-DonnellyTheOVH21_17-0\">17.0<\/a><\/sup> <sup><a href=\"#cite_ref-DonnellyTheOVH21_17-1\">17.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Donnelly, C. (8 April 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210408103340\/https:\/\/www.computerweekly.com\/news\/252498983\/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users\" target=\"_blank\">\"The OVHCloud fire: Assessing the after-effects on datacentre operators and cloud users\"<\/a>. <i>ComputerWeekly<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.computerweekly.com\/news\/252498983\/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users\" target=\"_blank\">the original<\/a> on 08 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210408103340\/https:\/\/www.computerweekly.com\/news\/252498983\/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210408103340\/https:\/\/www.computerweekly.com\/news\/252498983\/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+OVHCloud+fire%3A+Assessing+the+after-effects+on+datacentre+operators+and+cloud+users&rft.atitle=ComputerWeekly&rft.aulast=Donnelly%2C+C.&rft.au=Donnelly%2C+C.&rft.date=8+April+2021&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210408103340%2Fhttps%3A%2F%2Fwww.computerweekly.com%2Fnews%2F252498983%2FOVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OVHStatusArch-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OVHStatusArch_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210424190835\/https:\/\/status.us.ovhcloud.com\/\" target=\"_blank\">\"System Status Page\"<\/a>. OVHcloud. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/status.us.ovhcloud.com\/\" target=\"_blank\">the original<\/a> on 04 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210424190835\/https:\/\/status.us.ovhcloud.com\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210424190835\/https:\/\/status.us.ovhcloud.com\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=System+Status+Page&rft.atitle=&rft.pub=OVHcloud&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210424190835%2Fhttps%3A%2F%2Fstatus.us.ovhcloud.com%2F&rfr_id=info:sid\/en.wikipedia.org:OVHcloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816185458\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.177 seconds\nReal time usage: 0.191 seconds\nPreprocessor visited node count: 13206\/1000000\nPost\u2010expand include size: 70026\/2097152 bytes\nTemplate argument size: 28525\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 24098\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 162.002 1 -total\n 70.31% 113.909 1 Template:Reflist\n 58.45% 94.693 18 Template:Cite_web\n 53.37% 86.456 18 Template:Citation\/core\n 24.07% 38.989 1 Template:Infobox_company\n 21.99% 35.631 1 Template:Infobox\n 13.64% 22.099 81 Template:Infobox\/row\n 6.02% 9.760 4 Template:Date\n 4.48% 7.258 26 Template:Citation\/make_link\n 3.31% 5.361 1 Template:URL\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12490-0!canonical and timestamp 20230816185458 and revision id 52744. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/OVHcloud\">https:\/\/www.limswiki.org\/index.php\/OVHcloud<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","2ac2c388e2c6489bde4dc23edc83d436_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/4\/4c\/Logo_OVHcloud.png"],"2ac2c388e2c6489bde4dc23edc83d436_timestamp":1692220362,"ac68a3433020de439b666f2cb7102a80_type":"article","ac68a3433020de439b666f2cb7102a80_title":"Oracle Cloud Infrastructure","ac68a3433020de439b666f2cb7102a80_url":"https:\/\/www.limswiki.org\/index.php\/Oracle_Cloud_Infrastructure","ac68a3433020de439b666f2cb7102a80_plaintext":"\n\nOracle Cloud InfrastructureFrom LIMSWikiJump to navigationJump to searchOracle Cloud Infrastructure\nIndustry\n \nCloud computing, Web servicesFounder(s)\n \nLarry Ellison\r\nBob Miner\r\nEd OatesHeadquarters\n \nRedwood City, California , United States Area served\n \nWorldwideKey people\n \nClay Magouyrk (EVP)Products\n \nIaaS, PaaS, DBaaS, DaaSRevenue\n \n$35.3 billion (2023, Q4)[1]Website\n \noracle.com\/cloud\/ \n\n\r\n\nOracle Cloud Infrastructure is a a collection of public, private, hybrid, and multicloud cloud computing services offered by Oracle Corporation, an American multinational information technology company. Oracle Cloud Infrastructure deploys to unknown number of data centers in 44 cloud regions in 23 countries around the world.[2] More than 100 different products and services are associated with Oracle Cloud Infrastructure, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, data analysis, and developer support.[2]\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nOracle has the Oracle for Research program, which helps researchers, scientists, and academic institutions \"to simplify the research process, accelerate discovery, and address humanity\u2019s most urgent needs.\"[3] Through this program, labs at Flinders University[4], Royal Holloway University of London[5], University of Bristol[6], and University of Southern California[7] have used Oracle Cloud towards their objectives.\n\r\n\nLaboratory informatics vendors that have turned to Oracle Cloud include AgiLab SAS[8], OPTIMIZA[9], and Triniti.[10] An Oracle representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Oracle Cloud Infrastructure.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nIt will ultimately be up to your organization to get an answer from Linode tailored to your systems and business processes. However, this much can be said about Oracle Cloud Infrastructure integrations. The Oracle Integration collection of h database, application, social, and productivity adapters \"offers innovative methods for accelerating all types of application connection and process automation projects. They include out-of-the-box templates and adapters to connect virtually any data store, process, application, service, or API across modern and legacy sales, marketing, HCM, finance, and order-management systems.\"[11]\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nSome public information is made available about historic outages and downtime. Oracle Cloud Infrastructure has a systems status page with status history (you have to click on the \"Incident History\" link at the bottom, then the date range arrows in the top right of the subsequent page). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with an Oracle Cloud Infrastructure representative may reveal more historical downtime history for the services you are interested in.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nOracle Cloud Infrastructure does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with Oracle what downtime support they provide based on the services your organization are interested in.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nOracle Cloud Infrastructure is split up into 42 regions, each with various availability domains and fault domains. As for data transfers, Oracle Cloud Infrastructure provides multiple ways to better ensure safer data transmission. In its disaster recovery documentation, Oracle discusses networking services such as virtual cloud networks, reserved public IP addresses, Load Balancing, and FastConnect. For example, FastConnect can be used in hybrid cloud data transfers between on-premises and Oracle cloud infrastructures \"that enable you recover your cloud workloads quickly, reliably, and securely.\"[12] As for the security of data in transit, Oracle Cloud Infrastructure addresses this with encryption mechanisms like TLS v1.2.[13]\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nOracle broadly describes physical security controls at its facilities, but it doesn't discuss who is allowed into the heart of data centers and how access to those areas is controlled. It also doesn't describe any certifications or training that applies to the individuals who could access your data. This is a conversation to have with a Oracle Cloud Infrastructure representative.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nNot all Oracle Cloud Infrastructure machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nSimilar to IBM, Oracle appears to allow for both physical (bare metal) separation and logical separation for some of its services. They note:[14]:\n\nCustomer Isolation: Lets you deploy your application and data assets in an environment that is fully isolated from other tenants and from Oracle staff.\nAs for tenant isolation, the concept is addressed in Oracle's security documentation, in reference to both bare metal and virtual machine instances, as well as within the scope of networking. For details beyond the documentation, consult a representative.\n\r\n\n9. Do you have documented data security policies?\nOracle Cloud Infrastructure documents its security practices in several places:\n\nCloud security portal\nInfrastructure security guide\nSecurity services and features\nSome security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an Oracle Cloud Infrastructure representative to obtain them.\n\r\n\n10. How do you test your platform's security?\nOracle has this to say about internal and customer cloud security testing[15]:\n\nOracle regularly performs penetration and vulnerability testing and security assessments against the Oracle Cloud infrastructure, platforms, and applications. These tests are intended to validate and improve the overall security of Oracle Cloud services.\nHowever, Oracle does not assess or test any components (including, non-Oracle applications, non-Oracle databases or other non-Oracle software, code or data, as may be applicable) that you manage through or introduce into \u2013 including introduction through your development in or creation in - the Oracle Cloud services (the \u201cCustomer Components\u201d). This policy does not address or provide any right to conduct testing of any third-party materials included in the Customer Components.\n\nExcept as otherwise permitted or restricted in your Oracle Cloud services agreements, your service administrator who has system level access to your Oracle Cloud services may run penetration and vulnerability tests for the Customer Components included in certain of your Oracle Cloud services in accordance with the following rules and restrictions.\nIt also appears that Oracle may have a Red Team that handles its penetration and vulnerability testing.[16] Discuss this with a representative to learn more.\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nAudits: Customers are able to audit their security by using the built-in Audit service. \"Using the Audit service, customers can achieve their own security and compliance goals by monitoring all user activity within their tenancy. Because all Console, SDK, and command line (CLI) calls go through our APIs, all activity from those sources is included.\"[14] As for internal security audits, Oracle notes in its 2020 SOC 3 report that \"[a]t least annually, Oracle Cloud Infrastructure completes an internal audit of the system. The internal audit is conducted by qualified auditors and as per the requirements set out in Clause 9 of ISO\/IEC 27001:2013.\"[17]\nIntrusion detection and reporting: Oracle Cloud Infrastructure has the following to say about its internal intrusion detection processes[18]:\n\nOracle employs intrusion-detection systems within the Oracle intranet to provide continuous surveillance for intercepting and responding to security events as they are identified. Oracle utilizes a network-based monitoring approach to detect attacks on open firewall ports within Oracle's intranet. Events are analyzed using signature detection, which is a pattern matching of environment settings and user activities against a database of known attacks. Oracle updates the signature database as soon as new releases become available for commercial distribution. Alerts are forwarded to Oracle's IT security for review and response to potential threats.\nCustomers also have intrusion detection and reporting mechanisms at their disposal, including Cloud Guard and Vulnerability Scanning.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nIn its Oracle Services Privacy Policy, Oracle uses the term \"systems operations data\" to \"include log files, event files, and other trace and diagnostic files, as well as statistical and aggregated information that relates to the use and operation of our Services, and the systems and networks these Services run on.\"[19] Oracle Cloud Infrastructure may use system logs related to your data to keep their services secure, investigate and prevent potential fraud, to administrate backup and disaster recovery plans, confirm compliance, research and development activities, and to comply with applicable laws.[19] Of course, customers can maintain and act upon their own data logs using tools like Logging Analytics.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nIt's not clear how thorough the logs are, but Oracle does state: \"To the extent provided under applicable laws, Users may request to access, correct, update or delete personal information contained in Systems Operations Data in certain cases, or otherwise exercise their choices with regard to their personal information by filling out an inquiry form.\"[19] Consult with a representative to learn more.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nYes, Oracle Cloud Infrastructure will sign a business associate agreement.[20] Consult their blog post or a representative for more details on their approach to HIPAA compliance.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nFrom the Oracle Cloud Hosting and Delivery Policies[21]:\n\nFor a period of 60 days upon termination of the Oracle Cloud Services, Oracle will make available, via secure protocols and in a structured, machine-readable format, Your Content residing in the production Oracle Cloud Services, or keep the service system accessible, for the purpose of data retrieval by You. \n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how Oracle Cloud Infrastructure would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, Oracles uses \"fault domains\" for ensuring data availability and redundancy. Those regions with availability domains typically have three fault domains. \"Fault domains enable you to distribute your resources so that they don't depend on the same physical hardware within a single availability domain. As a result, hardware failures or maintenance events that affect one fault domain do not affect the resources in other fault domains.\"[12] It's highly unlikely that all three fault domains would be affected in a catastrophic event. However, if this is a concern, discuss further data redundancy with an Oracle Cloud Infrastructure representative.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nFrom question 15, we found that data can be extracted \"via secure protocols and in a structured, machine-readable format.\" Verify with a representative the finer details, including when such extractions of files, database dumps, whole disks, backups, etc. may occur.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an Oracle Cloud Infrastructure representative.\n\nManaged security services \nOracle advertises managed security services, described as \"a suite of services to help you strengthen the enterprise security posture of your IT environment,\" part of the Oracle Customer Success Services (CSS) portfolio of services. Oracles mentions the following services[22]:\n\nvulnerability and threat prevention\ndata security and protection\nidentity and access management\nregulatory security governance and compliance services\nAdditional information \nDocumentation and other media \nCloud Hosting and Delivery Policies\nCloud integration guide\nCloud security services portal\nCompliance offering descriptions\nCybersecurity services brochure\nDisaster recovery documentation\nHIPAA Assessed Regions and Services\nInfrastructure security guide\nExternal links \nOracle Customer Success Services\nOracle Cloud Infrastructure architecture framework or description\nOracle Cloud Infrastructure shared responsibility model\nOracle Cloud Infrastructure trust center\nReferences \n\n\n\u2191 \"Oracle Announces Fiscal 2023 Fourth Quarter and Fiscal Full Year Financial Results\". Oracle Corporation. 12 June 2023. https:\/\/investor.oracle.com\/investor-news\/news-details\/2023\/Oracle-Announces-Fiscal-2023-Fourth-Quarter-and-Fiscal-Full-Year-Financial-Results\/default.aspx . Retrieved 04 August 2023 .   \n \n\n\u2191 2.0 2.1 \"Public Cloud Regions\". Oracle. https:\/\/www.oracle.com\/cloud\/public-cloud-regions\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Oracle for Research\". Oracle. https:\/\/www.oracle.com\/oracle-for-research\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 Miller, A.D. (4 August 2020). \"From Viruses to Environmental Issues, Cloud Computing is Accelerating Research and Scientific Discovery\". Oracle for Research Blog. https:\/\/blogs.oracle.com\/research\/post\/from-viruses-to-environmental-issues-cloud-computing-is-accelerating-research-and-scientific-discovery . Retrieved 04 August 2023 .   \n \n\n\u2191 Payton, R. (30 January 2023). \"Royal Holloway & Oracle refine carbon storage to fight climate change\". Oracle for Research Blog. https:\/\/blogs.oracle.com\/research\/post\/royal-holloway-oracle-refine-carbon-storage-to-fight-climate-change . Retrieved 04 August 2023 .   \n \n\n\u2191 \"University of Bristol makes COVID breakthrough with Oracle\". Oracle Corporation. 8 September 2021. https:\/\/www.oracle.com\/customers\/university-of-bristol\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 Barker, B. (14 July 2021). \"When bare metal GPUs and cloud come together, USC researchers win\". Oracle for Research Blog. https:\/\/blogs.oracle.com\/research\/post\/when-bare-metal-gpus-and-cloud-come-together-usc-researchers-win . Retrieved 04 August 2023 .   \n \n\n\u2191 Munoz-Willery, I. (15 September 2017). \"Agilab LIMS Solutions moves to Oracle Cloud\". Paperless Lab Academy. https:\/\/www.paperlesslabacademy.com\/2017\/09\/15\/agilab-moves-to-oracle-cloud\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"OPTIMIZA\u2019s AccuLab: Powered By Oracle, Now Available in Oracle Cloud Marketplace\". OPTIMIZA. 15 July 2019. https:\/\/optimiza.me\/acculab-oracle-cloud-marketplace\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Lab Diagnostics Industry Solution for Oracle Cloud\". Triniti. https:\/\/www.triniti.com\/lab-diagnostics-industry-solution-oracle-cloud . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Integrate and Automate Business Processes\" (PDF). Oracle. 2020. https:\/\/www.oracle.com\/a\/ocom\/docs\/cloud-essentials-integration-3885458.pdf . Retrieved 04 August 2023 .   \n \n\n\u2191 12.0 12.1 \"Best practices for protecting your cloud topology against disasters\". Oracle Help Center. Oracle. https:\/\/docs.oracle.com\/en\/solutions\/design-dr\/index.html . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Using In-transit TLS Encryption\". Oracle Cloud Infrastructure Documentation. Oracle. https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/File\/Tasks\/intransitencryption.htm . Retrieved 04 August 2023 .   \n \n\n\u2191 14.0 14.1 \"Security Overview\". Oracle Cloud Infrastructure Documentation. Oracle. https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_overview.htm . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Oracle Cloud Security Testing Policies\". Oracle Cloud Infrastructure Documentation. Oracle. https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_testing-policy.htm . Retrieved 04 August 2023 .   \n \n\n\u2191 Cross, D.B. (7 January 2020). \"Why Red Teams Rule the Cloud!\". Oracle Cloud Security Blog. https:\/\/blogs.oracle.com\/cloudsecurity\/post\/why-red-teams-rule-the-cloud . Retrieved 04 August 2023 .   \n \n\n\u2191 \"System and Organization Controls (SOC 3) Report\". Oracle. 2023. https:\/\/www.oracle.com\/a\/ocom\/docs\/oci-soc-3-report.pdf . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Security Principles for Network Communications\". Oracle. https:\/\/www.oracle.com\/corporate\/security-practices\/corporate\/network-communications-security.html . Retrieved 04 August 2023 .   \n \n\n\u2191 19.0 19.1 19.2 \"Privacy @ Oracle: Oracle Services Privacy Policy\". Oracle. https:\/\/www.oracle.com\/legal\/privacy\/services-privacy-policy.html . Retrieved 04 August 2023 .   \n \n\n\u2191 Karabulut, Y. (30 May 2018). \"Oracle Announces HIPAA Attestation for Oracle Cloud Infrastructure\". Oracle Cloud Infrastructure Blog. Oracle. https:\/\/blogs.oracle.com\/cloud-infrastructure\/post\/oracle-announces-hipaa-attestation-for-oracle-cloud-infrastructure . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Oracle Cloud Hosting and Delivery Policies\" (PDF). Oracle. June 2023. https:\/\/www.oracle.com\/assets\/ocloud-hosting-delivery-policies-3089853.pdf . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Oracle Managed Security Services\". Oracle Corporation. https:\/\/www.oracle.com\/customer-success\/run-and-operate\/security-services\/ . Retrieved 04 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Oracle_Cloud_Infrastructure\">https:\/\/www.limswiki.org\/index.php\/Oracle_Cloud_Infrastructure<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 4 August 2023, at 19:20.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,532 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","ac68a3433020de439b666f2cb7102a80_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Oracle_Cloud_Infrastructure rootpage-Oracle_Cloud_Infrastructure skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Oracle Cloud Infrastructure<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Oracle Cloud Infrastructure<\/b> is a a collection of public, private, hybrid, and multicloud <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> services offered by Oracle Corporation, an American multinational information technology company. Oracle Cloud Infrastructure deploys to unknown number of data centers in 44 cloud regions in 23 countries around the world.<sup id=\"rdp-ebb-cite_ref-OracleCloudRegs_2-0\" class=\"reference\"><a href=\"#cite_note-OracleCloudRegs-2\">[2]<\/a><\/sup> More than 100 different products and services are associated with Oracle Cloud Infrastructure, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, <a href=\"https:\/\/www.limswiki.org\/index.php\/Data_analysis\" title=\"Data analysis\" class=\"wiki-link\" data-key=\"545c95e40ca67c9e63cd0a16042a5bd1\">data analysis<\/a>, and developer support.<sup id=\"rdp-ebb-cite_ref-OracleCloudRegs_2-1\" class=\"reference\"><a href=\"#cite_note-OracleCloudRegs-2\">[2]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>Oracle has the <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/research\/\" target=\"_blank\">Oracle for Research program<\/a>, which helps researchers, scientists, and academic institutions \"to simplify the research process, accelerate discovery, and address humanity\u2019s most urgent needs.\"<sup id=\"rdp-ebb-cite_ref-OracleForResearch_3-0\" class=\"reference\"><a href=\"#cite_note-OracleForResearch-3\">[3]<\/a><\/sup> Through this program, <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">labs<\/a> at Flinders University<sup id=\"rdp-ebb-cite_ref-MillerFrom20_4-0\" class=\"reference\"><a href=\"#cite_note-MillerFrom20-4\">[4]<\/a><\/sup>, Royal Holloway University of London<sup id=\"rdp-ebb-cite_ref-PaytonRoyal23_5-0\" class=\"reference\"><a href=\"#cite_note-PaytonRoyal23-5\">[5]<\/a><\/sup>, University of Bristol<sup id=\"rdp-ebb-cite_ref-OracleUniv21_6-0\" class=\"reference\"><a href=\"#cite_note-OracleUniv21-6\">[6]<\/a><\/sup>, and University of Southern California<sup id=\"rdp-ebb-cite_ref-BarkerWhen21_7-0\" class=\"reference\"><a href=\"#cite_note-BarkerWhen21-7\">[7]<\/a><\/sup> have used Oracle Cloud towards their objectives.\n<\/p><p><br \/>\nLaboratory informatics vendors that have turned to Oracle Cloud include <a href=\"https:\/\/www.limswiki.org\/index.php\/AgiLab_SAS\" title=\"AgiLab SAS\" class=\"wiki-link\" data-key=\"40bb104bd6e246005a7f8d56589ba914\">AgiLab SAS<\/a><sup id=\"rdp-ebb-cite_ref-Munoz-WilleryAgilab17_8-0\" class=\"reference\"><a href=\"#cite_note-Munoz-WilleryAgilab17-8\">[8]<\/a><\/sup>, <a href=\"https:\/\/www.limswiki.org\/index.php\/Al_Faris_National_Company_for_Investment_and_Export_PSC\" title=\"Al Faris National Company for Investment and Export PSC\" class=\"wiki-link\" data-key=\"48e31244c8bb228268bfe70816dc7777\">OPTIMIZA<\/a><sup id=\"rdp-ebb-cite_ref-OPTIMIZAAcculab19_9-0\" class=\"reference\"><a href=\"#cite_note-OPTIMIZAAcculab19-9\">[9]<\/a><\/sup>, and Triniti.<sup id=\"rdp-ebb-cite_ref-TrinitiLabDiag_10-0\" class=\"reference\"><a href=\"#cite_note-TrinitiLabDiag-10\">[10]<\/a><\/sup> An Oracle representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Oracle Cloud Infrastructure.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>It will ultimately be up to your organization to get an answer from Linode tailored to your systems and business processes. However, this much can be said about Oracle Cloud Infrastructure <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/integration\/\" target=\"_blank\">integrations<\/a>. The Oracle Integration collection of h database, application, social, and productivity adapters \"offers innovative methods for accelerating all types of application connection and process automation projects. They include out-of-the-box templates and adapters to connect virtually any data store, process, application, service, or API across modern and legacy sales, marketing, HCM, finance, and order-management systems.\"<sup id=\"rdp-ebb-cite_ref-OracleIntegrate20_11-0\" class=\"reference\"><a href=\"#cite_note-OracleIntegrate20-11\">[11]<\/a><\/sup>\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Some public information is made available about historic outages and downtime. Oracle Cloud Infrastructure has a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/ocistatus.oraclecloud.com\/\" target=\"_blank\">systems status page<\/a> with status history (you have to click on the \"Incident History\" link at the bottom, then the date range arrows in the top right of the subsequent page). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with an Oracle Cloud Infrastructure representative may reveal more historical downtime history for the services you are interested in.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>Oracle Cloud Infrastructure does not make this answer clear. However, the answer is likely tied to what after-sales <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/support\/\" target=\"_blank\">support plan<\/a> you choose. Confirm with Oracle what downtime support they provide based on the services your organization are interested in.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>Oracle Cloud Infrastructure is <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/cloud\/public-cloud-regions\/service-availability\/\" target=\"_blank\">split up<\/a> into 42 regions, each with various availability domains and fault domains. As for data transfers, Oracle Cloud Infrastructure provides multiple ways to better ensure safer data transmission. In its disaster recovery documentation, Oracle discusses networking services such as virtual cloud networks, reserved public IP addresses, Load Balancing, and FastConnect. For example, FastConnect can be used in hybrid cloud data transfers between on-premises and Oracle cloud infrastructures \"that enable you recover your cloud workloads quickly, reliably, and securely.\"<sup id=\"rdp-ebb-cite_ref-OracleLearn_12-0\" class=\"reference\"><a href=\"#cite_note-OracleLearn-12\">[12]<\/a><\/sup> As for the security of data in transit, Oracle Cloud Infrastructure addresses this with encryption mechanisms like TLS v1.2.<sup id=\"rdp-ebb-cite_ref-OracleUsingInTransit_13-0\" class=\"reference\"><a href=\"#cite_note-OracleUsingInTransit-13\">[13]<\/a><\/sup>\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>Oracle broadly describes <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/corporate\/security-practices\/corporate\/physical-environmental.html\" target=\"_blank\">physical security controls<\/a> at its facilities, but it doesn't discuss who is allowed into the heart of data centers and how access to those areas is controlled. It also doesn't describe any certifications or training that applies to the individuals who could access your data. This is a conversation to have with a Oracle Cloud Infrastructure representative.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Not all <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/cloud\/public-cloud-regions\/service-availability\/\" target=\"_blank\">Oracle Cloud Infrastructure machines<\/a> have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>Similar to IBM, Oracle appears to allow for both physical (bare metal) separation and logical separation for some of its services. They note:<sup id=\"rdp-ebb-cite_ref-OracleSecurity_14-0\" class=\"reference\"><a href=\"#cite_note-OracleSecurity-14\">[14]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Customer Isolation: Lets you deploy your application and data assets in an environment that is fully isolated from other tenants and from Oracle staff.<\/p><\/blockquote>\n<p>As for tenant isolation, the concept is addressed in Oracle's <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_overview.htm\" target=\"_blank\">security documentation<\/a>, in reference to both bare metal and virtual machine instances, as well as within the scope of networking. For details beyond the documentation, consult a representative.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>Oracle Cloud Infrastructure documents its security practices in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/security\/cloud-security\/\" target=\"_blank\">Cloud security portal<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_guide.htm\" target=\"_blank\">Infrastructure security guide<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_features.htm\" target=\"_blank\">Security services and features<\/a><\/li><\/ul>\n<p>Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an Oracle Cloud Infrastructure representative to obtain them.\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>Oracle has this to say about internal and customer <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en\/cloud\/get-started\/subscriptions-cloud\/mmocs\/oracle-cloud-security-testing-policy.html\" target=\"_blank\">cloud security testing<\/a><sup id=\"rdp-ebb-cite_ref-OracleCloudSecTest_15-0\" class=\"reference\"><a href=\"#cite_note-OracleCloudSecTest-15\">[15]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Oracle regularly performs penetration and vulnerability testing and security assessments against the Oracle Cloud infrastructure, platforms, and applications. These tests are intended to validate and improve the overall security of Oracle Cloud services.\n<\/p><p>However, Oracle does not assess or test any components (including, non-Oracle applications, non-Oracle databases or other non-Oracle software, code or data, as may be applicable) that you manage through or introduce into \u2013 including introduction through your development in or creation in - the Oracle Cloud services (the \u201cCustomer Components\u201d). This policy does not address or provide any right to conduct testing of any third-party materials included in the Customer Components.\n<\/p><p>\nExcept as otherwise permitted or restricted in your Oracle Cloud services agreements, your service administrator who has system level access to your Oracle Cloud services may run penetration and vulnerability tests for the Customer Components included in certain of your Oracle Cloud services in accordance with the following rules and restrictions.<\/p><\/blockquote>\n<p>It also appears that Oracle may have a Red Team that handles its penetration and vulnerability testing.<sup id=\"rdp-ebb-cite_ref-CrossWhy20_16-0\" class=\"reference\"><a href=\"#cite_note-CrossWhy20-16\">[16]<\/a><\/sup> Discuss this with a representative to learn more.\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p><i>Audits<\/i>: Customers are able to audit their security by using the built-in Audit service. \"Using the Audit service, customers can achieve their own security and compliance goals by monitoring all user activity within their tenancy. Because all Console, SDK, and command line (CLI) calls go through our APIs, all activity from those sources is included.\"<sup id=\"rdp-ebb-cite_ref-OracleSecurity_14-1\" class=\"reference\"><a href=\"#cite_note-OracleSecurity-14\">[14]<\/a><\/sup> As for internal security audits, Oracle notes in its 2020 SOC 3 report that \"[a]t least annually, Oracle Cloud Infrastructure completes an internal audit of the system. The internal audit is conducted by qualified auditors and as per the requirements set out in Clause 9 of ISO\/IEC 27001:2013.\"<sup id=\"rdp-ebb-cite_ref-OracleSystem20_17-0\" class=\"reference\"><a href=\"#cite_note-OracleSystem20-17\">[17]<\/a><\/sup>\n<\/p><p><i>Intrusion detection and reporting<\/i>: Oracle Cloud Infrastructure has the following to say about its internal intrusion detection processes<sup id=\"rdp-ebb-cite_ref-OracleSecPrinc_18-0\" class=\"reference\"><a href=\"#cite_note-OracleSecPrinc-18\">[18]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Oracle employs intrusion-detection systems within the Oracle intranet to provide continuous surveillance for intercepting and responding to security events as they are identified. Oracle utilizes a network-based monitoring approach to detect attacks on open firewall ports within Oracle's intranet. Events are analyzed using signature detection, which is a pattern matching of environment settings and user activities against a database of known attacks. Oracle updates the signature database as soon as new releases become available for commercial distribution. Alerts are forwarded to Oracle's IT security for review and response to potential threats.<\/p><\/blockquote>\n<p>Customers also have intrusion detection and reporting mechanisms <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_overview.htm\" target=\"_blank\">at their disposal<\/a>, including Cloud Guard and Vulnerability Scanning.\n<\/p><p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>In its Oracle Services Privacy Policy, Oracle uses the term \"systems operations data\" to \"include log files, event files, and other trace and diagnostic files, as well as statistical and aggregated information that relates to the use and operation of our Services, and the systems and networks these Services run on.\"<sup id=\"rdp-ebb-cite_ref-OraclePrivacyPolicy_19-0\" class=\"reference\"><a href=\"#cite_note-OraclePrivacyPolicy-19\">[19]<\/a><\/sup> Oracle Cloud Infrastructure may use system logs related to your data to keep their services secure, investigate and prevent potential fraud, to administrate backup and disaster recovery plans, confirm compliance, research and development activities, and to comply with applicable laws.<sup id=\"rdp-ebb-cite_ref-OraclePrivacyPolicy_19-1\" class=\"reference\"><a href=\"#cite_note-OraclePrivacyPolicy-19\">[19]<\/a><\/sup> Of course, customers can maintain and act upon their own data logs using tools like <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/manageability\/logging-analytics\/\" target=\"_blank\">Logging Analytics<\/a>.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>It's not clear how thorough the logs are, but Oracle does state: \"To the extent provided under applicable laws, Users may request to access, correct, update or delete personal information contained in Systems Operations Data in certain cases, or otherwise exercise their choices with regard to their personal information by filling out an inquiry form.\"<sup id=\"rdp-ebb-cite_ref-OraclePrivacyPolicy_19-2\" class=\"reference\"><a href=\"#cite_note-OraclePrivacyPolicy-19\">[19]<\/a><\/sup> Consult with a representative to learn more.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>Yes, Oracle Cloud Infrastructure will sign a business associate agreement.<sup id=\"rdp-ebb-cite_ref-KarabulutOracle18_20-0\" class=\"reference\"><a href=\"#cite_note-KarabulutOracle18-20\">[20]<\/a><\/sup> Consult their <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blogs.oracle.com\/cloud-infrastructure\/post\/oracle-announces-hipaa-attestation-for-oracle-cloud-infrastructure\" target=\"_blank\">blog post<\/a> or a representative for more details on their approach to HIPAA compliance.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>From the Oracle Cloud Hosting and Delivery Policies<sup id=\"rdp-ebb-cite_ref-OracleCloudHost20_21-0\" class=\"reference\"><a href=\"#cite_note-OracleCloudHost20-21\">[21]<\/a><\/sup>:\n<\/p>\n<blockquote><p>For a period of 60 days upon termination of the Oracle Cloud Services, Oracle will make available, via secure protocols and in a structured, machine-readable format, Your Content residing in the production Oracle Cloud Services, or keep the service system accessible, for the purpose of data retrieval by You. <\/p><\/blockquote>\n<p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how Oracle Cloud Infrastructure would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, Oracles uses \"fault domains\" for ensuring data availability and redundancy. Those regions with availability domains typically have three fault domains. \"Fault domains enable you to distribute your resources so that they don't depend on the same physical hardware within a single availability domain. As a result, hardware failures or maintenance events that affect one fault domain do not affect the resources in other fault domains.\"<sup id=\"rdp-ebb-cite_ref-OracleLearn_12-1\" class=\"reference\"><a href=\"#cite_note-OracleLearn-12\">[12]<\/a><\/sup> It's highly unlikely that all three fault domains would be affected in a catastrophic event. However, if this is a concern, discuss further data redundancy with an Oracle Cloud Infrastructure representative.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>From question 15, we found that data can be extracted \"via secure protocols and in a structured, machine-readable format.\" Verify with a representative the finer details, including when such extractions of files, database dumps, whole disks, backups, etc. may occur.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an Oracle Cloud Infrastructure representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Oracle advertises managed security services, described as \"a suite of services to help you strengthen the enterprise security posture of your IT environment,\" part of the Oracle Customer Success Services (CSS) portfolio of services. Oracles mentions the following services<sup id=\"rdp-ebb-cite_ref-OracleMSS_22-0\" class=\"reference\"><a href=\"#cite_note-OracleMSS-22\">[22]<\/a><\/sup>:\n<\/p>\n<ul><li>vulnerability and threat prevention<\/li>\n<li>data security and protection<\/li>\n<li>identity and access management<\/li>\n<li>regulatory security governance and compliance services<\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/assets\/ocloud-hosting-delivery-policies-3089853.pdf\" target=\"_blank\">Cloud Hosting and Delivery Policies<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/a\/ocom\/docs\/cloud-essentials-integration-3885458.pdf\" target=\"_blank\">Cloud integration guide<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/security\/cloud-security\/\" target=\"_blank\">Cloud security services portal<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/corporate\/cloud-compliance\/\" target=\"_blank\">Compliance offering descriptions<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/a\/ocom\/docs\/support\/css-reinforce-your-cybersecurity.pdf\" target=\"_blank\">Cybersecurity services brochure<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/cloud\/backup-and-disaster-recovery\/what-is-disaster-recovery\/\" target=\"_blank\">Disaster recovery documentation<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/cloud\/public-cloud-regions\/data-regions\/hipaa\/\" target=\"_blank\">HIPAA Assessed Regions and Services<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_guide.htm\" target=\"_blank\">Infrastructure security guide<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/customer-success\/run-and-operate\/\" target=\"_blank\">Oracle Customer Success Services<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/cloud\/public-cloud-regions\/\" target=\"_blank\">Oracle Cloud Infrastructure architecture framework or description<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_overview.htm#Shared_Security_Model\" target=\"_blank\">Oracle Cloud Infrastructure shared responsibility model<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/corporate\/cloud-compliance\/\" target=\"_blank\">Oracle Cloud Infrastructure trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-NovetOracle20-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NovetOracle20_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/investor.oracle.com\/investor-news\/news-details\/2023\/Oracle-Announces-Fiscal-2023-Fourth-Quarter-and-Fiscal-Full-Year-Financial-Results\/default.aspx\" target=\"_blank\">\"Oracle Announces Fiscal 2023 Fourth Quarter and Fiscal Full Year Financial Results\"<\/a>. Oracle Corporation. 12 June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/investor.oracle.com\/investor-news\/news-details\/2023\/Oracle-Announces-Fiscal-2023-Fourth-Quarter-and-Fiscal-Full-Year-Financial-Results\/default.aspx\" target=\"_blank\">https:\/\/investor.oracle.com\/investor-news\/news-details\/2023\/Oracle-Announces-Fiscal-2023-Fourth-Quarter-and-Fiscal-Full-Year-Financial-Results\/default.aspx<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Oracle+Announces+Fiscal+2023+Fourth+Quarter+and+Fiscal+Full+Year+Financial+Results&rft.atitle=&rft.date=12+June+2023&rft.pub=Oracle+Corporation&rft_id=https%3A%2F%2Finvestor.oracle.com%2Finvestor-news%2Fnews-details%2F2023%2FOracle-Announces-Fiscal-2023-Fourth-Quarter-and-Fiscal-Full-Year-Financial-Results%2Fdefault.aspx&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleCloudRegs-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OracleCloudRegs_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-OracleCloudRegs_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/cloud\/public-cloud-regions\/\" target=\"_blank\">\"Public Cloud Regions\"<\/a>. Oracle<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.oracle.com\/cloud\/public-cloud-regions\/\" target=\"_blank\">https:\/\/www.oracle.com\/cloud\/public-cloud-regions\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Public+Cloud+Regions&rft.atitle=&rft.pub=Oracle&rft_id=https%3A%2F%2Fwww.oracle.com%2Fcloud%2Fpublic-cloud-regions%2F&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleForResearch-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OracleForResearch_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/oracle-for-research\/\" target=\"_blank\">\"Oracle for Research\"<\/a>. Oracle<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.oracle.com\/oracle-for-research\/\" target=\"_blank\">https:\/\/www.oracle.com\/oracle-for-research\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Oracle+for+Research&rft.atitle=&rft.pub=Oracle&rft_id=https%3A%2F%2Fwww.oracle.com%2Foracle-for-research%2F&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MillerFrom20-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MillerFrom20_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Miller, A.D. (4 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blogs.oracle.com\/research\/post\/from-viruses-to-environmental-issues-cloud-computing-is-accelerating-research-and-scientific-discovery\" target=\"_blank\">\"From Viruses to Environmental Issues, Cloud Computing is Accelerating Research and Scientific Discovery\"<\/a>. <i>Oracle for Research Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blogs.oracle.com\/research\/post\/from-viruses-to-environmental-issues-cloud-computing-is-accelerating-research-and-scientific-discovery\" target=\"_blank\">https:\/\/blogs.oracle.com\/research\/post\/from-viruses-to-environmental-issues-cloud-computing-is-accelerating-research-and-scientific-discovery<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=From+Viruses+to+Environmental+Issues%2C+Cloud+Computing+is+Accelerating+Research+and+Scientific+Discovery&rft.atitle=Oracle+for+Research+Blog&rft.aulast=Miller%2C+A.D.&rft.au=Miller%2C+A.D.&rft.date=4+August+2020&rft_id=https%3A%2F%2Fblogs.oracle.com%2Fresearch%2Fpost%2Ffrom-viruses-to-environmental-issues-cloud-computing-is-accelerating-research-and-scientific-discovery&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PaytonRoyal23-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PaytonRoyal23_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Payton, R. (30 January 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blogs.oracle.com\/research\/post\/royal-holloway-oracle-refine-carbon-storage-to-fight-climate-change\" target=\"_blank\">\"Royal Holloway & Oracle refine carbon storage to fight climate change\"<\/a>. <i>Oracle for Research Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blogs.oracle.com\/research\/post\/royal-holloway-oracle-refine-carbon-storage-to-fight-climate-change\" target=\"_blank\">https:\/\/blogs.oracle.com\/research\/post\/royal-holloway-oracle-refine-carbon-storage-to-fight-climate-change<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Royal+Holloway+%26+Oracle+refine+carbon+storage+to+fight+climate+change&rft.atitle=Oracle+for+Research+Blog&rft.aulast=Payton%2C+R.&rft.au=Payton%2C+R.&rft.date=30+January+2023&rft_id=https%3A%2F%2Fblogs.oracle.com%2Fresearch%2Fpost%2Froyal-holloway-oracle-refine-carbon-storage-to-fight-climate-change&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleUniv21-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OracleUniv21_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/customers\/university-of-bristol\/\" target=\"_blank\">\"University of Bristol makes COVID breakthrough with Oracle\"<\/a>. Oracle Corporation. 8 September 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.oracle.com\/customers\/university-of-bristol\/\" target=\"_blank\">https:\/\/www.oracle.com\/customers\/university-of-bristol\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=University+of+Bristol+makes+COVID+breakthrough+with+Oracle&rft.atitle=&rft.date=8+September+2021&rft.pub=Oracle+Corporation&rft_id=https%3A%2F%2Fwww.oracle.com%2Fcustomers%2Funiversity-of-bristol%2F&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BarkerWhen21-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BarkerWhen21_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Barker, B. (14 July 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blogs.oracle.com\/research\/post\/when-bare-metal-gpus-and-cloud-come-together-usc-researchers-win\" target=\"_blank\">\"When bare metal GPUs and cloud come together, USC researchers win\"<\/a>. <i>Oracle for Research Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blogs.oracle.com\/research\/post\/when-bare-metal-gpus-and-cloud-come-together-usc-researchers-win\" target=\"_blank\">https:\/\/blogs.oracle.com\/research\/post\/when-bare-metal-gpus-and-cloud-come-together-usc-researchers-win<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=When+bare+metal+GPUs+and+cloud+come+together%2C+USC+researchers+win&rft.atitle=Oracle+for+Research+Blog&rft.aulast=Barker%2C+B.&rft.au=Barker%2C+B.&rft.date=14+July+2021&rft_id=https%3A%2F%2Fblogs.oracle.com%2Fresearch%2Fpost%2Fwhen-bare-metal-gpus-and-cloud-come-together-usc-researchers-win&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Munoz-WilleryAgilab17-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Munoz-WilleryAgilab17_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Munoz-Willery, I. (15 September 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.paperlesslabacademy.com\/2017\/09\/15\/agilab-moves-to-oracle-cloud\/\" target=\"_blank\">\"Agilab LIMS Solutions moves to Oracle Cloud\"<\/a>. <i>Paperless Lab Academy<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.paperlesslabacademy.com\/2017\/09\/15\/agilab-moves-to-oracle-cloud\/\" target=\"_blank\">https:\/\/www.paperlesslabacademy.com\/2017\/09\/15\/agilab-moves-to-oracle-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Agilab+LIMS+Solutions+moves+to+Oracle+Cloud&rft.atitle=Paperless+Lab+Academy&rft.aulast=Munoz-Willery%2C+I.&rft.au=Munoz-Willery%2C+I.&rft.date=15+September+2017&rft_id=https%3A%2F%2Fwww.paperlesslabacademy.com%2F2017%2F09%2F15%2Fagilab-moves-to-oracle-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OPTIMIZAAcculab19-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OPTIMIZAAcculab19_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/optimiza.me\/acculab-oracle-cloud-marketplace\/\" target=\"_blank\">\"OPTIMIZA\u2019s AccuLab: Powered By Oracle, Now Available in Oracle Cloud Marketplace\"<\/a>. OPTIMIZA. 15 July 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/optimiza.me\/acculab-oracle-cloud-marketplace\/\" target=\"_blank\">https:\/\/optimiza.me\/acculab-oracle-cloud-marketplace\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=OPTIMIZA%E2%80%99s+AccuLab%3A+Powered+By+Oracle%2C+Now+Available+in+Oracle+Cloud+Marketplace&rft.atitle=&rft.date=15+July+2019&rft.pub=OPTIMIZA&rft_id=https%3A%2F%2Foptimiza.me%2Facculab-oracle-cloud-marketplace%2F&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TrinitiLabDiag-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TrinitiLabDiag_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.triniti.com\/lab-diagnostics-industry-solution-oracle-cloud\" target=\"_blank\">\"Lab Diagnostics Industry Solution for Oracle Cloud\"<\/a>. Triniti<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.triniti.com\/lab-diagnostics-industry-solution-oracle-cloud\" target=\"_blank\">https:\/\/www.triniti.com\/lab-diagnostics-industry-solution-oracle-cloud<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Lab+Diagnostics+Industry+Solution+for+Oracle+Cloud&rft.atitle=&rft.pub=Triniti&rft_id=https%3A%2F%2Fwww.triniti.com%2Flab-diagnostics-industry-solution-oracle-cloud&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleIntegrate20-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OracleIntegrate20_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/a\/ocom\/docs\/cloud-essentials-integration-3885458.pdf\" target=\"_blank\">\"Integrate and Automate Business Processes\"<\/a> (PDF). Oracle. 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.oracle.com\/a\/ocom\/docs\/cloud-essentials-integration-3885458.pdf\" target=\"_blank\">https:\/\/www.oracle.com\/a\/ocom\/docs\/cloud-essentials-integration-3885458.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Integrate+and+Automate+Business+Processes&rft.atitle=&rft.date=2020&rft.pub=Oracle&rft_id=https%3A%2F%2Fwww.oracle.com%2Fa%2Focom%2Fdocs%2Fcloud-essentials-integration-3885458.pdf&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleLearn-12\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OracleLearn_12-0\">12.0<\/a><\/sup> <sup><a href=\"#cite_ref-OracleLearn_12-1\">12.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en\/solutions\/design-dr\/index.html\" target=\"_blank\">\"Best practices for protecting your cloud topology against disasters\"<\/a>. <i>Oracle Help Center<\/i>. Oracle<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.oracle.com\/en\/solutions\/design-dr\/index.html\" target=\"_blank\">https:\/\/docs.oracle.com\/en\/solutions\/design-dr\/index.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Best+practices+for+protecting+your+cloud+topology+against+disasters&rft.atitle=Oracle+Help+Center&rft.pub=Oracle&rft_id=https%3A%2F%2Fdocs.oracle.com%2Fen%2Fsolutions%2Fdesign-dr%2Findex.html&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleUsingInTransit-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OracleUsingInTransit_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/File\/Tasks\/intransitencryption.htm\" target=\"_blank\">\"Using In-transit TLS Encryption\"<\/a>. <i>Oracle Cloud Infrastructure Documentation<\/i>. Oracle<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/File\/Tasks\/intransitencryption.htm\" target=\"_blank\">https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/File\/Tasks\/intransitencryption.htm<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Using+In-transit+TLS+Encryption&rft.atitle=Oracle+Cloud+Infrastructure+Documentation&rft.pub=Oracle&rft_id=https%3A%2F%2Fdocs.oracle.com%2Fen-us%2Fiaas%2FContent%2FFile%2FTasks%2Fintransitencryption.htm&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleSecurity-14\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OracleSecurity_14-0\">14.0<\/a><\/sup> <sup><a href=\"#cite_ref-OracleSecurity_14-1\">14.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_overview.htm\" target=\"_blank\">\"Security Overview\"<\/a>. <i>Oracle Cloud Infrastructure Documentation<\/i>. Oracle<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_overview.htm\" target=\"_blank\">https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_overview.htm<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Security+Overview&rft.atitle=Oracle+Cloud+Infrastructure+Documentation&rft.pub=Oracle&rft_id=https%3A%2F%2Fdocs.oracle.com%2Fen-us%2Fiaas%2FContent%2FSecurity%2FConcepts%2Fsecurity_overview.htm&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleCloudSecTest-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OracleCloudSecTest_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_testing-policy.htm\" target=\"_blank\">\"Oracle Cloud Security Testing Policies\"<\/a>. <i>Oracle Cloud Infrastructure Documentation<\/i>. Oracle<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_testing-policy.htm\" target=\"_blank\">https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_testing-policy.htm<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Oracle+Cloud+Security+Testing+Policies&rft.atitle=Oracle+Cloud+Infrastructure+Documentation&rft.pub=Oracle&rft_id=https%3A%2F%2Fdocs.oracle.com%2Fen-us%2Fiaas%2FContent%2FSecurity%2FConcepts%2Fsecurity_testing-policy.htm&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CrossWhy20-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CrossWhy20_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Cross, D.B. (7 January 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blogs.oracle.com\/cloudsecurity\/post\/why-red-teams-rule-the-cloud\" target=\"_blank\">\"Why Red Teams Rule the Cloud!\"<\/a>. <i>Oracle Cloud Security Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blogs.oracle.com\/cloudsecurity\/post\/why-red-teams-rule-the-cloud\" target=\"_blank\">https:\/\/blogs.oracle.com\/cloudsecurity\/post\/why-red-teams-rule-the-cloud<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Why+Red+Teams+Rule+the+Cloud%21&rft.atitle=Oracle+Cloud+Security+Blog&rft.aulast=Cross%2C+D.B.&rft.au=Cross%2C+D.B.&rft.date=7+January+2020&rft_id=https%3A%2F%2Fblogs.oracle.com%2Fcloudsecurity%2Fpost%2Fwhy-red-teams-rule-the-cloud&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleSystem20-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OracleSystem20_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/a\/ocom\/docs\/oci-soc-3-report.pdf\" target=\"_blank\">\"System and Organization Controls (SOC 3) Report\"<\/a>. Oracle. 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.oracle.com\/a\/ocom\/docs\/oci-soc-3-report.pdf\" target=\"_blank\">https:\/\/www.oracle.com\/a\/ocom\/docs\/oci-soc-3-report.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=System+and+Organization+Controls+%28SOC+3%29+Report&rft.atitle=&rft.date=2023&rft.pub=Oracle&rft_id=https%3A%2F%2Fwww.oracle.com%2Fa%2Focom%2Fdocs%2Foci-soc-3-report.pdf&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleSecPrinc-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OracleSecPrinc_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/corporate\/security-practices\/corporate\/network-communications-security.html\" target=\"_blank\">\"Security Principles for Network Communications\"<\/a>. Oracle<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.oracle.com\/corporate\/security-practices\/corporate\/network-communications-security.html\" target=\"_blank\">https:\/\/www.oracle.com\/corporate\/security-practices\/corporate\/network-communications-security.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Security+Principles+for+Network+Communications&rft.atitle=&rft.pub=Oracle&rft_id=https%3A%2F%2Fwww.oracle.com%2Fcorporate%2Fsecurity-practices%2Fcorporate%2Fnetwork-communications-security.html&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OraclePrivacyPolicy-19\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OraclePrivacyPolicy_19-0\">19.0<\/a><\/sup> <sup><a href=\"#cite_ref-OraclePrivacyPolicy_19-1\">19.1<\/a><\/sup> <sup><a href=\"#cite_ref-OraclePrivacyPolicy_19-2\">19.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/legal\/privacy\/services-privacy-policy.html\" target=\"_blank\">\"Privacy @ Oracle: Oracle Services Privacy Policy\"<\/a>. Oracle<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.oracle.com\/legal\/privacy\/services-privacy-policy.html\" target=\"_blank\">https:\/\/www.oracle.com\/legal\/privacy\/services-privacy-policy.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Privacy+%40+Oracle%3A+Oracle+Services+Privacy+Policy&rft.atitle=&rft.pub=Oracle&rft_id=https%3A%2F%2Fwww.oracle.com%2Flegal%2Fprivacy%2Fservices-privacy-policy.html&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KarabulutOracle18-20\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-KarabulutOracle18_20-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Karabulut, Y. (30 May 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blogs.oracle.com\/cloud-infrastructure\/post\/oracle-announces-hipaa-attestation-for-oracle-cloud-infrastructure\" target=\"_blank\">\"Oracle Announces HIPAA Attestation for Oracle Cloud Infrastructure\"<\/a>. <i>Oracle Cloud Infrastructure Blog<\/i>. Oracle<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blogs.oracle.com\/cloud-infrastructure\/post\/oracle-announces-hipaa-attestation-for-oracle-cloud-infrastructure\" target=\"_blank\">https:\/\/blogs.oracle.com\/cloud-infrastructure\/post\/oracle-announces-hipaa-attestation-for-oracle-cloud-infrastructure<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Oracle+Announces+HIPAA+Attestation+for+Oracle+Cloud+Infrastructure&rft.atitle=Oracle+Cloud+Infrastructure+Blog&rft.aulast=Karabulut%2C+Y.&rft.au=Karabulut%2C+Y.&rft.date=30+May+2018&rft.pub=Oracle&rft_id=https%3A%2F%2Fblogs.oracle.com%2Fcloud-infrastructure%2Fpost%2Foracle-announces-hipaa-attestation-for-oracle-cloud-infrastructure&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleCloudHost20-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OracleCloudHost20_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/assets\/ocloud-hosting-delivery-policies-3089853.pdf\" target=\"_blank\">\"Oracle Cloud Hosting and Delivery Policies\"<\/a> (PDF). Oracle. June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.oracle.com\/assets\/ocloud-hosting-delivery-policies-3089853.pdf\" target=\"_blank\">https:\/\/www.oracle.com\/assets\/ocloud-hosting-delivery-policies-3089853.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Oracle+Cloud+Hosting+and+Delivery+Policies&rft.atitle=&rft.date=June+2023&rft.pub=Oracle&rft_id=https%3A%2F%2Fwww.oracle.com%2Fassets%2Focloud-hosting-delivery-policies-3089853.pdf&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OracleMSS-22\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OracleMSS_22-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/customer-success\/run-and-operate\/security-services\/\" target=\"_blank\">\"Oracle Managed Security Services\"<\/a>. Oracle Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.oracle.com\/customer-success\/run-and-operate\/security-services\/\" target=\"_blank\">https:\/\/www.oracle.com\/customer-success\/run-and-operate\/security-services\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Oracle+Managed+Security+Services&rft.atitle=&rft.pub=Oracle+Corporation&rft_id=https%3A%2F%2Fwww.oracle.com%2Fcustomer-success%2Frun-and-operate%2Fsecurity-services%2F&rfr_id=info:sid\/en.wikipedia.org:Oracle_Cloud_Infrastructure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816203458\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.294 seconds\nReal time usage: 0.345 seconds\nPreprocessor visited node count: 17982\/1000000\nPost\u2010expand include size: 98151\/2097152 bytes\nTemplate argument size: 42614\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 31680\/5000000 bytes\nLua time usage: 0.010\/7 seconds\nLua virtual size: 4939776\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 306.510 1 -total\n 54.16% 165.998 1 Template:Reflist\n 45.97% 140.913 22 Template:Cite_web\n 42.82% 131.248 1 Template:Infobox_company\n 42.60% 130.561 22 Template:Citation\/core\n 41.62% 127.578 1 Template:Infobox\n 37.28% 114.273 81 Template:Infobox\/row\n 31.70% 97.156 1 Template:URL\n 29.33% 89.890 1 Template:Str_right\n 28.37% 86.967 1 Template:Str_sub_long\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12488-0!canonical and timestamp 20230816203458 and revision id 52743. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Oracle_Cloud_Infrastructure\">https:\/\/www.limswiki.org\/index.php\/Oracle_Cloud_Infrastructure<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","ac68a3433020de439b666f2cb7102a80_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/b\/b5\/OracleCloudInfra.png"],"ac68a3433020de439b666f2cb7102a80_timestamp":1692220362,"7681c52cec6f9c9f1cdd85f4aa70a424_type":"article","7681c52cec6f9c9f1cdd85f4aa70a424_title":"Microsoft Azure","7681c52cec6f9c9f1cdd85f4aa70a424_url":"https:\/\/www.limswiki.org\/index.php\/Microsoft_Azure","7681c52cec6f9c9f1cdd85f4aa70a424_plaintext":"\n\nMicrosoft AzureFrom LIMSWikiJump to navigationJump to searchMicrosoft Azure\nIndustry\n \nCloud computing, Web servicesFounder(s)\n \nDeepak PatilHeadquarters\n \nRedmond, Washington , United States Area served\n \nWorldwideKey people\n \nSatya Nadella (CEO)Products\n \nIaaS, PaaS, DBaaS, DaaSRevenue\n \n$34.0 billion (FY 2022)[1]Website\n \nazure.microsoft.com \n\n\r\n\nMicrosoft Azure is a collection of public, private, hybrid, and multicloud cloud computing services offered by Microsoft, an American multinational information technology company. Microsoft Azure deploys to over 160 data centers in various locations around the world.[2] More than 200 different products and services are associated with Microsoft Azure, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, data analysis, container management, developer support, blockchain management, media management, internet of things, and artificial intelligence.[3]\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nKnown laboratories and related organizations leaning on Azure include the Association of Public Health Laboratories[4], Bio-Rad Laboratories[5], Northwest Nuclear Laboratories[6], and PathWest Laboratory Medicine WA.[7] Additionally, laboratory informatics software developers like BtB Software, LLC[8], EarthSoft[9], Eusoft Srl[10], and TRIBVN Healthcare[11] also turn to Microsoft Azure to host their software solutions. A Microsoft Azure representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Microsoft Azure.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nIt will ultimately be up to your organization to get an answer from Microsoft tailored to your systems and business processes. However, this much can be said about Microsoft Azure integrations. Microsoft provides a list of six integration tools to better integrate applications, data, and processes seamlessly: Azure Logic Apps, Service Bus, API Management, Event Grid, Azure Functions, and Azure Data Factory. These tools assist with workflow management, hybrid cloud connections, API management, service management, and event-driven process management.[12] Consult the documentation for each to learn more.\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nSome public information is made available about historic outages and downtime. Microsoft Azure has a systems status page with status history (you have to click on the \"Azure status history\" link at the top right). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a Microsoft Azure representative may reveal more historical downtime history for the services you are interested in.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nMicrosoft Azure does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with Microsoft Azure what downtime support they provide based on the services your organization are interested in.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nMicrosoft Azure organizes its data centers into \"geographies,\" which contain one or more regions. Some regions have availability zones, some don't. Those regions that don't have availability zones may use \"availability sets,\" a logical grouping of virtual machines, to provide redundancy and availability.[13] Azure uses its Content Delivery Network \"for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world.\"[14] When moving data to and from on-premises and Microsoft Azure systems, multiple transfer options exist, including physical transport (via Azure Import\/Export or Azure Data Box), programmatic data transfer (via Azure CLI, AzCopy, PowerShell, etc.), or managed service transfer (via Azure Data Factory).[15] As for the security of data in transit, Microsoft addresses this with various encryption mechanisms, including data-link layer encryption, TLS encryption, HTTPS, SMB encryption, SSH, etc.[16] Consult the documentation or a representative for more information. \n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nMicrosoft Azure says this about physical security in relation to its personnel[17]:\n\nA need-to-access basis helps keep the number of individuals needed to complete a task in the datacenters to the bare minimum. After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification. Permissions are limited to a certain period of time, and then expire.\nHowever, Microsoft doesn't publicly mention anything about the certifications and compliance training any of those personnel have. This is a conversation to have with a Microsoft Azure representative.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nNot all Microsoft Azure machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nMicrosoft Azure has moved past a paradigm of physical separation of data pools. In a Microsoft Policy Paper, the company argues that \"multitenant environments meet the same standards as physically separated ones,\" while providing context to seven common security concerns raised by those wary of logical separation in the cloud. They add that \"[s]uch concerns should, however, be considered in a larger context of balancing benefits and risks, e.g., comparing the competitiveness impact of not moving to the cloud with the risk of downtime should a cloud provider suffer an outage.\"[18]\nThe concept of tenant isolation is addressed by Microsoft Azure in multiple documents. The primary documentation addresses the concepts and architecture behind Microsoft Azure's tenant isolation practices, while another lengthy document addresses the security aspects of tenancy isolation behind Microsoft Azure. Further technical details on how your data is segregated, if required, may be garnered in discussion with Microsoft Azure.\n\r\n\n9. Do you have documented data security policies?\nMicrosoft Azure documents its security practices in several places:\n\nAzure security documentation\nAzure security overview\nIntroduction to Azure security\nSome security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with a Microsoft Azure representative to obtain them.\n\r\n\n10. How do you test your platform's security?\nCustomers can perform penetration testing of their own Azure-hosted applications without pre-approval, though they must still comply with Microsoft Cloud Unified Penetration Testing Rules of Engagement.[19] As for internal security testing, a 2014 blog post (along with a detailed whitepaper) indicates that Microsoft Azure security gets tested by its Red Team.[20] That practice is still presumably active today, but confirm this with a Microsoft Azure representative.\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nAudits: For customer security auditing, Microsoft states that \"Azure provides a wide array of configurable security auditing and logging options to help you identify gaps in your security policies and mechanisms.\"[21] Internally, Microsoft Azure conducts auditing tasks of its own systems, for example with access control. \"All access to customer data is strictly logged, and both Microsoft and third parties perform regular audits (as well as sample audits) to attest that any access is appropriate.\"[13] It also references its SOC audits \"twice a year to verify the effectiveness of its security controls in audit scope.\"[13]\nIntrusion detection and reporting: Microsoft Azure provides documentation to customers on its various threat protection services, including Azure Active Directory, Azure Monitor, and Azure Security Center. These options provide \"a wide array of options to configure and customize security to meet the requirements of your app deployments.\"[22] As for its own intrusion detection, Microsoft Azure leans on its Detection and Response Team (DART) to support its own intrusion detection and reporting needs. For more details on internal threat detection and reporting, discuss this with a representative.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nMicrosoft Azure details its data definitions and gives examples of those categories of data, including a little information about what happens to that data. It appears to classify logs as part of service-generated data[23]:\n\nMicrosoft aggregates this data from our online services and uses it to make sure performance, security, scaling, and other services that impact the customer experience are operating at the levels our customers require. For example, to understand how to ramp up data center capacity as a customer's use of Microsoft Teams increases, we process log data of their Teams usage. We then review the logs for peak times and decide which data centers to add to meet this capacity.\nHowever, sometime in 2022, Microsoft removed \"service-generated data\" from its page, for unknown reasons. Be sure a Microsoft Azure representative provides additional details about what logging information they collect and use as it relates to your data.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nMicrosoft Azure users can view their own logs. However, it's unclear if you are able to audit internal Azure operation logs on-demand. This is a conversation to have with a representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nYes, Microsoft Azure will sign a business associate agreement.[24] Consult their documentation for more details on their approach to HIPAA compliance.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nPer the Online Services Data Protection Addendum[25]:\n\nExcept for free trials and LinkedIn services, Microsoft will retain Customer Data that remains stored in Online Services in a limited function account for 90 days after expiration or termination of Customer\u2019s subscription so that Customer may extract the data. After the 90-day retention period ends, Microsoft will disable Customer\u2019s account and delete the Customer Data and Personal Data stored in Online Services within an additional 90 days, unless authorized under this DPA to retain such data.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how Microsoft Azure would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, Microsoft Azure uses either availability zones or availability sets for ensuring data availability and redundancy. Those regions with availability zones typically have three. Those regions instead using sets use an undetermined number of them.[13] In regions with availability zones, \"[i]f one zone should fail, the [virtual machines] in the other zones will continue to run and Azure will load balance without impacting the customer\u2019s applications.\"[13] As for availability sets, \"[i]f a hardware or software failure occurs, only a subset of your [virtual machines] are impacted and your overall solution stays operational.\"[13] It's highly unlikely that all availability zones or sets would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with a Microsoft Azure representative.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nPer the Online Services Data Protection Addendum, \"[a]t all times during the term of Customer\u2019s subscription, Customer will have the ability to access, extract, and delete Customer Data stored in each Online Service.\"[25] However, the format of that data is not addressed. Discuss this topic with a Microsoft Azure representative.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nStories[26] and anecdotes[27] of outsourced support services occasionally crop up. Discuss this with a Microsoft Azure representative if you're concerned about localized support services.\n\nManaged security services \nMicrosoft Azure does not provide managed security services. However, Azure customers can utilize partnered \"Azure Expert Managed Service Providers.\"[28]\n\r\n\n\nAdditional information \nDocumentation and other media \nAudit reports (requires log in)\nAzure compliance offerings whitepaper\nAzure data residency and protection whitepaper\nAzure integration services whitepaper\nAzure security documentation\nDisaster recovery documentation\nHIPAA compliance\nExternal links \nMicrosoft Azure well-architected framework\nMicrosoft Azure Expert Managed Service Providers\nMicrosoft Azure shared responsibility model\nMicrosoft Azure trust center\nReferences \n\n\n\u2191 Viswanathan, P. (30 June 2023). \"Microsoft Azure\u2019s Real Revenue Revealed: How Does It Compare to AWS?\". BigTechWire. https:\/\/www.bigtechwire.com\/2023\/06\/30\/microsoft-azure-generated-34b-in-revenue-in-fy22-about-half-of-the-revenue-of-aws\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Azure Global Infrastructure\". Microsoft. https:\/\/azure.microsoft.com\/en-us\/explore\/global-infrastructure\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Azure Products\". Microsoft. https:\/\/azure.microsoft.com\/en-us\/products\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Bringing COVID-19 exposure notification to the public health community\". Association of Public Health Laboratories. 17 July 2020. https:\/\/www.aphlblog.org\/bringing-covid-19-exposure-notification-to-the-public-health-community\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Bio-Rad Laboratories, Inc. API\". Bio-Rad Laboratories, Inc.. https:\/\/bioradqsdapim-non-prod.portal.azure-api.net\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"IT Technology & Telemetry\". Northwest Nuclear Laboratories. https:\/\/www.nwnlabs.org\/computer-science . Retrieved 04 August 2023 .   \n \n\n\u2191 Yates-Roberts, E. (3 September 2020). \"PathWest uses Microsoft Azure to improve transplant outcomes\". The Record. Archived from the original on 03 September 2020. https:\/\/web.archive.org\/web\/20210227162040\/https:\/\/www.technologyrecord.com\/Article\/pathwest-uses-microsoft-azure-to-improve-transplant-outcomes-112083 . Retrieved 04 August 2023 .   \n \n\n\u2191 \"BtB Software: LIMS; Designed for Public Health and Private Clinical Laboratories\". BtB Software, LLC. https:\/\/www.btbsoftware.com\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"EQuIS Software Offerings on Microsoft Azure Query and Export Data, Integrate with Sensors, and Serve Other Environmental Project Management Needs\" (PDF). Microsoft Corporation. 2017. https:\/\/earthsoft.com\/wp-content\/uploads\/2017\/08\/Microsoft-Azure-Partner-Datasheet-EarthSoft.pdf . Retrieved 04 August 2023 .   \n \n\n\u2191 \"LIMS Webinar: Advantages and challenges of the Cloud Computing\". Eusoft Srl. 2 May 2019. https:\/\/www.eusoft.co.uk\/meeting\/free-lims-webinar-advantages-and-challenges-of-the-cloud-computing\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 TRIBVN Healthcare (7 December 2020). \"TRIBVN Healthcare Announces Full Compatibility of its Digital Health Solutions with Microsoft Azure\". TissuePathology.com. https:\/\/tissuepathology.com\/2020\/12\/07\/tribvn-healthcare-announces-full-compatibility-of-its-digital-health-solutions-with-microsoft-azure\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Integration Services\". Microsoft Corporation. https:\/\/azure.microsoft.com\/en-us\/products\/category\/integration\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 13.0 13.1 13.2 13.3 13.4 13.5 \"Enabling Data Residency and Data Protection in Microsoft Azure Regions\" (PDF). Microsoft Corporation. April 2021. https:\/\/azure.microsoft.com\/mediahandler\/files\/resourcefiles\/achieving-compliant-data-residency-and-security-with-azure\/Enabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf . Retrieved 04 August 2023 .   \n \n\n\u2191 Ua, D.; Sudbring, A.; Coulter, D. et al. (27 March 2023). \"What is a content delivery network on Azure?\". Microsoft Documentation. Microsoft Corporation. https:\/\/learn.microsoft.com\/en-us\/azure\/cdn\/cdn-overview . Retrieved 04 August 2023 .   \n \n\n\u2191 Tejada, Z.; Kshirsagar, D.; Coulter, D. et al. (16 December 2022). \"Transfer data to and from Azure\". Microsoft Documentation. Microsoft Corporation. https:\/\/docs.microsoft.com\/en-us\/azure\/architecture\/data-guide\/scenarios\/data-transfer . Retrieved 04 August 2023 .   \n \n\n\u2191 Baldwin, M.; Coulter, D.; Campise, K. et al. (23 February 2023). \"Azure encryption overview\". Microsoft Documentation. Microsoft Corporation. https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/encryption-overview . Retrieved 04 August 2023 .   \n \n\n\u2191 Lanfear, T.; Lehr, B.; Wassenaar, B. et al. (13 February 2023). \"Azure facilities, premises, and physical security\". Microsoft Documentation. Microsoft Corporation. https:\/\/learn.microsoft.com\/en-us\/azure\/security\/fundamentals\/physical-security . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Security implications of logical separation in the cloud\" (PDF). Microsoft Corporation. https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/REXpGk . Retrieved 04 August 2023 .   \n \n\n\u2191 Lanfear, T.; Toh, A.; Coulter, D. et al. (1 April 2023). \"Penetration testing\". Microsoft Documentation. Microsoft Corporation. https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/pen-testing . Retrieved 04 August 2023 .   \n \n\n\u2191 Field, S. (11 November 2014). \"Red Teaming: Using Cutting-Edge Threat Simulation to Harden the Microsoft Enterprise Cloud\". Microsoft Azure Blog. https:\/\/azure.microsoft.com\/en-us\/blog\/red-teaming-using-cutting-edge-threat-simulation-to-harden-the-microsoft-enterprise-cloud\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 Lanfear, T.; Wren, B.; Coulter, D. et al. (19 January 2023). \"Azure security logging and auditing\". Microsoft Documentation. Microsoft Corporation. https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/log-audit . Retrieved 04 August 2023 .   \n \n\n\u2191 Lanfear, T.; Mel; Wren, B. et al. (9 March 2023). \"Azure threat protection\". Microsoft Documentation. Microsoft Corporation. https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/threat-detection . Retrieved 04 August 2023 .   \n \n\n\u2191 \"How Microsoft categorizes data for online services\". Microsoft Corporation. Archived from the original on 19 May 2021. https:\/\/web.archive.org\/web\/20210519053953\/https:\/\/www.microsoft.com\/en-us\/trust-center\/privacy\/customer-data-definitions . Retrieved 04 August 2023 .   \n \n\n\u2191 Mazzoli, R.; Cross, K.C.; Vukos-Walker, C. et al. (25 April 2023). \"Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic and Clinical Health (HITECH) Act\". Microsoft Documentation. Microsoft Documentation. https:\/\/docs.microsoft.com\/en-us\/compliance\/regulatory\/offering-hipaa-hitech . Retrieved 04 August 2023 .   \n \n\n\u2191 25.0 25.1 \"Microsoft Products and Services Data Protection Addendum (DPA)\". Microsoft Corporation. January 2023. https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Microsoft Continues to Outsource Internal Support and Services\". Microsoft Corporation. 2 January 1996. https:\/\/news.microsoft.com\/1996\/01\/02\/microsoft-continues-to-outsource-internal-support-and-services\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 Bowie, W. (6 February 2016). \"Why does MS outsource technical support to people who don't speak english?\". Microsoft Community. Microsoft Corporation. https:\/\/answers.microsoft.com\/en-us\/msoffice\/forum\/all\/why-does-ms-outsource-technical-support-to-people\/fb2e0b2a-7bbb-478e-9b43-22aaebd783ca . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Azure Expert Managed Service Providers (MSPs)\". Microsoft. https:\/\/www.microsoft.com\/azure\/partners\/azureexpertmsp . Retrieved 04 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Microsoft_Azure\">https:\/\/www.limswiki.org\/index.php\/Microsoft_Azure<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 4 August 2023, at 18:09.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,939 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","7681c52cec6f9c9f1cdd85f4aa70a424_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Microsoft_Azure rootpage-Microsoft_Azure skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Microsoft Azure<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Microsoft Azure<\/b> is a collection of public, private, hybrid, and multicloud <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> services offered by Microsoft, an American multinational information technology company. Microsoft Azure deploys to over 160 data centers in various locations around the world.<sup id=\"rdp-ebb-cite_ref-MicrosoftAzureGlobal_2-0\" class=\"reference\"><a href=\"#cite_note-MicrosoftAzureGlobal-2\">[2]<\/a><\/sup> More than 200 different products and services are associated with Microsoft Azure, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, <a href=\"https:\/\/www.limswiki.org\/index.php\/Data_analysis\" title=\"Data analysis\" class=\"wiki-link\" data-key=\"545c95e40ca67c9e63cd0a16042a5bd1\">data analysis<\/a>, container management, developer support, <a href=\"https:\/\/www.limswiki.org\/index.php\/Blockchain\" title=\"Blockchain\" class=\"wiki-link\" data-key=\"ae8b186c311716aca561aaee91944f8e\">blockchain<\/a> management, media management, <a href=\"https:\/\/www.limswiki.org\/index.php\/Internet_of_things\" title=\"Internet of things\" class=\"wiki-link\" data-key=\"13e0b826fa1770fe4bea72e3cb942f0f\">internet of things<\/a>, and <a href=\"https:\/\/www.limswiki.org\/index.php\/Artificial_intelligence\" title=\"Artificial intelligence\" class=\"wiki-link\" data-key=\"0c45a597361ca47e1cd8112af676276e\">artificial intelligence<\/a>.<sup id=\"rdp-ebb-cite_ref-MicrosoftAzureProd_3-0\" class=\"reference\"><a href=\"#cite_note-MicrosoftAzureProd-3\">[3]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>Known <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a> and related organizations leaning on Azure include the Association of Public Health Laboratories<sup id=\"rdp-ebb-cite_ref-APHLBringing20_4-0\" class=\"reference\"><a href=\"#cite_note-APHLBringing20-4\">[4]<\/a><\/sup>, Bio-Rad Laboratories<sup id=\"rdp-ebb-cite_ref-BioRadAPIPortal_5-0\" class=\"reference\"><a href=\"#cite_note-BioRadAPIPortal-5\">[5]<\/a><\/sup>, Northwest Nuclear Laboratories<sup id=\"rdp-ebb-cite_ref-NNLITTech_6-0\" class=\"reference\"><a href=\"#cite_note-NNLITTech-6\">[6]<\/a><\/sup>, and PathWest Laboratory Medicine WA.<sup id=\"rdp-ebb-cite_ref-Yates-RobertsPath20_7-0\" class=\"reference\"><a href=\"#cite_note-Yates-RobertsPath20-7\">[7]<\/a><\/sup> Additionally, laboratory informatics software developers like <a href=\"https:\/\/www.limswiki.org\/index.php\/BtB_Software,_LLC\" title=\"BtB Software, LLC\" class=\"wiki-link\" data-key=\"cdadfda55eed0bfe3c05267547fbd786\">BtB Software, LLC<\/a><sup id=\"rdp-ebb-cite_ref-BtBHome_8-0\" class=\"reference\"><a href=\"#cite_note-BtBHome-8\">[8]<\/a><\/sup>, EarthSoft<sup id=\"rdp-ebb-cite_ref-ESEquis17_9-0\" class=\"reference\"><a href=\"#cite_note-ESEquis17-9\">[9]<\/a><\/sup>, <a href=\"https:\/\/www.limswiki.org\/index.php\/Eusoft_Srl\" title=\"Eusoft Srl\" class=\"wiki-link\" data-key=\"b325934cae067817cae507c40d9e4e5c\">Eusoft Srl<\/a><sup id=\"rdp-ebb-cite_ref-EusoftLIMS19_10-0\" class=\"reference\"><a href=\"#cite_note-EusoftLIMS19-10\">[10]<\/a><\/sup>, and TRIBVN Healthcare<sup id=\"rdp-ebb-cite_ref-TP_TRIBVN20_11-0\" class=\"reference\"><a href=\"#cite_note-TP_TRIBVN20-11\">[11]<\/a><\/sup> also turn to Microsoft Azure to host their software solutions. A Microsoft Azure representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Microsoft Azure.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>It will ultimately be up to your organization to get an answer from Microsoft tailored to your systems and business processes. However, this much can be said about Microsoft Azure integrations. Microsoft provides a list of <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/en-us\/products\/category\/integration\/\" target=\"_blank\">six integration tools<\/a> to better integrate applications, data, and processes seamlessly: Azure Logic Apps, Service Bus, API Management, Event Grid, Azure Functions, and Azure Data Factory. These tools assist with workflow management, hybrid cloud connections, API management, service management, and event-driven process management.<sup id=\"rdp-ebb-cite_ref-MicrosoftIntegrat_12-0\" class=\"reference\"><a href=\"#cite_note-MicrosoftIntegrat-12\">[12]<\/a><\/sup> Consult the documentation for each to learn more.\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Some public information is made available about historic outages and downtime. Microsoft Azure has a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.status.microsoft\/en-us\/status\" target=\"_blank\">systems status page<\/a> with status history (you have to click on the \"Azure status history\" link at the top right). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a Microsoft Azure representative may reveal more historical downtime history for the services you are interested in.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>Microsoft Azure does not make this answer clear. However, the answer is likely tied to what <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/en-us\/support\/plans\/\" target=\"_blank\">after-sales support plan<\/a> you choose. Confirm with Microsoft Azure what downtime support they provide based on the services your organization are interested in.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>Microsoft Azure organizes its data centers into \"geographies,\" which contain one or more regions. Some regions have availability zones, some don't. Those regions that don't have availability zones may use \"availability sets,\" a logical grouping of virtual machines, to provide redundancy and availability.<sup id=\"rdp-ebb-cite_ref-MicrosoftEnabling21_13-0\" class=\"reference\"><a href=\"#cite_note-MicrosoftEnabling21-13\">[13]<\/a><\/sup> Azure uses its Content Delivery Network \"for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world.\"<sup id=\"rdp-ebb-cite_ref-UaWhat18_14-0\" class=\"reference\"><a href=\"#cite_note-UaWhat18-14\">[14]<\/a><\/sup> When moving data to and from on-premises and Microsoft Azure systems, multiple <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/architecture\/data-guide\/scenarios\/data-transfer\" target=\"_blank\">transfer options<\/a> exist, including physical transport (via Azure Import\/Export or Azure Data Box), programmatic data transfer (via Azure CLI, AzCopy, PowerShell, etc.), or managed service transfer (via Azure Data Factory).<sup id=\"rdp-ebb-cite_ref-TejadaTrans19_15-0\" class=\"reference\"><a href=\"#cite_note-TejadaTrans19-15\">[15]<\/a><\/sup> As for the <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/encryption-overview\" target=\"_blank\">security of data in transit<\/a>, Microsoft addresses this with various encryption mechanisms, including data-link layer encryption, TLS encryption, HTTPS, SMB encryption, SSH, etc.<sup id=\"rdp-ebb-cite_ref-BaldwinAzure20_16-0\" class=\"reference\"><a href=\"#cite_note-BaldwinAzure20-16\">[16]<\/a><\/sup> Consult the documentation or a representative for more information. \n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>Microsoft Azure says this about physical security in relation to its personnel<sup id=\"rdp-ebb-cite_ref-LanfearAzure20_17-0\" class=\"reference\"><a href=\"#cite_note-LanfearAzure20-17\">[17]<\/a><\/sup>:\n<\/p>\n<blockquote><p>A need-to-access basis helps keep the number of individuals needed to complete a task in the datacenters to the bare minimum. After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification. Permissions are limited to a certain period of time, and then expire.<\/p><\/blockquote>\n<p>However, Microsoft doesn't publicly mention anything about the certifications and compliance training any of those personnel have. This is a conversation to have with a Microsoft Azure representative.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Not all <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/en-us\/explore\/global-infrastructure\/geographies\/\" target=\"_blank\">Microsoft Azure machines<\/a> have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>Microsoft Azure has moved past a paradigm of physical separation of data pools. In a Microsoft Policy Paper, the company argues that \"multitenant environments meet the same standards as physically separated ones,\" while providing context to seven common security concerns raised by those wary of logical separation in the cloud. They add that \"[s]uch concerns should, however, be considered in a larger context of balancing benefits and risks, e.g., comparing the competitiveness impact of not moving to the cloud with the risk of downtime should a cloud provider suffer an outage.\"<sup id=\"rdp-ebb-cite_ref-MicrosoftSecurityImp_18-0\" class=\"reference\"><a href=\"#cite_note-MicrosoftSecurityImp-18\">[18]<\/a><\/sup>\n<\/p><p>The concept of tenant isolation is addressed by Microsoft Azure in multiple documents. The <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/isolation-choices\" target=\"_blank\">primary documentation<\/a> addresses the concepts and architecture behind Microsoft Azure's tenant isolation practices, while another <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-government\/azure-secure-isolation-guidance\" target=\"_blank\">lengthy document<\/a> addresses the security aspects of tenancy isolation behind Microsoft Azure. Further technical details on how your data is segregated, if required, may be garnered in discussion with Microsoft Azure.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>Microsoft Azure documents its security practices in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/security\/fundamentals\/\" target=\"_blank\">Azure security documentation<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/en-us\/explore\/security\/\" target=\"_blank\">Azure security overview<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/overview\" target=\"_blank\">Introduction to Azure security<\/a><\/li><\/ul>\n<p>Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with a Microsoft Azure representative to obtain them.\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>Customers can perform penetration testing of their own Azure-hosted applications without pre-approval, though they must still comply with Microsoft Cloud Unified Penetration Testing Rules of Engagement.<sup id=\"rdp-ebb-cite_ref-LanfearPen21_19-0\" class=\"reference\"><a href=\"#cite_note-LanfearPen21-19\">[19]<\/a><\/sup> As for internal security testing, a 2014 blog post (along with a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/download.microsoft.com\/download\/C\/1\/9\/C1990DBA-502F-4C2A-848D-392B93D9B9C3\/Microsoft_Enterprise_Cloud_Red_Teaming.pdf\" target=\"_blank\">detailed whitepaper<\/a>) indicates that Microsoft Azure security gets tested by its Red Team.<sup id=\"rdp-ebb-cite_ref-FieldRed14_20-0\" class=\"reference\"><a href=\"#cite_note-FieldRed14-20\">[20]<\/a><\/sup> That practice is still presumably active today, but confirm this with a Microsoft Azure representative.\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p><i>Audits<\/i>: For customer security auditing, Microsoft states that \"Azure provides a wide array of configurable <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/log-audit\" target=\"_blank\">security auditing and logging options<\/a> to help you identify gaps in your security policies and mechanisms.\"<sup id=\"rdp-ebb-cite_ref-LanfearAzure19_21-0\" class=\"reference\"><a href=\"#cite_note-LanfearAzure19-21\">[21]<\/a><\/sup> Internally, Microsoft Azure conducts auditing tasks of its own systems, for example with access control. \"All access to customer data is strictly logged, and both Microsoft and third parties perform regular audits (as well as sample audits) to attest that any access is appropriate.\"<sup id=\"rdp-ebb-cite_ref-MicrosoftEnabling21_13-1\" class=\"reference\"><a href=\"#cite_note-MicrosoftEnabling21-13\">[13]<\/a><\/sup> It also references its SOC audits \"twice a year to verify the effectiveness of its security controls in audit scope.\"<sup id=\"rdp-ebb-cite_ref-MicrosoftEnabling21_13-2\" class=\"reference\"><a href=\"#cite_note-MicrosoftEnabling21-13\">[13]<\/a><\/sup>\n<\/p><p><i>Intrusion detection and reporting<\/i>: Microsoft Azure <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/threat-detection\" target=\"_blank\">provides documentation<\/a> to customers on its various threat protection services, including Azure Active Directory, Azure Monitor, and Azure Security Center. These options provide \"a wide array of options to configure and customize security to meet the requirements of your app deployments.\"<sup id=\"rdp-ebb-cite_ref-LanfearAzure21_22-0\" class=\"reference\"><a href=\"#cite_note-LanfearAzure21-22\">[22]<\/a><\/sup> As for its own intrusion detection, Microsoft Azure leans on its Detection and Response Team (DART) to support its own intrusion detection and reporting needs. For more details on internal threat detection and reporting, discuss this with a representative.\n<\/p><p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>Microsoft Azure details its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.microsoft.com\/en-us\/trust-center\/privacy\/customer-data-definitions\" target=\"_blank\">data definitions<\/a> and gives examples of those categories of data, including a little information about what happens to that data. It appears to classify logs as part of service-generated data<sup id=\"rdp-ebb-cite_ref-MicrosoftHowMicroCat_23-0\" class=\"reference\"><a href=\"#cite_note-MicrosoftHowMicroCat-23\">[23]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Microsoft aggregates this data from our online services and uses it to make sure performance, security, scaling, and other services that impact the customer experience are operating at the levels our customers require. For example, to understand how to ramp up data center capacity as a customer's use of Microsoft Teams increases, we process log data of their Teams usage. We then review the logs for peak times and decide which data centers to add to meet this capacity.<\/p><\/blockquote>\n<p>However, sometime in 2022, Microsoft removed \"service-generated data\" from its page, for unknown reasons. Be sure a Microsoft Azure representative provides additional details about what logging information they collect and use as it relates to your data.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>Microsoft Azure users can view their own logs. However, it's unclear if you are able to audit internal Azure operation logs on-demand. This is a conversation to have with a representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>Yes, Microsoft Azure will sign a business associate agreement.<sup id=\"rdp-ebb-cite_ref-MazzoliHealth21_24-0\" class=\"reference\"><a href=\"#cite_note-MazzoliHealth21-24\">[24]<\/a><\/sup> Consult their <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/compliance\/regulatory\/offering-hipaa-hitech\" target=\"_blank\">documentation<\/a> for more details on their approach to HIPAA compliance.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>Per the Online Services Data Protection Addendum<sup id=\"rdp-ebb-cite_ref-MicrosoftOnline20_25-0\" class=\"reference\"><a href=\"#cite_note-MicrosoftOnline20-25\">[25]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Except for free trials and LinkedIn services, Microsoft will retain Customer Data that remains stored in Online Services in a limited function account for 90 days after expiration or termination of Customer\u2019s subscription so that Customer may extract the data. After the 90-day retention period ends, Microsoft will disable Customer\u2019s account and delete the Customer Data and Personal Data stored in Online Services within an additional 90 days, unless authorized under this DPA to retain such data.<\/p><\/blockquote>\n<p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how Microsoft Azure would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, Microsoft Azure uses either availability zones or availability sets for ensuring data availability and redundancy. Those regions with availability zones typically have three. Those regions instead using sets use an undetermined number of them.<sup id=\"rdp-ebb-cite_ref-MicrosoftEnabling21_13-3\" class=\"reference\"><a href=\"#cite_note-MicrosoftEnabling21-13\">[13]<\/a><\/sup> In regions with availability zones, \"[i]f one zone should fail, the [virtual machines] in the other zones will continue to run and Azure will load balance without impacting the customer\u2019s applications.\"<sup id=\"rdp-ebb-cite_ref-MicrosoftEnabling21_13-4\" class=\"reference\"><a href=\"#cite_note-MicrosoftEnabling21-13\">[13]<\/a><\/sup> As for availability sets, \"[i]f a hardware or software failure occurs, only a subset of your [virtual machines] are impacted and your overall solution stays operational.\"<sup id=\"rdp-ebb-cite_ref-MicrosoftEnabling21_13-5\" class=\"reference\"><a href=\"#cite_note-MicrosoftEnabling21-13\">[13]<\/a><\/sup> It's highly unlikely that all availability zones or sets would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with a Microsoft Azure representative.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>Per the Online Services Data Protection Addendum, \"[a]t all times during the term of Customer\u2019s subscription, Customer will have the ability to access, extract, and delete Customer Data stored in each Online Service.\"<sup id=\"rdp-ebb-cite_ref-MicrosoftOnline20_25-1\" class=\"reference\"><a href=\"#cite_note-MicrosoftOnline20-25\">[25]<\/a><\/sup> However, the format of that data is not addressed. Discuss this topic with a Microsoft Azure representative.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>Stories<sup id=\"rdp-ebb-cite_ref-MicrosoftContinues96_26-0\" class=\"reference\"><a href=\"#cite_note-MicrosoftContinues96-26\">[26]<\/a><\/sup> and anecdotes<sup id=\"rdp-ebb-cite_ref-BowieWhy16_27-0\" class=\"reference\"><a href=\"#cite_note-BowieWhy16-27\">[27]<\/a><\/sup> of outsourced support services occasionally crop up. Discuss this with a Microsoft Azure representative if you're concerned about localized support services.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Microsoft Azure does not provide managed security services. However, Azure customers can utilize partnered \"Azure Expert Managed Service Providers.\"<sup id=\"rdp-ebb-cite_ref-AzureMSSP_28-0\" class=\"reference\"><a href=\"#cite_note-AzureMSSP-28\">[28]<\/a><\/sup>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/servicetrust.microsoft.com\/ViewPage\/HomePageVNext\" target=\"_blank\">Audit reports<\/a> (requires log in)<\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/en-us\/resources\/microsoft-azure-compliance-offerings\/\" target=\"_blank\">Azure compliance offerings whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/mediahandler\/files\/resourcefiles\/achieving-compliant-data-residency-and-security-with-azure\/Enabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf\" target=\"_blank\">Azure data residency and protection whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/mediahandler\/files\/resourcefiles\/azure-integration-services\/Azure-Integration-Services-Whitepaper-v1-0.pdf\" target=\"_blank\">Azure integration services whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/\" target=\"_blank\">Azure security documentation<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/site-recovery\/\" target=\"_blank\">Disaster recovery documentation<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/compliance\/offerings\/offering-hipaa-us\" target=\"_blank\">HIPAA compliance<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/architecture\/framework\/\" target=\"_blank\">Microsoft Azure well-architected framework<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.microsoft.com\/azure\/partners\/azureexpertmsp\" target=\"_blank\">Microsoft Azure Expert Managed Service Providers<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/shared-responsibility\" target=\"_blank\">Microsoft Azure shared responsibility model<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/en-us\/explore\/trusted-cloud\/\" target=\"_blank\">Microsoft Azure trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-ViswanathanMicro23-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ViswanathanMicro23_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Viswanathan, P. (30 June 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.bigtechwire.com\/2023\/06\/30\/microsoft-azure-generated-34b-in-revenue-in-fy22-about-half-of-the-revenue-of-aws\/\" target=\"_blank\">\"Microsoft Azure\u2019s Real Revenue Revealed: How Does It Compare to AWS?\"<\/a>. <i>BigTechWire<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.bigtechwire.com\/2023\/06\/30\/microsoft-azure-generated-34b-in-revenue-in-fy22-about-half-of-the-revenue-of-aws\/\" target=\"_blank\">https:\/\/www.bigtechwire.com\/2023\/06\/30\/microsoft-azure-generated-34b-in-revenue-in-fy22-about-half-of-the-revenue-of-aws\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Microsoft+Azure%E2%80%99s+Real+Revenue+Revealed%3A+How+Does+It+Compare+to+AWS%3F&rft.atitle=BigTechWire&rft.aulast=Viswanathan%2C+P.&rft.au=Viswanathan%2C+P.&rft.date=30+June+2023&rft_id=https%3A%2F%2Fwww.bigtechwire.com%2F2023%2F06%2F30%2Fmicrosoft-azure-generated-34b-in-revenue-in-fy22-about-half-of-the-revenue-of-aws%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MicrosoftAzureGlobal-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MicrosoftAzureGlobal_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/en-us\/explore\/global-infrastructure\/\" target=\"_blank\">\"Azure Global Infrastructure\"<\/a>. Microsoft<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/azure.microsoft.com\/en-us\/explore\/global-infrastructure\/\" target=\"_blank\">https:\/\/azure.microsoft.com\/en-us\/explore\/global-infrastructure\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Azure+Global+Infrastructure&rft.atitle=&rft.pub=Microsoft&rft_id=https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fexplore%2Fglobal-infrastructure%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MicrosoftAzureProd-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MicrosoftAzureProd_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/en-us\/products\/\" target=\"_blank\">\"Azure Products\"<\/a>. Microsoft<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/azure.microsoft.com\/en-us\/products\/\" target=\"_blank\">https:\/\/azure.microsoft.com\/en-us\/products\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Azure+Products&rft.atitle=&rft.pub=Microsoft&rft_id=https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fproducts%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-APHLBringing20-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-APHLBringing20_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.aphlblog.org\/bringing-covid-19-exposure-notification-to-the-public-health-community\/\" target=\"_blank\">\"Bringing COVID-19 exposure notification to the public health community\"<\/a>. Association of Public Health Laboratories. 17 July 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.aphlblog.org\/bringing-covid-19-exposure-notification-to-the-public-health-community\/\" target=\"_blank\">https:\/\/www.aphlblog.org\/bringing-covid-19-exposure-notification-to-the-public-health-community\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Bringing+COVID-19+exposure+notification+to+the+public+health+community&rft.atitle=&rft.date=17+July+2020&rft.pub=Association+of+Public+Health+Laboratories&rft_id=https%3A%2F%2Fwww.aphlblog.org%2Fbringing-covid-19-exposure-notification-to-the-public-health-community%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BioRadAPIPortal-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BioRadAPIPortal_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/bioradqsdapim-non-prod.portal.azure-api.net\/\" target=\"_blank\">\"Bio-Rad Laboratories, Inc. API\"<\/a>. Bio-Rad Laboratories, Inc.<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/bioradqsdapim-non-prod.portal.azure-api.net\/\" target=\"_blank\">https:\/\/bioradqsdapim-non-prod.portal.azure-api.net\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Bio-Rad+Laboratories%2C+Inc.+API&rft.atitle=&rft.pub=Bio-Rad+Laboratories%2C+Inc.&rft_id=https%3A%2F%2Fbioradqsdapim-non-prod.portal.azure-api.net%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NNLITTech-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NNLITTech_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nwnlabs.org\/computer-science\" target=\"_blank\">\"IT Technology & Telemetry\"<\/a>. Northwest Nuclear Laboratories<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.nwnlabs.org\/computer-science\" target=\"_blank\">https:\/\/www.nwnlabs.org\/computer-science<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IT+Technology+%26+Telemetry&rft.atitle=&rft.pub=Northwest+Nuclear+Laboratories&rft_id=https%3A%2F%2Fwww.nwnlabs.org%2Fcomputer-science&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Yates-RobertsPath20-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Yates-RobertsPath20_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Yates-Roberts, E. (3 September 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210227162040\/https:\/\/www.technologyrecord.com\/Article\/pathwest-uses-microsoft-azure-to-improve-transplant-outcomes-112083\" target=\"_blank\">\"PathWest uses Microsoft Azure to improve transplant outcomes\"<\/a>. <i>The Record<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.technologyrecord.com\/Article\/pathwest-uses-microsoft-azure-to-improve-transplant-outcomes-112083\" target=\"_blank\">the original<\/a> on 03 September 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210227162040\/https:\/\/www.technologyrecord.com\/Article\/pathwest-uses-microsoft-azure-to-improve-transplant-outcomes-112083\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210227162040\/https:\/\/www.technologyrecord.com\/Article\/pathwest-uses-microsoft-azure-to-improve-transplant-outcomes-112083<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=PathWest+uses+Microsoft+Azure+to+improve+transplant+outcomes&rft.atitle=The+Record&rft.aulast=Yates-Roberts%2C+E.&rft.au=Yates-Roberts%2C+E.&rft.date=3+September+2020&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210227162040%2Fhttps%3A%2F%2Fwww.technologyrecord.com%2FArticle%2Fpathwest-uses-microsoft-azure-to-improve-transplant-outcomes-112083&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BtBHome-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BtBHome_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.btbsoftware.com\/\" target=\"_blank\">\"BtB Software: LIMS; Designed for Public Health and Private Clinical Laboratories\"<\/a>. BtB Software, LLC<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.btbsoftware.com\/\" target=\"_blank\">https:\/\/www.btbsoftware.com\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=BtB+Software%3A+LIMS%3B+Designed+for+Public+Health+and+Private+Clinical+Laboratories&rft.atitle=&rft.pub=BtB+Software%2C+LLC&rft_id=https%3A%2F%2Fwww.btbsoftware.com%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ESEquis17-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ESEquis17_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/earthsoft.com\/wp-content\/uploads\/2017\/08\/Microsoft-Azure-Partner-Datasheet-EarthSoft.pdf\" target=\"_blank\">\"EQuIS Software Offerings on Microsoft Azure Query and Export Data, Integrate with Sensors, and Serve Other Environmental Project Management Needs\"<\/a> (PDF). Microsoft Corporation. 2017<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/earthsoft.com\/wp-content\/uploads\/2017\/08\/Microsoft-Azure-Partner-Datasheet-EarthSoft.pdf\" target=\"_blank\">https:\/\/earthsoft.com\/wp-content\/uploads\/2017\/08\/Microsoft-Azure-Partner-Datasheet-EarthSoft.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=EQuIS+Software+Offerings+on+Microsoft+Azure+Query+and+Export+Data%2C+Integrate+with+Sensors%2C+and+Serve+Other+Environmental+Project+Management+Needs&rft.atitle=&rft.date=2017&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fearthsoft.com%2Fwp-content%2Fuploads%2F2017%2F08%2FMicrosoft-Azure-Partner-Datasheet-EarthSoft.pdf&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EusoftLIMS19-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-EusoftLIMS19_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.eusoft.co.uk\/meeting\/free-lims-webinar-advantages-and-challenges-of-the-cloud-computing\/\" target=\"_blank\">\"LIMS Webinar: Advantages and challenges of the Cloud Computing\"<\/a>. Eusoft Srl. 2 May 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.eusoft.co.uk\/meeting\/free-lims-webinar-advantages-and-challenges-of-the-cloud-computing\/\" target=\"_blank\">https:\/\/www.eusoft.co.uk\/meeting\/free-lims-webinar-advantages-and-challenges-of-the-cloud-computing\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=LIMS+Webinar%3A+Advantages+and+challenges+of+the+Cloud+Computing&rft.atitle=&rft.date=2+May+2019&rft.pub=Eusoft+Srl&rft_id=https%3A%2F%2Fwww.eusoft.co.uk%2Fmeeting%2Ffree-lims-webinar-advantages-and-challenges-of-the-cloud-computing%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TP_TRIBVN20-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TP_TRIBVN20_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">TRIBVN Healthcare (7 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/tissuepathology.com\/2020\/12\/07\/tribvn-healthcare-announces-full-compatibility-of-its-digital-health-solutions-with-microsoft-azure\/\" target=\"_blank\">\"TRIBVN Healthcare Announces Full Compatibility of its Digital Health Solutions with Microsoft Azure\"<\/a>. <i>TissuePathology.com<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/tissuepathology.com\/2020\/12\/07\/tribvn-healthcare-announces-full-compatibility-of-its-digital-health-solutions-with-microsoft-azure\/\" target=\"_blank\">https:\/\/tissuepathology.com\/2020\/12\/07\/tribvn-healthcare-announces-full-compatibility-of-its-digital-health-solutions-with-microsoft-azure\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=TRIBVN+Healthcare+Announces+Full+Compatibility+of+its+Digital+Health+Solutions+with+Microsoft+Azure&rft.atitle=TissuePathology.com&rft.aulast=TRIBVN+Healthcare&rft.au=TRIBVN+Healthcare&rft.date=7+December+2020&rft_id=https%3A%2F%2Ftissuepathology.com%2F2020%2F12%2F07%2Ftribvn-healthcare-announces-full-compatibility-of-its-digital-health-solutions-with-microsoft-azure%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MicrosoftIntegrat-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MicrosoftIntegrat_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/en-us\/products\/category\/integration\/\" target=\"_blank\">\"Integration Services\"<\/a>. Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/azure.microsoft.com\/en-us\/products\/category\/integration\/\" target=\"_blank\">https:\/\/azure.microsoft.com\/en-us\/products\/category\/integration\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Integration+Services&rft.atitle=&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fproducts%2Fcategory%2Fintegration%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MicrosoftEnabling21-13\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-MicrosoftEnabling21_13-0\">13.0<\/a><\/sup> <sup><a href=\"#cite_ref-MicrosoftEnabling21_13-1\">13.1<\/a><\/sup> <sup><a href=\"#cite_ref-MicrosoftEnabling21_13-2\">13.2<\/a><\/sup> <sup><a href=\"#cite_ref-MicrosoftEnabling21_13-3\">13.3<\/a><\/sup> <sup><a href=\"#cite_ref-MicrosoftEnabling21_13-4\">13.4<\/a><\/sup> <sup><a href=\"#cite_ref-MicrosoftEnabling21_13-5\">13.5<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/mediahandler\/files\/resourcefiles\/achieving-compliant-data-residency-and-security-with-azure\/Enabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf\" target=\"_blank\">\"Enabling Data Residency and Data Protection in Microsoft Azure Regions\"<\/a> (PDF). Microsoft Corporation. April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/azure.microsoft.com\/mediahandler\/files\/resourcefiles\/achieving-compliant-data-residency-and-security-with-azure\/Enabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf\" target=\"_blank\">https:\/\/azure.microsoft.com\/mediahandler\/files\/resourcefiles\/achieving-compliant-data-residency-and-security-with-azure\/Enabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Enabling+Data+Residency+and+Data+Protection+in+Microsoft+Azure+Regions&rft.atitle=&rft.date=April+2021&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fazure.microsoft.com%2Fmediahandler%2Ffiles%2Fresourcefiles%2Fachieving-compliant-data-residency-and-security-with-azure%2FEnabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-UaWhat18-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-UaWhat18_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Ua, D.; Sudbring, A.; Coulter, D. et al. (27 March 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/cdn\/cdn-overview\" target=\"_blank\">\"What is a content delivery network on Azure?\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/cdn\/cdn-overview\" target=\"_blank\">https:\/\/learn.microsoft.com\/en-us\/azure\/cdn\/cdn-overview<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+a+content+delivery+network+on+Azure%3F&rft.atitle=Microsoft+Documentation&rft.aulast=Ua%2C+D.%3B+Sudbring%2C+A.%3B+Coulter%2C+D.+et+al.&rft.au=Ua%2C+D.%3B+Sudbring%2C+A.%3B+Coulter%2C+D.+et+al.&rft.date=27+March+2023&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fcdn%2Fcdn-overview&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TejadaTrans19-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TejadaTrans19_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Tejada, Z.; Kshirsagar, D.; Coulter, D. et al. (16 December 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/architecture\/data-guide\/scenarios\/data-transfer\" target=\"_blank\">\"Transfer data to and from Azure\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/architecture\/data-guide\/scenarios\/data-transfer\" target=\"_blank\">https:\/\/docs.microsoft.com\/en-us\/azure\/architecture\/data-guide\/scenarios\/data-transfer<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Transfer+data+to+and+from+Azure&rft.atitle=Microsoft+Documentation&rft.aulast=Tejada%2C+Z.%3B+Kshirsagar%2C+D.%3B+Coulter%2C+D.+et+al.&rft.au=Tejada%2C+Z.%3B+Kshirsagar%2C+D.%3B+Coulter%2C+D.+et+al.&rft.date=16+December+2022&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Farchitecture%2Fdata-guide%2Fscenarios%2Fdata-transfer&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BaldwinAzure20-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BaldwinAzure20_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Baldwin, M.; Coulter, D.; Campise, K. et al. (23 February 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/encryption-overview\" target=\"_blank\">\"Azure encryption overview\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/encryption-overview\" target=\"_blank\">https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/encryption-overview<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Azure+encryption+overview&rft.atitle=Microsoft+Documentation&rft.aulast=Baldwin%2C+M.%3B+Coulter%2C+D.%3B+Campise%2C+K.+et+al.&rft.au=Baldwin%2C+M.%3B+Coulter%2C+D.%3B+Campise%2C+K.+et+al.&rft.date=23+February+2023&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity%2Ffundamentals%2Fencryption-overview&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LanfearAzure20-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LanfearAzure20_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lanfear, T.; Lehr, B.; Wassenaar, B. et al. (13 February 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/security\/fundamentals\/physical-security\" target=\"_blank\">\"Azure facilities, premises, and physical security\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/security\/fundamentals\/physical-security\" target=\"_blank\">https:\/\/learn.microsoft.com\/en-us\/azure\/security\/fundamentals\/physical-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Azure+facilities%2C+premises%2C+and+physical+security&rft.atitle=Microsoft+Documentation&rft.aulast=Lanfear%2C+T.%3B+Lehr%2C+B.%3B+Wassenaar%2C+B.+et+al.&rft.au=Lanfear%2C+T.%3B+Lehr%2C+B.%3B+Wassenaar%2C+B.+et+al.&rft.date=13+February+2023&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fsecurity%2Ffundamentals%2Fphysical-security&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MicrosoftSecurityImp-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MicrosoftSecurityImp_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/REXpGk\" target=\"_blank\">\"Security implications of logical separation in the cloud\"<\/a> (PDF). Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/REXpGk\" target=\"_blank\">https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/REXpGk<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Security+implications+of+logical+separation+in+the+cloud&rft.atitle=&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fquery.prod.cms.rt.microsoft.com%2Fcms%2Fapi%2Fam%2Fbinary%2FREXpGk&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LanfearPen21-19\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LanfearPen21_19-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lanfear, T.; Toh, A.; Coulter, D. et al. (1 April 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/pen-testing\" target=\"_blank\">\"Penetration testing\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/pen-testing\" target=\"_blank\">https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/pen-testing<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Penetration+testing&rft.atitle=Microsoft+Documentation&rft.aulast=Lanfear%2C+T.%3B+Toh%2C+A.%3B+Coulter%2C+D.+et+al.&rft.au=Lanfear%2C+T.%3B+Toh%2C+A.%3B+Coulter%2C+D.+et+al.&rft.date=1+April+2023&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity%2Ffundamentals%2Fpen-testing&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FieldRed14-20\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FieldRed14_20-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Field, S. (11 November 2014). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/red-teaming-using-cutting-edge-threat-simulation-to-harden-the-microsoft-enterprise-cloud\/\" target=\"_blank\">\"Red Teaming: Using Cutting-Edge Threat Simulation to Harden the Microsoft Enterprise Cloud\"<\/a>. <i>Microsoft Azure Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/red-teaming-using-cutting-edge-threat-simulation-to-harden-the-microsoft-enterprise-cloud\/\" target=\"_blank\">https:\/\/azure.microsoft.com\/en-us\/blog\/red-teaming-using-cutting-edge-threat-simulation-to-harden-the-microsoft-enterprise-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Red+Teaming%3A+Using+Cutting-Edge+Threat+Simulation+to+Harden+the+Microsoft+Enterprise+Cloud&rft.atitle=Microsoft+Azure+Blog&rft.aulast=Field%2C+S.&rft.au=Field%2C+S.&rft.date=11+November+2014&rft_id=https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fred-teaming-using-cutting-edge-threat-simulation-to-harden-the-microsoft-enterprise-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LanfearAzure19-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LanfearAzure19_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lanfear, T.; Wren, B.; Coulter, D. et al. (19 January 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/log-audit\" target=\"_blank\">\"Azure security logging and auditing\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/log-audit\" target=\"_blank\">https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/log-audit<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Azure+security+logging+and+auditing&rft.atitle=Microsoft+Documentation&rft.aulast=Lanfear%2C+T.%3B+Wren%2C+B.%3B+Coulter%2C+D.+et+al.&rft.au=Lanfear%2C+T.%3B+Wren%2C+B.%3B+Coulter%2C+D.+et+al.&rft.date=19+January+2023&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity%2Ffundamentals%2Flog-audit&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LanfearAzure21-22\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LanfearAzure21_22-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lanfear, T.; Mel; Wren, B. et al. (9 March 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/threat-detection\" target=\"_blank\">\"Azure threat protection\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/threat-detection\" target=\"_blank\">https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/threat-detection<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Azure+threat+protection&rft.atitle=Microsoft+Documentation&rft.aulast=Lanfear%2C+T.%3B+Mel%3B+Wren%2C+B.+et+al.&rft.au=Lanfear%2C+T.%3B+Mel%3B+Wren%2C+B.+et+al.&rft.date=9+March+2023&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity%2Ffundamentals%2Fthreat-detection&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MicrosoftHowMicroCat-23\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MicrosoftHowMicroCat_23-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210519053953\/https:\/\/www.microsoft.com\/en-us\/trust-center\/privacy\/customer-data-definitions\" target=\"_blank\">\"How Microsoft categorizes data for online services\"<\/a>. Microsoft Corporation. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.microsoft.com\/en-us\/trust-center\/privacy\/customer-data-definitions\" target=\"_blank\">the original<\/a> on 19 May 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210519053953\/https:\/\/www.microsoft.com\/en-us\/trust-center\/privacy\/customer-data-definitions\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210519053953\/https:\/\/www.microsoft.com\/en-us\/trust-center\/privacy\/customer-data-definitions<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+Microsoft+categorizes+data+for+online+services&rft.atitle=&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210519053953%2Fhttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Ftrust-center%2Fprivacy%2Fcustomer-data-definitions&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MazzoliHealth21-24\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MazzoliHealth21_24-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mazzoli, R.; Cross, K.C.; Vukos-Walker, C. et al. (25 April 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/compliance\/regulatory\/offering-hipaa-hitech\" target=\"_blank\">\"Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic and Clinical Health (HITECH) Act\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft Documentation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.microsoft.com\/en-us\/compliance\/regulatory\/offering-hipaa-hitech\" target=\"_blank\">https:\/\/docs.microsoft.com\/en-us\/compliance\/regulatory\/offering-hipaa-hitech<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Health+Insurance+Portability+and+Accountability+Act+%28HIPAA%29+%26+Health+Information+Technology+for+Economic+and+Clinical+Health+%28HITECH%29+Act&rft.atitle=Microsoft+Documentation&rft.aulast=Mazzoli%2C+R.%3B+Cross%2C+K.C.%3B+Vukos-Walker%2C+C.+et+al.&rft.au=Mazzoli%2C+R.%3B+Cross%2C+K.C.%3B+Vukos-Walker%2C+C.+et+al.&rft.date=25+April+2023&rft.pub=Microsoft+Documentation&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcompliance%2Fregulatory%2Foffering-hipaa-hitech&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MicrosoftOnline20-25\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-MicrosoftOnline20_25-0\">25.0<\/a><\/sup> <sup><a href=\"#cite_ref-MicrosoftOnline20_25-1\">25.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA\" target=\"_blank\">\"Microsoft Products and Services Data Protection Addendum (DPA)\"<\/a>. Microsoft Corporation. January 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA\" target=\"_blank\">https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Microsoft+Products+and+Services+Data+Protection+Addendum+%28DPA%29&rft.atitle=&rft.date=January+2023&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fwww.microsoft.com%2Flicensing%2Fdocs%2Fview%2FMicrosoft-Products-and-Services-Data-Protection-Addendum-DPA&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MicrosoftContinues96-26\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MicrosoftContinues96_26-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/news.microsoft.com\/1996\/01\/02\/microsoft-continues-to-outsource-internal-support-and-services\/\" target=\"_blank\">\"Microsoft Continues to Outsource Internal Support and Services\"<\/a>. Microsoft Corporation. 2 January 1996<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/news.microsoft.com\/1996\/01\/02\/microsoft-continues-to-outsource-internal-support-and-services\/\" target=\"_blank\">https:\/\/news.microsoft.com\/1996\/01\/02\/microsoft-continues-to-outsource-internal-support-and-services\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Microsoft+Continues+to+Outsource+Internal+Support+and+Services&rft.atitle=&rft.date=2+January+1996&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fnews.microsoft.com%2F1996%2F01%2F02%2Fmicrosoft-continues-to-outsource-internal-support-and-services%2F&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BowieWhy16-27\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BowieWhy16_27-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Bowie, W. (6 February 2016). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/answers.microsoft.com\/en-us\/msoffice\/forum\/all\/why-does-ms-outsource-technical-support-to-people\/fb2e0b2a-7bbb-478e-9b43-22aaebd783ca\" target=\"_blank\">\"Why does MS outsource technical support to people who don't speak english?\"<\/a>. <i>Microsoft Community<\/i>. Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/answers.microsoft.com\/en-us\/msoffice\/forum\/all\/why-does-ms-outsource-technical-support-to-people\/fb2e0b2a-7bbb-478e-9b43-22aaebd783ca\" target=\"_blank\">https:\/\/answers.microsoft.com\/en-us\/msoffice\/forum\/all\/why-does-ms-outsource-technical-support-to-people\/fb2e0b2a-7bbb-478e-9b43-22aaebd783ca<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Why+does+MS+outsource+technical+support+to+people+who+don%27t+speak+english%3F&rft.atitle=Microsoft+Community&rft.aulast=Bowie%2C+W.&rft.au=Bowie%2C+W.&rft.date=6+February+2016&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fmsoffice%2Fforum%2Fall%2Fwhy-does-ms-outsource-technical-support-to-people%2Ffb2e0b2a-7bbb-478e-9b43-22aaebd783ca&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AzureMSSP-28\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AzureMSSP_28-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.microsoft.com\/azure\/partners\/azureexpertmsp\" target=\"_blank\">\"Azure Expert Managed Service Providers (MSPs)\"<\/a>. Microsoft<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.microsoft.com\/azure\/partners\/azureexpertmsp\" target=\"_blank\">https:\/\/www.microsoft.com\/azure\/partners\/azureexpertmsp<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Azure+Expert+Managed+Service+Providers+%28MSPs%29&rft.atitle=&rft.pub=Microsoft&rft_id=https%3A%2F%2Fwww.microsoft.com%2Fazure%2Fpartners%2Fazureexpertmsp&rfr_id=info:sid\/en.wikipedia.org:Microsoft_Azure\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816185549\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.586 seconds\nReal time usage: 1.270 seconds\nPreprocessor visited node count: 21012\/1000000\nPost\u2010expand include size: 138323\/2097152 bytes\nTemplate argument size: 61186\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 43533\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 249.395 1 -total\n 81.18% 202.471 1 Template:Reflist\n 70.46% 175.730 28 Template:Cite_web\n 65.47% 163.283 28 Template:Citation\/core\n 14.12% 35.214 1 Template:Infobox_company\n 12.91% 32.192 19 Template:Date\n 12.85% 32.037 1 Template:Infobox\n 8.10% 20.189 81 Template:Infobox\/row\n 4.33% 10.800 43 Template:Citation\/make_link\n 1.96% 4.888 1 Template:URL\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12486-0!canonical and timestamp 20230816185548 and revision id 52742. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Microsoft_Azure\">https:\/\/www.limswiki.org\/index.php\/Microsoft_Azure<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","7681c52cec6f9c9f1cdd85f4aa70a424_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/3\/39\/MicrosoftAzure.png"],"7681c52cec6f9c9f1cdd85f4aa70a424_timestamp":1692220362,"ab58b7a0691a630e6588c0b35b76a79c_type":"article","ab58b7a0691a630e6588c0b35b76a79c_title":"Linode","ab58b7a0691a630e6588c0b35b76a79c_url":"https:\/\/www.limswiki.org\/index.php\/Linode","ab58b7a0691a630e6588c0b35b76a79c_plaintext":"\n\nLinodeFrom LIMSWikiJump to navigationJump to searchLinode\nIndustry\n \nCloud computing, Web services, InternetFounder(s)\n \nChristopher AkerHeadquarters\n \nPhiladelphia, Pennsylvania , United States Area served\n \nWorldwideKey people\n \nChristopher Aker (CEO)Products\n \nIaaS, DBaaS, DaaSRevenue\n \n$10\u2013100 million (estimated)[1]Parent\n \nAkamaiWebsite\n \nlinode.com \n\n\r\n\nLinode is a privately-owned American cloud computing company that provides public and private cloud services that feature \"Linux virtual machines, storage, networking, and developer tools\" for users to scale their cloud infrastructure.[2] Linode has 14 data centers, with seven in the U.S., three in Europe, as well as centers in Mumbai, Tokyo, Singapore, and Sydney.[3] Linode provides a variety of different products and services, representing virtual computing, networking, data storage, security management, container management, media management, and managed and professional services.[2]\nIn February 2022, Akamai, which offers a content delivery network (CDN) and edge computing services, announced that it was acquiring Linode for $900 million, allowing Akamai to \"become the world\u2019s most distributed compute platform, from cloud to edge.\"[4]\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nIt's not apparent if any laboratories or laboratory informatics vendors are using Linode. Contact a Linode representative to determine if they can supply any use cases from laboratories or laboratory software developers.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nIt will ultimately be up to your organization to get an answer from Linode tailored to your systems and business processes. However, this much can be said about Linode integrations. The company offers a collection of integration tools for customers using the Linode platform, including Terraform, Rancher, Ansible, and Pulumi. These tools allow you to \"connect infrastructure and dev tools to the Linode platform.\"[5] Customers can also create their own integrations using Linode API.\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nSome public information is made available about historic outages and downtime. Linode has a systems status page with status history (you have to click on the \"Incident History\" link at the bottom, then the date range arrows in the top right of the subsequent page). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a Linode representative may reveal more historical downtime history for the services you are interested in.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nA post from 2011 indicates that they \"open support tickets for all emergency maintenance events.\"[6] The company's support page adds that their \"service team has no tiers, no bots, no hand-offs, just highly trained professionals who answer your questions and solve your issue.\"[7] Linode appears to be fairly open about downtime support, but discuss the topic further with a representative to confirm.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nLinode has 11 data centers, with five in the U.S., two in Europe, and centers in Mumbai, Tokyo, Singapore, and Sydney.[3] These data centers have their own product availabilities. Linode used to have a content delivery network, Nodeboost[8], but it shut down in 2020.[9] As for data in motion, Linode notes[10]:\n\nBy default, Linode\u2019s Object Storage uses a default TLS certificate for subdomains of linodeobjects.com to encrypt data in transit. In some cases however, it may be more desirable to use your own custom SSL certificate. Object storage supports the importing of your own TLS\/SSL Certificates in order to encrypt connections with your bucket in transit. Currently, you can Upload custom TLS\/SSL certificates directly through the Linode Manager, the Linode CLI, and the Linode API.\nOutside of a few casual mentions of data localization and residency when discussing new data center openings, Linode doesn't discuss data residency much. Contact a Linode representative to talk about this and other aspects of data storage and transport.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nLinode notes the following about physical security in relation to personnel[11]:\n\n\"Access to the data center floor is restricted to data center employees and authorized visitors.\"\n\"All employees and visitors are identified using biometrics and state issued Ids before entering the facility.\"\n\"All of Linode's systems are segregated from other tenants by locking cabinets. Only datacenter staff assigned to supporting Linode systems have access to the keys.\"\nHowever, Linode doesn't publicly mention anything about the certifications and compliance training any of those personnel have. This is a conversation to have with a Linode representative.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nNot all Linode machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data. (Note that Linode has a few questions concerning HIPAA; see #14.)\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nIt appears Linode doesn't say much about physical or logical separation. The word \"segregation\" barely appears on the website. However, Linode did mention single- and multi-tenancy under the topic of bare metal servers. However, as of December 2022, these bare metal options were shown as a \"future\" option; the page was removed in early 2023, so it's not clear if the service is no longer being worked on.[12] As such, it's not clear how the company approaches segregating cloud data, deserving a conversation with a representative.\n\r\n\n9. Do you have documented data security policies?\nLinode documents its security practices in several places:\n\nSecurity at Linode\nCompliance at Linode\nSome security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an IBM Cloud representative to obtain them. (Note that little information about SOC 2 audits are listed on the website, aside from the certifications on their data centers.)\n\r\n\n10. How do you test your platform's security?\nCustomers can conduct penetration testing on their own servers, though permission is required for such tests on servers that aren't the customer's. As for Linode running attack-and-defense drills or breach and attack simulations on its own infrastructure, no public information could be found regarding this. You'll have to discuss this topic with a Linode representative.\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nAudits: Customers can conduct their own security audits on their Linux systems using Lynis. As for how Linode goes about its security audits on its own infrastructure, public answers are few, even outside of the little documentation there is about compliance. A frank discussion with a Linode representative will be required to determine the extent of auditing activities on its infrastructure.\nIntrusion detection and reporting: Linode provides a walk-through of how to monitor system processes and SSH connections, as well as review security system logs. You can also us the Elastic Stack \"to help monitor and visualize security threats to your machine.\"[13]\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nWhile Linode offers customers tools like Lynis and Elastic Stack to analyze their own logs, it's not clear what data logging information Linode collects and uses in relation to customer data. You'll have to discuss this with a Linode representative.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nLinode users can view their own logs. However, it's unclear if you are able to audit internal Linode operation logs on-demand. This is a conversation to have with a representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nThe company is vague on whether it will actually sign a business associate agreement. The way it words its statement, it sounds like it places all the responsibility on you, the customer[14]:\n\nCovered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) can maintain compliance using Linode as their Cloud Hosting provider. While Linode provides the platform and does not generally engage in activities or functions that make it a HIPAA Business Associate, the compliance responsibilities are handled by your organization. Specifically, a customer that subscribes to use a cloud server offered through Linode has the exclusive authority and ability to manage all technical safeguards required by HIPAA with respect to its PHI, including access controls, audit controls, integrity, authentication and transmission security ... By following the U.S. Department of Health & Human Services standards for the security of electronic protected health information, a company can become HIPAA compliant on a Linode.\nThe company makes no mention of actually signing an agreement. You'll have to contact a representative to verify.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nLinode's Master Services Agreement is puzzling, and it's not clear what legal obligation Linode has to your data upon contract expiration or termination. This requires thorough discussion with a Linode representative.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how Linode would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, unlike other major cloud providers, Linode doesn't appear to use three-zone regions to improve resiliency, likely since it's a smaller alternative CSP. It appears, however, that a user can set up multiple nodes on the same data center to limit the effects of catastrophic failure (a tutorial is provided by Linode). However, issues still may occur. In its Master Services Agreement, Linode adds[15]:\n\nLinode will implement appropriate measures to secure Covered User Data against accidental or unauthorized access, transmission, loss or disclosure in accordance with applicable laws as described in the Overview of Technical and Organizational Measures in the Akamai Privacy Trust Center. Unless otherwise expressly specified by an applicable Service Order, Linode shall have no obligation to maintain Covered User Data, backup Covered User Data, or otherwise store Customer Data on behalf of any Covered User.\nCustomers are encouraged to discuss data availability and loss with a representative.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nLinode provides several pieces of guidance on how to download files, database dumps, whole disks, and backups from Linode.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a Linode representative.\n\nManaged security services \nLinode doesn't appear to explicitly advertise \"managed security services.\" Linode does, however, offer a managed services portfolio through its Linode Managed Service offering, described as \"an incident response service designed to help businesses cut out costly downtime.\"[16] This incident response service appears to include uptime and responsiveness tracking and repair, server management software cPanel, dashboard metrics, backups, discounted professional services, and complimentary site migration.[16]\n\r\n\n\nAdditional information \nDocumentation and other media \nLegal and compliance center\nLinode security\nExternal links \nLinode architecture framework or description\nLinode shared responsibility model\nLinode trust center\nReferences \n\n\n\u2191 \"Linode Revenue, Growth & Competitor Profile\". Inc Fact. 24 July 2023. http:\/\/incfact.com\/company\/linode-galloway-nj\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 2.0 2.1 \"Products - The Linode cloud platform, infrastructure for innovation\". Linode. https:\/\/www.linode.com\/products\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 3.0 3.1 \"The Linode Backbone\". Linode. https:\/\/www.linode.com\/global-infrastructure\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 Lardinois, F. (15 February 2022). \"Akamai acquires Linode for $900M\". TechCrunch. https:\/\/techcrunch.com\/2022\/02\/15\/akamai-acquires-linode-for-900m\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Integrations\". Linode. https:\/\/www.linode.com\/products\/integrations\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 raindog308 (2011). \"Downtimes due to server maintenance? Avoidable?\". Linode Community. Linode. https:\/\/www.linode.com\/community\/questions\/5745\/downtimes-due-to-server-maintenance-avoidable#answer-26934 . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Linode Support\". Linode. https:\/\/www.linode.com\/support\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 nodeboostio (August 2016). \"Linode CDN - nodeboost.io\". https:\/\/www.linode.com\/community\/questions\/10820\/linode-cdn-nodeboostio . Retrieved 04 August 2023 .   \n \n\n\u2191 \"nodeboost.io\". Twitter. 18 May 2020. https:\/\/twitter.com\/nodeboost?lang=en . Retrieved 04 August 2023 .   \n \n\n\u2191 Linode (21 October 2020). \"Upload a Custom SSL\/TLS Certificate on Object Storage\". Linode. Archived from the original on 17 January 2022. https:\/\/web.archive.org\/web\/20220117074226\/https:\/\/www.linode.com\/docs\/guides\/enable-ssl-for-object-storage\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Security\". Linode. https:\/\/www.linode.com\/legal-security\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Control and Customization with Bare Metal\". Linode. Archived from the original on 26 November 2022. https:\/\/web.archive.org\/web\/20221126090038\/https:\/\/www.linode.com\/products\/bare-metal\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 Lescher, A. (28 October 2020). \"Visualize Server Security on CentOS 7 with an Elastic Stack and Wazuh\". Linode. https:\/\/www.linode.com\/docs\/guides\/visualize-server-security-on-centos-7-with-an-elastic-stack-and-wazuh\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Compliance\". Linode. https:\/\/www.linode.com\/legal-compliance\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 \"Master Services Agreement\". Linode. 4 January 2023. https:\/\/www.linode.com\/legal-msa\/ . Retrieved 04 August 2023 .   \n \n\n\u2191 16.0 16.1 \"Managed\". Linode. https:\/\/www.linode.com\/products\/managed\/ . Retrieved 04 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Linode\">https:\/\/www.limswiki.org\/index.php\/Linode<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 4 August 2023, at 17:01.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,582 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","ab58b7a0691a630e6588c0b35b76a79c_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Linode rootpage-Linode skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Linode<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Linode<\/b> is a privately-owned American <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> company that provides public and private cloud services that feature \"Linux virtual machines, storage, networking, and developer tools\" for users to scale their cloud infrastructure.<sup id=\"rdp-ebb-cite_ref-LinodeProducts_2-0\" class=\"reference\"><a href=\"#cite_note-LinodeProducts-2\">[2]<\/a><\/sup> Linode has 14 data centers, with seven in the U.S., three in Europe, as well as centers in Mumbai, Tokyo, Singapore, and Sydney.<sup id=\"rdp-ebb-cite_ref-LinodeGlobal_3-0\" class=\"reference\"><a href=\"#cite_note-LinodeGlobal-3\">[3]<\/a><\/sup> Linode provides a variety of different products and services, representing virtual computing, networking, data storage, security management, container management, media management, and managed and professional services.<sup id=\"rdp-ebb-cite_ref-LinodeProducts_2-1\" class=\"reference\"><a href=\"#cite_note-LinodeProducts-2\">[2]<\/a><\/sup>\n<\/p><p>In February 2022, Akamai, which offers a content delivery network (CDN) and edge computing services, announced that it was acquiring Linode for $900 million, allowing Akamai to \"become the world\u2019s most distributed compute platform, from cloud to edge.\"<sup id=\"rdp-ebb-cite_ref-LardinoisAkamai22_4-0\" class=\"reference\"><a href=\"#cite_note-LardinoisAkamai22-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>It's not apparent if any <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a> or laboratory informatics vendors are using Linode. Contact a Linode representative to determine if they can supply any use cases from laboratories or laboratory software developers.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>It will ultimately be up to your organization to get an answer from Linode tailored to your systems and business processes. However, this much can be said about Linode integrations. The company offers a collection of <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/products\/integrations\/\" target=\"_blank\">integration tools<\/a> for customers using the Linode platform, including Terraform, Rancher, Ansible, and Pulumi. These tools allow you to \"connect infrastructure and dev tools to the Linode platform.\"<sup id=\"rdp-ebb-cite_ref-LinodeInteg_5-0\" class=\"reference\"><a href=\"#cite_note-LinodeInteg-5\">[5]<\/a><\/sup> Customers can also create their own integrations using <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/products\/linode-api\/\" target=\"_blank\">Linode API<\/a>.\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Some public information is made available about historic outages and downtime. Linode has a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/status.linode.com\/\" target=\"_blank\">systems status page<\/a> with status history (you have to click on the \"Incident History\" link at the bottom, then the date range arrows in the top right of the subsequent page). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a Linode representative may reveal more historical downtime history for the services you are interested in.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>A post from 2011 indicates that they \"open support tickets for all emergency maintenance events.\"<sup id=\"rdp-ebb-cite_ref-raindog308Downtimes11_6-0\" class=\"reference\"><a href=\"#cite_note-raindog308Downtimes11-6\">[6]<\/a><\/sup> The company's <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/support\/\" target=\"_blank\">support page<\/a> adds that their \"service team has no tiers, no bots, no hand-offs, just highly trained professionals who answer your questions and solve your issue.\"<sup id=\"rdp-ebb-cite_ref-LinodeSupport_7-0\" class=\"reference\"><a href=\"#cite_note-LinodeSupport-7\">[7]<\/a><\/sup> Linode appears to be fairly open about downtime support, but discuss the topic further with a representative to confirm.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>Linode has 11 data centers, with five in the U.S., two in Europe, and centers in Mumbai, Tokyo, Singapore, and Sydney.<sup id=\"rdp-ebb-cite_ref-LinodeGlobal_3-1\" class=\"reference\"><a href=\"#cite_note-LinodeGlobal-3\">[3]<\/a><\/sup> These data centers have their own product availabilities. Linode used to have a content delivery network, Nodeboost<sup id=\"rdp-ebb-cite_ref-NodeboostioLinode16_8-0\" class=\"reference\"><a href=\"#cite_note-NodeboostioLinode16-8\">[8]<\/a><\/sup>, but it shut down in 2020.<sup id=\"rdp-ebb-cite_ref-TwitterNodeboost_9-0\" class=\"reference\"><a href=\"#cite_note-TwitterNodeboost-9\">[9]<\/a><\/sup> As for data in motion, Linode notes<sup id=\"rdp-ebb-cite_ref-LinodeUpload20_10-0\" class=\"reference\"><a href=\"#cite_note-LinodeUpload20-10\">[10]<\/a><\/sup>:\n<\/p>\n<blockquote><p>By default, Linode\u2019s Object Storage uses a default TLS certificate for subdomains of linodeobjects.com to encrypt data in transit. In some cases however, it may be more desirable to use your own custom SSL certificate. Object storage supports the importing of your own TLS\/SSL Certificates in order to encrypt connections with your bucket in transit. Currently, you can Upload custom TLS\/SSL certificates directly through the Linode Manager, the Linode CLI, and the Linode API.<\/p><\/blockquote>\n<p>Outside of a few casual mentions of data localization and residency when discussing new data center openings, Linode doesn't discuss data residency much. Contact a Linode representative to talk about this and other aspects of data storage and transport.\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>Linode notes the following about physical security in relation to personnel<sup id=\"rdp-ebb-cite_ref-LinodeSecurityAt_11-0\" class=\"reference\"><a href=\"#cite_note-LinodeSecurityAt-11\">[11]<\/a><\/sup>:\n<\/p>\n<ul><li>\"Access to the data center floor is restricted to data center employees and authorized visitors.\"<\/li>\n<li>\"All employees and visitors are identified using biometrics and state issued Ids before entering the facility.\"<\/li>\n<li>\"All of Linode's systems are segregated from other tenants by locking cabinets. Only datacenter staff assigned to supporting Linode systems have access to the keys.\"<\/li><\/ul>\n<p>However, Linode doesn't publicly mention anything about the certifications and compliance training any of those personnel have. This is a conversation to have with a Linode representative.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Not all <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-security\/\" target=\"_blank\">Linode machines<\/a> have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data. (Note that Linode has a few questions concerning HIPAA; see #14.)\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>It appears Linode doesn't say much about physical or logical separation. The word \"segregation\" barely appears on the website. However, Linode did mention single- and multi-tenancy under the topic of <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20221126090038\/https:\/\/www.linode.com\/products\/bare-metal\/\" target=\"_blank\">bare metal servers<\/a>. However, as of December 2022, these bare metal options were shown as a \"future\" option; the page was removed in early 2023, so it's not clear if the service is no longer being worked on.<sup id=\"rdp-ebb-cite_ref-LinodeBareMetal_12-0\" class=\"reference\"><a href=\"#cite_note-LinodeBareMetal-12\">[12]<\/a><\/sup> As such, it's not clear how the company approaches segregating cloud data, deserving a conversation with a representative.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>Linode documents its security practices in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-security\/\" target=\"_blank\">Security at Linode<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-compliance\/\" target=\"_blank\">Compliance at Linode<\/a><\/li><\/ul>\n<p>Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an IBM Cloud representative to obtain them. (Note that little information about SOC 2 audits are listed on the website, aside from the <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-security\/\" target=\"_blank\">certifications<\/a> on their data centers.)\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>Customers can conduct <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/community\/questions\/17960\/can-i-use-the-server-as-a-pentest-server\" target=\"_blank\">penetration testing<\/a> on their own servers, though <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/community\/questions\/20805\/can-i-do-penetration-testing-between-two-servers-that-i-own-and-that-are-located\" target=\"_blank\">permission is required<\/a> for such tests on servers that aren't the customer's. As for Linode running attack-and-defense drills or breach and attack simulations on its own infrastructure, no public information could be found regarding this. You'll have to discuss this topic with a Linode representative.\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p><i>Audits<\/i>: Customers can conduct their own security audits on their Linux systems <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/docs\/guides\/security-auditing-with-lynis\/\" target=\"_blank\">using Lynis<\/a>. As for how Linode goes about its security audits on its own infrastructure, public answers are few, even outside of the little documentation there is about <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-compliance\/\" target=\"_blank\">compliance<\/a>. A frank discussion with a Linode representative will be required to determine the extent of auditing activities on its infrastructure.\n<\/p><p><i>Intrusion detection and reporting<\/i>: Linode provides a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/docs\/guides\/logging-and-system-monitoring\/\" target=\"_blank\">walk-through<\/a> of how to monitor system processes and SSH connections, as well as review security system logs. You can also us the Elastic Stack \"to help monitor and visualize security threats to your machine.\"<sup id=\"rdp-ebb-cite_ref-LescherVisualize20_13-0\" class=\"reference\"><a href=\"#cite_note-LescherVisualize20-13\">[13]<\/a><\/sup>\n<\/p><p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>While Linode offers customers tools like Lynis and Elastic Stack to analyze their own logs, it's not clear what data logging information Linode collects and uses in relation to customer data. You'll have to discuss this with a Linode representative.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>Linode users can view their own logs. However, it's unclear if you are able to audit internal Linode operation logs on-demand. This is a conversation to have with a representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>The company is vague on whether it will actually sign a business associate agreement. The way it words its statement, it sounds like it places all the responsibility on you, the customer<sup id=\"rdp-ebb-cite_ref-LinodeLegalComp_14-0\" class=\"reference\"><a href=\"#cite_note-LinodeLegalComp-14\">[14]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) can maintain compliance using Linode as their Cloud Hosting provider. While Linode provides the platform and does not generally engage in activities or functions that make it a HIPAA Business Associate, the compliance responsibilities are handled by your organization. Specifically, a customer that subscribes to use a cloud server offered through Linode has the exclusive authority and ability to manage all technical safeguards required by HIPAA with respect to its PHI, including access controls, audit controls, integrity, authentication and transmission security ... By following the U.S. Department of Health & Human Services standards for the security of electronic protected health information, a company can become HIPAA compliant on a Linode.<\/p><\/blockquote>\n<p>The company makes no mention of actually signing an agreement. You'll have to contact a representative to verify.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>Linode's <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-msa\/\" target=\"_blank\">Master Services Agreement<\/a> is puzzling, and it's not clear what legal obligation Linode has to your data upon contract expiration or termination. This requires thorough discussion with a Linode representative.\n<\/p><p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how Linode would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, unlike other major cloud providers, Linode doesn't appear to use three-zone regions to improve resiliency, likely since it's a smaller alternative CSP. It appears, however, that a user can set up multiple nodes on the same data center to limit the effects of catastrophic failure (a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/docs\/guides\/host-a-website-with-high-availability\/\" target=\"_blank\">tutorial<\/a> is provided by Linode). However, issues still may occur. In its Master Services Agreement, Linode adds<sup id=\"rdp-ebb-cite_ref-LinodeMSA_15-0\" class=\"reference\"><a href=\"#cite_note-LinodeMSA-15\">[15]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Linode will implement appropriate measures to secure Covered User Data against accidental or unauthorized access, transmission, loss or disclosure in accordance with applicable laws as described in the Overview of Technical and Organizational Measures in the Akamai Privacy Trust Center. Unless otherwise expressly specified by an applicable Service Order, Linode shall have no obligation to maintain Covered User Data, backup Covered User Data, or otherwise store Customer Data on behalf of any Covered User.<\/p><\/blockquote>\n<p>Customers are encouraged to discuss data availability and loss with a representative.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>Linode provides <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/docs\/guides\/security\/data-portability\/\" target=\"_blank\">several pieces of guidance<\/a> on how to download files, database dumps, whole disks, and backups from Linode.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a Linode representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Linode doesn't appear to explicitly advertise \"managed security services.\" Linode does, however, offer a managed services portfolio through its Linode Managed Service offering, described as \"an incident response service designed to help businesses cut out costly downtime.\"<sup id=\"rdp-ebb-cite_ref-LinodeManaged_16-0\" class=\"reference\"><a href=\"#cite_note-LinodeManaged-16\">[16]<\/a><\/sup> This incident response service appears to include uptime and responsiveness tracking and repair, server management software cPanel, dashboard metrics, backups, discounted professional services, and complimentary site migration.<sup id=\"rdp-ebb-cite_ref-LinodeManaged_16-1\" class=\"reference\"><a href=\"#cite_note-LinodeManaged-16\">[16]<\/a><\/sup>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal\/\" target=\"_blank\">Legal and compliance center<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-security\/\" target=\"_blank\">Linode security<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/global-infrastructure\/\" target=\"_blank\">Linode architecture framework or description<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-security\/\" target=\"_blank\">Linode shared responsibility model<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-security\/\" target=\"_blank\">Linode trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-IncFactLinode21-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IncFactLinode21_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"http:\/\/incfact.com\/company\/linode-galloway-nj\/\" target=\"_blank\">\"Linode Revenue, Growth & Competitor Profile\"<\/a>. <i>Inc Fact<\/i>. 24 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/incfact.com\/company\/linode-galloway-nj\/\" target=\"_blank\">http:\/\/incfact.com\/company\/linode-galloway-nj\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Linode+Revenue%2C+Growth+%26+Competitor+Profile&rft.atitle=Inc+Fact&rft.date=24+July+2023&rft_id=http%3A%2F%2Fincfact.com%2Fcompany%2Flinode-galloway-nj%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinodeProducts-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-LinodeProducts_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-LinodeProducts_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/products\/\" target=\"_blank\">\"Products - The Linode cloud platform, infrastructure for innovation\"<\/a>. Linode<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.linode.com\/products\/\" target=\"_blank\">https:\/\/www.linode.com\/products\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Products+-+The+Linode+cloud+platform%2C+infrastructure+for+innovation&rft.atitle=&rft.pub=Linode&rft_id=https%3A%2F%2Fwww.linode.com%2Fproducts%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinodeGlobal-3\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-LinodeGlobal_3-0\">3.0<\/a><\/sup> <sup><a href=\"#cite_ref-LinodeGlobal_3-1\">3.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/global-infrastructure\/\" target=\"_blank\">\"The Linode Backbone\"<\/a>. Linode<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.linode.com\/global-infrastructure\/\" target=\"_blank\">https:\/\/www.linode.com\/global-infrastructure\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+Linode+Backbone&rft.atitle=&rft.pub=Linode&rft_id=https%3A%2F%2Fwww.linode.com%2Fglobal-infrastructure%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LardinoisAkamai22-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LardinoisAkamai22_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lardinois, F. (15 February 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/techcrunch.com\/2022\/02\/15\/akamai-acquires-linode-for-900m\/\" target=\"_blank\">\"Akamai acquires Linode for $900M\"<\/a>. <i>TechCrunch<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/techcrunch.com\/2022\/02\/15\/akamai-acquires-linode-for-900m\/\" target=\"_blank\">https:\/\/techcrunch.com\/2022\/02\/15\/akamai-acquires-linode-for-900m\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Akamai+acquires+Linode+for+%24900M&rft.atitle=TechCrunch&rft.aulast=Lardinois%2C+F.&rft.au=Lardinois%2C+F.&rft.date=15+February+2022&rft_id=https%3A%2F%2Ftechcrunch.com%2F2022%2F02%2F15%2Fakamai-acquires-linode-for-900m%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinodeInteg-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LinodeInteg_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/products\/integrations\/\" target=\"_blank\">\"Integrations\"<\/a>. Linode<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.linode.com\/products\/integrations\/\" target=\"_blank\">https:\/\/www.linode.com\/products\/integrations\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Integrations&rft.atitle=&rft.pub=Linode&rft_id=https%3A%2F%2Fwww.linode.com%2Fproducts%2Fintegrations%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-raindog308Downtimes11-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-raindog308Downtimes11_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">raindog308 (2011). <a rel=\"nofollow\" class=\"external text\" href=\"#answer-26934\">\"Downtimes due to server maintenance? Avoidable?\"<\/a>. <i>Linode Community<\/i>. Linode<span class=\"printonly\">. <a rel=\"nofollow\" class=\"external free\" href=\"#answer-26934\">https:\/\/www.linode.com\/community\/questions\/5745\/downtimes-due-to-server-maintenance-avoidable#answer-26934<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Downtimes+due+to+server+maintenance%3F+Avoidable%3F&rft.atitle=Linode+Community&rft.aulast=raindog308&rft.au=raindog308&rft.date=2011&rft.pub=Linode&rft_id=https%3A%2F%2Fwww.linode.com%2Fcommunity%2Fquestions%2F5745%2Fdowntimes-due-to-server-maintenance-avoidable%23answer-26934&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinodeSupport-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LinodeSupport_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/support\/\" target=\"_blank\">\"Linode Support\"<\/a>. Linode<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.linode.com\/support\/\" target=\"_blank\">https:\/\/www.linode.com\/support\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Linode+Support&rft.atitle=&rft.pub=Linode&rft_id=https%3A%2F%2Fwww.linode.com%2Fsupport%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NodeboostioLinode16-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NodeboostioLinode16_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">nodeboostio (August 2016). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/community\/questions\/10820\/linode-cdn-nodeboostio\" target=\"_blank\">\"Linode CDN - nodeboost.io\"<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.linode.com\/community\/questions\/10820\/linode-cdn-nodeboostio\" target=\"_blank\">https:\/\/www.linode.com\/community\/questions\/10820\/linode-cdn-nodeboostio<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Linode+CDN+-+nodeboost.io&rft.atitle=&rft.aulast=nodeboostio&rft.au=nodeboostio&rft.date=August+2016&rft_id=https%3A%2F%2Fwww.linode.com%2Fcommunity%2Fquestions%2F10820%2Flinode-cdn-nodeboostio&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TwitterNodeboost-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TwitterNodeboost_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/twitter.com\/nodeboost?lang=en\" target=\"_blank\">\"nodeboost.io\"<\/a>. <i>Twitter<\/i>. 18 May 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/twitter.com\/nodeboost?lang=en\" target=\"_blank\">https:\/\/twitter.com\/nodeboost?lang=en<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=nodeboost.io&rft.atitle=Twitter&rft.date=18+May+2020&rft_id=https%3A%2F%2Ftwitter.com%2Fnodeboost%3Flang%3Den&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinodeUpload20-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LinodeUpload20_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Linode (21 October 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20220117074226\/https:\/\/www.linode.com\/docs\/guides\/enable-ssl-for-object-storage\/\" target=\"_blank\">\"Upload a Custom SSL\/TLS Certificate on Object Storage\"<\/a>. Linode. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/docs\/guides\/enable-ssl-for-object-storage\/\" target=\"_blank\">the original<\/a> on 17 January 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20220117074226\/https:\/\/www.linode.com\/docs\/guides\/enable-ssl-for-object-storage\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20220117074226\/https:\/\/www.linode.com\/docs\/guides\/enable-ssl-for-object-storage\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Upload+a+Custom+SSL%2FTLS+Certificate+on+Object+Storage&rft.atitle=&rft.aulast=Linode&rft.au=Linode&rft.date=21+October+2020&rft.pub=Linode&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20220117074226%2Fhttps%3A%2F%2Fwww.linode.com%2Fdocs%2Fguides%2Fenable-ssl-for-object-storage%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinodeSecurityAt-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LinodeSecurityAt_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-security\/\" target=\"_blank\">\"Security\"<\/a>. Linode<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.linode.com\/legal-security\/\" target=\"_blank\">https:\/\/www.linode.com\/legal-security\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Security&rft.atitle=&rft.pub=Linode&rft_id=https%3A%2F%2Fwww.linode.com%2Flegal-security%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinodeBareMetal-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LinodeBareMetal_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20221126090038\/https:\/\/www.linode.com\/products\/bare-metal\/\" target=\"_blank\">\"Control and Customization with Bare Metal\"<\/a>. Linode. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/products\/bare-metal\/\" target=\"_blank\">the original<\/a> on 26 November 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20221126090038\/https:\/\/www.linode.com\/products\/bare-metal\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20221126090038\/https:\/\/www.linode.com\/products\/bare-metal\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Control+and+Customization+with+Bare+Metal&rft.atitle=&rft.pub=Linode&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20221126090038%2Fhttps%3A%2F%2Fwww.linode.com%2Fproducts%2Fbare-metal%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LescherVisualize20-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LescherVisualize20_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lescher, A. (28 October 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/docs\/guides\/visualize-server-security-on-centos-7-with-an-elastic-stack-and-wazuh\/\" target=\"_blank\">\"Visualize Server Security on CentOS 7 with an Elastic Stack and Wazuh\"<\/a>. Linode<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.linode.com\/docs\/guides\/visualize-server-security-on-centos-7-with-an-elastic-stack-and-wazuh\/\" target=\"_blank\">https:\/\/www.linode.com\/docs\/guides\/visualize-server-security-on-centos-7-with-an-elastic-stack-and-wazuh\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Visualize+Server+Security+on+CentOS+7+with+an+Elastic+Stack+and+Wazuh&rft.atitle=&rft.aulast=Lescher%2C+A.&rft.au=Lescher%2C+A.&rft.date=28+October+2020&rft.pub=Linode&rft_id=https%3A%2F%2Fwww.linode.com%2Fdocs%2Fguides%2Fvisualize-server-security-on-centos-7-with-an-elastic-stack-and-wazuh%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinodeLegalComp-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LinodeLegalComp_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-compliance\/\" target=\"_blank\">\"Compliance\"<\/a>. Linode<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.linode.com\/legal-compliance\/\" target=\"_blank\">https:\/\/www.linode.com\/legal-compliance\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Compliance&rft.atitle=&rft.pub=Linode&rft_id=https%3A%2F%2Fwww.linode.com%2Flegal-compliance%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinodeMSA-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LinodeMSA_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-msa\/\" target=\"_blank\">\"Master Services Agreement\"<\/a>. Linode. 4 January 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.linode.com\/legal-msa\/\" target=\"_blank\">https:\/\/www.linode.com\/legal-msa\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Master+Services+Agreement&rft.atitle=&rft.date=4+January+2023&rft.pub=Linode&rft_id=https%3A%2F%2Fwww.linode.com%2Flegal-msa%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinodeManaged-16\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-LinodeManaged_16-0\">16.0<\/a><\/sup> <sup><a href=\"#cite_ref-LinodeManaged_16-1\">16.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/products\/managed\/\" target=\"_blank\">\"Managed\"<\/a>. Linode<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.linode.com\/products\/managed\/\" target=\"_blank\">https:\/\/www.linode.com\/products\/managed\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed&rft.atitle=&rft.pub=Linode&rft_id=https%3A%2F%2Fwww.linode.com%2Fproducts%2Fmanaged%2F&rfr_id=info:sid\/en.wikipedia.org:Linode\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210002\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.563 seconds\nReal time usage: 1.082 seconds\nPreprocessor visited node count: 14069\/1000000\nPost\u2010expand include size: 61654\/2097152 bytes\nTemplate argument size: 26021\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 20098\/5000000 bytes\nLua time usage: 0.020\/7 seconds\nLua virtual size: 4939776\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 240.719 1 -total\n 50.53% 121.628 1 Template:Reflist\n 46.44% 111.801 1 Template:Infobox_company\n 44.91% 108.099 1 Template:Infobox\n 42.42% 102.114 16 Template:Cite_web\n 40.23% 96.851 81 Template:Infobox\/row\n 38.75% 93.280 16 Template:Citation\/core\n 33.64% 80.971 1 Template:URL\n 31.59% 76.040 1 Template:Str_right\n 30.51% 73.455 1 Template:Str_sub_long\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12484-0!canonical and timestamp 20230816210001 and revision id 52741. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Linode\">https:\/\/www.limswiki.org\/index.php\/Linode<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","ab58b7a0691a630e6588c0b35b76a79c_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/b\/bc\/Linode_updated_logo.png"],"ab58b7a0691a630e6588c0b35b76a79c_timestamp":1692220361,"0436e45d109ada76bce7694bd1ef81b2_type":"article","0436e45d109ada76bce7694bd1ef81b2_title":"HPE GreenLake","0436e45d109ada76bce7694bd1ef81b2_url":"https:\/\/www.limswiki.org\/index.php\/HPE_GreenLake","0436e45d109ada76bce7694bd1ef81b2_plaintext":"\n\nHPE GreenLakeFrom LIMSWikiJump to navigationJump to searchHPE GreenLake\nIndustry\n \nComputing, Cloud computing, Web servicesFounder(s)\n \nBill Hewlett, Dave PackardHeadquarters\n \nHouston, Texas , United States Area served\n \nWorldwideKey people\n \nAntonio Neri (CEO)Products\n \nIaaS, DBaaS, DaaS, SaaSRevenue\n \n$7.8 billion (2023, Q1)[1]Website\n \nhpe.com\/us\/en\/greenlake.html \n\n\r\n\nHPE GreenLake is a hybrid cloud computing solution provided by Hewlett Packard Enterprise (HPE)[2], an American multinational information technology company. While not a public cloud provider, HPE provides software, hardware, and service-based solutions like HPE GreenLake to assist businesses, organizations, etc. in bringing public cloud services to on-premises data centers. HPE describes HPE GreenLake as being able to deliver \"public cloud services and infrastructure as-a-service for your workloads\u2014on premises, fully managed in a pay-per-use model at the edge, in colocations, and in your data center.\"[3] HPE includes Amazon, Google, and Microsoft among those public cloud platforms supported by GreenLake.[4]\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 Further reading \n5 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a hybrid cloud provider, some of the questions from Chapter 5 (e.g., \"How segregated is our cloud data from another customer's\") are not relevant, as they are not providing public cloud services.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nComputer labs aside, little information can be found about HPE working with non-tech laboratories. One example that could be found of a medical laboratory working with HPE in the cloud is Erasmus Medical Center in the Netherlands.[5] An HPE GreenLake representative is likely to be able to supply more examples of laboratories that use or have used Dell Technologies Cloud.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nHPE's discussion of its integration with other systems and business processes is somewhat limited. In a white paper about HPE GreenLake for private cloud, HPE says[6]:\n\nHPE GreenLake for private cloud also provides a rich set of automation features, for example, tasks, workflows, integration with industry\u2019s various automation tools namely Puppet, Chef, Ansible, Ansible Tower, and such. Tasks are individual automation elements (for example, an individual playbook or a script). Workflows consist of one or more tasks. Tasks and workflows can be integrated with instances, blueprints at different provisioning phases, for example, run tasks or workflows at Pre Provision phase, Provision phase, or Post Provision phase.\nIn the same paper, HPE adds that \"[h]ardware and software are preintegrated at HPE factory and delivered to your colocation facility or data center in as little as 14 days. HPE installs and configures the solution.\"[6] To discuss integrations more, speak with an HPE GreenLake representative.\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nHPE GreenLake is not a public cloud, and as such, this question is not fully relevant. That said, HPE GreenLake provides on-premises data protection as a service for hybrid cloud platforms using its HPE StoreOnce technologies and other tools, helping laboratories limit the repercussions of their public or private cloud going down.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nHPE GreenLake is not a public cloud, and as such, this question is not fully relevant. It's also not clear how support services or plans work for HPE GreenLake. A discussion with a representative will be necessary to learn the company's terms for support. \n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nHPE GreenLake is not a public cloud, and as such, this question is not fully relevant. That said, it will still be useful to understand the underlying technology supplied by HPE in regards to data transmission to public and private cloud instances. However, it doesn't appear its white papers and web pages address data in motion\/transit or encryption. As such, it's not clear what security is baked into its offerings for data transfers. This will have to be discussed with an HPE representative.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nHPE GreenLake is not a public cloud, and as such, this question is not fully relevant. That said, unlike Dell, HPE doesn't appear to publicly address its policies on secure development of products and applications, including approaches to security training of employees, security testing of systems, etc. You'll have to discuss these topics with an HPE representative.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nHPE GreenLake is not a public cloud, and as such, this question is not fully relevant. As noted in prior questions, HPE also doesn't appear to fully address how their offerings comply with certain regulations. HPE does discuss its compliance monitoring service, but it's not clear how compliance testing is performed on its own services.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nHPE GreenLake is not a public cloud, and as such, this question is not fully relevant.\n\r\n\n9. Do you have documented data security policies?\nSecurity appears to rarely be discussed at length by HPE in regard to HPE GreenLake. This is compounded by the lack of an online trust center, which most other providers provide for their cloud offerings. The one document that discusses security doesn't address HPE's approach to security in their offerings but is an advertisement for it managed security services:\n\nHPE GreenLake management services\n\r\n\n10. How do you test your platform's security?\nHPE does not appear to publicly address how it tests the security of its GreenLake offerings. For further details, discuss this with an HPE GreenLake representative.\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nHPE GreenLake is not a public cloud, and as such, this question is not fully relevant. That said, it doesn't appear that GreenLake-related white papers and web pages mention intrusion detection, let alone how HPE audits its security practices. For further details, discuss this with an HPE GreenLake representative.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nThe terms of service or service level agreements for the HPE GreenLake service could not be located, and as such it's not clear what data they log and how they use it. For further details, discuss this with an HPE GreenLake representative.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nLike the prior question, discuss this with an HPE GreenLake representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nThe only place HIPAA was found to be discussed in relation to HPE GreenLake is in a November 2020 service brief about Epic Systems and electronic health records[7]: \"The service supports HIPAA compliance across core HIPAA tenets of administrative and technical safeguards.\" Nothing else could be found about HPE's approach to HIPAA and any business associate agreements. Discuss this with an HPE GreenLake representative.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nThe terms of service or service level agreements for the HPE GreenLake service could not be located, and as such it's not clear what happens to your data upon contract expiration or termination. Presumably you'll be backing up your data and information elsewhere before then. However, discuss with a representative to learn more.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nPresumably, if HPE goes out of business, you may have to return equipment, but not without first being able to back up data from that equipment first. You'll have to clarify this with a representative. As for catastrophic events affecting your HPE GreenLake solutions, it's not clear how HPE would approach this. This is a topic for discussion with a representative.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nAs a hybrid solution, you should be able to extract data at whim to another private of public cloud location.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an HPE GreenLake representative.\n\nManaged security services \nHPE doesn't appear to explicitly advertise \"managed security services\" on its main webpage. HPE does, however, offer a standard managed services portfolio through its HPE GreenLake Management Services offering.[8] Unfortunately, details are sparse on its managed services page.[8] A blog post on its Community page provides a few more pieces of information.[9] That post states that \"Managed Security by HPE GreenLake Management Services is an optional add-on to your HPE GreenLake Management Services contract.\"[9] This service is split into two tiers: Essential and Enhanced. The difference between the two is essentially[9]:\n\nEssential: On-premises logging is managed in HPE's security information and event management (SIEM) platform, where it is monitored and analyzed.\nEnhanced: Same monitoring scheme as Essential, plus add-on services like vulnerability management, compliance management, and security transition management.\n\r\n\n\nAdditional information \nDocumentation and other media \nHPE GreenLake and managed security\nHPE Application Migration for Cloud\nHPE Managed Cloud Controls\nHPE GreenLake for private cloud\nExternal links \nHPE hybrid cloud solutions\nFurther reading \nSheldon, R. (30 July 2020). \"What is HPE GreenLake and how does it work?\". TechTarget - SearchConvergedInfrastructure. Archived from the original on 08 December 2020. https:\/\/web.archive.org\/web\/20201208211102\/https:\/\/searchconvergedinfrastructure.techtarget.com\/feature\/What-is-HPE-GreenLake-and-how-does-it-work .   \nReferences \n\n\n\u2191 \"Hewlett Packard Enterprise reports Fiscal 2023 first quarter results\". Hewlett Packard Enterprise. 2 March 2023. https:\/\/www.hpe.com\/us\/en\/newsroom\/press-release\/2023\/03\/hewlett-packard-enterprise-reports-fiscal-2023-first-quarter-results.html . Retrieved 02 August 2023 .   \n \n\n\u2191 Sheldon, R. (30 July 2020). \"What is HPE GreenLake and how does it work?\". TechTarget - SearchConvergedInfrastructure. Archived from the original on 08 December 2020. https:\/\/web.archive.org\/web\/20201208211102\/https:\/\/searchconvergedinfrastructure.techtarget.com\/feature\/What-is-HPE-GreenLake-and-how-does-it-work . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Meet HPE GreenLake\". HPE. Archived from the original on 08 March 2021. https:\/\/web.archive.org\/web\/20210308142004\/https:\/\/www.hpe.com\/us\/en\/greenlake\/overview.html . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Hybrid Cloud Solutions\". HPE. Archived from the original on 08 March 2021. https:\/\/web.archive.org\/web\/20210308010621\/https:\/\/www.hpe.com\/us\/en\/solutions\/cloud.html . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Hewlett Packard Enterprise delivers hybrid workplace upgrades to support COVID-19 response at Erasmus Medical Center in the Netherlands\". Hewlett Packard Enterprise. 10 November 2020. https:\/\/www.hpe.com\/us\/en\/newsroom\/press-release\/2020\/11\/hewlett-packard-enterprise-delivers-hybrid-workplace-upgrades-to-support-covid-19-response-at-erasmus-medical-center-in-the-netherlands.html . Retrieved 02 August 2023 .   \n \n\n\u2191 6.0 6.1 \"HPE GreenLake for Private Cloud\" (PDF). Hewlett Packard Enterprise. January 2021. https:\/\/psnow.ext.hpe.com\/downloadDoc\/HPE%20GreenLake%20for%20private%20cloud%20technical%20white%20paper-a50003040enw.pdf?id=a50003040enw&section=&prelaunchSection=&softrollSection=&deepLink=&isFutureVersion=true&isQS=false&getHtml= . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Electronic Medical Records Delivered as a Service\" (PDF). Hewlett Packard Enterprise. November 2020. https:\/\/assets.ext.hpe.com\/is\/content\/hpedam\/a00107315enw . Retrieved 02 August 2023 .   \n \n\n\u2191 8.0 8.1 \"HPE GreenLake Management Services\". HPE. https:\/\/www.hpe.com\/us\/en\/services\/remote-infrastructure-monitoring.html . Retrieved 02 August 2023 .   \n \n\n\u2191 9.0 9.1 9.2 Leech, S. (29 October 2020). \"Lighten your security ops burden with Managed Security from HPE GreenLake Management Services\". HPE Community. https:\/\/community.hpe.com\/t5\/the-cloud-experience-everywhere\/lighten-your-security-ops-burden-with-managed-security-from-hpe\/ba-p\/7106970 . Retrieved 02 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/HPE_GreenLake\">https:\/\/www.limswiki.org\/index.php\/HPE_GreenLake<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 2 August 2023, at 19:06.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,443 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","0436e45d109ada76bce7694bd1ef81b2_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-HPE_GreenLake rootpage-HPE_GreenLake skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">HPE GreenLake<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>HPE GreenLake<\/b> is a hybrid <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> solution provided by Hewlett Packard Enterprise (HPE)<sup id=\"rdp-ebb-cite_ref-SheldonWhatIsHPEGreen20_2-0\" class=\"reference\"><a href=\"#cite_note-SheldonWhatIsHPEGreen20-2\">[2]<\/a><\/sup>, an American multinational information technology company. While not a public cloud provider, HPE provides software, hardware, and service-based solutions like HPE GreenLake to assist businesses, organizations, etc. in bringing public cloud services to on-premises data centers. HPE describes HPE GreenLake as being able to deliver \"public cloud services and infrastructure as-a-service for your workloads\u2014on premises, fully managed in a pay-per-use model at the edge, in colocations, and in your data center.\"<sup id=\"rdp-ebb-cite_ref-HPEMeetHPEGreen_3-0\" class=\"reference\"><a href=\"#cite_note-HPEMeetHPEGreen-3\">[3]<\/a><\/sup> HPE includes Amazon, Google, and Microsoft among those public cloud platforms supported by GreenLake.<sup id=\"rdp-ebb-cite_ref-HPEHybrid_4-0\" class=\"reference\"><a href=\"#cite_note-HPEHybrid-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a hybrid cloud provider, some of the questions from Chapter 5 (e.g., \"How segregated is our cloud data from another customer's\") are not relevant, as they are not providing public cloud services.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>Computer <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">labs<\/a> aside, little information can be found about HPE working with non-tech laboratories. One example that could be found of a medical laboratory working with HPE in the cloud is Erasmus Medical Center in the Netherlands.<sup id=\"rdp-ebb-cite_ref-HPDeliversHybrid20_5-0\" class=\"reference\"><a href=\"#cite_note-HPDeliversHybrid20-5\">[5]<\/a><\/sup> An HPE GreenLake representative is likely to be able to supply more examples of laboratories that use or have used Dell Technologies Cloud.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>HPE's discussion of its integration with other systems and business processes is somewhat limited. In a white paper about HPE GreenLake for private cloud, HPE says<sup id=\"rdp-ebb-cite_ref-HPEGreenPrivate21_6-0\" class=\"reference\"><a href=\"#cite_note-HPEGreenPrivate21-6\">[6]<\/a><\/sup>:\n<\/p>\n<blockquote><p>HPE GreenLake for private cloud also provides a rich set of automation features, for example, tasks, workflows, integration with industry\u2019s various automation tools namely Puppet, Chef, Ansible, Ansible Tower, and such. Tasks are individual automation elements (for example, an individual playbook or a script). Workflows consist of one or more tasks. Tasks and workflows can be integrated with instances, blueprints at different provisioning phases, for example, run tasks or workflows at Pre Provision phase, Provision phase, or Post Provision phase.<\/p><\/blockquote>\n<p>In the same paper, HPE adds that \"[h]ardware and software are preintegrated at HPE factory and delivered to your colocation facility or data center in as little as 14 days. HPE installs and configures the solution.\"<sup id=\"rdp-ebb-cite_ref-HPEGreenPrivate21_6-1\" class=\"reference\"><a href=\"#cite_note-HPEGreenPrivate21-6\">[6]<\/a><\/sup> To discuss integrations more, speak with an HPE GreenLake representative.\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>HPE GreenLake is not a public cloud, and as such, this question is not fully relevant. That said, HPE GreenLake provides <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/greenlake\/on-prem-data-protection.html\" target=\"_blank\">on-premises data protection as a service<\/a> for hybrid cloud platforms using its HPE StoreOnce technologies and other tools, helping laboratories limit the repercussions of their public or private cloud going down.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>HPE GreenLake is not a public cloud, and as such, this question is not fully relevant. It's also not clear how support services or plans work for HPE GreenLake. A discussion with a representative will be necessary to learn the company's terms for support. \n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>HPE GreenLake is not a public cloud, and as such, this question is not fully relevant. That said, it will still be useful to understand the underlying technology supplied by HPE in regards to data transmission to public and private cloud instances. However, it doesn't appear its white papers and web pages address data in motion\/transit or encryption. As such, it's not clear what security is baked into its offerings for data transfers. This will have to be discussed with an HPE representative.\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>HPE GreenLake is not a public cloud, and as such, this question is not fully relevant. That said, unlike Dell, HPE doesn't appear to publicly address its policies on secure development of products and applications, including approaches to security training of employees, security testing of systems, etc. You'll have to discuss these topics with an HPE representative.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>HPE GreenLake is not a public cloud, and as such, this question is not fully relevant. As noted in prior questions, HPE also doesn't appear to fully address how their offerings comply with certain regulations. HPE does discuss its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/hpe-managed-it-compliance.html\" target=\"_blank\">compliance monitoring<\/a> service, but it's not clear how compliance testing is performed on its own services.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>HPE GreenLake is not a public cloud, and as such, this question is not fully relevant.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>Security appears to rarely be discussed at length by HPE in regard to HPE GreenLake. This is compounded by the lack of an online trust center, which most other providers provide for their cloud offerings. The one document that discusses security doesn't address HPE's approach to security in their offerings but is an advertisement for it managed security services:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/assets.ext.hpe.com\/is\/content\/hpedam\/a00107277enw\" target=\"_blank\">HPE GreenLake management services<\/a><\/li><\/ul>\n<p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>HPE does not appear to publicly address how it tests the security of its GreenLake offerings. For further details, discuss this with an HPE GreenLake representative.\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p>HPE GreenLake is not a public cloud, and as such, this question is not fully relevant. That said, it doesn't appear that GreenLake-related white papers and web pages mention intrusion detection, let alone how HPE audits its security practices. For further details, discuss this with an HPE GreenLake representative.\n<\/p><p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>The terms of service or service level agreements for the HPE GreenLake service could not be located, and as such it's not clear what data they log and how they use it. For further details, discuss this with an HPE GreenLake representative.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>Like the prior question, discuss this with an HPE GreenLake representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>The only place HIPAA was found to be discussed in relation to HPE GreenLake is in a November 2020 service brief about Epic Systems and <a href=\"https:\/\/www.limswiki.org\/index.php\/Electronic_health_record\" title=\"Electronic health record\" class=\"wiki-link\" data-key=\"f2e31a73217185bb01389404c1fd5255\">electronic health records<\/a><sup id=\"rdp-ebb-cite_ref-HPEElectronic20_7-0\" class=\"reference\"><a href=\"#cite_note-HPEElectronic20-7\">[7]<\/a><\/sup>: \"The service supports HIPAA compliance across core HIPAA tenets of administrative and technical safeguards.\" Nothing else could be found about HPE's approach to HIPAA and any business associate agreements. Discuss this with an HPE GreenLake representative.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>The terms of service or service level agreements for the HPE GreenLake service could not be located, and as such it's not clear what happens to your data upon contract expiration or termination. Presumably you'll be backing up your data and information elsewhere before then. However, discuss with a representative to learn more.\n<\/p><p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>Presumably, if HPE goes out of business, you may have to return equipment, but not without first being able to back up data from that equipment first. You'll have to clarify this with a representative. As for catastrophic events affecting your HPE GreenLake solutions, it's not clear how HPE would approach this. This is a topic for discussion with a representative.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>As a hybrid solution, you should be able to extract data at whim to another private of public cloud location.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an HPE GreenLake representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>HPE doesn't appear to explicitly advertise \"managed security services\" on its main webpage. HPE does, however, offer a standard managed services portfolio through its HPE GreenLake Management Services offering.<sup id=\"rdp-ebb-cite_ref-HPEManServ_8-0\" class=\"reference\"><a href=\"#cite_note-HPEManServ-8\">[8]<\/a><\/sup> Unfortunately, details are sparse on its managed services page.<sup id=\"rdp-ebb-cite_ref-HPEManServ_8-1\" class=\"reference\"><a href=\"#cite_note-HPEManServ-8\">[8]<\/a><\/sup> A blog post on its Community page provides a few more pieces of information.<sup id=\"rdp-ebb-cite_ref-LeechLighten20_9-0\" class=\"reference\"><a href=\"#cite_note-LeechLighten20-9\">[9]<\/a><\/sup> That post states that \"Managed Security by HPE GreenLake Management Services is an optional add-on to your HPE GreenLake Management Services contract.\"<sup id=\"rdp-ebb-cite_ref-LeechLighten20_9-1\" class=\"reference\"><a href=\"#cite_note-LeechLighten20-9\">[9]<\/a><\/sup> This service is split into two tiers: Essential and Enhanced. The difference between the two is essentially<sup id=\"rdp-ebb-cite_ref-LeechLighten20_9-2\" class=\"reference\"><a href=\"#cite_note-LeechLighten20-9\">[9]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Essential<\/b>: On-premises logging is managed in HPE's security information and event management (SIEM) platform, where it is monitored and analyzed.<\/li>\n<li><b>Enhanced<\/b>: Same monitoring scheme as Essential, plus add-on services like vulnerability management, compliance management, and security transition management.<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/assets.ext.hpe.com\/is\/content\/hpedam\/a00107277enw\" target=\"_blank\">HPE GreenLake and managed security<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/assets.ext.hpe.com\/is\/content\/hpedam\/documents\/a00059000-9999\/a00059292\/a00059292enw.pdf\" target=\"_blank\">HPE Application Migration for Cloud<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/assets.ext.hpe.com\/is\/content\/hpedam\/documents\/a50000000-0999\/a50000435\/a50000435enw.pdf\" target=\"_blank\">HPE Managed Cloud Controls<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/psnow.ext.hpe.com\/downloadDoc\/HPE%20GreenLake%20for%20private%20cloud%20technical%20white%20paper-a50003040enw.pdf?id=a50003040enw§ion=&prelaunchSection=&softrollSection=&deepLink=&isFutureVersion=true&isQS=false&getHtml=\" target=\"_blank\">HPE GreenLake for private cloud<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/solutions\/cloud.html\" target=\"_blank\">HPE hybrid cloud solutions<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"Further_reading\">Further reading<\/span><\/h2>\n<ul><li><span class=\"citation web\">Sheldon, R. (30 July 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201208211102\/https:\/\/searchconvergedinfrastructure.techtarget.com\/feature\/What-is-HPE-GreenLake-and-how-does-it-work\" target=\"_blank\">\"What is HPE GreenLake and how does it work?\"<\/a>. <i>TechTarget - SearchConvergedInfrastructure<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/searchconvergedinfrastructure.techtarget.com\/feature\/What-is-HPE-GreenLake-and-how-does-it-work\" target=\"_blank\">the original<\/a> on 08 December 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20201208211102\/https:\/\/searchconvergedinfrastructure.techtarget.com\/feature\/What-is-HPE-GreenLake-and-how-does-it-work\" target=\"_blank\">https:\/\/web.archive.org\/web\/20201208211102\/https:\/\/searchconvergedinfrastructure.techtarget.com\/feature\/What-is-HPE-GreenLake-and-how-does-it-work<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+HPE+GreenLake+and+how+does+it+work%3F&rft.atitle=TechTarget+-+SearchConvergedInfrastructure&rft.aulast=Sheldon%2C+R.&rft.au=Sheldon%2C+R.&rft.date=30+July+2020&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20201208211102%2Fhttps%3A%2F%2Fsearchconvergedinfrastructure.techtarget.com%2Ffeature%2FWhat-is-HPE-GreenLake-and-how-does-it-work&rfr_id=info:sid\/en.wikipedia.org:HPE_GreenLake\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-ZacksHewlett20-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ZacksHewlett20_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/newsroom\/press-release\/2023\/03\/hewlett-packard-enterprise-reports-fiscal-2023-first-quarter-results.html\" target=\"_blank\">\"Hewlett Packard Enterprise reports Fiscal 2023 first quarter results\"<\/a>. Hewlett Packard Enterprise. 2 March 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.hpe.com\/us\/en\/newsroom\/press-release\/2023\/03\/hewlett-packard-enterprise-reports-fiscal-2023-first-quarter-results.html\" target=\"_blank\">https:\/\/www.hpe.com\/us\/en\/newsroom\/press-release\/2023\/03\/hewlett-packard-enterprise-reports-fiscal-2023-first-quarter-results.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Hewlett+Packard+Enterprise+reports+Fiscal+2023+first+quarter+results&rft.atitle=&rft.date=2+March+2023&rft.pub=Hewlett+Packard+Enterprise&rft_id=https%3A%2F%2Fwww.hpe.com%2Fus%2Fen%2Fnewsroom%2Fpress-release%2F2023%2F03%2Fhewlett-packard-enterprise-reports-fiscal-2023-first-quarter-results.html&rfr_id=info:sid\/en.wikipedia.org:HPE_GreenLake\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SheldonWhatIsHPEGreen20-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SheldonWhatIsHPEGreen20_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Sheldon, R. (30 July 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201208211102\/https:\/\/searchconvergedinfrastructure.techtarget.com\/feature\/What-is-HPE-GreenLake-and-how-does-it-work\" target=\"_blank\">\"What is HPE GreenLake and how does it work?\"<\/a>. <i>TechTarget - SearchConvergedInfrastructure<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/searchconvergedinfrastructure.techtarget.com\/feature\/What-is-HPE-GreenLake-and-how-does-it-work\" target=\"_blank\">the original<\/a> on 08 December 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20201208211102\/https:\/\/searchconvergedinfrastructure.techtarget.com\/feature\/What-is-HPE-GreenLake-and-how-does-it-work\" target=\"_blank\">https:\/\/web.archive.org\/web\/20201208211102\/https:\/\/searchconvergedinfrastructure.techtarget.com\/feature\/What-is-HPE-GreenLake-and-how-does-it-work<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+HPE+GreenLake+and+how+does+it+work%3F&rft.atitle=TechTarget+-+SearchConvergedInfrastructure&rft.aulast=Sheldon%2C+R.&rft.au=Sheldon%2C+R.&rft.date=30+July+2020&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20201208211102%2Fhttps%3A%2F%2Fsearchconvergedinfrastructure.techtarget.com%2Ffeature%2FWhat-is-HPE-GreenLake-and-how-does-it-work&rfr_id=info:sid\/en.wikipedia.org:HPE_GreenLake\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HPEMeetHPEGreen-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HPEMeetHPEGreen_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210308142004\/https:\/\/www.hpe.com\/us\/en\/greenlake\/overview.html\" target=\"_blank\">\"Meet HPE GreenLake\"<\/a>. HPE. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/greenlake\/overview.html\" target=\"_blank\">the original<\/a> on 08 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210308142004\/https:\/\/www.hpe.com\/us\/en\/greenlake\/overview.html\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210308142004\/https:\/\/www.hpe.com\/us\/en\/greenlake\/overview.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Meet+HPE+GreenLake&rft.atitle=&rft.pub=HPE&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210308142004%2Fhttps%3A%2F%2Fwww.hpe.com%2Fus%2Fen%2Fgreenlake%2Foverview.html&rfr_id=info:sid\/en.wikipedia.org:HPE_GreenLake\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HPEHybrid-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HPEHybrid_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210308010621\/https:\/\/www.hpe.com\/us\/en\/solutions\/cloud.html\" target=\"_blank\">\"Hybrid Cloud Solutions\"<\/a>. HPE. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/solutions\/cloud.html\" target=\"_blank\">the original<\/a> on 08 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210308010621\/https:\/\/www.hpe.com\/us\/en\/solutions\/cloud.html\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210308010621\/https:\/\/www.hpe.com\/us\/en\/solutions\/cloud.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Hybrid+Cloud+Solutions&rft.atitle=&rft.pub=HPE&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210308010621%2Fhttps%3A%2F%2Fwww.hpe.com%2Fus%2Fen%2Fsolutions%2Fcloud.html&rfr_id=info:sid\/en.wikipedia.org:HPE_GreenLake\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HPDeliversHybrid20-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HPDeliversHybrid20_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/newsroom\/press-release\/2020\/11\/hewlett-packard-enterprise-delivers-hybrid-workplace-upgrades-to-support-covid-19-response-at-erasmus-medical-center-in-the-netherlands.html\" target=\"_blank\">\"Hewlett Packard Enterprise delivers hybrid workplace upgrades to support COVID-19 response at Erasmus Medical Center in the Netherlands\"<\/a>. Hewlett Packard Enterprise. 10 November 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.hpe.com\/us\/en\/newsroom\/press-release\/2020\/11\/hewlett-packard-enterprise-delivers-hybrid-workplace-upgrades-to-support-covid-19-response-at-erasmus-medical-center-in-the-netherlands.html\" target=\"_blank\">https:\/\/www.hpe.com\/us\/en\/newsroom\/press-release\/2020\/11\/hewlett-packard-enterprise-delivers-hybrid-workplace-upgrades-to-support-covid-19-response-at-erasmus-medical-center-in-the-netherlands.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Hewlett+Packard+Enterprise+delivers+hybrid+workplace+upgrades+to+support+COVID-19+response+at+Erasmus+Medical+Center+in+the+Netherlands&rft.atitle=&rft.date=10+November+2020&rft.pub=Hewlett+Packard+Enterprise&rft_id=https%3A%2F%2Fwww.hpe.com%2Fus%2Fen%2Fnewsroom%2Fpress-release%2F2020%2F11%2Fhewlett-packard-enterprise-delivers-hybrid-workplace-upgrades-to-support-covid-19-response-at-erasmus-medical-center-in-the-netherlands.html&rfr_id=info:sid\/en.wikipedia.org:HPE_GreenLake\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HPEGreenPrivate21-6\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-HPEGreenPrivate21_6-0\">6.0<\/a><\/sup> <sup><a href=\"#cite_ref-HPEGreenPrivate21_6-1\">6.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/psnow.ext.hpe.com\/downloadDoc\/HPE%20GreenLake%20for%20private%20cloud%20technical%20white%20paper-a50003040enw.pdf?id=a50003040enw§ion=&prelaunchSection=&softrollSection=&deepLink=&isFutureVersion=true&isQS=false&getHtml=\" target=\"_blank\">\"HPE GreenLake for Private Cloud\"<\/a> (PDF). Hewlett Packard Enterprise. January 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/psnow.ext.hpe.com\/downloadDoc\/HPE%20GreenLake%20for%20private%20cloud%20technical%20white%20paper-a50003040enw.pdf?id=a50003040enw§ion=&prelaunchSection=&softrollSection=&deepLink=&isFutureVersion=true&isQS=false&getHtml=\" target=\"_blank\">https:\/\/psnow.ext.hpe.com\/downloadDoc\/HPE%20GreenLake%20for%20private%20cloud%20technical%20white%20paper-a50003040enw.pdf?id=a50003040enw&section=&prelaunchSection=&softrollSection=&deepLink=&isFutureVersion=true&isQS=false&getHtml=<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=HPE+GreenLake+for+Private+Cloud&rft.atitle=&rft.date=January+2021&rft.pub=Hewlett+Packard+Enterprise&rft_id=https%3A%2F%2Fpsnow.ext.hpe.com%2FdownloadDoc%2FHPE%2520GreenLake%2520for%2520private%2520cloud%2520technical%2520white%2520paper-a50003040enw.pdf%3Fid%3Da50003040enw%26section%3D%26prelaunchSection%3D%26softrollSection%3D%26deepLink%3D%26isFutureVersion%3Dtrue%26isQS%3Dfalse%26getHtml%3D&rfr_id=info:sid\/en.wikipedia.org:HPE_GreenLake\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HPEElectronic20-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HPEElectronic20_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/assets.ext.hpe.com\/is\/content\/hpedam\/a00107315enw\" target=\"_blank\">\"Electronic Medical Records Delivered as a Service\"<\/a> (PDF). Hewlett Packard Enterprise. November 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/assets.ext.hpe.com\/is\/content\/hpedam\/a00107315enw\" target=\"_blank\">https:\/\/assets.ext.hpe.com\/is\/content\/hpedam\/a00107315enw<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Electronic+Medical+Records+Delivered+as+a+Service&rft.atitle=&rft.date=November+2020&rft.pub=Hewlett+Packard+Enterprise&rft_id=https%3A%2F%2Fassets.ext.hpe.com%2Fis%2Fcontent%2Fhpedam%2Fa00107315enw&rfr_id=info:sid\/en.wikipedia.org:HPE_GreenLake\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HPEManServ-8\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-HPEManServ_8-0\">8.0<\/a><\/sup> <sup><a href=\"#cite_ref-HPEManServ_8-1\">8.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/services\/remote-infrastructure-monitoring.html\" target=\"_blank\">\"HPE GreenLake Management Services\"<\/a>. HPE<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.hpe.com\/us\/en\/services\/remote-infrastructure-monitoring.html\" target=\"_blank\">https:\/\/www.hpe.com\/us\/en\/services\/remote-infrastructure-monitoring.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=HPE+GreenLake+Management+Services&rft.atitle=&rft.pub=HPE&rft_id=https%3A%2F%2Fwww.hpe.com%2Fus%2Fen%2Fservices%2Fremote-infrastructure-monitoring.html&rfr_id=info:sid\/en.wikipedia.org:HPE_GreenLake\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LeechLighten20-9\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-LeechLighten20_9-0\">9.0<\/a><\/sup> <sup><a href=\"#cite_ref-LeechLighten20_9-1\">9.1<\/a><\/sup> <sup><a href=\"#cite_ref-LeechLighten20_9-2\">9.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Leech, S. (29 October 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/community.hpe.com\/t5\/the-cloud-experience-everywhere\/lighten-your-security-ops-burden-with-managed-security-from-hpe\/ba-p\/7106970\" target=\"_blank\">\"Lighten your security ops burden with Managed Security from HPE GreenLake Management Services\"<\/a>. <i>HPE Community<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/community.hpe.com\/t5\/the-cloud-experience-everywhere\/lighten-your-security-ops-burden-with-managed-security-from-hpe\/ba-p\/7106970\" target=\"_blank\">https:\/\/community.hpe.com\/t5\/the-cloud-experience-everywhere\/lighten-your-security-ops-burden-with-managed-security-from-hpe\/ba-p\/7106970<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Lighten+your+security+ops+burden+with+Managed+Security+from+HPE+GreenLake+Management+Services&rft.atitle=HPE+Community&rft.aulast=Leech%2C+S.&rft.au=Leech%2C+S.&rft.date=29+October+2020&rft_id=https%3A%2F%2Fcommunity.hpe.com%2Ft5%2Fthe-cloud-experience-everywhere%2Flighten-your-security-ops-burden-with-managed-security-from-hpe%2Fba-p%2F7106970&rfr_id=info:sid\/en.wikipedia.org:HPE_GreenLake\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205551\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.482 seconds\nReal time usage: 1.202 seconds\nPreprocessor visited node count: 10317\/1000000\nPost\u2010expand include size: 62684\/2097152 bytes\nTemplate argument size: 32672\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 15503\/5000000 bytes\nLua time usage: 0.010\/7 seconds\nLua virtual size: 4935680\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 213.294 1 -total\n 56.60% 120.717 1 Template:Infobox_company\n 54.79% 116.869 1 Template:Infobox\n 48.71% 103.891 81 Template:Infobox\/row\n 40.82% 87.074 1 Template:URL\n 37.97% 80.987 1 Template:Str_right\n 36.62% 78.115 1 Template:Str_sub_long\n 34.26% 73.074 10 Template:Cite_web\n 30.91% 65.935 10 Template:Citation\/core\n 29.10% 62.074 1 Template:Reflist\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12482-0!canonical and timestamp 20230816205549 and revision id 52739. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/HPE_GreenLake\">https:\/\/www.limswiki.org\/index.php\/HPE_GreenLake<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","0436e45d109ada76bce7694bd1ef81b2_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/1\/10\/Hewlett_Packard_Enterprise_Logo.png"],"0436e45d109ada76bce7694bd1ef81b2_timestamp":1692220361,"cba743b045cae23df5415fc78c061dab_type":"article","cba743b045cae23df5415fc78c061dab_title":"Google Cloud","cba743b045cae23df5415fc78c061dab_url":"https:\/\/www.limswiki.org\/index.php\/Google_Cloud","cba743b045cae23df5415fc78c061dab_plaintext":"\n\nGoogle CloudFrom LIMSWikiJump to navigationJump to searchGoogle Cloud\nIndustry\n \nCloud computing, Web servicesFounder(s)\n \nSergey Brin, Larry PageHeadquarters\n \nMountain View, California , United States Area served\n \nWorldwideKey people\n \nThomas Kurian (CEO)Products\n \nIaaS, PaaS, DBaaS, DaaSRevenue\n \n$7.4 billion (2023, Q1)[1]Parent\n \nGoogleWebsite\n \ncloud.google.com \n\n\r\n\nGoogle Cloud is a Google-driven suite of public, private, hybrid, and multicloud computing services that runs on the same infrastructure that Google uses internally for its end-user products.[2] Google Cloud boasts data centers in 37 regions, 112 zones, and 187 network edge locations.[3] More than 100 different products and services are associated with Google Cloud, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, data analysis, media management, container management, developer support, scientific computing, internet of things, and artificial intelligence.[4]\n\r\n\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nExamples of labs that have worked with Google Cloud at some point include the Department of Energy's National Labs[5], Hologic[6], IDEXX Laboratories[7], Spectra Laboratories[8], and Washington Laboratories.[9] It's also worth noting that some laboratory information management system (LIMS) developers have offered their solution on Google Cloud over the years, including GoMeyra Corporation[10], Online LIMS Canada Limited[11], and Persistent Systems Ltd.[12] A Google Cloud representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Google Cloud.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nIt will ultimately be up to your organization to get an answer tailored to your systems and business processes. However, this much can be said about Google Cloud integrations. Google provides documentation about how to integrate your applications with its backend and frontend, including its APIs. Additionally, Google Cloud discusses at length the concept of data integration, including its Cloud Data Fusion (CDF) offering for hybrid and multicloud integration. The CDF library of connectors and transformations, along with its \"end-to-end data lineage, integration metadata, and cloud-native security and data protection services,\" helps customers keep data integrated no matter its location.[13]\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nSome public information is made available about historic outages and downtime. Google Cloud has a systems status page with status history (you have to click on the \"View Summary and History\" link at the bottom). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a Google Cloud representative may reveal more historical downtime history for the services you are interested in.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nGoogle Cloud does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with Google Cloud what downtime support they provide based on the services your organization are interested in.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nGoogle Cloud has 37 regions it operates in[3], with each region having at least three zones[14], with more three-zone regions planned.[3] Google Cloud uses its content delivery network Cloud CDN, which \"gives you the same world-class infrastructure to accelerate and secure mission critical web experiences at a global scale.\"[15] When moving data to and from on-premises and Google Cloud systems, multiple transfer options exist, including normal online transfer, a full-scale transfer service, transfer appliances, and scheduled SaaS data transfers.[16] Data in motion is encrypted following a strict company policy. As for data localization and residency requirements, Google Cloud gives customers many controls, including organization policies, Cloud IAM configurations, and VPC service controls.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nIn its security whitepaper, Google states the following[17]: \n\nThe physical security in Google data centers is a layered security model. Physical security includes safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. In addition, to detect and track intruders, we use security measures such as laser beam intrusion detection and 24\/7 monitoring by high-resolution interior and exterior cameras. Access logs, activity records, and camera footage are available in case an incident occurs. Experienced security guards, who have undergone rigorous background checks and training, routinely patrol our data centers. As you get closer to the data center floor, security measures also increase. Access to the data center floor is only possible through a security corridor that implements multi-factor access control using security badges and biometrics. Only approved employees with specific roles may enter. Less than one percent of Google employees will ever set foot in one of our data centers.\nFor information about specific certifications and compliance training, discuss this with a Google Cloud representative.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nNot all Google Cloud machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nUnlike other cloud providers, it's not entirely clear what Google Cloud's stance is on physical separation. The only information to be found was a sentence in their security whitepaper[17]: \"Our infrastructure is designed to logically isolate each customer's data from the data of other customers and users, even when it's stored on the same physical server.\" Presumably the type of data you have will determine which servers you should use, based upon those servers compliance ratings. You'll have to have a discussion with a Google Cloud representative to learn more about their position on physical separation of data.\nTenant isolation is addressed by Google Cloud under the scope of Kubernetes both here and here. However, like many aspects of security, configuration and best practices are a shared responsibility. Additional details about multi-tenancy and related security on Google Cloud can be found under the \"Secure Service Deployment\" section of their Google Infrastructure Security Design Overview document. Consult with a representative to learn more.\n\r\n\n9. Do you have documented data security policies?\nGoogle Cloud documents its security practices in several places:\n\nGoogle cloud security showcase\nGoogle infrastructure security design overview\nGoogle security whitepaper\nGoogle SOC 2 documents\nSome security-related documents may not be publicly available, requiring direct discussion with a Google Cloud representative to obtain them.\n\r\n\n10. How do you test your platform's security?\nGoogle Cloud has information scattered around in its documentation. Most notable is this passage from its security whitepaper[17]:\n\nOur dedicated security team includes some of the world's foremost experts in information security, application security, cryptography, and network security. This team maintains our defense systems, develops security review processes, builds security infrastructure, and implements our security policies. The team actively scans for security threats using commercial and custom tools. The team also conducts penetration tests and performs quality assurance and security reviews.\nThe company also mentions that they conduct \"intensive automated and manual penetration efforts, including extensive Red Team exercises.\"[17]\nThere are other pieces of information related to non-Google Cloud personnel testing the platform. Under its Cloud Data Processing Addendum, customers have some audit rights, though there are limited to those affected by GDPR or Model Contract Clauses. Otherwise, the customer must rely on third-party audit results.[18]\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nAudits: Google Cloud has this to say about security audits:\n\n\"We vet the component vendors that we work with and choose components with care. We work with vendors to audit and validate the security properties that are provided by the components.\"[19]\n\"We have a dedicated internal audit team that reviews our products' compliance with security laws and regulations around the world. As new auditing standards are created and existing standards are updated, the internal audit team determines what controls, processes, and systems are needed in order to help meet them. This team supports independent audits and assessments by third parties.\"[17]\n\"Our dedicated security teams, privacy teams, and internal audit teams monitor and audit employee access, and we provide audit logs to you through Access Transparency for Google Cloud.\"[17]\nIntrusion detection and reporting: Google Cloud provides Security Command Center to its customers for intrusion detection and reporting.[20] As for its own intrusion detection, Google Cloud discusses this in its Google Infrastructure Security Design Overview document[19]:\n\nWe use sophisticated data processing pipelines to integrate host-based signals on individual devices, network-based signals from various monitoring points in the infrastructure, and signals from infrastructure services. Rules and machine intelligence built on top of these pipelines give operational security engineers warnings of possible incidents. Our investigation and incident-response teams triage, investigate, and respond to these potential incidents 24 hours a day, 365 days a year.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nGoogle Cloud mentions data logging in several places:\n\nGoogle employee access to end user information[17]\nspeech-to-text information and various other types of information (if opted in to data logging program)[21]\nHowever, it's not clear what other data logging they may conduct and act upon related to your data. Talk to a representative to determine this.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nGoogle Cloud users can view their own logs through tools like Google's Cloud Logging service and its Cloud Audit Logs. However, unlike Alibaba, it's unclear if you are able to audit internal Google Cloud operation logs on-demand. This is a conversation to have with a Google Cloud representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nYes, AWS will sign a business associate agreement.[22] Consult their HIPAA compliance page for more details on their approach to HIPAA compliance.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nGoogle Cloud makes several statements about customer data in its platform terms:\n\n\"If the Agreement is terminated, then (a) all rights and access to the Services will terminate (including access to Customer Data, if applicable), unless otherwise described in this Agreement ...\"[23]\n\"If Customer wishes to retain any Customer Data after the end of the Term, it may instruct Google in accordance with Section 9.1 (Access; Rectification; Restricted Processing; Portability) to return that data during the Term. Subject to Section 6.3 (Deferred Deletion Instruction), Customer instructs Google to delete all remaining Customer Data (including existing copies) from Google\u2019s systems at the end of the Term in accordance with applicable law. After a recovery period of up to 30 days from that date, Google will comply with this Instruction as soon as reasonably practicable and within a maximum period of 180 days, unless European Law requires storage.\"[18]\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how Google Cloud would handle your data should they go out of business, nor do they mention much about catastrophic loss on their site. Google Cloud discusses disaster recovery and data loss in its Cloud Architecture Center. The company states in their platform terms, however, that \"neither party will be liable for failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, or war.\"[23] Like other cloud providers, Google Cloud uses three-zone regions for redundancy: \"Putting resources in different zones in a region reduces the risk of an infrastructure outage affecting all resources simultaneously. Putting resources in different regions provides an even higher degree of failure independence. This lets you design robust systems with resources spread across different failure domains.\"[24] It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with a Google Cloud representative.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nGoogle Cloud advertises their Cloud Storage Transfer Service as a software service that allows you to \"transfer data quickly and securely between object and file storage across Google Cloud, Amazon, Azure, on-premises, and more.\"[25] They also provide guidance on extracting data out of its multi-cloud data warehouse BigQuery. Google Cloud has also published a Transparency Declaration that maps their processes to the voluntary SWIPO (Switching Cloud Providers and Porting Data) codes of conduct.[26] Read more about this on their SWIPO page.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a Google Cloud representative.\n\nManaged security services \nGoogle discontinued its managed services offerings in the United States in 2019.[27]\n\r\n\n\nAdditional information \nDocumentation and other media \nDisaster recovery whitepaper\nHIPAA whitepaper repository\nSecurity overview\nExternal links \nGoogle Cloud architecture framework or description\nGoogle Cloud shared responsibility model\nGoogle Cloud trust center\nReferences \n\n\n\u2191 Miller, R. (25 April 2023). \"Google Cloud turns profit for the first time\". TechCrunch. https:\/\/techcrunch.com\/2023\/04\/25\/google-cloud-turns-profit-for-the-first-time\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Why Google Cloud\". Google. https:\/\/cloud.google.com\/why-google-cloud . Retrieved 02 August 2023 .   \n \n\n\u2191 3.0 3.1 3.2 \"Cloud locations\". Google Cloud. https:\/\/cloud.google.com\/about\/locations . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Google Cloud Products\". Google. https:\/\/cloud.google.com\/products . Retrieved 02 August 2023 .   \n \n\n\u2191 Nyczepir, D. (15 October 2020). \"DOE research facilities move to Google Cloud\". FedScoop. https:\/\/www.fedscoop.com\/doe-google-cloud-productivity-tools\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 Ford, O. (2 February 2021). \"Hologic is Reaching for the (Google) Cloud with New Collaboration\". Medical Device and Diagnostic Industry. https:\/\/www.mddionline.com\/digital-health\/hologic-reaching-google-cloud-new-collaboration . Retrieved 02 August 2023 .   \n \n\n\u2191 \"IDEXX Laboratories: Using big data to be the top dog in animal diagnostics\". Google Cloud. https:\/\/cloud.google.com\/customers\/idexx-laboratories . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Spectra Laboratories\". ZoomInfo. https:\/\/www.zoominfo.com\/c\/spectra-laboratories-inc\/112181570 . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Washington Laboratories\". ZoomInfo. https:\/\/www.zoominfo.com\/c\/washington-laboratories-ltd\/41451684 . Retrieved 02 August 2023 .   \n \n\n\u2191 \"GoMeyra Policies\". GoMeyra Corporation. Archived from the original on 19 April 2021. https:\/\/web.archive.org\/web\/20210419034125\/https:\/\/www.gomeyra.com\/policies\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Online LIMS Canada\". ZoomInfo. https:\/\/www.zoominfo.com\/c\/online-lims-canada-limited\/84935207 . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Accelerate your digital transformation journey with Google\". Persistent Systems Ltd. https:\/\/www.persistent.com\/partner-ecosystem\/google\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Cloud Data Fusion\". Google Cloud. https:\/\/cloud.google.com\/data-fusion\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Regions and zones\". Compute Engine Documentation. Google Cloud. https:\/\/cloud.google.com\/compute\/docs\/regions-zones . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Cloud CDN\". Google Cloud. https:\/\/cloud.google.com\/cdn . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Storage Transfer Service\". Google Cloud. https:\/\/cloud.google.com\/storage-transfer-service . Retrieved 02 August 2023 .   \n \n\n\u2191 17.0 17.1 17.2 17.3 17.4 17.5 17.6 \"Google security overview\". Google Cloud. May 2022. https:\/\/cloud.google.com\/docs\/security\/overview\/whitepaper . Retrieved 02 August 2023 .   \n \n\n\u2191 18.0 18.1 \"Cloud Data Processing Addendum (Customers)\". Google Cloud. 20 September 2022. https:\/\/cloud.google.com\/terms\/data-processing-addendum . Retrieved 02 August 2023 .   \n \n\n\u2191 19.0 19.1 \"Google Infrastructure Security Design Overview\" (PDF). Google Cloud. June 2023. https:\/\/cloud.google.com\/static\/docs\/security\/infrastructure\/design\/resources\/google_infrastructure_whitepaper_fa.pdf . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Security Command Center\". Google Cloud. https:\/\/cloud.google.com\/security-command-center\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Data logging\". Cloud Speech-to-Text. Google Cloud. 2 August 2023. https:\/\/cloud.google.com\/speech-to-text\/docs\/data-logging . Retrieved 02 August 2023 .   \n \n\n\u2191 \"HIPAA Compliance on Google Cloud\". Google Cloud. 27 July 2023. https:\/\/cloud.google.com\/security\/compliance\/hipaa . Retrieved 02 August 2023 .   \n \n\n\u2191 23.0 23.1 \"Google Cloud Platform Terms of Service\". Google Cloud. 12 July 2023. https:\/\/cloud.google.com\/terms . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Regions and zones\". Compute Engine Documentation. Google Cloud. https:\/\/cloud.google.com\/compute\/docs\/regions-zones . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Storage Transfer Service\". Google Cloud. https:\/\/cloud.google.com\/storage-transfer-service . Retrieved 02 August 2023 .   \n \n\n\u2191 \"SWIPO Data Portability Code of Conduct\". Google Cloud. https:\/\/cloud.google.com\/security\/compliance\/swipo-codes . Retrieved 02 August 2023 .   \n \n\n\u2191 Weissbrot, A. (26 November 2019). \"Google Exits Managed Services, Welcome News For Its Key Agency Partners\". Ad Exchanger. https:\/\/adexchanger.com\/agencies\/google-exits-managed-services-welcome-news-for-its-key-agency-partners\/ . Retrieved 02 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Google_Cloud\">https:\/\/www.limswiki.org\/index.php\/Google_Cloud<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 2 August 2023, at 18:25.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,679 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","cba743b045cae23df5415fc78c061dab_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Google_Cloud rootpage-Google_Cloud skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Google Cloud<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Google Cloud<\/b> is a Google-driven suite of public, private, hybrid, and multicloud computing services that runs on the same infrastructure that Google uses internally for its end-user products.<sup id=\"rdp-ebb-cite_ref-GoogleCloudWhy_2-0\" class=\"reference\"><a href=\"#cite_note-GoogleCloudWhy-2\">[2]<\/a><\/sup> Google Cloud boasts data centers in 37 regions, 112 zones, and 187 network edge locations.<sup id=\"rdp-ebb-cite_ref-GoogleCloudLocs_3-0\" class=\"reference\"><a href=\"#cite_note-GoogleCloudLocs-3\">[3]<\/a><\/sup> More than 100 different products and services are associated with Google Cloud, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, <a href=\"https:\/\/www.limswiki.org\/index.php\/Data_analysis\" title=\"Data analysis\" class=\"wiki-link\" data-key=\"545c95e40ca67c9e63cd0a16042a5bd1\">data analysis<\/a>, media management, container management, developer support, scientific computing, <a href=\"https:\/\/www.limswiki.org\/index.php\/Internet_of_things\" title=\"Internet of things\" class=\"wiki-link\" data-key=\"13e0b826fa1770fe4bea72e3cb942f0f\">internet of things<\/a>, and <a href=\"https:\/\/www.limswiki.org\/index.php\/Artificial_intelligence\" title=\"Artificial intelligence\" class=\"wiki-link\" data-key=\"0c45a597361ca47e1cd8112af676276e\">artificial intelligence<\/a>.<sup id=\"rdp-ebb-cite_ref-GoogleCloudProds_4-0\" class=\"reference\"><a href=\"#cite_note-GoogleCloudProds-4\">[4]<\/a><\/sup>\n<\/p><p><br \/>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>Examples of <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">labs<\/a> that have worked with Google Cloud at some point include the Department of Energy's National Labs<sup id=\"rdp-ebb-cite_ref-NyczepirDOE20_5-0\" class=\"reference\"><a href=\"#cite_note-NyczepirDOE20-5\">[5]<\/a><\/sup>, Hologic<sup id=\"rdp-ebb-cite_ref-FordHologic21_6-0\" class=\"reference\"><a href=\"#cite_note-FordHologic21-6\">[6]<\/a><\/sup>, IDEXX Laboratories<sup id=\"rdp-ebb-cite_ref-GoogleIDEXX_7-0\" class=\"reference\"><a href=\"#cite_note-GoogleIDEXX-7\">[7]<\/a><\/sup>, Spectra Laboratories<sup id=\"rdp-ebb-cite_ref-ZoomInfoSpectra_8-0\" class=\"reference\"><a href=\"#cite_note-ZoomInfoSpectra-8\">[8]<\/a><\/sup>, and Washington Laboratories.<sup id=\"rdp-ebb-cite_ref-ZoomInfoWash_9-0\" class=\"reference\"><a href=\"#cite_note-ZoomInfoWash-9\">[9]<\/a><\/sup> It's also worth noting that some laboratory information management system (LIMS) developers have offered their solution on Google Cloud over the years, including <a href=\"https:\/\/www.limswiki.org\/index.php\/GoMeyra_Corporation\" title=\"GoMeyra Corporation\" class=\"wiki-link\" data-key=\"4ebec47c2fc9ccfd631c5895c19c0943\">GoMeyra Corporation<\/a><sup id=\"rdp-ebb-cite_ref-GoMeyraPolicies_10-0\" class=\"reference\"><a href=\"#cite_note-GoMeyraPolicies-10\">[10]<\/a><\/sup>, <a href=\"https:\/\/www.limswiki.org\/index.php\/Online_LIMS_Canada_Limited\" title=\"Online LIMS Canada Limited\" class=\"wiki-link\" data-key=\"a457babb7723ed1966b0150631817143\">Online LIMS Canada Limited<\/a><sup id=\"rdp-ebb-cite_ref-ZoomInfoOnline_11-0\" class=\"reference\"><a href=\"#cite_note-ZoomInfoOnline-11\">[11]<\/a><\/sup>, and <a href=\"https:\/\/www.limswiki.org\/index.php\/Persistent_Systems_Ltd.\" title=\"Persistent Systems Ltd.\" class=\"wiki-link\" data-key=\"6c3d8b410fd38e788984edb3013ecbf6\">Persistent Systems Ltd.<\/a><sup id=\"rdp-ebb-cite_ref-PersistentGoogle_12-0\" class=\"reference\"><a href=\"#cite_note-PersistentGoogle-12\">[12]<\/a><\/sup> A Google Cloud representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Google Cloud.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>It will ultimately be up to your organization to get an answer tailored to your systems and business processes. However, this much can be said about Google Cloud integrations. Google provides <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/marketplace\/docs\/partners\/integrated-saas\/technical-integration-setup\" target=\"_blank\">documentation<\/a> about how to integrate your applications with its backend and frontend, including its APIs. Additionally, Google Cloud discusses at length the concept of <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/learn\/what-is-data-integration\" target=\"_blank\">data integration<\/a>, including its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/data-fusion\/\" target=\"_blank\">Cloud Data Fusion<\/a> (CDF) offering for hybrid and multicloud integration. The CDF library of connectors and transformations, along with its \"end-to-end data lineage, integration metadata, and cloud-native security and data protection services,\" helps customers keep data integrated no matter its location.<sup id=\"rdp-ebb-cite_ref-GoogleCDF_13-0\" class=\"reference\"><a href=\"#cite_note-GoogleCDF-13\">[13]<\/a><\/sup>\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Some public information is made available about historic outages and downtime. Google Cloud has a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/status.cloud.google.com\/\" target=\"_blank\">systems status page<\/a> with status history (you have to click on the \"View Summary and History\" link at the bottom). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a Google Cloud representative may reveal more historical downtime history for the services you are interested in.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>Google Cloud does not make this answer clear. However, the answer is likely tied to what <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/support\" target=\"_blank\">after-sales support plan<\/a> you choose. Confirm with Google Cloud what downtime support they provide based on the services your organization are interested in.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>Google Cloud has 37 regions it operates in<sup id=\"rdp-ebb-cite_ref-GoogleCloudLocs_3-1\" class=\"reference\"><a href=\"#cite_note-GoogleCloudLocs-3\">[3]<\/a><\/sup>, with each region having at least three zones<sup id=\"rdp-ebb-cite_ref-GoogleRegionsDoc_14-0\" class=\"reference\"><a href=\"#cite_note-GoogleRegionsDoc-14\">[14]<\/a><\/sup>, with more three-zone regions planned.<sup id=\"rdp-ebb-cite_ref-GoogleCloudLocs_3-2\" class=\"reference\"><a href=\"#cite_note-GoogleCloudLocs-3\">[3]<\/a><\/sup> Google Cloud uses its content delivery network Cloud CDN, which \"gives you the same world-class infrastructure to accelerate and secure mission critical web experiences at a global scale.\"<sup id=\"rdp-ebb-cite_ref-GoogleCloudCDN_15-0\" class=\"reference\"><a href=\"#cite_note-GoogleCloudCDN-15\">[15]<\/a><\/sup> When moving data to and from on-premises and Google Cloud systems, multiple <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/storage-transfer-service\" target=\"_blank\">transfer options<\/a> exist, including normal online transfer, a full-scale transfer service, transfer appliances, and scheduled SaaS data transfers.<sup id=\"rdp-ebb-cite_ref-GoogleCloudDataTrans_16-0\" class=\"reference\"><a href=\"#cite_note-GoogleCloudDataTrans-16\">[16]<\/a><\/sup> Data in motion is encrypted following a strict <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/docs\/security\/encryption-in-transit\" target=\"_blank\">company policy<\/a>. As for data localization and residency requirements, Google Cloud <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/blog\/products\/identity-security\/meet-data-residency-requirements-with-google-cloud\" target=\"_blank\">gives customers<\/a> many controls, including organization policies, Cloud IAM configurations, and VPC service controls.\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>In its security whitepaper, Google states the following<sup id=\"rdp-ebb-cite_ref-GoogleSecurityWhite_17-0\" class=\"reference\"><a href=\"#cite_note-GoogleSecurityWhite-17\">[17]<\/a><\/sup>: \n<\/p>\n<blockquote><p>The physical security in Google data centers is a layered security model. Physical security includes safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. In addition, to detect and track intruders, we use security measures such as laser beam intrusion detection and 24\/7 monitoring by high-resolution interior and exterior cameras. Access logs, activity records, and camera footage are available in case an incident occurs. Experienced security guards, who have undergone rigorous background checks and training, routinely patrol our data centers. As you get closer to the data center floor, security measures also increase. Access to the data center floor is only possible through a security corridor that implements multi-factor access control using security badges and biometrics. Only approved employees with specific roles may enter. Less than one percent of Google employees will ever set foot in one of our data centers.<\/p><\/blockquote>\n<p>For information about specific certifications and compliance training, discuss this with a Google Cloud representative.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Not all <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/about\/locations\" target=\"_blank\">Google Cloud machines<\/a> have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>Unlike other cloud providers, it's not entirely clear what Google Cloud's stance is on physical separation. The only information to be found was a sentence in their security whitepaper<sup id=\"rdp-ebb-cite_ref-GoogleSecurityWhite_17-1\" class=\"reference\"><a href=\"#cite_note-GoogleSecurityWhite-17\">[17]<\/a><\/sup>: \"Our infrastructure is designed to logically isolate each customer's data from the data of other customers and users, even when it's stored on the same physical server.\" Presumably the type of data you have will determine which servers you should use, based upon those servers compliance ratings. You'll have to have a discussion with a Google Cloud representative to learn more about their position on physical separation of data.\n<\/p><p>Tenant isolation is addressed by Google Cloud under the scope of Kubernetes <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/kubernetes-engine\/docs\/concepts\/multitenancy-overview\" target=\"_blank\">both here<\/a> and <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/kubernetes-engine\/docs\/best-practices\/enterprise-multitenancy\" target=\"_blank\">here<\/a>. However, like many aspects of security, configuration and best practices are a shared responsibility. Additional details about multi-tenancy and related security on Google Cloud can be found under the \"Secure Service Deployment\" section of their <i><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/static\/docs\/security\/infrastructure\/design\/resources\/google_infrastructure_whitepaper_fa.pdf\" target=\"_blank\">Google Infrastructure Security Design Overview<\/a><\/i> document. Consult with a representative to learn more.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>Google Cloud documents its security practices in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/showcase\" target=\"_blank\">Google cloud security showcase<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/static\/docs\/security\/infrastructure\/design\/resources\/google_infrastructure_whitepaper_fa.pdf\" target=\"_blank\">Google infrastructure security design overview<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/docs\/security\/overview\/whitepaper\" target=\"_blank\">Google security whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/compliance-reports-manager\" target=\"_blank\">Google SOC 2 documents<\/a><\/li><\/ul>\n<p>Some security-related documents may not be publicly available, requiring direct discussion with a Google Cloud representative to obtain them.\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>Google Cloud has information scattered around in its documentation. Most notable is this passage from its security whitepaper<sup id=\"rdp-ebb-cite_ref-GoogleSecurityWhite_17-2\" class=\"reference\"><a href=\"#cite_note-GoogleSecurityWhite-17\">[17]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Our dedicated security team includes some of the world's foremost experts in information security, application security, cryptography, and network security. This team maintains our defense systems, develops security review processes, builds security infrastructure, and implements our security policies. The team actively scans for security threats using commercial and custom tools. The team also conducts penetration tests and performs quality assurance and security reviews.<\/p><\/blockquote>\n<p>The company also mentions that they conduct \"intensive automated and manual penetration efforts, including extensive Red Team exercises.\"<sup id=\"rdp-ebb-cite_ref-GoogleSecurityWhite_17-3\" class=\"reference\"><a href=\"#cite_note-GoogleSecurityWhite-17\">[17]<\/a><\/sup>\n<\/p><p>There are other pieces of information related to non-Google Cloud personnel testing the platform. Under its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/terms\/data-processing-addendum\" target=\"_blank\">Cloud Data Processing Addendum<\/a>, customers have some audit rights, though there are limited to those affected by GDPR or Model Contract Clauses. Otherwise, the customer must rely on third-party audit results.<sup id=\"rdp-ebb-cite_ref-GoogleDataProc20_18-0\" class=\"reference\"><a href=\"#cite_note-GoogleDataProc20-18\">[18]<\/a><\/sup>\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p><i>Audits<\/i>: Google Cloud has this to say about security audits:\n<\/p>\n<ul><li>\"We vet the component vendors that we work with and choose components with care. We work with vendors to audit and validate the security properties that are provided by the components.\"<sup id=\"rdp-ebb-cite_ref-GoogleInfra17_19-0\" class=\"reference\"><a href=\"#cite_note-GoogleInfra17-19\">[19]<\/a><\/sup><\/li>\n<li>\"We have a dedicated internal audit team that reviews our products' compliance with security laws and regulations around the world. As new auditing standards are created and existing standards are updated, the internal audit team determines what controls, processes, and systems are needed in order to help meet them. This team supports independent audits and assessments by third parties.\"<sup id=\"rdp-ebb-cite_ref-GoogleSecurityWhite_17-4\" class=\"reference\"><a href=\"#cite_note-GoogleSecurityWhite-17\">[17]<\/a><\/sup><\/li>\n<li>\"Our dedicated security teams, privacy teams, and internal audit teams monitor and audit employee access, and we provide audit logs to you through Access Transparency for Google Cloud.\"<sup id=\"rdp-ebb-cite_ref-GoogleSecurityWhite_17-5\" class=\"reference\"><a href=\"#cite_note-GoogleSecurityWhite-17\">[17]<\/a><\/sup><\/li><\/ul>\n<p><i>Intrusion detection and reporting<\/i>: Google Cloud provides Security Command Center to its customers for intrusion detection and reporting.<sup id=\"rdp-ebb-cite_ref-GoogleSCC_20-0\" class=\"reference\"><a href=\"#cite_note-GoogleSCC-20\">[20]<\/a><\/sup> As for its own intrusion detection, Google Cloud discusses this in its <i><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/static\/docs\/security\/infrastructure\/design\/resources\/google_infrastructure_whitepaper_fa.pdf\" target=\"_blank\">Google Infrastructure Security Design Overview<\/a><\/i> document<sup id=\"rdp-ebb-cite_ref-GoogleInfra17_19-1\" class=\"reference\"><a href=\"#cite_note-GoogleInfra17-19\">[19]<\/a><\/sup>:\n<\/p>\n<blockquote><p>We use sophisticated data processing pipelines to integrate host-based signals on individual devices, network-based signals from various monitoring points in the infrastructure, and signals from infrastructure services. Rules and machine intelligence built on top of these pipelines give operational security engineers warnings of possible incidents. Our investigation and incident-response teams triage, investigate, and respond to these potential incidents 24 hours a day, 365 days a year.<\/p><\/blockquote>\n<p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>Google Cloud mentions data logging in several places:\n<\/p>\n<ul><li>Google employee access to end user information<sup id=\"rdp-ebb-cite_ref-GoogleSecurityWhite_17-6\" class=\"reference\"><a href=\"#cite_note-GoogleSecurityWhite-17\">[17]<\/a><\/sup><\/li>\n<li>speech-to-text information and various other types of information (if opted in to <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/talent-solution\/data-logging-terms\" target=\"_blank\">data logging program<\/a>)<sup id=\"rdp-ebb-cite_ref-GoogleSpeechToData_21-0\" class=\"reference\"><a href=\"#cite_note-GoogleSpeechToData-21\">[21]<\/a><\/sup><\/li><\/ul>\n<p>However, it's not clear what other data logging they may conduct and act upon related to your data. Talk to a representative to determine this.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>Google Cloud users can view their own logs through tools like Google's <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/products\/operations\" target=\"_blank\">Cloud Logging service<\/a> and its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/logging\/docs\/audit\" target=\"_blank\">Cloud Audit Logs<\/a>. However, unlike Alibaba, it's unclear if you are able to audit internal Google Cloud operation logs on-demand. This is a conversation to have with a Google Cloud representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>Yes, AWS will sign a business associate agreement.<sup id=\"rdp-ebb-cite_ref-GoogleHIPAA_22-0\" class=\"reference\"><a href=\"#cite_note-GoogleHIPAA-22\">[22]<\/a><\/sup> Consult their <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/hipaa\" target=\"_blank\">HIPAA compliance page<\/a> for more details on their approach to <a href=\"https:\/\/www.limswiki.org\/index.php\/HIPAA\" class=\"mw-redirect wiki-link\" title=\"HIPAA\" data-key=\"70050974d1eda9ff8cf9ecf7e4fcd015\">HIPAA<\/a> compliance.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>Google Cloud makes several statements about customer data in its platform terms:\n<\/p>\n<ul><li>\"If the Agreement is terminated, then (a) all rights and access to the Services will terminate (including access to Customer Data, if applicable), unless otherwise described in this Agreement ...\"<sup id=\"rdp-ebb-cite_ref-GoogleToS21_23-0\" class=\"reference\"><a href=\"#cite_note-GoogleToS21-23\">[23]<\/a><\/sup><\/li>\n<li>\"If Customer wishes to retain any Customer Data after the end of the Term, it may instruct Google in accordance with Section 9.1 (Access; Rectification; Restricted Processing; Portability) to return that data during the Term. Subject to Section 6.3 (Deferred Deletion Instruction), Customer instructs Google to delete all remaining Customer Data (including existing copies) from Google\u2019s systems at the end of the Term in accordance with applicable law. After a recovery period of up to 30 days from that date, Google will comply with this Instruction as soon as reasonably practicable and within a maximum period of 180 days, unless European Law requires storage.\"<sup id=\"rdp-ebb-cite_ref-GoogleDataProc20_18-1\" class=\"reference\"><a href=\"#cite_note-GoogleDataProc20-18\">[18]<\/a><\/sup><\/li><\/ul>\n<p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how Google Cloud would handle your data should they go out of business, nor do they mention much about catastrophic loss on their site. Google Cloud discusses disaster recovery and data loss in its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/architecture\/disaster-recovery\" target=\"_blank\">Cloud Architecture Center<\/a>. The company states in their platform terms, however, that \"neither party will be liable for failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, or war.\"<sup id=\"rdp-ebb-cite_ref-GoogleToS21_23-1\" class=\"reference\"><a href=\"#cite_note-GoogleToS21-23\">[23]<\/a><\/sup> Like other cloud providers, Google Cloud uses three-zone regions for redundancy: \"Putting resources in different zones in a region reduces the risk of an infrastructure outage affecting all resources simultaneously. Putting resources in different regions provides an even higher degree of failure independence. This lets you design robust systems with resources spread across different failure domains.\"<sup id=\"rdp-ebb-cite_ref-GoogleRegions_24-0\" class=\"reference\"><a href=\"#cite_note-GoogleRegions-24\">[24]<\/a><\/sup> It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with a Google Cloud representative.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>Google Cloud advertises their Cloud Storage Transfer Service as a software service that allows you to \"transfer data quickly and securely between object and file storage across Google Cloud, Amazon, Azure, on-premises, and more.\"<sup id=\"rdp-ebb-cite_ref-GoogleTransfer_25-0\" class=\"reference\"><a href=\"#cite_note-GoogleTransfer-25\">[25]<\/a><\/sup> They also provide <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/bigquery\/docs\/exporting-data\" target=\"_blank\">guidance<\/a> on extracting data out of its multi-cloud data warehouse BigQuery. Google Cloud has also published a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/services.google.com\/fh\/files\/misc\/googlecloud_swipo_coc_transparency_declaration_dec2020.pdf?hl=fr\" target=\"_blank\">Transparency Declaration<\/a> that maps their processes to the voluntary SWIPO (Switching Cloud Providers and Porting Data) codes of conduct.<sup id=\"rdp-ebb-cite_ref-GoogleSWIPO_26-0\" class=\"reference\"><a href=\"#cite_note-GoogleSWIPO-26\">[26]<\/a><\/sup> Read more about this on their <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/swipo-codes\" target=\"_blank\">SWIPO page<\/a>.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a Google Cloud representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Google discontinued its managed services offerings in the United States in 2019.<sup id=\"rdp-ebb-cite_ref-WeissbrotGoogle19_27-0\" class=\"reference\"><a href=\"#cite_note-WeissbrotGoogle19-27\">[27]<\/a><\/sup>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/architecture\/disaster-recovery\" target=\"_blank\">Disaster recovery whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/hipaa-compliance\" target=\"_blank\">HIPAA whitepaper repository<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/docs\/security\/overview\/whitepaper\" target=\"_blank\">Security overview<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\" target=\"_blank\">Google Cloud architecture framework or description<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/architecture\/framework\/security\/shared-responsibility-shared-fate\" target=\"_blank\">Google Cloud shared responsibility model<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/programs\/\" target=\"_blank\">Google Cloud trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-MillerGoogle23-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MillerGoogle23_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Miller, R. (25 April 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/techcrunch.com\/2023\/04\/25\/google-cloud-turns-profit-for-the-first-time\/\" target=\"_blank\">\"Google Cloud turns profit for the first time\"<\/a>. <i>TechCrunch<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/techcrunch.com\/2023\/04\/25\/google-cloud-turns-profit-for-the-first-time\/\" target=\"_blank\">https:\/\/techcrunch.com\/2023\/04\/25\/google-cloud-turns-profit-for-the-first-time\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+Cloud+turns+profit+for+the+first+time&rft.atitle=TechCrunch&rft.aulast=Miller%2C+R.&rft.au=Miller%2C+R.&rft.date=25+April+2023&rft_id=https%3A%2F%2Ftechcrunch.com%2F2023%2F04%2F25%2Fgoogle-cloud-turns-profit-for-the-first-time%2F&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleCloudWhy-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleCloudWhy_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/why-google-cloud\" target=\"_blank\">\"Why Google Cloud\"<\/a>. Google<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/why-google-cloud\" target=\"_blank\">https:\/\/cloud.google.com\/why-google-cloud<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Why+Google+Cloud&rft.atitle=&rft.pub=Google&rft_id=https%3A%2F%2Fcloud.google.com%2Fwhy-google-cloud&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleCloudLocs-3\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GoogleCloudLocs_3-0\">3.0<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleCloudLocs_3-1\">3.1<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleCloudLocs_3-2\">3.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/about\/locations\" target=\"_blank\">\"Cloud locations\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/about\/locations\" target=\"_blank\">https:\/\/cloud.google.com\/about\/locations<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+locations&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fabout%2Flocations&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleCloudProds-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleCloudProds_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/products\" target=\"_blank\">\"Google Cloud Products\"<\/a>. Google<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/products\" target=\"_blank\">https:\/\/cloud.google.com\/products<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+Cloud+Products&rft.atitle=&rft.pub=Google&rft_id=https%3A%2F%2Fcloud.google.com%2Fproducts&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NyczepirDOE20-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NyczepirDOE20_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Nyczepir, D. (15 October 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.fedscoop.com\/doe-google-cloud-productivity-tools\/\" target=\"_blank\">\"DOE research facilities move to Google Cloud\"<\/a>. <i>FedScoop<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.fedscoop.com\/doe-google-cloud-productivity-tools\/\" target=\"_blank\">https:\/\/www.fedscoop.com\/doe-google-cloud-productivity-tools\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=DOE+research+facilities+move+to+Google+Cloud&rft.atitle=FedScoop&rft.aulast=Nyczepir%2C+D.&rft.au=Nyczepir%2C+D.&rft.date=15+October+2020&rft_id=https%3A%2F%2Fwww.fedscoop.com%2Fdoe-google-cloud-productivity-tools%2F&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FordHologic21-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FordHologic21_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Ford, O. (2 February 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mddionline.com\/digital-health\/hologic-reaching-google-cloud-new-collaboration\" target=\"_blank\">\"Hologic is Reaching for the (Google) Cloud with New Collaboration\"<\/a>. <i>Medical Device and Diagnostic Industry<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.mddionline.com\/digital-health\/hologic-reaching-google-cloud-new-collaboration\" target=\"_blank\">https:\/\/www.mddionline.com\/digital-health\/hologic-reaching-google-cloud-new-collaboration<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Hologic+is+Reaching+for+the+%28Google%29+Cloud+with+New+Collaboration&rft.atitle=Medical+Device+and+Diagnostic+Industry&rft.aulast=Ford%2C+O.&rft.au=Ford%2C+O.&rft.date=2+February+2021&rft_id=https%3A%2F%2Fwww.mddionline.com%2Fdigital-health%2Fhologic-reaching-google-cloud-new-collaboration&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleIDEXX-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleIDEXX_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/customers\/idexx-laboratories\" target=\"_blank\">\"IDEXX Laboratories: Using big data to be the top dog in animal diagnostics\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/customers\/idexx-laboratories\" target=\"_blank\">https:\/\/cloud.google.com\/customers\/idexx-laboratories<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IDEXX+Laboratories%3A+Using+big+data+to+be+the+top+dog+in+animal+diagnostics&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fcustomers%2Fidexx-laboratories&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ZoomInfoSpectra-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ZoomInfoSpectra_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.zoominfo.com\/c\/spectra-laboratories-inc\/112181570\" target=\"_blank\">\"Spectra Laboratories\"<\/a>. <i>ZoomInfo<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.zoominfo.com\/c\/spectra-laboratories-inc\/112181570\" target=\"_blank\">https:\/\/www.zoominfo.com\/c\/spectra-laboratories-inc\/112181570<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Spectra+Laboratories&rft.atitle=ZoomInfo&rft_id=https%3A%2F%2Fwww.zoominfo.com%2Fc%2Fspectra-laboratories-inc%2F112181570&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ZoomInfoWash-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ZoomInfoWash_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.zoominfo.com\/c\/washington-laboratories-ltd\/41451684\" target=\"_blank\">\"Washington Laboratories\"<\/a>. <i>ZoomInfo<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.zoominfo.com\/c\/washington-laboratories-ltd\/41451684\" target=\"_blank\">https:\/\/www.zoominfo.com\/c\/washington-laboratories-ltd\/41451684<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Washington+Laboratories&rft.atitle=ZoomInfo&rft_id=https%3A%2F%2Fwww.zoominfo.com%2Fc%2Fwashington-laboratories-ltd%2F41451684&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoMeyraPolicies-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoMeyraPolicies_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210419034125\/https:\/\/www.gomeyra.com\/policies\/\" target=\"_blank\">\"GoMeyra Policies\"<\/a>. GoMeyra Corporation. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gomeyra.com\/policies\/\" target=\"_blank\">the original<\/a> on 19 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210419034125\/https:\/\/www.gomeyra.com\/policies\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210419034125\/https:\/\/www.gomeyra.com\/policies\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=GoMeyra+Policies&rft.atitle=&rft.pub=GoMeyra+Corporation&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210419034125%2Fhttps%3A%2F%2Fwww.gomeyra.com%2Fpolicies%2F&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ZoomInfoOnline-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ZoomInfoOnline_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.zoominfo.com\/c\/online-lims-canada-limited\/84935207\" target=\"_blank\">\"Online LIMS Canada\"<\/a>. <i>ZoomInfo<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.zoominfo.com\/c\/online-lims-canada-limited\/84935207\" target=\"_blank\">https:\/\/www.zoominfo.com\/c\/online-lims-canada-limited\/84935207<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Online+LIMS+Canada&rft.atitle=ZoomInfo&rft_id=https%3A%2F%2Fwww.zoominfo.com%2Fc%2Fonline-lims-canada-limited%2F84935207&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PersistentGoogle-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PersistentGoogle_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.persistent.com\/partner-ecosystem\/google\/\" target=\"_blank\">\"Accelerate your digital transformation journey with Google\"<\/a>. Persistent Systems Ltd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.persistent.com\/partner-ecosystem\/google\/\" target=\"_blank\">https:\/\/www.persistent.com\/partner-ecosystem\/google\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Accelerate+your+digital+transformation+journey+with+Google&rft.atitle=&rft.pub=Persistent+Systems+Ltd&rft_id=https%3A%2F%2Fwww.persistent.com%2Fpartner-ecosystem%2Fgoogle%2F&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleCDF-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleCDF_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/data-fusion\/\" target=\"_blank\">\"Cloud Data Fusion\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/data-fusion\/\" target=\"_blank\">https:\/\/cloud.google.com\/data-fusion\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Data+Fusion&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fdata-fusion%2F&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleRegionsDoc-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleRegionsDoc_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/compute\/docs\/regions-zones\" target=\"_blank\">\"Regions and zones\"<\/a>. <i>Compute Engine Documentation<\/i>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/compute\/docs\/regions-zones\" target=\"_blank\">https:\/\/cloud.google.com\/compute\/docs\/regions-zones<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Regions+and+zones&rft.atitle=Compute+Engine+Documentation&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fcompute%2Fdocs%2Fregions-zones&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleCloudCDN-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleCloudCDN_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/cdn\" target=\"_blank\">\"Cloud CDN\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/cdn\" target=\"_blank\">https:\/\/cloud.google.com\/cdn<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+CDN&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fcdn&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleCloudDataTrans-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleCloudDataTrans_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/storage-transfer-service\" target=\"_blank\">\"Storage Transfer Service\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/storage-transfer-service\" target=\"_blank\">https:\/\/cloud.google.com\/storage-transfer-service<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Storage+Transfer+Service&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fstorage-transfer-service&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleSecurityWhite-17\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GoogleSecurityWhite_17-0\">17.0<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleSecurityWhite_17-1\">17.1<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleSecurityWhite_17-2\">17.2<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleSecurityWhite_17-3\">17.3<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleSecurityWhite_17-4\">17.4<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleSecurityWhite_17-5\">17.5<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleSecurityWhite_17-6\">17.6<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/docs\/security\/overview\/whitepaper\" target=\"_blank\">\"Google security overview\"<\/a>. Google Cloud. May 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/docs\/security\/overview\/whitepaper\" target=\"_blank\">https:\/\/cloud.google.com\/docs\/security\/overview\/whitepaper<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+security+overview&rft.atitle=&rft.date=May+2022&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fdocs%2Fsecurity%2Foverview%2Fwhitepaper&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleDataProc20-18\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GoogleDataProc20_18-0\">18.0<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleDataProc20_18-1\">18.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/terms\/data-processing-addendum\" target=\"_blank\">\"Cloud Data Processing Addendum (Customers)\"<\/a>. Google Cloud. 20 September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/terms\/data-processing-addendum\" target=\"_blank\">https:\/\/cloud.google.com\/terms\/data-processing-addendum<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Data+Processing+Addendum+%28Customers%29&rft.atitle=&rft.date=20+September+2022&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fterms%2Fdata-processing-addendum&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleInfra17-19\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GoogleInfra17_19-0\">19.0<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleInfra17_19-1\">19.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/static\/docs\/security\/infrastructure\/design\/resources\/google_infrastructure_whitepaper_fa.pdf\" target=\"_blank\">\"Google Infrastructure Security Design Overview\"<\/a> (PDF). Google Cloud. June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/static\/docs\/security\/infrastructure\/design\/resources\/google_infrastructure_whitepaper_fa.pdf\" target=\"_blank\">https:\/\/cloud.google.com\/static\/docs\/security\/infrastructure\/design\/resources\/google_infrastructure_whitepaper_fa.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+Infrastructure+Security+Design+Overview&rft.atitle=&rft.date=June+2023&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fstatic%2Fdocs%2Fsecurity%2Finfrastructure%2Fdesign%2Fresources%2Fgoogle_infrastructure_whitepaper_fa.pdf&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleSCC-20\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleSCC_20-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security-command-center\/\" target=\"_blank\">\"Security Command Center\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/security-command-center\/\" target=\"_blank\">https:\/\/cloud.google.com\/security-command-center\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Security+Command+Center&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fsecurity-command-center%2F&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleSpeechToData-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleSpeechToData_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/speech-to-text\/docs\/data-logging\" target=\"_blank\">\"Data logging\"<\/a>. <i>Cloud Speech-to-Text<\/i>. Google Cloud. 2 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/speech-to-text\/docs\/data-logging\" target=\"_blank\">https:\/\/cloud.google.com\/speech-to-text\/docs\/data-logging<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+logging&rft.atitle=Cloud+Speech-to-Text&rft.date=2+August+2023&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fspeech-to-text%2Fdocs%2Fdata-logging&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleHIPAA-22\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleHIPAA_22-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/hipaa\" target=\"_blank\">\"HIPAA Compliance on Google Cloud\"<\/a>. Google Cloud. 27 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/security\/compliance\/hipaa\" target=\"_blank\">https:\/\/cloud.google.com\/security\/compliance\/hipaa<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=HIPAA+Compliance+on+Google+Cloud&rft.atitle=&rft.date=27+July+2023&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fsecurity%2Fcompliance%2Fhipaa&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleToS21-23\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GoogleToS21_23-0\">23.0<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleToS21_23-1\">23.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/terms\" target=\"_blank\">\"Google Cloud Platform Terms of Service\"<\/a>. Google Cloud. 12 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/terms\" target=\"_blank\">https:\/\/cloud.google.com\/terms<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+Cloud+Platform+Terms+of+Service&rft.atitle=&rft.date=12+July+2023&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fterms&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleRegions-24\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleRegions_24-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/compute\/docs\/regions-zones\" target=\"_blank\">\"Regions and zones\"<\/a>. <i>Compute Engine Documentation<\/i>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/compute\/docs\/regions-zones\" target=\"_blank\">https:\/\/cloud.google.com\/compute\/docs\/regions-zones<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Regions+and+zones&rft.atitle=Compute+Engine+Documentation&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fcompute%2Fdocs%2Fregions-zones&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleTransfer-25\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleTransfer_25-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/storage-transfer-service\" target=\"_blank\">\"Storage Transfer Service\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/storage-transfer-service\" target=\"_blank\">https:\/\/cloud.google.com\/storage-transfer-service<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Storage+Transfer+Service&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fstorage-transfer-service&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleSWIPO-26\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleSWIPO_26-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/swipo-codes\" target=\"_blank\">\"SWIPO Data Portability Code of Conduct\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/security\/compliance\/swipo-codes\" target=\"_blank\">https:\/\/cloud.google.com\/security\/compliance\/swipo-codes<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SWIPO+Data+Portability+Code+of+Conduct&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fsecurity%2Fcompliance%2Fswipo-codes&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WeissbrotGoogle19-27\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WeissbrotGoogle19_27-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Weissbrot, A. (26 November 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/adexchanger.com\/agencies\/google-exits-managed-services-welcome-news-for-its-key-agency-partners\/\" target=\"_blank\">\"Google Exits Managed Services, Welcome News For Its Key Agency Partners\"<\/a>. <i>Ad Exchanger<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/adexchanger.com\/agencies\/google-exits-managed-services-welcome-news-for-its-key-agency-partners\/\" target=\"_blank\">https:\/\/adexchanger.com\/agencies\/google-exits-managed-services-welcome-news-for-its-key-agency-partners\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+Exits+Managed+Services%2C+Welcome+News+For+Its+Key+Agency+Partners&rft.atitle=Ad+Exchanger&rft.aulast=Weissbrot%2C+A.&rft.au=Weissbrot%2C+A.&rft.date=26+November+2019&rft_id=https%3A%2F%2Fadexchanger.com%2Fagencies%2Fgoogle-exits-managed-services-welcome-news-for-its-key-agency-partners%2F&rfr_id=info:sid\/en.wikipedia.org:Google_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816004852\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.348 seconds\nReal time usage: 0.367 seconds\nPreprocessor visited node count: 19076\/1000000\nPost\u2010expand include size: 95413\/2097152 bytes\nTemplate argument size: 34642\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 34927\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 317.400 1 -total\n 79.71% 252.988 1 Template:Reflist\n 69.68% 221.160 27 Template:Cite_web\n 64.22% 203.832 27 Template:Citation\/core\n 15.00% 47.619 1 Template:Infobox_company\n 13.63% 43.247 1 Template:Infobox\n 9.19% 29.175 10 Template:Date\n 8.69% 27.588 81 Template:Infobox\/row\n 4.69% 14.884 38 Template:Citation\/make_link\n 2.31% 7.338 1 Template:URL\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12481-0!canonical and timestamp 20230816004851 and revision id 52738. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Google_Cloud\">https:\/\/www.limswiki.org\/index.php\/Google_Cloud<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","cba743b045cae23df5415fc78c061dab_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/d\/d2\/Google_Cloud_logo.png"],"cba743b045cae23df5415fc78c061dab_timestamp":1692220361,"34d141ef0de0e9a6a440133994ac0514_type":"article","34d141ef0de0e9a6a440133994ac0514_title":"DigitalOcean","34d141ef0de0e9a6a440133994ac0514_url":"https:\/\/www.limswiki.org\/index.php\/DigitalOcean","34d141ef0de0e9a6a440133994ac0514_plaintext":"\n\nDigitalOceanFrom LIMSWikiJump to navigationJump to searchDigitalOcean\nIndustry\n \nCloud computing, Web services, InternetFounder(s)\n \nMoisey Uretsky\r\nBen Uretsky\r\nJeff Carr\r\nAlec Hartman\r\nMitch WainerHeadquarters\n \nNew York City, New York , United States Area served\n \nWorldwideKey people\n \nYancey Spruill (CEO)Products\n \nIaaS, PaaS, DBaaS, SaaSRevenue\n \n$165.1 million (2023, Q1)[1]Website\n \ndigitalocean.com \n\n\r\n\nDigitalOcean is an American cloud computing company that provides public and private cloud solutions to enterprises, organizations, governments, and individuals. DigitalOcean has 14 data centers located in the U.S., Netherlands, Singapore, United Kingdom, Germany, Canada, India, and Australia.[2] The company provides more than 30 different products and services representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, container management, developer support, and managed services.[3][4]\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nThe only publicly available information linking DigitalOcean with a laboratory is the fact that DigitalOcean's CFO Steve Senneff used to work as a senior financial analyst at Abbott Laboratories.[5] You'll have to have a discussion with a DigitalOcean representative to determine what, if any, experience the provider has working with laboratories.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nIt will ultimately be up to your organization to get an answer tailored to your systems and business processes. DigitalOcean doesn't say a whole lot about integrations on the front- or backend. The company does have a page about integration tools, which you can use to \"interact with your infrastructure the way you want to.\"[6] This includes their command-line interface doctl for managing Droplets and other resources, as well as an API.[6]\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nSome public information is made available about historic outages and downtime. DigitalOcean has a systems status page with status history. You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. The company also claims to have improved its network monitoring strategy for \"every single Droplet that runs\" on their infrastructure.[7] A follow-up on this question with a DigitalOcean representative may reveal more historical downtime history for the services you are interested in.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nDigitalOcean does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with DigitalOcean what downtime support they provide based on the services your organization are interested in.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nDigitalOcean describes its datacenter regions in its online documentation. As of this writing, they are located in the U.S., Netherlands, Singapore, United Kingdom, Germany, Canada, India, and Australia. DigitalOcean uses its Spaces Content Delivery Network, which \"minimizes page load times, improves performance, and reduces bandwidth and infrastructure costs\" of requested content.[8] However, DigitalOcean is light on details in regards to secure data transfers. On their security FAQ, they say the following: \"Tight role-based access, two-factor authentication, secure network zones, bastion hosts, and secrets management underpin our approach to securing our management layer. Vulnerability and patch management as well as security observability tools help us keep on top of the ever-shifting risk in our infrastructure. We\u2019re also currently on the path toward a broader 'zero-trust' model for access to resources within our environment.\"[9] The company also discusses data transfers under the scope of Privacy Shield and Standard Contractual Clauses on its trust center. DigitalOcean doesn't appear to discuss data localization on its site.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nDigitalOcean is not fully public with their physical access protocols. In a 2019 query, a potential customer asked about physical security, and they were told to review the legal literature for the company. The current data processing agreement says the following about physical access to systems[10]:\n\nDigitalOcean data centers are located in nondescript buildings that are physically constructed, managed, and monitored 24 hours a day to protect data and services from unauthorized access as well as environmental threats. All data centers are surrounded by a fence with access restricted through badge controlled gates. \nCCTV is used to monitor physical access to data centers and the information systems. Cameras are positioned to monitor perimeter doors, facility entrances and exits, interior aisles, caged areas, high-security areas, shipping and receiving, facility external areas such as parking lots and other areas of the facilities.\nAs for credentials, certifications, and training, nothing is said. Discuss this with a DigitalOcean representative.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nNot all DigitalOcean machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data. (Note that as of August 2023, DigitalOcean is reportedly not compliant with HIPAA; see #14.)\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nDigitalOcean's public policy on physical separation vs. logical separation of data is unclear. This is a discussion to have with a representative.\nDigitalOcean talks a little bit about tenant isolation in the context of a virtual private cloud (VPC), mentioning VPC networks, SSH keys, cloud firewalls, and service auditing. These are recommended protections for you, the cloud user. However, it's best to discuss DigitalOcean's approach to tenant isolation in full with a representative.\n\r\n\n9. Do you have documented data security policies?\nDigitalOcean documents its security practices in several places:\n\nDigitalOcean account security documentation\nDigitalOcean Data Processing Agreement\nDigitalOcean trust center\nSome security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with a DigitalOcean representative to obtain them.\n\r\n\n10. How do you test your platform's security?\nDigitalOcean doesn't appear to make this information public. They do state: \"DigitalOcean shall further provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm DigitalOcean's compliance with this DPA, provided that Customer shall not exercise this right more than once per year.\"[10] You will have to discuss this with a representative. DigitalOcean also appears to have a bug bounty program, managed by HackerOne.[11]\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nIn its Data Processing Agreement, DigitalOcean addresses security audits. In particular, if you, the customer, do not find DigitalOcean's documentation and audit reports sufficient, the customer can execute an audit of DigitalOcean's systems but at the customer's expense.[10] Read the Data Processing Agreement for more.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nDigitalOcean's data logging tool for customers is Monitoring, a tool powered by DigitalOcean's own open-source agent. It is described as allowing the customer to simplify \"your toolset to collect system-level metrics all in one place,\" including the ability to \"view graphs, track performance, and set up alerts instantly within your control panel.\"[12] However, DigitalOcean doesn't appear to make it publicly clear if they use these tools for their own data logging, let alone what they do with data logs related to your data. Be sure a DigitalOcean representative is clear about what logging information they collect and use as it relates to your data.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nYou can of course manage and view logs related to your own activities. However, it's unclear if you are able to audit internal DigitalOcean logs on-demand. This is a conversation to have with a representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nAs of August 2023[update], DigitalOcean states that \"DigitalOcean is not HIPAA compliant, therefore, healthcare organizations should consider an alternative.\"[13]\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nDigitalOcean only states: \"Upon deactivation of the Services, all Personal Data shall be deleted, save that this requirement shall not apply to the extent DigitalOcean is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data DigitalOcean shall securely isolate and protect from any further processing, except to the extent required by applicable law.\"[10] This statement doesn't provide sufficient clarity, and you should have a DigitalOcean representative address this question in full.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how DigitalOcean would handle your data should they go out of business, nor do they mention anything about catastrophic loss on their site. Consult with a DigitalOcean representative about this topic.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nDigitalOcean has a page dedicated to data portability. On it, they give tutorials and documents to assist you with moving content and data from Droplets, Block Storage volumes, and Spaces. It doesn't address format, which may be an important question for a DigitalOcean representative.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a DigitalOcean representative.\n\nManaged security services \nDigitalOcean doesn't appear to provide managed security services for cloud customers.\n\r\n\n\nAdditional information \nDocumentation and other media \nDigitalOcean Documentation\nExternal links \nDigitalOcean architecture framework or description\nDigitalOcean shared responsibility model\nDigitalOcean trust center\nReferences \n\n\n\u2191 \"DigitalOcean Announces First Quarter 2023 Financial Results\". DigitalOcean. 9 May 2023. https:\/\/investors.digitalocean.com\/news\/news-details\/2023\/DigitalOcean-Announces-First-Quarter-2023-Financial-Results\/default.aspx . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Regional Availability Matrix\". DigitalOcean. 7 July 2023. https:\/\/docs.digitalocean.com\/products\/platform\/availability-matrix\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Products\". DigitalOcean. https:\/\/www.digitalocean.com\/products . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Solutions\". DigitalOcean. https:\/\/www.digitalocean.com\/business . Retrieved 02 August 2023 .   \n \n\n\u2191 \"DigitalOcean Appoints Steve Senneff as CFO\". CityBizList. 15 August 2017. https:\/\/newyork.citybuzz.co\/article\/435862\/digitalocean-appoints-steve-senneff-as-cfo . Retrieved 02 August 2023 .   \n \n\n\u2191 6.0 6.1 \"Automate your infrastructure\". DigitalOcean. https:\/\/www.digitalocean.com\/products\/tools-and-integrations . Retrieved 02 August 2023 .   \n \n\n\u2191 Migliaccio, A. (11 February 2021). \"A glimpse into network availability\". DigitalOcean Blog. https:\/\/www.digitalocean.com\/blog\/a-glimpse-into-network-availability\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"How to Enable the Spaces CDN\". DigitalOcean Documentation. 7 June 2023. https:\/\/docs.digitalocean.com\/products\/spaces\/how-to\/enable-cdn\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Frequently Asked Questions\". DigitalOcean Trust Platform. DigitalOcean. https:\/\/www.digitalocean.com\/trust\/faq\/ . Retrieved 02 August 2023 .   \n \n\n\u2191 10.0 10.1 10.2 10.3 \"Data Processing Agreement\". DigitalOcean. 31 July 2020. https:\/\/www.digitalocean.com\/legal\/data-processing-agreement . Retrieved 02 August 2023 .   \n \n\n\u2191 \"DigitalOcean Vulnerability Disclosure Program\". HackerOne. March 2020. https:\/\/hackerone.com\/digitalocean?type=team . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Seamless infrastructure monitoring\". DigitalOcean. https:\/\/www.digitalocean.com\/products\/monitoring . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Managed Databases\". DigitalOcean. https:\/\/www.digitalocean.com\/security\/shared-responsibility-model-managed-databases . Retrieved 02 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/DigitalOcean\">https:\/\/www.limswiki.org\/index.php\/DigitalOcean<\/a>\nCategories: Articles containing potentially dated statements from August 2023Articles with invalid date parameter in templateAll articles containing potentially dated statementsNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 2 August 2023, at 17:31.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,256 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","34d141ef0de0e9a6a440133994ac0514_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-DigitalOcean rootpage-DigitalOcean skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">DigitalOcean<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>DigitalOcean<\/b> is an American <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> company that provides public and private cloud solutions to enterprises, organizations, governments, and individuals. DigitalOcean has 14 data centers located in the U.S., Netherlands, Singapore, United Kingdom, Germany, Canada, India, and Australia.<sup id=\"rdp-ebb-cite_ref-DORegional21_2-0\" class=\"reference\"><a href=\"#cite_note-DORegional21-2\">[2]<\/a><\/sup> The company provides more than 30 different products and services representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, container management, developer support, and managed services.<sup id=\"rdp-ebb-cite_ref-DOProds_3-0\" class=\"reference\"><a href=\"#cite_note-DOProds-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-DOSolutions_4-0\" class=\"reference\"><a href=\"#cite_note-DOSolutions-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>The only publicly available information linking DigitalOcean with a <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratory<\/a> is the fact that DigitalOcean's CFO Steve Senneff used to work as a senior financial analyst at Abbott Laboratories.<sup id=\"rdp-ebb-cite_ref-CBLDigital17_5-0\" class=\"reference\"><a href=\"#cite_note-CBLDigital17-5\">[5]<\/a><\/sup> You'll have to have a discussion with a DigitalOcean representative to determine what, if any, experience the provider has working with laboratories.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>It will ultimately be up to your organization to get an answer tailored to your systems and business processes. DigitalOcean doesn't say a whole lot about integrations on the front- or backend. The company does have a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/products\/tools-and-integrations\" target=\"_blank\">page about integration tools<\/a>, which you can use to \"interact with your infrastructure the way you want to.\"<sup id=\"rdp-ebb-cite_ref-DOAutomate_6-0\" class=\"reference\"><a href=\"#cite_note-DOAutomate-6\">[6]<\/a><\/sup> This includes their command-line interface doctl for managing Droplets and other resources, as well as an API.<sup id=\"rdp-ebb-cite_ref-DOAutomate_6-1\" class=\"reference\"><a href=\"#cite_note-DOAutomate-6\">[6]<\/a><\/sup>\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Some public information is made available about historic outages and downtime. DigitalOcean has a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/status.digitalocean.com\/\" target=\"_blank\">systems status page<\/a> with status history. You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. The company also claims to have improved its network monitoring strategy for \"every single Droplet that runs\" on their infrastructure.<sup id=\"rdp-ebb-cite_ref-MigliaccioAGlimpse21_7-0\" class=\"reference\"><a href=\"#cite_note-MigliaccioAGlimpse21-7\">[7]<\/a><\/sup> A follow-up on this question with a DigitalOcean representative may reveal more historical downtime history for the services you are interested in.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>DigitalOcean does not make this answer clear. However, the answer is likely tied to what <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/products\/support\/\" target=\"_blank\">after-sales support plan<\/a> you choose. Confirm with DigitalOcean what downtime support they provide based on the services your organization are interested in.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>DigitalOcean describes its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.digitalocean.com\/products\/platform\/availability-matrix\/\" target=\"_blank\">datacenter regions<\/a> in its online documentation. As of this writing, they are located in the U.S., Netherlands, Singapore, United Kingdom, Germany, Canada, India, and Australia. DigitalOcean uses its Spaces Content Delivery Network, which \"minimizes page load times, improves performance, and reduces bandwidth and infrastructure costs\" of requested content.<sup id=\"rdp-ebb-cite_ref-DOHowToEnable21_8-0\" class=\"reference\"><a href=\"#cite_note-DOHowToEnable21-8\">[8]<\/a><\/sup> However, DigitalOcean is light on details in regards to secure data transfers. On their security FAQ, they say the following: \"Tight role-based access, two-factor authentication, secure network zones, bastion hosts, and secrets management underpin our approach to securing our management layer. Vulnerability and patch management as well as security observability tools help us keep on top of the ever-shifting risk in our infrastructure. We\u2019re also currently on the path toward a broader 'zero-trust' model for access to resources within our environment.\"<sup id=\"rdp-ebb-cite_ref-DOTrustFAQ_9-0\" class=\"reference\"><a href=\"#cite_note-DOTrustFAQ-9\">[9]<\/a><\/sup> The company also discusses data transfers under the scope of Privacy Shield and Standard Contractual Clauses <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/trust\/resources\" target=\"_blank\">on its trust center<\/a>. DigitalOcean doesn't appear to discuss data localization on its site.\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>DigitalOcean is not fully public with their physical access protocols. In a 2019 query, a potential customer <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/community\/questions\/datacenter-security-details\" target=\"_blank\">asked about physical security<\/a>, and they were told to review the legal literature for the company. The current <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/legal\/data-processing-agreement\" target=\"_blank\">data processing agreement<\/a> says the following about physical access to systems<sup id=\"rdp-ebb-cite_ref-DODataProcessing20_10-0\" class=\"reference\"><a href=\"#cite_note-DODataProcessing20-10\">[10]<\/a><\/sup>:\n<\/p>\n<blockquote><p>DigitalOcean data centers are located in nondescript buildings that are physically constructed, managed, and monitored 24 hours a day to protect data and services from unauthorized access as well as environmental threats. All data centers are surrounded by a fence with access restricted through badge controlled gates. \nCCTV is used to monitor physical access to data centers and the information systems. Cameras are positioned to monitor perimeter doors, facility entrances and exits, interior aisles, caged areas, high-security areas, shipping and receiving, facility external areas such as parking lots and other areas of the facilities.<\/p><\/blockquote>\n<p>As for credentials, certifications, and training, nothing is said. Discuss this with a DigitalOcean representative.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Not all <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.digitalocean.com\/products\/platform\/availability-matrix\/\" target=\"_blank\">DigitalOcean machines<\/a> have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data. (Note that as of August 2023, DigitalOcean is reportedly not compliant with <a href=\"https:\/\/www.limswiki.org\/index.php\/HIPAA\" class=\"mw-redirect wiki-link\" title=\"HIPAA\" data-key=\"70050974d1eda9ff8cf9ecf7e4fcd015\">HIPAA<\/a>; see #14.)\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>DigitalOcean's public policy on physical separation vs. logical separation of data is unclear. This is a discussion to have with a representative.\n<\/p><p>DigitalOcean talks a little bit about tenant isolation in the context of a virtual private cloud (VPC), mentioning VPC networks, SSH keys, cloud firewalls, and service auditing. These are recommended protections for you, the cloud user. However, it's best to discuss DigitalOcean's approach to tenant isolation in full with a representative.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>DigitalOcean documents its security practices in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.digitalocean.com\/products\/teams\/how-to\/#security\" target=\"_blank\">DigitalOcean account security documentation<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/legal\/data-processing-agreement\" target=\"_blank\">DigitalOcean Data Processing Agreement<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/trust\/\" target=\"_blank\">DigitalOcean trust center<\/a><\/li><\/ul>\n<p>Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with a DigitalOcean representative to obtain them.\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>DigitalOcean doesn't appear to make this information public. They do state: \"DigitalOcean shall further provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm DigitalOcean's compliance with this DPA, provided that Customer shall not exercise this right more than once per year.\"<sup id=\"rdp-ebb-cite_ref-DODataProcessing20_10-1\" class=\"reference\"><a href=\"#cite_note-DODataProcessing20-10\">[10]<\/a><\/sup> You will have to discuss this with a representative. DigitalOcean also appears to have a bug bounty program, managed by HackerOne.<sup id=\"rdp-ebb-cite_ref-HackerOneDO_11-0\" class=\"reference\"><a href=\"#cite_note-HackerOneDO-11\">[11]<\/a><\/sup>\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p>In its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/legal\/data-processing-agreement\" target=\"_blank\">Data Processing Agreement<\/a>, DigitalOcean addresses security audits. In particular, if you, the customer, do not find DigitalOcean's documentation and audit reports sufficient, the customer can execute an audit of DigitalOcean's systems but at the customer's expense.<sup id=\"rdp-ebb-cite_ref-DODataProcessing20_10-2\" class=\"reference\"><a href=\"#cite_note-DODataProcessing20-10\">[10]<\/a><\/sup> Read the Data Processing Agreement for more.\n<\/p><p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>DigitalOcean's data logging tool for customers is Monitoring, a tool powered by DigitalOcean's own open-source agent. It is described as allowing the customer to simplify \"your toolset to collect system-level metrics all in one place,\" including the ability to \"view graphs, track performance, and set up alerts instantly within your control panel.\"<sup id=\"rdp-ebb-cite_ref-DOMonitoring_12-0\" class=\"reference\"><a href=\"#cite_note-DOMonitoring-12\">[12]<\/a><\/sup> However, DigitalOcean doesn't appear to make it publicly clear if they use these tools for their own data logging, let alone what they do with data logs related to your data. Be sure a DigitalOcean representative is clear about what logging information they collect and use as it relates to your data.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>You can of course manage and view logs related to your own activities. However, it's unclear if you are able to audit internal DigitalOcean logs on-demand. This is a conversation to have with a representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>As of August 2023<sup class=\"plainlinks noprint asof-tag update\" style=\"display:none;\"><\/sup>, DigitalOcean states that \"DigitalOcean is not HIPAA compliant, therefore, healthcare organizations should consider an alternative.\"<sup id=\"rdp-ebb-cite_ref-DOManagedDB_13-0\" class=\"reference\"><a href=\"#cite_note-DOManagedDB-13\">[13]<\/a><\/sup>\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>DigitalOcean only states: \"Upon deactivation of the Services, all Personal Data shall be deleted, save that this requirement shall not apply to the extent DigitalOcean is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data DigitalOcean shall securely isolate and protect from any further processing, except to the extent required by applicable law.\"<sup id=\"rdp-ebb-cite_ref-DODataProcessing20_10-3\" class=\"reference\"><a href=\"#cite_note-DODataProcessing20-10\">[10]<\/a><\/sup> This statement doesn't provide sufficient clarity, and you should have a DigitalOcean representative address this question in full.\n<\/p><p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how DigitalOcean would handle your data should they go out of business, nor do they mention anything about catastrophic loss on their site. Consult with a DigitalOcean representative about this topic.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>DigitalOcean has a page dedicated to <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/legal\/data-portability\" target=\"_blank\">data portability<\/a>. On it, they give tutorials and documents to assist you with moving content and data from Droplets, Block Storage volumes, and Spaces. It doesn't address format, which may be an important question for a DigitalOcean representative.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a DigitalOcean representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>DigitalOcean doesn't appear to provide managed security services for cloud customers.\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.digitalocean.com\/\" target=\"_blank\">DigitalOcean Documentation<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.digitalocean.com\/products\/platform\/availability-matrix\/\" target=\"_blank\">DigitalOcean architecture framework or description<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/trust\/faq\" target=\"_blank\">DigitalOcean shared responsibility model<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/trust\" target=\"_blank\">DigitalOcean trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-DOQ1_23-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DOQ1_23_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/investors.digitalocean.com\/news\/news-details\/2023\/DigitalOcean-Announces-First-Quarter-2023-Financial-Results\/default.aspx\" target=\"_blank\">\"DigitalOcean Announces First Quarter 2023 Financial Results\"<\/a>. DigitalOcean. 9 May 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/investors.digitalocean.com\/news\/news-details\/2023\/DigitalOcean-Announces-First-Quarter-2023-Financial-Results\/default.aspx\" target=\"_blank\">https:\/\/investors.digitalocean.com\/news\/news-details\/2023\/DigitalOcean-Announces-First-Quarter-2023-Financial-Results\/default.aspx<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=DigitalOcean+Announces+First+Quarter+2023+Financial+Results&rft.atitle=&rft.date=9+May+2023&rft.pub=DigitalOcean&rft_id=https%3A%2F%2Finvestors.digitalocean.com%2Fnews%2Fnews-details%2F2023%2FDigitalOcean-Announces-First-Quarter-2023-Financial-Results%2Fdefault.aspx&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DORegional21-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DORegional21_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.digitalocean.com\/products\/platform\/availability-matrix\/\" target=\"_blank\">\"Regional Availability Matrix\"<\/a>. DigitalOcean. 7 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.digitalocean.com\/products\/platform\/availability-matrix\/\" target=\"_blank\">https:\/\/docs.digitalocean.com\/products\/platform\/availability-matrix\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Regional+Availability+Matrix&rft.atitle=&rft.date=7+July+2023&rft.pub=DigitalOcean&rft_id=https%3A%2F%2Fdocs.digitalocean.com%2Fproducts%2Fplatform%2Favailability-matrix%2F&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DOProds-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DOProds_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/products\" target=\"_blank\">\"Products\"<\/a>. DigitalOcean<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.digitalocean.com\/products\" target=\"_blank\">https:\/\/www.digitalocean.com\/products<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Products&rft.atitle=&rft.pub=DigitalOcean&rft_id=https%3A%2F%2Fwww.digitalocean.com%2Fproducts&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DOSolutions-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DOSolutions_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/business\" target=\"_blank\">\"Solutions\"<\/a>. DigitalOcean<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.digitalocean.com\/business\" target=\"_blank\">https:\/\/www.digitalocean.com\/business<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Solutions&rft.atitle=&rft.pub=DigitalOcean&rft_id=https%3A%2F%2Fwww.digitalocean.com%2Fbusiness&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CBLDigital17-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CBLDigital17_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/newyork.citybuzz.co\/article\/435862\/digitalocean-appoints-steve-senneff-as-cfo\" target=\"_blank\">\"DigitalOcean Appoints Steve Senneff as CFO\"<\/a>. <i>CityBizList<\/i>. 15 August 2017<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/newyork.citybuzz.co\/article\/435862\/digitalocean-appoints-steve-senneff-as-cfo\" target=\"_blank\">https:\/\/newyork.citybuzz.co\/article\/435862\/digitalocean-appoints-steve-senneff-as-cfo<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=DigitalOcean+Appoints+Steve+Senneff+as+CFO&rft.atitle=CityBizList&rft.date=15+August+2017&rft_id=https%3A%2F%2Fnewyork.citybuzz.co%2Farticle%2F435862%2Fdigitalocean-appoints-steve-senneff-as-cfo&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DOAutomate-6\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-DOAutomate_6-0\">6.0<\/a><\/sup> <sup><a href=\"#cite_ref-DOAutomate_6-1\">6.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/products\/tools-and-integrations\" target=\"_blank\">\"Automate your infrastructure\"<\/a>. DigitalOcean<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.digitalocean.com\/products\/tools-and-integrations\" target=\"_blank\">https:\/\/www.digitalocean.com\/products\/tools-and-integrations<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Automate+your+infrastructure&rft.atitle=&rft.pub=DigitalOcean&rft_id=https%3A%2F%2Fwww.digitalocean.com%2Fproducts%2Ftools-and-integrations&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MigliaccioAGlimpse21-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MigliaccioAGlimpse21_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Migliaccio, A. (11 February 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/blog\/a-glimpse-into-network-availability\/\" target=\"_blank\">\"A glimpse into network availability\"<\/a>. <i>DigitalOcean Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.digitalocean.com\/blog\/a-glimpse-into-network-availability\/\" target=\"_blank\">https:\/\/www.digitalocean.com\/blog\/a-glimpse-into-network-availability\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=A+glimpse+into+network+availability&rft.atitle=DigitalOcean+Blog&rft.aulast=Migliaccio%2C+A.&rft.au=Migliaccio%2C+A.&rft.date=11+February+2021&rft_id=https%3A%2F%2Fwww.digitalocean.com%2Fblog%2Fa-glimpse-into-network-availability%2F&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DOHowToEnable21-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DOHowToEnable21_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.digitalocean.com\/products\/spaces\/how-to\/enable-cdn\/\" target=\"_blank\">\"How to Enable the Spaces CDN\"<\/a>. <i>DigitalOcean Documentation<\/i>. 7 June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.digitalocean.com\/products\/spaces\/how-to\/enable-cdn\/\" target=\"_blank\">https:\/\/docs.digitalocean.com\/products\/spaces\/how-to\/enable-cdn\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+to+Enable+the+Spaces+CDN&rft.atitle=DigitalOcean+Documentation&rft.date=7+June+2023&rft_id=https%3A%2F%2Fdocs.digitalocean.com%2Fproducts%2Fspaces%2Fhow-to%2Fenable-cdn%2F&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DOTrustFAQ-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DOTrustFAQ_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/trust\/faq\/\" target=\"_blank\">\"Frequently Asked Questions\"<\/a>. <i>DigitalOcean Trust Platform<\/i>. DigitalOcean<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.digitalocean.com\/trust\/faq\/\" target=\"_blank\">https:\/\/www.digitalocean.com\/trust\/faq\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Frequently+Asked+Questions&rft.atitle=DigitalOcean+Trust+Platform&rft.pub=DigitalOcean&rft_id=https%3A%2F%2Fwww.digitalocean.com%2Ftrust%2Ffaq%2F&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DODataProcessing20-10\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-DODataProcessing20_10-0\">10.0<\/a><\/sup> <sup><a href=\"#cite_ref-DODataProcessing20_10-1\">10.1<\/a><\/sup> <sup><a href=\"#cite_ref-DODataProcessing20_10-2\">10.2<\/a><\/sup> <sup><a href=\"#cite_ref-DODataProcessing20_10-3\">10.3<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/legal\/data-processing-agreement\" target=\"_blank\">\"Data Processing Agreement\"<\/a>. DigitalOcean. 31 July 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.digitalocean.com\/legal\/data-processing-agreement\" target=\"_blank\">https:\/\/www.digitalocean.com\/legal\/data-processing-agreement<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+Processing+Agreement&rft.atitle=&rft.date=31+July+2020&rft.pub=DigitalOcean&rft_id=https%3A%2F%2Fwww.digitalocean.com%2Flegal%2Fdata-processing-agreement&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HackerOneDO-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HackerOneDO_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/hackerone.com\/digitalocean?type=team\" target=\"_blank\">\"DigitalOcean Vulnerability Disclosure Program\"<\/a>. HackerOne. March 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/hackerone.com\/digitalocean?type=team\" target=\"_blank\">https:\/\/hackerone.com\/digitalocean?type=team<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=DigitalOcean+Vulnerability+Disclosure+Program&rft.atitle=&rft.date=March+2020&rft.pub=HackerOne&rft_id=https%3A%2F%2Fhackerone.com%2Fdigitalocean%3Ftype%3Dteam&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DOMonitoring-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DOMonitoring_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/products\/monitoring\" target=\"_blank\">\"Seamless infrastructure monitoring\"<\/a>. DigitalOcean<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.digitalocean.com\/products\/monitoring\" target=\"_blank\">https:\/\/www.digitalocean.com\/products\/monitoring<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Seamless+infrastructure+monitoring&rft.atitle=&rft.pub=DigitalOcean&rft_id=https%3A%2F%2Fwww.digitalocean.com%2Fproducts%2Fmonitoring&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DOManagedDB-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DOManagedDB_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/security\/shared-responsibility-model-managed-databases\" target=\"_blank\">\"Managed Databases\"<\/a>. DigitalOcean<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.digitalocean.com\/security\/shared-responsibility-model-managed-databases\" target=\"_blank\">https:\/\/www.digitalocean.com\/security\/shared-responsibility-model-managed-databases<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Databases&rft.atitle=&rft.pub=DigitalOcean&rft_id=https%3A%2F%2Fwww.digitalocean.com%2Fsecurity%2Fshared-responsibility-model-managed-databases&rfr_id=info:sid\/en.wikipedia.org:DigitalOcean\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210000\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.216 seconds\nReal time usage: 0.264 seconds\nPreprocessor visited node count: 12709\/1000000\nPost\u2010expand include size: 55372\/2097152 bytes\nTemplate argument size: 25525\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 1\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 16632\/5000000 bytes\nLua time usage: 0.020\/7 seconds\nLua virtual size: 4939776\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 235.039 1 -total\n 51.80% 121.751 1 Template:Infobox_company\n 50.13% 117.827 1 Template:Infobox\n 44.01% 103.442 81 Template:Infobox\/row\n 39.66% 93.214 1 Template:Reflist\n 36.08% 84.812 1 Template:URL\n 33.36% 78.417 1 Template:Str_right\n 32.98% 77.526 13 Template:Cite_web\n 32.25% 75.792 1 Template:Str_sub_long\n 29.84% 70.141 13 Template:Citation\/core\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12479-0!canonical and timestamp 20230816210000 and revision id 52737. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/DigitalOcean\">https:\/\/www.limswiki.org\/index.php\/DigitalOcean<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","34d141ef0de0e9a6a440133994ac0514_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/7\/7c\/480px-DigitalOcean_logo.png"],"34d141ef0de0e9a6a440133994ac0514_timestamp":1692220361,"d90a08936e17ff73a53fe4ef1c2dc4d6_type":"article","d90a08936e17ff73a53fe4ef1c2dc4d6_title":"Dell Technologies Cloud","d90a08936e17ff73a53fe4ef1c2dc4d6_url":"https:\/\/www.limswiki.org\/index.php\/Dell_Technologies_Cloud","d90a08936e17ff73a53fe4ef1c2dc4d6_plaintext":"\n\nDell Technologies APEXFrom LIMSWiki(Redirected from Dell Technologies Cloud) Jump to navigationJump to searchDell Technologies APEX\nIndustry\n \nComputing, Cloud computing, Web servicesPredecessor\n \nDell, EMC CorporationFounder(s)\n \nMichael DellHeadquarters\n \nRound Rock, Texas , United States Area served\n \nWorldwideKey people\n \nMichael Dell (CEO)Products\n \nIaaS, DBaaS, DaaS, SaaSRevenue\n \n$25 billion (2023, Q4)[1]Website\n \ndelltechnologies.com\/en-us\/cloud\/ \n\n\r\n\nDell Technologies APEX is a VMware-powered portfolio of consumption-based and as-a-service solutions by Dell Technologies that \"delivers multicloud by design, empowering you to optimize the placement of data and workloads for maximum value within your organization.\"[2] Solutions include Dell APEX Cloud Platform (DACP) for Azure, VMware, and Red Hat OpenShift; Dell APEX Hybrid Cloud for VMware; and Dell APEX Storage, among others.[3] The Dell Technologies APEX solutions support the Alibaba, Amazon, Dell, Google, IBM, and Microsoft public and private clouds, among others.[4]\nOn May 5, 2021, Dell Technologies announced that it had rebranded its Dell Technologies APEX platform to Dell Technologies APEX.[5]\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a hybrid cloud provider, some of the questions from Chapter 5 (e.g., \"How segregated is our cloud data from another customer's\") are not relevant, as they are not providing public cloud services.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nIt's not clear what laboratories have adopted Dell Technologies APEX solutions. However, Dell does discuss putting some of its cloud-scale systems to use in the laboratory realm with its solution brief on Dell EMC PowerScale. A Dell Technologies APEX representative is likely to be able to supply more examples of laboratories that use or have used Dell Technologies APEX.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nDell promotes integration of existing legacy cloud and on-premises platforms with other private and public cloud platforms largely through its Dell Technologies APEX Platform (DTCP) and strong VMware integrations. APEX instances have \"standardized combinations of compute and memory resources\u2014defined by a fixed physical memory-to-core ratio\u2014and powered by Dell VxRail. They are optimized for your virtualized and containerized workload requirements, ranging from small (4GB\/Core) to extra-large (32GB\/Core) memory-to-CPU core ratios.\"[6] On the VMware side, the company adds that \"VxRail, powered by Dell PowerEdge server platforms and VxRail HCI System Software, delivers deep integration across the VMware ecosystem. This means you can rapidly deploy secure on-premises cloud infrastructure and take advantage of a full stack single-click lifecycle management experience.\"[6] These technologies further enhance integration with business processes and systems by allowing for workloads to be seamlessly transferred between public and private cloud infrastructures. For more on this topic, discuss it with a representative.\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nDell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. That said, Dell Technologies provides disaster recovery as a service for hybrid cloud platforms using its Dell Cloud Disaster Recovery and PowerProtect DD for helping laboratories limit the repercussions of their public or private cloud going down.\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nDell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. However, Dell still provides support services for its service offerings. Per its Dell Technologies APEX service offering description, the \"Dell APEX Service includes ... support from Dell for the Dell APEX Service,\" as described within the document. Be sure to confirm the support terms for the service you select.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nDell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. That said, it will be useful to understand the underlying technology supplied by Dell in regards to data transmission to public and private cloud instances. Cloud-based data protection services from Dell such as Kubernetes Data Protection, PowerProtect Cyber Recovery, Cloud Disaster Recovery, and more may be of additional interest.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nDell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. That said, Dell Technologies does state its policies on secure development of products and applications, stating[7]:\n\n\"Dell provides security training to employees on job-specific security best practices and policies to create a security-aware culture across its entire employee community.\"\n\"Dell has established a comprehensive security program, which ... includes analysis activities such as threat modeling, static code analysis, and security testing to discover and address security defects throughout the development lifecycle.\"\n\"Dell has also designed a baseline set of security capabilities to meet customers\u2019 security objectives and compliance requirements.\"\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nDell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. However, as noted in the prior question, as well as Dell's compliance statement, the company attempts to embed strong data protection and compliance mechanisms into its offerings.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nDell Technologies APEX is not a public cloud, and as such, this question is not fully relevant.\n\r\n\n9. Do you have documented data security policies?\nDell Technologies documents its thoughts and practices on security in several places:\n\nDell Technologies trust center\nSecure development at Dell\nDell supply chain security\nDell vulnerability response policy\n\r\n\n10. How do you test your platform's security?\nMany points about security and testing can be found in prior questions (e.g., 6 and 9). For further details, discuss this with a Dell Technologies representative.\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nDell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. That said, Dell's implementation of VMware Cloud Foundation in some of its cloud technologies allows for setting up firewall rules, antivirus scanning and intrusion detection in their hybrid cloud.[8]\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nDell Technologies APEX is not a public cloud, and as such, this question is not fully relevant.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nDell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. However, in its Dell Technologies APEX Services Terms of Service (presumably for its SaaS services), Dell does mention that it[9] :\n\nmonitors and collects telemetry data relating to Your use thereof. Dell may collect certain information related to the Service Offering through a telemetry collector (\u201cCollector\u201d). Such information may include, without limitation, diagnostics, configurations, usage data, performance, deployment location information, and system information sent to Dell automatically by Dell\u2019s systems and tools (\u201cSystem Data\u201d).\nHowever, it's not clear if customers can audit this data on-demand. Consult with a representative to learn more.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nDell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. That said, it's worth noting that the Dell Technologies APEX Services Terms of Service actually mentions HIPAA, stating \"If Customer is subject to the U.S. Health Insurance Portability and Accountability Act (\u201cHIPAA\u201d) and Customer has not executed a Business Associate Agreement (\u201cBAA\u201d) with Dell for the APEX Service, Customer acknowledges that the Dell BAA ... applies to Dell and Customer for the APEX Service.\"[9] As such, if data and information governed by HIPAA gets stored on Dell Technologies APEX machines, it sounds like yes, a business associate agreement will be signed.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nThe company states in its Dell Technologies APEX Services Terms of Service the following[9]:\n\nIf Customer has elected to terminate the Dell APEX Service at the end of Customer\u2019s Subscription Term, Customer will have thirty (30) days from the time Dell notifies Customer and Customer\u2019s Dell Channel Partner, as applicable, of its intent to pick up the Dell APEX System, or if no notice is provided, then thirty (30) days from the last day of the Subscription Term, as applicable, within which to delete Customer Content from the Dell APEX System. If the Subscription is terminated prior to the end of the term, Customer will have thirty (30) days from the time Dell notifies Customer and Customer\u2019s Dell Channel Partner, as applicable, of termination, within which to delete Customer\u2019s Content from the Dell APEX System.\nFor more clarity, discuss this with a Dell Technologies representative.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nPresumably, if Dell goes out of business, you may have to return equipment, but not without first being able to back up data from that equipment first. You'll have to clarify this with a representative. As for catastrophic events: \"To the extent that Dell has any liability for loss of Customer Content, Dell will only be liable for the cost of commercially reasonable and customary efforts to recover the lost Customer Content from Your last available backup.\"[9] Read the Terms of Service and discuss with a representative to confirm.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nAs a hybrid solution, you should be able to extract data at whim to another private of public cloud location.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a Dell Technologies APEX representative.\n\nManaged security services \nDell doesn't appear to explicitly advertise \"managed security services.\" Dell does, however, offer a standard managed services portfolio through its Dell Technologies Managed Services offering.[10] One of the offerings in that managed services portfolio is \"Dell Technologies Managed Detection and Response Pro Plus.\" Dell describes these services as a \"fully-managed, 360\u00b0 security operations solution [that] helps you prevent and respond to attacks and recover if a breach occurs.\"[11] This managed service is described as having four components: agent rollout assistance, thread detection and investigation, response and active remediation, and remote cybersecurity incident response.[11]\n\r\n\n\nAdditional information \nDocumentation and other media \nDell Technologies APEX Cloud Platforms\nDell Technologies APEX Compute\nDell Technologies APEX Data Storage Services Block\nDell Technologies APEX Partner Conversation Guide\nExternal links \nDell Technologies development and auditing practices\nDell Technologies Managed Services\nDell Technologies trust center\nReferences \n\n\n\u2191 \"Dell Technologies Delivers Fourth Quarter and Full Year Fiscal 2023 Financial Results\". Dell Technologies. 2 March 2023. https:\/\/www.dell.com\/en-us\/dt\/corporate\/newsroom\/announcements\/detailpage.press-releases~usa~2023~03~20230302-dell-technologies-delivers-fourth-quarter-and-full-year-fiscal-2023-financial-results.htm . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Dell APEX - Get a more unified multicloud experience with technology you trust\". Dell Technologies. https:\/\/www.dell.com\/en-us\/dt\/apex\/resources\/apex-cloud-experience-ebook.htm . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Dell Technologies APEX\". Dell Technologies. https:\/\/www.dell.com\/en-us\/dt\/apex\/index.htm . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Dell Cloud Tier\". Dell Technologies. https:\/\/www.dell.com\/en-us\/dt\/data-protection\/powerprotect-dd-series\/cloud-tier.htm . Retrieved 02 August 2023 .   \n \n\n\u2191 Agarwal, S. (5 May 2021). \"APEX Cloud Services for All Your Essential Workloads\". Dell Blog. https:\/\/www.dell.com\/en-us\/blog\/apex-cloud-services-for-all-your-essential-workloads\/ . Retrieved 01 August 2023 .   \n \n\n\u2191 6.0 6.1 \"Dell APEX Private Cloud\" (PDF). Dell Technologies. 2023. https:\/\/www.delltechnologies.com\/asset\/en-us\/solutions\/apex\/technical-support\/h19142-apex-private-cloud-spec-sheet.pdf . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Secure Development at Dell\". Dell Technologies. https:\/\/www.dell.com\/en-us\/shop\/secure-development\/cp\/secure-development . Retrieved 02 August 2023 .   \n \n\n\u2191 \"VMware Cloud Foundation on Dell VxRail\" (PDF). Dell Technologies. April 2023. https:\/\/www.delltechnologies.com\/asset\/en-us\/products\/converged-infrastructure\/industry-market\/h17854-vmware-cloud-foundation-on-dell-emc-vxrail-wp.pdf . Retrieved 02 August 2023 .   \n \n\n\u2191 9.0 9.1 9.2 9.3 \"Cloud Service Offerings Agreement\". Dell Technologies. 1 June 2020. https:\/\/i.dell.com\/sites\/csdocuments\/Legal_Docs\/en\/us\/cloud-service-offerings-agreement.pdf . Retrieved 02 August 2023 .   \n \n\n\u2191 \"Dell Managed Services\". Dell Technologies. https:\/\/www.dell.com\/en-us\/dt\/services\/managed-services\/index.htm . Retrieved 02 August 2023 .   \n \n\n\u2191 11.0 11.1 \"Managed Detection and Response Pro Plus\" (PDF). Dell Technologies. https:\/\/www.dell.com\/en-us\/dt\/services\/security-services\/managed-detection-response-pro-plus.htm . Retrieved 02 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Dell_Technologies_Cloud\">https:\/\/www.limswiki.org\/index.php\/Dell_Technologies_Cloud<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 2 August 2023, at 16:54.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 1,368 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","d90a08936e17ff73a53fe4ef1c2dc4d6_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Dell_Technologies_APEX rootpage-Dell_Technologies_APEX skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Dell Technologies APEX<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Dell Technologies APEX<\/b> is a VMware-powered portfolio of consumption-based and as-a-service solutions by Dell Technologies that \"delivers multicloud by design, empowering you to optimize the placement of data and workloads for maximum value within your organization.\"<sup id=\"rdp-ebb-cite_ref-DellTechCloudTake_2-0\" class=\"reference\"><a href=\"#cite_note-DellTechCloudTake-2\">[2]<\/a><\/sup> Solutions include Dell APEX Cloud Platform (DACP) for Azure, VMware, and Red Hat OpenShift; Dell APEX Hybrid Cloud for VMware; and Dell APEX Storage, among others.<sup id=\"rdp-ebb-cite_ref-DellConsumptionGet_3-0\" class=\"reference\"><a href=\"#cite_note-DellConsumptionGet-3\">[3]<\/a><\/sup> The Dell Technologies APEX solutions support the Alibaba, Amazon, Dell, Google, IBM, and Microsoft public and private clouds, among others.<sup id=\"rdp-ebb-cite_ref-DellEMCCloud_4-0\" class=\"reference\"><a href=\"#cite_note-DellEMCCloud-4\">[4]<\/a><\/sup>\n<\/p><p>On May 5, 2021, Dell Technologies announced that it had rebranded its Dell Technologies APEX platform to Dell Technologies APEX.<sup id=\"rdp-ebb-cite_ref-AgarwalAPEX21_5-0\" class=\"reference\"><a href=\"#cite_note-AgarwalAPEX21-5\">[5]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a hybrid cloud provider, some of the questions from Chapter 5 (e.g., \"How segregated is our cloud data from another customer's\") are not relevant, as they are not providing public cloud services.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>It's not clear what <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a> have adopted Dell Technologies APEX solutions. However, Dell does discuss putting some of its cloud-scale systems to use in the laboratory realm with its solution brief on <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.delltechnologies.com\/asset\/no-no\/products\/storage\/briefs-summaries\/h17973-uds-for-digital-pathology-solution-overview.pdf\" target=\"_blank\">Dell EMC PowerScale<\/a>. A Dell Technologies APEX representative is likely to be able to supply more examples of laboratories that use or have used Dell Technologies APEX.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>Dell promotes integration of existing legacy cloud and on-premises platforms with other private and public cloud platforms largely through its Dell Technologies APEX Platform (DTCP) and strong VMware integrations. APEX instances have \"standardized combinations of compute and memory resources\u2014defined by a fixed physical memory-to-core ratio\u2014and powered by Dell VxRail. They are optimized for your virtualized and containerized workload requirements, ranging from small (4GB\/Core) to extra-large (32GB\/Core) memory-to-CPU core ratios.\"<sup id=\"rdp-ebb-cite_ref-DellIntroDTCP21_6-0\" class=\"reference\"><a href=\"#cite_note-DellIntroDTCP21-6\">[6]<\/a><\/sup> On the VMware side, the company adds that \"VxRail, powered by Dell PowerEdge server platforms and VxRail HCI System Software, delivers deep integration across the VMware ecosystem. This means you can rapidly deploy secure on-premises cloud infrastructure and take advantage of a full stack single-click lifecycle management experience.\"<sup id=\"rdp-ebb-cite_ref-DellIntroDTCP21_6-1\" class=\"reference\"><a href=\"#cite_note-DellIntroDTCP21-6\">[6]<\/a><\/sup> These technologies further enhance integration with business processes and systems by allowing for workloads to be seamlessly transferred between public and private cloud infrastructures. For more on this topic, discuss it with a representative.\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Dell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. That said, Dell Technologies provides <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.delltechnologies.com\/asset\/sv-se\/products\/data-protection\/briefs-summaries\/H16867_data_domain_cloud_dr_sb.pdf\" target=\"_blank\">disaster recovery as a service<\/a> for hybrid cloud platforms using its Dell Cloud Disaster Recovery and PowerProtect DD for helping laboratories limit the repercussions of their public or private cloud going down.\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>Dell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. However, Dell still provides support services for its service offerings. Per its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/i.dell.com\/sites\/csdocuments\/Legal_Docs\/en\/us\/dell-apex-compute-onpremises-sd-en.pdf\" target=\"_blank\">Dell Technologies APEX service offering description<\/a>, the \"Dell APEX Service includes ... support from Dell for the Dell APEX Service,\" as described within the document. Be sure to confirm the support terms for the service you select.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>Dell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. That said, it will be useful to understand the underlying technology supplied by Dell in regards to data transmission to public and private cloud instances. Cloud-based <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-hr\/dt\/data-protection\/cloud.htm\" target=\"_blank\">data protection services<\/a> from Dell such as Kubernetes Data Protection, PowerProtect Cyber Recovery, Cloud Disaster Recovery, and more may be of additional interest.\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>Dell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. That said, Dell Technologies does state its policies on secure development of products and applications, stating<sup id=\"rdp-ebb-cite_ref-DellSecureDev_7-0\" class=\"reference\"><a href=\"#cite_note-DellSecureDev-7\">[7]<\/a><\/sup>:\n<\/p>\n<ul><li>\"Dell provides security training to employees on job-specific security best practices and policies to create a security-aware culture across its entire employee community.\"<\/li>\n<li>\"Dell has established a comprehensive security program, which ... includes analysis activities such as threat modeling, static code analysis, and security testing to discover and address security defects throughout the development lifecycle.\"<\/li>\n<li>\"Dell has also designed a baseline set of security capabilities to meet customers\u2019 security objectives and compliance requirements.\"<\/li><\/ul>\n<p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Dell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. However, as noted in the prior question, as well as Dell's <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/lp\/trusted-cloud\" target=\"_blank\">compliance statement<\/a>, the company attempts to embed strong data protection and compliance mechanisms into its offerings.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>Dell Technologies APEX is not a public cloud, and as such, this question is not fully relevant.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>Dell Technologies documents its thoughts and practices on security in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/lp\/trusted-cloud\" target=\"_blank\">Dell Technologies trust center<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/shop\/secure-development\/cp\/secure-development\" target=\"_blank\">Secure development at Dell<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/i.dell.com\/sites\/csdocuments\/CorpComm_Docs\/en\/supply-chain-assurance.pdf\" target=\"_blank\">Dell supply chain security<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/support\/contents\/en-us\/article\/product-support\/self-support-knowledgebase\/security-antivirus\/alerts-vulnerabilities\/dell-vulnerability-response-policy\" target=\"_blank\">Dell vulnerability response policy<\/a><\/li><\/ul>\n<p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>Many points about security and testing can be found in prior questions (e.g., 6 and 9). For further details, discuss this with a Dell Technologies representative.\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p>Dell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. That said, Dell's implementation of VMware Cloud Foundation in some of its cloud technologies allows for setting up firewall rules, antivirus scanning and intrusion detection in their hybrid cloud.<sup id=\"rdp-ebb-cite_ref-DellVMwareCloud21_8-0\" class=\"reference\"><a href=\"#cite_note-DellVMwareCloud21-8\">[8]<\/a><\/sup>\n<\/p><p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>Dell Technologies APEX is not a public cloud, and as such, this question is not fully relevant.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>Dell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. However, in its Dell Technologies APEX Services Terms of Service (presumably for its SaaS services), Dell does mention that it<sup id=\"rdp-ebb-cite_ref-DellCloud20_9-0\" class=\"reference\"><a href=\"#cite_note-DellCloud20-9\">[9]<\/a><\/sup> :\n<\/p>\n<blockquote><p>monitors and collects telemetry data relating to Your use thereof. Dell may collect certain information related to the Service Offering through a telemetry collector (\u201cCollector\u201d). Such information may include, without limitation, diagnostics, configurations, usage data, performance, deployment location information, and system information sent to Dell automatically by Dell\u2019s systems and tools (\u201cSystem Data\u201d).<\/p><\/blockquote>\n<p>However, it's not clear if customers can audit this data on-demand. Consult with a representative to learn more.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>Dell Technologies APEX is not a public cloud, and as such, this question is not fully relevant. That said, it's worth noting that the Dell Technologies APEX Services Terms of Service actually mentions HIPAA, stating \"If Customer is subject to the U.S. Health Insurance Portability and Accountability Act (\u201cHIPAA\u201d) and Customer has not executed a Business Associate Agreement (\u201cBAA\u201d) with Dell for the APEX Service, Customer acknowledges that the Dell BAA ... applies to Dell and Customer for the APEX Service.\"<sup id=\"rdp-ebb-cite_ref-DellCloud20_9-1\" class=\"reference\"><a href=\"#cite_note-DellCloud20-9\">[9]<\/a><\/sup> As such, if data and information governed by HIPAA gets stored on Dell Technologies APEX machines, it sounds like yes, a business associate agreement will be signed.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>The company states in its Dell Technologies APEX Services Terms of Service the following<sup id=\"rdp-ebb-cite_ref-DellCloud20_9-2\" class=\"reference\"><a href=\"#cite_note-DellCloud20-9\">[9]<\/a><\/sup>:\n<\/p>\n<blockquote><p>If Customer has elected to terminate the Dell APEX Service at the end of Customer\u2019s Subscription Term, Customer will have thirty (30) days from the time Dell notifies Customer and Customer\u2019s Dell Channel Partner, as applicable, of its intent to pick up the Dell APEX System, or if no notice is provided, then thirty (30) days from the last day of the Subscription Term, as applicable, within which to delete Customer Content from the Dell APEX System. If the Subscription is terminated prior to the end of the term, Customer will have thirty (30) days from the time Dell notifies Customer and Customer\u2019s Dell Channel Partner, as applicable, of termination, within which to delete Customer\u2019s Content from the Dell APEX System.<\/p><\/blockquote>\n<p>For more clarity, discuss this with a Dell Technologies representative.\n<\/p><p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>Presumably, if Dell goes out of business, you may have to return equipment, but not without first being able to back up data from that equipment first. You'll have to clarify this with a representative. As for catastrophic events: \"To the extent that Dell has any liability for loss of Customer Content, Dell will only be liable for the cost of commercially reasonable and customary efforts to recover the lost Customer Content from Your last available backup.\"<sup id=\"rdp-ebb-cite_ref-DellCloud20_9-3\" class=\"reference\"><a href=\"#cite_note-DellCloud20-9\">[9]<\/a><\/sup> Read the Terms of Service and discuss with a representative to confirm.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>As a hybrid solution, you should be able to extract data at whim to another private of public cloud location.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a Dell Technologies APEX representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Dell doesn't appear to explicitly advertise \"managed security services.\" Dell does, however, offer a standard managed services portfolio through its Dell Technologies Managed Services offering.<sup id=\"rdp-ebb-cite_ref-DellManServ_10-0\" class=\"reference\"><a href=\"#cite_note-DellManServ-10\">[10]<\/a><\/sup> One of the offerings in that managed services portfolio is \"Dell Technologies Managed Detection and Response Pro Plus.\" Dell describes these services as a \"fully-managed, 360\u00b0 security operations solution [that] helps you prevent and respond to attacks and recover if a breach occurs.\"<sup id=\"rdp-ebb-cite_ref-DellManaged21_11-0\" class=\"reference\"><a href=\"#cite_note-DellManaged21-11\">[11]<\/a><\/sup> This managed service is described as having four components: agent rollout assistance, thread detection and investigation, response and active remediation, and remote cybersecurity incident response.<sup id=\"rdp-ebb-cite_ref-DellManaged21_11-1\" class=\"reference\"><a href=\"#cite_note-DellManaged21-11\">[11]<\/a><\/sup>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.delltechnologies.com\/asset\/en-us\/solutions\/apex\/technical-support\/dell-acp-portfolio-solution-brief.pdf\" target=\"_blank\">Dell Technologies APEX Cloud Platforms<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.delltechnologies.com\/asset\/en-us\/solutions\/apex\/technical-support\/apex-compute-spec-sheet.pdf\" target=\"_blank\">Dell Technologies APEX Compute<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.delltechnologies.com\/asset\/en-us\/solutions\/apex\/briefs-summaries\/apex-block-services-solution-brief.pdf\" target=\"_blank\">Dell Technologies APEX Data Storage Services Block<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.delltechnologies.com\/asset\/en-us\/solutions\/apex\/selling-competitive\/apex-partner-conversation-guide.pdf\" target=\"_blank\">Dell Technologies APEX Partner Conversation Guide<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/shop\/secure-development\/cp\/secure-development\" target=\"_blank\">Dell Technologies development and auditing practices<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.delltechnologies.com\/en-us\/services\/managed-services\/index.htm\" target=\"_blank\">Dell Technologies Managed Services<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/dt\/corporate\/about-us\/security-and-trust-center\/index.htm\" target=\"_blank\">Dell Technologies trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-DignanDell21-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DignanDell21_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/dt\/corporate\/newsroom\/announcements\/detailpage.press-releases~usa~2023~03~20230302-dell-technologies-delivers-fourth-quarter-and-full-year-fiscal-2023-financial-results.htm\" target=\"_blank\">\"Dell Technologies Delivers Fourth Quarter and Full Year Fiscal 2023 Financial Results\"<\/a>. Dell Technologies. 2 March 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dell.com\/en-us\/dt\/corporate\/newsroom\/announcements\/detailpage.press-releases~usa~2023~03~20230302-dell-technologies-delivers-fourth-quarter-and-full-year-fiscal-2023-financial-results.htm\" target=\"_blank\">https:\/\/www.dell.com\/en-us\/dt\/corporate\/newsroom\/announcements\/detailpage.press-releases~usa~2023~03~20230302-dell-technologies-delivers-fourth-quarter-and-full-year-fiscal-2023-financial-results.htm<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Dell+Technologies+Delivers+Fourth+Quarter+and+Full+Year+Fiscal+2023+Financial+Results&rft.atitle=&rft.date=2+March+2023&rft.pub=Dell+Technologies&rft_id=https%3A%2F%2Fwww.dell.com%2Fen-us%2Fdt%2Fcorporate%2Fnewsroom%2Fannouncements%2Fdetailpage.press-releases%7Eusa%7E2023%7E03%7E20230302-dell-technologies-delivers-fourth-quarter-and-full-year-fiscal-2023-financial-results.htm&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DellTechCloudTake-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DellTechCloudTake_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/dt\/apex\/resources\/apex-cloud-experience-ebook.htm\" target=\"_blank\">\"Dell APEX - Get a more unified multicloud experience with technology you trust\"<\/a>. Dell Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dell.com\/en-us\/dt\/apex\/resources\/apex-cloud-experience-ebook.htm\" target=\"_blank\">https:\/\/www.dell.com\/en-us\/dt\/apex\/resources\/apex-cloud-experience-ebook.htm<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Dell+APEX+-+Get+a+more+unified+multicloud+experience+with+technology+you+trust&rft.atitle=&rft.pub=Dell+Technologies&rft_id=https%3A%2F%2Fwww.dell.com%2Fen-us%2Fdt%2Fapex%2Fresources%2Fapex-cloud-experience-ebook.htm&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DellConsumptionGet-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DellConsumptionGet_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/dt\/apex\/index.htm\" target=\"_blank\">\"Dell Technologies APEX\"<\/a>. Dell Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dell.com\/en-us\/dt\/apex\/index.htm\" target=\"_blank\">https:\/\/www.dell.com\/en-us\/dt\/apex\/index.htm<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Dell+Technologies+APEX&rft.atitle=&rft.pub=Dell+Technologies&rft_id=https%3A%2F%2Fwww.dell.com%2Fen-us%2Fdt%2Fapex%2Findex.htm&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DellEMCCloud-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DellEMCCloud_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/dt\/data-protection\/powerprotect-dd-series\/cloud-tier.htm\" target=\"_blank\">\"Dell Cloud Tier\"<\/a>. Dell Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dell.com\/en-us\/dt\/data-protection\/powerprotect-dd-series\/cloud-tier.htm\" target=\"_blank\">https:\/\/www.dell.com\/en-us\/dt\/data-protection\/powerprotect-dd-series\/cloud-tier.htm<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Dell+Cloud+Tier&rft.atitle=&rft.pub=Dell+Technologies&rft_id=https%3A%2F%2Fwww.dell.com%2Fen-us%2Fdt%2Fdata-protection%2Fpowerprotect-dd-series%2Fcloud-tier.htm&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AgarwalAPEX21-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AgarwalAPEX21_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Agarwal, S. (5 May 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/blog\/apex-cloud-services-for-all-your-essential-workloads\/\" target=\"_blank\">\"APEX Cloud Services for All Your Essential Workloads\"<\/a>. <i>Dell Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dell.com\/en-us\/blog\/apex-cloud-services-for-all-your-essential-workloads\/\" target=\"_blank\">https:\/\/www.dell.com\/en-us\/blog\/apex-cloud-services-for-all-your-essential-workloads\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=APEX+Cloud+Services+for+All+Your+Essential+Workloads&rft.atitle=Dell+Blog&rft.aulast=Agarwal%2C+S.&rft.au=Agarwal%2C+S.&rft.date=5+May+2021&rft_id=https%3A%2F%2Fwww.dell.com%2Fen-us%2Fblog%2Fapex-cloud-services-for-all-your-essential-workloads%2F&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DellIntroDTCP21-6\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-DellIntroDTCP21_6-0\">6.0<\/a><\/sup> <sup><a href=\"#cite_ref-DellIntroDTCP21_6-1\">6.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.delltechnologies.com\/asset\/en-us\/solutions\/apex\/technical-support\/h19142-apex-private-cloud-spec-sheet.pdf\" target=\"_blank\">\"Dell APEX Private Cloud\"<\/a> (PDF). Dell Technologies. 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.delltechnologies.com\/asset\/en-us\/solutions\/apex\/technical-support\/h19142-apex-private-cloud-spec-sheet.pdf\" target=\"_blank\">https:\/\/www.delltechnologies.com\/asset\/en-us\/solutions\/apex\/technical-support\/h19142-apex-private-cloud-spec-sheet.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Dell+APEX+Private+Cloud&rft.atitle=&rft.date=2023&rft.pub=Dell+Technologies&rft_id=https%3A%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fapex%2Ftechnical-support%2Fh19142-apex-private-cloud-spec-sheet.pdf&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DellSecureDev-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DellSecureDev_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/shop\/secure-development\/cp\/secure-development\" target=\"_blank\">\"Secure Development at Dell\"<\/a>. Dell Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dell.com\/en-us\/shop\/secure-development\/cp\/secure-development\" target=\"_blank\">https:\/\/www.dell.com\/en-us\/shop\/secure-development\/cp\/secure-development<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Secure+Development+at+Dell&rft.atitle=&rft.pub=Dell+Technologies&rft_id=https%3A%2F%2Fwww.dell.com%2Fen-us%2Fshop%2Fsecure-development%2Fcp%2Fsecure-development&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DellVMwareCloud21-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DellVMwareCloud21_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.delltechnologies.com\/asset\/en-us\/products\/converged-infrastructure\/industry-market\/h17854-vmware-cloud-foundation-on-dell-emc-vxrail-wp.pdf\" target=\"_blank\">\"VMware Cloud Foundation on Dell VxRail\"<\/a> (PDF). Dell Technologies. April 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.delltechnologies.com\/asset\/en-us\/products\/converged-infrastructure\/industry-market\/h17854-vmware-cloud-foundation-on-dell-emc-vxrail-wp.pdf\" target=\"_blank\">https:\/\/www.delltechnologies.com\/asset\/en-us\/products\/converged-infrastructure\/industry-market\/h17854-vmware-cloud-foundation-on-dell-emc-vxrail-wp.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=VMware+Cloud+Foundation+on+Dell+VxRail&rft.atitle=&rft.date=April+2023&rft.pub=Dell+Technologies&rft_id=https%3A%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fproducts%2Fconverged-infrastructure%2Findustry-market%2Fh17854-vmware-cloud-foundation-on-dell-emc-vxrail-wp.pdf&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DellCloud20-9\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-DellCloud20_9-0\">9.0<\/a><\/sup> <sup><a href=\"#cite_ref-DellCloud20_9-1\">9.1<\/a><\/sup> <sup><a href=\"#cite_ref-DellCloud20_9-2\">9.2<\/a><\/sup> <sup><a href=\"#cite_ref-DellCloud20_9-3\">9.3<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/i.dell.com\/sites\/csdocuments\/Legal_Docs\/en\/us\/cloud-service-offerings-agreement.pdf\" target=\"_blank\">\"Cloud Service Offerings Agreement\"<\/a>. Dell Technologies. 1 June 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/i.dell.com\/sites\/csdocuments\/Legal_Docs\/en\/us\/cloud-service-offerings-agreement.pdf\" target=\"_blank\">https:\/\/i.dell.com\/sites\/csdocuments\/Legal_Docs\/en\/us\/cloud-service-offerings-agreement.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Service+Offerings+Agreement&rft.atitle=&rft.date=1+June+2020&rft.pub=Dell+Technologies&rft_id=https%3A%2F%2Fi.dell.com%2Fsites%2Fcsdocuments%2FLegal_Docs%2Fen%2Fus%2Fcloud-service-offerings-agreement.pdf&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DellManServ-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DellManServ_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/dt\/services\/managed-services\/index.htm\" target=\"_blank\">\"Dell Managed Services\"<\/a>. Dell Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dell.com\/en-us\/dt\/services\/managed-services\/index.htm\" target=\"_blank\">https:\/\/www.dell.com\/en-us\/dt\/services\/managed-services\/index.htm<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Dell+Managed+Services&rft.atitle=&rft.pub=Dell+Technologies&rft_id=https%3A%2F%2Fwww.dell.com%2Fen-us%2Fdt%2Fservices%2Fmanaged-services%2Findex.htm&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DellManaged21-11\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-DellManaged21_11-0\">11.0<\/a><\/sup> <sup><a href=\"#cite_ref-DellManaged21_11-1\">11.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/dt\/services\/security-services\/managed-detection-response-pro-plus.htm\" target=\"_blank\">\"Managed Detection and Response Pro Plus\"<\/a> (PDF). Dell Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dell.com\/en-us\/dt\/services\/security-services\/managed-detection-response-pro-plus.htm\" target=\"_blank\">https:\/\/www.dell.com\/en-us\/dt\/services\/security-services\/managed-detection-response-pro-plus.htm<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 02 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Detection+and+Response+Pro+Plus&rft.atitle=&rft.pub=Dell+Technologies&rft_id=https%3A%2F%2Fwww.dell.com%2Fen-us%2Fdt%2Fservices%2Fsecurity-services%2Fmanaged-detection-response-pro-plus.htm&rfr_id=info:sid\/en.wikipedia.org:Dell_Technologies_APEX\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816210000\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.197 seconds\nReal time usage: 0.245 seconds\nPreprocessor visited node count: 11597\/1000000\nPost\u2010expand include size: 54767\/2097152 bytes\nTemplate argument size: 29845\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 16143\/5000000 bytes\nLua time usage: 0.010\/7 seconds\nLua virtual size: 4943872\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 215.029 1 -total\n 57.25% 123.107 1 Template:Infobox_company\n 55.48% 119.297 1 Template:Infobox\n 49.84% 107.171 81 Template:Infobox\/row\n 42.57% 91.544 1 Template:URL\n 40.27% 86.593 1 Template:Reflist\n 39.72% 85.412 1 Template:Str_right\n 38.54% 82.862 1 Template:Str_sub_long\n 32.48% 69.834 11 Template:Cite_web\n 29.08% 62.541 11 Template:Citation\/core\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12477-0!canonical and timestamp 20230816205959 and revision id 52736. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Dell_Technologies_Cloud\">https:\/\/www.limswiki.org\/index.php\/Dell_Technologies_Cloud<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","d90a08936e17ff73a53fe4ef1c2dc4d6_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/a\/a7\/Dell_Technologies_Logo.png"],"d90a08936e17ff73a53fe4ef1c2dc4d6_timestamp":1692220361,"aa59005d6d3f6c0608f84c7ec811f8d6_type":"article","aa59005d6d3f6c0608f84c7ec811f8d6_title":"Amazon Web Services","aa59005d6d3f6c0608f84c7ec811f8d6_url":"https:\/\/www.limswiki.org\/index.php\/Amazon_Web_Services","aa59005d6d3f6c0608f84c7ec811f8d6_plaintext":"\n\nAmazon Web ServicesFrom LIMSWikiJump to navigationJump to searchAmazon Web Services\nIndustry\n \nCloud computing, Web servicesFounder(s)\n \nJeff BezosHeadquarters\n \nSeattle, Washington , United States Area served\n \nWorldwideKey people\n \nAdam Selipsky (CEO)Products\n \nIaaS, PaaS, DBaaS, DaaSRevenue\n \n$21.35 billion (2023 Q1)[1]Parent\n \nAmazonWebsite\n \naws.amazon.com \n\n\r\n\nAmazon Web Services ( also known as AWS) is an American cloud computing company that provides public, private, hybrid, and multicloud solutions to enterprises, organizations, governments, and individuals. AWS has more than 120 data centers distributed in various locations around the world, with Africa and South America the least represented.[2][3] The company provides more than 200 different products and services representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, cloud communication, data analysis, media management, container and middleware management, developer support, scientific computing, internet of things, and virtual and augmented reality.[2][4]\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nExamples of labs that have worked with AWS include Glidewell Laboratories[5], Merck Research Laboratories[6], National Renewable Energy Laboratory[7], and the Innovation Lab.[8] Additionally, an AWS article titled \"Building the foundation for Lab of the Future using AWS\" published in 2019 provides some insight into what a laboratory integrated with AWS cloud offerings might look like.[9] It's also worth noting that numerous laboratory information management system (LIMS) and laboratory information system (LIS) developers have offered their solution on AWS over the years, including STARLIMS Corporation[10], Core Informatics, LLC[11], LabLynx, Inc.[12], Orchard Software Corporation[13], PD Evidence, LLC[14], and Thermo Scientific.[15] An AWS representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used AWS.\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nIt will ultimately be up to your organization to get an answer tailored to your systems and business processes. However, this much can be said about AWS integrations. AWS offers a variety of Application Integration services, described as \"a suite of services that enable communication between decoupled components within microservices, distributed systems, and serverless applications.\"[16] This includes management for application programming interfaces, event-driven architectures, messaging, data flows, and serverless workflows.[16] Additionally, AWS applies a variety of techniques to integrate with existing on-premises system, including AWS Outposts[17], as well as the combination of AWS DataSync with File Gateway.[18] Another document worth examining is AWS' eBook on building a hybrid cloud strategy.\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nYou'll largely have to ask this of AWS and see what response they give you. That said, third parties like StatusGator have been monitoring AWS downtime for years and make for one possible option to assess the types of historical downtime AWS has seen. Historically, AWS outages have garnered a number of headlines over the years, pretty much every year since at least 2011.[19][20][21] One must keep in mind, however, that these reported outages affect only certain regions or services, not the entirety of AWS. Which is why it's important to get numbers from an AWS representative about, realistically, what sort of outage you should expect for your specific services, keeping in mind how AWS measures uptime percentages in its service agreements.[22]\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nAWS does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with AWS what downtime support they provide based on the services your organization are interested in.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nAWS has 80 Availability Zones, each with one or more discrete data centers, with 15 more Availability Zones planned (as of April 2021).[2] These zones are distributed in various locations around the world, with Africa and South America the least represented. AWS uses its content delivery network Amazon Cloudfront, which can \"securely deliver content with low latency and high transfer speeds.\" Security capabilities for Cloudfront include field-level encryption, HTTPS, and multiple other layers of Amazon protection.[23] When moving data to and from on-premises and AWS systems, AWS provides AWS DataSync, which ensures \"end-to-end security, including data encryption and data integrity validation\" to \"simplify and accelerate secure data migrations.\"[24] Data in motion is encrypted using a trimmed-down version of Transport Layer Security (TLS) called s2n, designed \"to provide you with network encryption that is easier to understand and that is fully auditable.\"[25] Other protections are in place as well, as seen in the security portion of AWS' Well-Architected Framework. As for data localization and residency requirements, an AWS eBook on the topic addresses some elements of this topic, largely in the scope of Amazon Outposts; discuss the topic further with an AWS representative.\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nAWS discusses personnel and third-party access management in regards to physical data security on its data center controls page. However, it does not reference the specific certifications and training required for those who have permission to access your data. You will have to inquire with AWS about these considerations when asking this question.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nNot all AWS machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nLike Alibaba, AWS have moved past a paradigm of physical separation of data pools. In 2020, writing for AWS, Hyun and Anderson updated their whitepaper on logical separation on AWS, addressing how \"identity management, network security, serverless and containers services, host and instance features, logging, and encryption\" can fill the same shoes as physical separation, while also providing a U.S. Department of Defense use case that highlights logical separation as meeting physical separation intent.[26]\nHowever, the concept of tenant isolation is addressed by AWS in multiple ways, from whitepapers to training courses and videos. The primary whitepaper addresses the concepts and architecture behind AWS' tenant isolation practices, primarily as they relate to software as a service (SaaS). Further technical details on how your data is segregated, if required, may be garnered in discussion with AWS.\n\r\n\n9. Do you have documented data security policies?\nAWS documents its security practices in several places:\n\nIntroduction to AWS Security whitepaper\nAWS security page\nAWS trust center\nSome security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an AWS representative to obtain them.\n\r\n\n10. How do you test your platform's security?\nAccording to Amazon, customers are allowed to perform penetration testing of eight of its services without prior approval, though \"[c]ustomers are not permitted to conduct any security assessments of AWS infrastructure, or the AWS services themselves.\"[27] Other types of testing that are allowed, with restrictions, include network stress testing, DDoS simulation testing, and other simulated events.[27] Amazon also appears to have a bug bounty program, managed by HackerOne.[28] As for AWS running attack-and-defense drills or breach and attach simulations on its own infrastructure, no public information could be found regarding this. You'll have to discuss this topic with an AWS representative.\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nAudits: Per AWS: \"AWS regularly undergoes independent third-party attestation audits to provide assurance that control activities are operating as intended. More specifically, AWS is audited against a variety of global and regional security frameworks dependent on region and industry. AWS participates in over 50 different audit programs.\"[29] This is demonstrated by its compliance credentials (e.g., see its trust center). AWS also provides guidance for customers conducting security audits of their own configurations, etc.\nIntrusion detection and reporting: AWS details its intrusion detection and prevention systems for its EC2 products in a two-page brochure. They state that these tools are capable of \"alerting administrators of possible incidents, logging information, and reporting attempts,\" and are able to \"actively prevent or block intrusions that are detected.\"[30] AWS also has Amazon GuardDuty for Amazon S3 instances, able \"to identify unusual activity within your accounts, analyze the security relevance of the activity, given the context in which it was invoked, and apply predictive probability to make a final verdict on whether that activity is sufficiently anomalous to warrant investigation.\"[31] Confirm the intrusion detection and reporting services available to you for the services you plan to use.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nAWS has several data logging tools for customers, including Centralized Logging, Amazon CloudWatch, and AWS CloudTrail. AWS makes its data privacy policy relatively clear; however, AWS doesn't appear to make it publicly clear if they use these tools for their own data logging, let alone what they do with data logs related to your data. (They only state that they automatically collect \"offering usage, occurrences of technical errors, diagnostic reports, your settings preferences, backup information, API calls, and other logs.\"[32]) Be sure an AWS representative is clear about what logging information they collect and use as it relates to your data.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nMost AWS documentation references managing and viewing logs related to your own activities. However, unlike Alibaba, it's unclear if you are able to audit internal AWS logs on-demand. This is a conversation to have with an AWS representative.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nYes, AWS will sign a business associate agreement.[33] Consult their HIPAA compliance page for more details on their approach to HIPAA compliance.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nThe AWS base agreement states[34]:\n\nUnless we terminate your use of the Service Offerings pursuant to Section 7.2(b), during the 30 days following the Termination Date:\n(i) we will not take action to remove from the AWS systems any of Your Content as a result of the termination; and\n\n(ii) we will allow you to retrieve Your Content from the Services only if you have paid all amounts due under this Agreement.\nHowever, clarify this policy in full with an AWS representative.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how AWS would handle your data should they go out of business; consult with an AWS representative about this topic. As for catastrophic events, most documentation from AWS seems to address how you, the customer, should address disaster recovery, but little discusses AWS' own approach to catastrophic events. Like Alibaba, AWS uses three zones for redundancy: \"All EBS volumes are designed for 99.999% availability. Amazon S3 objects are stored across a minimum of three Availability Zones providing 99.999999999% durability of objects over a given year. Regardless of your cloud provider, there is the potential for failures to impact your workload. Therefore, you must take steps to implement resiliency if you need your workload to be reliable.\"[35] It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with an AWS representative.\n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nAWS doesn't make it publicly clear how data migration from AWS to another cloud service would work. However, they advertise their AWS DataSync service \"for moving data between on-premises storage systems and AWS Storage services, as well as between AWS Storage services.\"[24] They also offer a database migration service from your systems to AWS. But AWS doesn't appear to address migrating data from their systems. Your data would presumably be in some AWS database format. One article author has even stated that transferring data out of AWS costs money[36], though it's not clear if this is true. It's unclear whether or not a third-party cloud transfer service (e.g., Cloudsfer) would be required or useful when moving from AWS to another cloud service. In the end, if there are still questions on this topic, discuss it with an AWS representative.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an AWS representative.\n\nManaged security services \nAWS doesn't appear to explicitly advertise \"managed security services\" (though it references third-party MSSP parterners).[37] AWS does, however, offer a standard managed services portfolio through its AWS Managed Services offering.[38] Security and network management is offered as services of AWS Managed Services, but the breadth of that security management is dependent on which operations plan is selected: Accelerate or Advanced. At both levels, security monitoring is provided using AWS GuardDuty\/Amazon Macie. However, it's security conformance, IAM and security review, access management, managed firewall, endpoint protection, and network configuration varies depending on the plan chosen. Consult the plan feature table on AWS to learn more.[39]\n\r\n\n\nAdditional information \nDocumentation and other media \nArchitecting for HIPAA whitepaper\nDisaster Recovery of Workloads whitepaper\nIntroduction to AWS Security whitepaper\nExternal links \nAmazon Web Services architecture framework or description\nAmazon Web Services Managed Services\nAmazon Web Services shared responsibility model\nAmazon Web Services trust center\nReferences \n\n\n\u2191 Novet, J. (27 April 2023). \"Amazon\u2019s 16% cloud revenue growth impresses even as margin narrows\". CNBC. https:\/\/www.cnbc.com\/2023\/04\/27\/aws-q1-earnings-report-2023.html . Retrieved 28 July 2023 .   \n \n\n\u2191 2.0 2.1 2.2 \"Global Infrastructure\". Amazon Web Services. https:\/\/aws.amazon.com\/about-aws\/global-infrastructure\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Zhang, M. (15 June 2022). \"Amazon Web Services (AWS) Data Center Locations: Regions and Availability Zones\". Dgtl Infra. https:\/\/dgtlinfra.com\/amazon-web-services-aws-data-center-locations\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"AWS Solutions Library\". Amazon Web Services. https:\/\/aws.amazon.com\/solutions\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Glidewell Laboratories Gains Deeper Data Insights Faster with Amazon Redshift and Attunity\" (PDF). Amazon Web Services. 2017. Archived from the original on 24 September 2021. https:\/\/web.archive.org\/web\/20210924151843\/https:\/\/www.qlik.com\/us\/-\/media\/files\/resource-library\/global-us\/direct\/case-studies\/cs-glidewell-laboratories-qlik-and-amazon-case-study-en.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"AWS Data Exchange\". Amazon Web Services. Archived from the original on 28 July 2023. https:\/\/web.archive.org\/web\/20210425134409\/https:\/\/aws.amazon.com\/data-exchange\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"National Renewable Energy Laboratory\u2019s OpenEI.org Case Study\". Amazon Web Services. 2014. https:\/\/aws.amazon.com\/solutions\/case-studies\/openei\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Ozdemir, D. (29 December 2020). \"Pfizer, Amazon, and AstraZeneca Team Up To Build Laboratory in Israel\". Interesting Engineering. https:\/\/interestingengineering.com\/pfizer-amazon-and-astrazeneca-team-up-to-build-laboratory-in-israel . Retrieved 28 July 2023 .   \n \n\n\u2191 Coker, S.; Atnoor, D.; Buckner, P. (11 September 2019). \"Building the foundation for Lab of the Future using AWS\". AWS for Industries. Amazon Web Services. https:\/\/aws.amazon.com\/blogs\/industries\/building-the-foundation-for-lab-of-the-future-using-aws\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cloud Services\". STARLIMS Corporation. https:\/\/www.starlims.com\/offerings\/cloud-services\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Core Informatics Case Study\". Amazon Web Services. 2017. Archived from the original on 07 May 2017. https:\/\/web.archive.org\/web\/20170507183040\/https:\/\/aws.amazon.com\/solutions\/case-studies\/core-informatics\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Casper, C.. \"Securing Your LIMS in the Cloud\". LabLynx, Inc. https:\/\/www.lablynx.com\/news-events\/securing-your-lims-in-the-cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Orchard Announces Amazon Web Service\u2013based Cloud Services Solution for Its Orchard Harvest Customers\". Orchard Software Corporation. 5 October 2020. https:\/\/www.orchardsoft.com\/press_release\/orchard-announces-amazon-web-servicebased-cloud-services-solution-for-its-orchard-harvest-customers\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"PDEvidence Helps Solve Crimes Faster Using Automated AWS-Based System\". Amazon Web Services. 2018. https:\/\/aws.amazon.com\/solutions\/case-studies\/pdevidence\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Hall, H. (4 August 2020). \"New deployment model optimizes LIMS implementation in the Amazon Web Services Cloud\". R&D World. https:\/\/www.rdworldonline.com\/new-deployment-model-optimizes-lims-implementation-in-the-amazon-web-services-cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 16.0 16.1 \"Application Integration on AWS\". Amazon Web Services. https:\/\/aws.amazon.com\/products\/application-integration\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"AWS Outposts\". Amazon Web Services. https:\/\/aws.amazon.com\/outposts\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Rajamani, S.; Bartley, J. (27 November 2020). \"From on premises to AWS: Hybrid-cloud architecture for network file shares\". AWS Storage Blog. Amazon Web Services. https:\/\/aws.amazon.com\/blogs\/storage\/from-on-premises-to-aws-hybrid-cloud-architecture-for-network-file-shares\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 RIQ News Desk. \"Top 7 AWS Outages That Wreaked Havoc\". ReadITQuik. https:\/\/www.readitquik.com\/articles\/cloud-3\/top-7-aws-outages-that-wreaked-havoc\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Swearingen, J. (2 March 2018). \"When Amazon Web Services Goes Down, So Does a Lot of the Web\". Intelligencer. https:\/\/nymag.com\/intelligencer\/2018\/03\/when-amazon-web-services-goes-down-so-does-a-lot-of-the-web.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Malone, K. (30 November 2020). \"Businesses can avoid cloud provider downtime with redundancy \u2014 but at what cost?\". CIODive. https:\/\/www.ciodive.com\/news\/aws-outage-cloud-recovery-interoperability\/589844\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Amazon Compute Service Level Agreement\". Amazon Web Services. 25 May 2022. https:\/\/aws.amazon.com\/compute\/sla\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Amazon Cloudfront\". Amazon Web Services. https:\/\/aws.amazon.com\/cloudfront\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 24.0 24.1 \"AWS DataSync\". Amazon Web Services. https:\/\/aws.amazon.com\/datasync\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Beer, K. (11 June 2020). \"The importance of encryption and how AWS can help\". AWS Security Blog. https:\/\/aws.amazon.com\/blogs\/security\/importance-of-encryption-and-how-aws-can-help\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Hyun, M.; Anderson, T. (29 July 2020). \"Logical separation: Moving beyond physical isolation in the cloud computing era\". AWS Security Blog. https:\/\/aws.amazon.com\/blogs\/security\/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 27.0 27.1 \"Penetration Testing\". Amazon Web Services. https:\/\/aws.amazon.com\/security\/penetration-testing\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Amazon Vulnerability Research Program\". HackerOne. April 2020. https:\/\/hackerone.com\/amazonvrp?type=team . Retrieved 28 July 2023 .   \n \n\n\u2191 \"AWS risk and compliance program\". Amazon Web Services: Risk and Compliance. Amazon Web Services. https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-risk-and-compliance\/aws-risk-and-compliance-program.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Intrusion Detection Systems and Intrusion Prevention Systems for EC2 Instances\" (PDF). Amazon Web Services. https:\/\/d1.awsstatic.com\/Marketplace\/scenarios\/security\/SEC_01_TSB_Final.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Megiddo, A. (12 March 2021). \"How you can use Amazon GuardDuty to detect suspicious activity within your AWS account\". AWS Security Blog. Amazon Web Services. https:\/\/aws.amazon.com\/blogs\/security\/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Privacy Notice\". Amazon Web Services. 30 June 2023. https:\/\/aws.amazon.com\/privacy\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"HIPAA\". Amazon Web Services. https:\/\/aws.amazon.com\/compliance\/hipaa-compliance\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"AWS Customer Agreement\". Amazon Web Services. https:\/\/aws.amazon.com\/agreement\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Failure Management\". Reliability Pillar. Amazon Web Services. https:\/\/docs.aws.amazon.com\/wellarchitected\/latest\/reliability-pillar\/failure-management.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Oles, B. (14 August 2019). \"A Guide to Automated Cloud Database Deployments\". SeveralNines. https:\/\/severalnines.com\/blog\/guide-automated-cloud-database-deployments\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"AWS Managed Security Service Providers\". AWS. https:\/\/aws.amazon.com\/mssp\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"AWS Managed Services\". AWS. https:\/\/aws.amazon.com\/managed-services\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"AWS Managed Services Features\". AWS. https:\/\/aws.amazon.com\/managed-services\/features\/ . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Amazon_Web_Services\">https:\/\/www.limswiki.org\/index.php\/Amazon_Web_Services<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 28 July 2023, at 16:57.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 2,826 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","aa59005d6d3f6c0608f84c7ec811f8d6_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Amazon_Web_Services rootpage-Amazon_Web_Services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Amazon Web Services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Amazon Web Services<\/b> ( also known as <b>AWS<\/b>) is an American <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> company that provides public, private, hybrid, and multicloud solutions to enterprises, organizations, governments, and individuals. AWS has more than 120 data centers distributed in various locations around the world, with Africa and South America the least represented.<sup id=\"rdp-ebb-cite_ref-AWSGlobal_2-0\" class=\"reference\"><a href=\"#cite_note-AWSGlobal-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-ZhangAmazon22_3-0\" class=\"reference\"><a href=\"#cite_note-ZhangAmazon22-3\">[3]<\/a><\/sup> The company provides more than 200 different products and services representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, cloud communication, <a href=\"https:\/\/www.limswiki.org\/index.php\/Data_analysis\" title=\"Data analysis\" class=\"wiki-link\" data-key=\"545c95e40ca67c9e63cd0a16042a5bd1\">data analysis<\/a>, media management, container and <a href=\"https:\/\/www.limswiki.org\/index.php\/Middleware\" title=\"Middleware\" class=\"wiki-link\" data-key=\"82ee1d9577571b4f9e4d83d6d6124c81\">middleware<\/a> management, developer support, scientific computing, <a href=\"https:\/\/www.limswiki.org\/index.php\/Internet_of_things\" title=\"Internet of things\" class=\"wiki-link\" data-key=\"13e0b826fa1770fe4bea72e3cb942f0f\">internet of things<\/a>, and virtual and augmented reality.<sup id=\"rdp-ebb-cite_ref-AWSGlobal_2-1\" class=\"reference\"><a href=\"#cite_note-AWSGlobal-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AWSSolutionsLib_4-0\" class=\"reference\"><a href=\"#cite_note-AWSSolutionsLib-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>Examples of <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">labs<\/a> that have worked with AWS include Glidewell Laboratories<sup id=\"rdp-ebb-cite_ref-AWSGlidewell17_5-0\" class=\"reference\"><a href=\"#cite_note-AWSGlidewell17-5\">[5]<\/a><\/sup>, Merck Research Laboratories<sup id=\"rdp-ebb-cite_ref-AWSDataEx_6-0\" class=\"reference\"><a href=\"#cite_note-AWSDataEx-6\">[6]<\/a><\/sup>, National Renewable Energy Laboratory<sup id=\"rdp-ebb-cite_ref-AWSNational14_7-0\" class=\"reference\"><a href=\"#cite_note-AWSNational14-7\">[7]<\/a><\/sup>, and the Innovation Lab.<sup id=\"rdp-ebb-cite_ref-OzdemirPfizer20_8-0\" class=\"reference\"><a href=\"#cite_note-OzdemirPfizer20-8\">[8]<\/a><\/sup> Additionally, an AWS article titled \"<a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/blogs\/industries\/building-the-foundation-for-lab-of-the-future-using-aws\/\" target=\"_blank\">Building the foundation for Lab of the Future using AWS<\/a>\" published in 2019 provides some insight into what a laboratory integrated with AWS cloud offerings might look like.<sup id=\"rdp-ebb-cite_ref-CokerBuild19_9-0\" class=\"reference\"><a href=\"#cite_note-CokerBuild19-9\">[9]<\/a><\/sup> It's also worth noting that numerous <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory_information_management_system\" title=\"Laboratory information management system\" class=\"wiki-link\" data-key=\"8ff56a51d34c9b1806fcebdcde634d00\">laboratory information management system<\/a> (LIMS) and <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory_information_system\" title=\"Laboratory information system\" class=\"wiki-link\" data-key=\"37add65b4d1c678b382a7d4817a9cf64\">laboratory information system<\/a> (LIS) developers have offered their solution on AWS over the years, including <a href=\"https:\/\/www.limswiki.org\/index.php\/STARLIMS_Corporation\" title=\"STARLIMS Corporation\" class=\"wiki-link\" data-key=\"9564e6e2ab70cd1ad0ae68d1ca215524\">STARLIMS Corporation<\/a><sup id=\"rdp-ebb-cite_ref-AbbotCloud_10-0\" class=\"reference\"><a href=\"#cite_note-AbbotCloud-10\">[10]<\/a><\/sup>, <a href=\"https:\/\/www.limswiki.org\/index.php\/Core_Informatics,_LLC\" title=\"Core Informatics, LLC\" class=\"wiki-link\" data-key=\"ca7be316a3db322a0fb60c66d41e8647\">Core Informatics, LLC<\/a><sup id=\"rdp-ebb-cite_ref-AWSCore17_11-0\" class=\"reference\"><a href=\"#cite_note-AWSCore17-11\">[11]<\/a><\/sup>, <a href=\"https:\/\/www.limswiki.org\/index.php\/LabLynx,_Inc.\" title=\"LabLynx, Inc.\" class=\"wiki-link\" data-key=\"da3f96536cf2c54de1960f26fe5712a1\">LabLynx, Inc.<\/a><sup id=\"rdp-ebb-cite_ref-LLXCloud_12-0\" class=\"reference\"><a href=\"#cite_note-LLXCloud-12\">[12]<\/a><\/sup>, <a href=\"https:\/\/www.limswiki.org\/index.php\/Orchard_Software_Corporation\" title=\"Orchard Software Corporation\" class=\"wiki-link\" data-key=\"7b7ed1ca87d09d6e32482f0a87ddfacd\">Orchard Software Corporation<\/a><sup id=\"rdp-ebb-cite_ref-OrchardAnnounce20_13-0\" class=\"reference\"><a href=\"#cite_note-OrchardAnnounce20-13\">[13]<\/a><\/sup>, <a href=\"https:\/\/www.limswiki.org\/index.php\/PD_Evidence,_LLC\" title=\"PD Evidence, LLC\" class=\"wiki-link\" data-key=\"6d46b13c6da263bbc4eee9e4337a642e\">PD Evidence, LLC<\/a><sup id=\"rdp-ebb-cite_ref-AWSPDEv18_14-0\" class=\"reference\"><a href=\"#cite_note-AWSPDEv18-14\">[14]<\/a><\/sup>, and <a href=\"https:\/\/www.limswiki.org\/index.php\/Thermo_Scientific\" title=\"Thermo Scientific\" class=\"wiki-link\" data-key=\"e914753f99d483d4577b35fed71b3c94\">Thermo Scientific<\/a>.<sup id=\"rdp-ebb-cite_ref-HallNew20_15-0\" class=\"reference\"><a href=\"#cite_note-HallNew20-15\">[15]<\/a><\/sup> An AWS representative is likely to be able to supply more examples of laboratories and <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory_informatics\" title=\"Laboratory informatics\" class=\"wiki-link\" data-key=\"00edfa43edcde538a695f6d429280301\">laboratory informatics<\/a> developers that use or have used AWS.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>It will ultimately be up to your organization to get an answer tailored to your systems and business processes. However, this much can be said about AWS integrations. AWS offers a variety of Application Integration services, described as \"a suite of services that enable communication between decoupled components within microservices, distributed systems, and serverless applications.\"<sup id=\"rdp-ebb-cite_ref-AWSApplication_16-0\" class=\"reference\"><a href=\"#cite_note-AWSApplication-16\">[16]<\/a><\/sup> This includes management for <a href=\"https:\/\/www.limswiki.org\/index.php\/Application_programming_interface\" title=\"Application programming interface\" class=\"wiki-link\" data-key=\"36fc319869eba4613cb0854b421b0934\">application programming interfaces<\/a>, event-driven architectures, messaging, data flows, and serverless <a href=\"https:\/\/www.limswiki.org\/index.php\/Workflow\" title=\"Workflow\" class=\"wiki-link\" data-key=\"92bd8748272e20d891008dcb8243e8a8\">workflows<\/a>.<sup id=\"rdp-ebb-cite_ref-AWSApplication_16-1\" class=\"reference\"><a href=\"#cite_note-AWSApplication-16\">[16]<\/a><\/sup> Additionally, AWS applies a variety of techniques to integrate with existing on-premises system, including AWS Outposts<sup id=\"rdp-ebb-cite_ref-AWSOutposts_17-0\" class=\"reference\"><a href=\"#cite_note-AWSOutposts-17\">[17]<\/a><\/sup>, as well as the combination of AWS DataSync with File Gateway.<sup id=\"rdp-ebb-cite_ref-RajamaniFrom20_18-0\" class=\"reference\"><a href=\"#cite_note-RajamaniFrom20-18\">[18]<\/a><\/sup> Another document worth examining is AWS' eBook on <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/pages.awscloud.com\/rs\/112-TZM-766\/images\/Building-Your-Hybrid-Cloud-Strategy-eBook.pdf\" target=\"_blank\">building a hybrid cloud strategy<\/a>.\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>You'll largely have to ask this of AWS and see what response they give you. That said, third parties like StatusGator have been <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/statusgator.com\/services\/amazon-web-services\" target=\"_blank\">monitoring AWS downtime<\/a> for years and make for one possible option to assess the types of historical downtime AWS has seen. Historically, AWS outages have garnered a number of headlines over the years, pretty much every year since at least 2011.<sup id=\"rdp-ebb-cite_ref-RIQTop_19-0\" class=\"reference\"><a href=\"#cite_note-RIQTop-19\">[19]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-SwearingenWhen18_20-0\" class=\"reference\"><a href=\"#cite_note-SwearingenWhen18-20\">[20]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-MaloneBusinesses20_21-0\" class=\"reference\"><a href=\"#cite_note-MaloneBusinesses20-21\">[21]<\/a><\/sup> One must keep in mind, however, that these reported outages affect only certain regions or services, not the entirety of AWS. Which is why it's important to get numbers from an AWS representative about, realistically, what sort of outage you should expect for your specific services, keeping in mind how AWS measures uptime percentages in its service agreements.<sup id=\"rdp-ebb-cite_ref-AWSAmazonSLA20_22-0\" class=\"reference\"><a href=\"#cite_note-AWSAmazonSLA20-22\">[22]<\/a><\/sup>\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>AWS does not make this answer clear. However, the answer is likely tied to what <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/premiumsupport\/plans\/\" target=\"_blank\">after-sales support plan<\/a> you choose. Confirm with AWS what downtime support they provide based on the services your organization are interested in.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>AWS has 80 Availability Zones, each with one or more discrete data centers, with 15 more Availability Zones planned (as of April 2021).<sup id=\"rdp-ebb-cite_ref-AWSGlobal_2-2\" class=\"reference\"><a href=\"#cite_note-AWSGlobal-2\">[2]<\/a><\/sup> These zones are distributed in various locations around the world, with Africa and South America the least represented. AWS uses its content delivery network Amazon Cloudfront, which can \"securely deliver content with low latency and high transfer speeds.\" Security capabilities for Cloudfront include field-level encryption, HTTPS, and multiple other layers of Amazon protection.<sup id=\"rdp-ebb-cite_ref-AWSCloudfront_23-0\" class=\"reference\"><a href=\"#cite_note-AWSCloudfront-23\">[23]<\/a><\/sup> When moving data to and from on-premises and AWS systems, AWS provides AWS DataSync, which ensures \"end-to-end security, including data encryption and data integrity validation\" to \"simplify and accelerate secure data migrations.\"<sup id=\"rdp-ebb-cite_ref-AWSDataSync_24-0\" class=\"reference\"><a href=\"#cite_note-AWSDataSync-24\">[24]<\/a><\/sup> Data in motion is encrypted using a trimmed-down version of Transport Layer Security (TLS) called s2n, designed \"to provide you with network encryption that is easier to understand and that is fully auditable.\"<sup id=\"rdp-ebb-cite_ref-BeerTheImport20_25-0\" class=\"reference\"><a href=\"#cite_note-BeerTheImport20-25\">[25]<\/a><\/sup> Other protections are in place as well, as seen in the <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/wa.aws.amazon.com\/wat.question.SEC_9.en.html\" target=\"_blank\">security portion<\/a> of AWS' Well-Architected Framework. As for data localization and residency requirements, an <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/d1.awsstatic.com\/product-marketing\/Outposts\/AWS%20Outposts%20Data%20Residency%20eBook.pdf\" target=\"_blank\">AWS eBook on the topic<\/a> addresses some elements of this topic, largely in the scope of Amazon Outposts; discuss the topic further with an AWS representative.\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>AWS discusses personnel and third-party access management in regards to physical data security on its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/data-center\/controls\/\" target=\"_blank\">data center controls page<\/a>. However, it does not reference the specific certifications and training required for those who have permission to access your data. You will have to inquire with AWS about these considerations when asking this question.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Not all <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/about-aws\/global-infrastructure\/\" target=\"_blank\">AWS machines<\/a> have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>Like <a href=\"https:\/\/www.limswiki.org\/index.php\/Alibaba_Cloud\" title=\"Alibaba Cloud\" class=\"wiki-link\" data-key=\"e9be3baac342297a3bdc810f251aaa22\">Alibaba<\/a>, AWS have moved past a paradigm of physical separation of data pools. In 2020, writing for AWS, Hyun and Anderson updated <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/blogs\/security\/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era\/\" target=\"_blank\">their whitepaper<\/a> on logical separation on AWS, addressing how \"identity management, network security, serverless and containers services, host and instance features, logging, and encryption\" can fill the same shoes as physical separation, while also providing a U.S. Department of Defense use case that highlights logical separation as meeting physical separation intent.<sup id=\"rdp-ebb-cite_ref-HyunLogical20_26-0\" class=\"reference\"><a href=\"#cite_note-HyunLogical20-26\">[26]<\/a><\/sup>\n<\/p><p>However, the concept of tenant isolation is <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/blogs\/security\/security-practices-in-aws-multi-tenant-saas-environments\/\" target=\"_blank\">addressed by AWS<\/a> in multiple ways, from whitepapers to training courses and videos. The <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/d1.awsstatic.com\/whitepapers\/saas-tenant-isolation-strategies.pdf\" target=\"_blank\">primary whitepaper<\/a> addresses the concepts and architecture behind AWS' tenant isolation practices, primarily as they relate to <a href=\"https:\/\/www.limswiki.org\/index.php\/Software_as_a_service\" title=\"Software as a service\" class=\"wiki-link\" data-key=\"ae8c8a7cd5ee1a264f4f0bbd4a4caedd\">software as a service<\/a> (SaaS). Further technical details on how your data is segregated, if required, may be garnered in discussion with AWS.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>AWS documents its security practices in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.aws.amazon.com\/pdfs\/whitepapers\/latest\/introduction-aws-security\/introduction-aws-security.pdf\" target=\"_blank\">Introduction to AWS Security whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/security\/\" target=\"_blank\">AWS security page<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/\" target=\"_blank\">AWS trust center<\/a><\/li><\/ul>\n<p>Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an AWS representative to obtain them.\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>According to Amazon, customers are allowed to perform penetration testing of <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/security\/penetration-testing\/\" target=\"_blank\">eight of its services<\/a> without prior approval, though \"[c]ustomers are not permitted to conduct any security assessments of AWS infrastructure, or the AWS services themselves.\"<sup id=\"rdp-ebb-cite_ref-AWSPenetrat_27-0\" class=\"reference\"><a href=\"#cite_note-AWSPenetrat-27\">[27]<\/a><\/sup> Other types of testing that are allowed, with restrictions, include network stress testing, DDoS simulation testing, and other simulated events.<sup id=\"rdp-ebb-cite_ref-AWSPenetrat_27-1\" class=\"reference\"><a href=\"#cite_note-AWSPenetrat-27\">[27]<\/a><\/sup> Amazon also appears to have a bug bounty program, managed by HackerOne.<sup id=\"rdp-ebb-cite_ref-HackerOneAmazon_28-0\" class=\"reference\"><a href=\"#cite_note-HackerOneAmazon-28\">[28]<\/a><\/sup> As for AWS running attack-and-defense drills or breach and attach simulations on its own infrastructure, no public information could be found regarding this. You'll have to discuss this topic with an AWS representative.\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p><i>Audits<\/i>: Per AWS: \"AWS regularly undergoes independent third-party attestation audits to provide assurance that control activities are operating as intended. More specifically, AWS is audited against a variety of global and regional security frameworks dependent on region and industry. AWS participates in over 50 different audit programs.\"<sup id=\"rdp-ebb-cite_ref-AWSRisk21_29-0\" class=\"reference\"><a href=\"#cite_note-AWSRisk21-29\">[29]<\/a><\/sup> This is demonstrated by its compliance credentials (e.g., see its trust center). AWS also <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.aws.amazon.com\/general\/latest\/gr\/aws-security-audit-guide.html\" target=\"_blank\">provides guidance<\/a> for customers conducting security audits of their own configurations, etc.\n<\/p><p><i>Intrusion detection and reporting<\/i>: AWS details its intrusion detection and prevention systems for its EC2 products in <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/d1.awsstatic.com\/Marketplace\/scenarios\/security\/SEC_01_TSB_Final.pdf\" target=\"_blank\">a two-page brochure<\/a>. They state that these tools are capable of \"alerting administrators of possible incidents, logging information, and reporting attempts,\" and are able to \"actively prevent or block intrusions that are detected.\"<sup id=\"rdp-ebb-cite_ref-AWSIntrusion_30-0\" class=\"reference\"><a href=\"#cite_note-AWSIntrusion-30\">[30]<\/a><\/sup> AWS also has Amazon GuardDuty for Amazon S3 instances, able \"to identify unusual activity within your accounts, analyze the security relevance of the activity, given the context in which it was invoked, and apply predictive probability to make a final verdict on whether that activity is sufficiently anomalous to warrant investigation.\"<sup id=\"rdp-ebb-cite_ref-MegiddoHowYou21_31-0\" class=\"reference\"><a href=\"#cite_note-MegiddoHowYou21-31\">[31]<\/a><\/sup> Confirm the intrusion detection and reporting services available to you for the services you plan to use.\n<\/p><p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>AWS has several data logging tools for customers, including <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/solutions\/implementations\/centralized-logging\/\" target=\"_blank\">Centralized Logging<\/a>, <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/cloudwatch\/\" target=\"_blank\">Amazon CloudWatch<\/a>, and <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/cloudtrail\/\" target=\"_blank\">AWS CloudTrail<\/a>. AWS makes its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/privacy\/\" target=\"_blank\">data privacy policy<\/a> relatively clear; however, AWS doesn't appear to make it publicly clear if they use these tools for their own data logging, let alone what they do with data logs related to your data. (They only state that they automatically collect \"offering usage, occurrences of technical errors, diagnostic reports, your settings preferences, backup information, API calls, and other logs.\"<sup id=\"rdp-ebb-cite_ref-AWSPrivacy_32-0\" class=\"reference\"><a href=\"#cite_note-AWSPrivacy-32\">[32]<\/a><\/sup>) Be sure an AWS representative is clear about what logging information they collect and use as it relates to your data.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>Most AWS documentation references managing and viewing logs related to your own activities. However, unlike Alibaba, it's unclear if you are able to audit internal AWS logs on-demand. This is a conversation to have with an AWS representative.\n<\/p><p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>Yes, AWS will sign a business associate agreement.<sup id=\"rdp-ebb-cite_ref-AWSHIPAA_33-0\" class=\"reference\"><a href=\"#cite_note-AWSHIPAA-33\">[33]<\/a><\/sup> Consult their <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/hipaa-compliance\/\" target=\"_blank\">HIPAA compliance page<\/a> for more details on their approach to <a href=\"https:\/\/www.limswiki.org\/index.php\/HIPAA\" class=\"mw-redirect wiki-link\" title=\"HIPAA\" data-key=\"70050974d1eda9ff8cf9ecf7e4fcd015\">HIPAA<\/a> compliance.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>The AWS base agreement states<sup id=\"rdp-ebb-cite_ref-AWSAgreement_34-0\" class=\"reference\"><a href=\"#cite_note-AWSAgreement-34\">[34]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Unless we terminate your use of the Service Offerings pursuant to Section 7.2(b), during the 30 days following the Termination Date:\n<\/p><p>(i) we will not take action to remove from the AWS systems any of Your Content as a result of the termination; and\n<\/p><p>\n(ii) we will allow you to retrieve Your Content from the Services only if you have paid all amounts due under this Agreement.<\/p><\/blockquote>\n<p>However, clarify this policy in full with an AWS representative.\n<\/p><p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how AWS would handle your data should they go out of business; consult with an AWS representative about this topic. As for catastrophic events, most documentation from AWS seems to address how you, the customer, should address disaster recovery, but little discusses AWS' own approach to catastrophic events. Like Alibaba, AWS uses three zones for redundancy: \"All EBS volumes are designed for 99.999% availability. Amazon S3 objects are stored across a minimum of three Availability Zones providing 99.999999999% durability of objects over a given year. Regardless of your cloud provider, there is the potential for failures to impact your workload. Therefore, you must take steps to implement resiliency if you need your workload to be reliable.\"<sup id=\"rdp-ebb-cite_ref-AWSFailure_35-0\" class=\"reference\"><a href=\"#cite_note-AWSFailure-35\">[35]<\/a><\/sup> It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with an AWS representative.\n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>AWS doesn't make it publicly clear how data migration from AWS to another cloud service would work. However, they advertise their AWS DataSync service \"for moving data between on-premises storage systems and AWS Storage services, as well as between AWS Storage services.\"<sup id=\"rdp-ebb-cite_ref-AWSDataSync_24-1\" class=\"reference\"><a href=\"#cite_note-AWSDataSync-24\">[24]<\/a><\/sup> They also offer a <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/dms\/\" target=\"_blank\">database migration service<\/a> from your systems to AWS. But AWS doesn't appear to address migrating data from their systems. Your data would presumably be in some AWS database format. One article author has even stated that transferring data out of AWS costs money<sup id=\"rdp-ebb-cite_ref-OlesAGuide19_36-0\" class=\"reference\"><a href=\"#cite_note-OlesAGuide19-36\">[36]<\/a><\/sup>, though it's not clear if this is true. It's unclear whether or not a third-party cloud transfer service (e.g., Cloudsfer) would be required or useful when moving from AWS to another cloud service. In the end, if there are still questions on this topic, discuss it with an AWS representative.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an AWS representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>AWS doesn't appear to explicitly advertise \"managed security services\" (though it references third-party MSSP parterners).<sup id=\"rdp-ebb-cite_ref-AWSMSSP_37-0\" class=\"reference\"><a href=\"#cite_note-AWSMSSP-37\">[37]<\/a><\/sup> AWS does, however, offer a standard managed services portfolio through its AWS Managed Services offering.<sup id=\"rdp-ebb-cite_ref-AWSMana_38-0\" class=\"reference\"><a href=\"#cite_note-AWSMana-38\">[38]<\/a><\/sup> Security and network management is offered as services of AWS Managed Services, but the breadth of that security management is dependent on which operations plan is selected: Accelerate or Advanced. At both levels, security monitoring is provided using AWS GuardDuty\/Amazon Macie. However, it's security conformance, IAM and security review, access management, managed firewall, endpoint protection, and network configuration varies depending on the plan chosen. Consult the <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/managed-services\/features\/\" target=\"_blank\">plan feature table<\/a> on AWS to learn more.<sup id=\"rdp-ebb-cite_ref-AWSManFeat_39-0\" class=\"reference\"><a href=\"#cite_note-AWSManFeat-39\">[39]<\/a><\/sup>\n<\/p><p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.aws.amazon.com\/pdfs\/whitepapers\/latest\/architecting-hipaa-security-and-compliance-on-aws\/architecting-hipaa-security-and-compliance-on-aws.pdf\" target=\"_blank\">Architecting for HIPAA whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.aws.amazon.com\/pdfs\/whitepapers\/latest\/disaster-recovery-workloads-on-aws\/disaster-recovery-workloads-on-aws.pdf\" target=\"_blank\">Disaster Recovery of Workloads whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.aws.amazon.com\/pdfs\/whitepapers\/latest\/introduction-aws-security\/introduction-aws-security.pdf\" target=\"_blank\">Introduction to AWS Security whitepaper<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/blogs\/apn\/the-6-pillars-of-the-aws-well-architected-framework\/\" target=\"_blank\">Amazon Web Services architecture framework or description<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/managed-services\/\" target=\"_blank\">Amazon Web Services Managed Services<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/shared-responsibility-model\/\" target=\"_blank\">Amazon Web Services shared responsibility model<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/programs\/\" target=\"_blank\">Amazon Web Services trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-NovetAmazon21-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NovetAmazon21_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Novet, J. (27 April 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cnbc.com\/2023\/04\/27\/aws-q1-earnings-report-2023.html\" target=\"_blank\">\"Amazon\u2019s 16% cloud revenue growth impresses even as margin narrows\"<\/a>. <i>CNBC<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cnbc.com\/2023\/04\/27\/aws-q1-earnings-report-2023.html\" target=\"_blank\">https:\/\/www.cnbc.com\/2023\/04\/27\/aws-q1-earnings-report-2023.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Amazon%E2%80%99s+16%25+cloud+revenue+growth+impresses+even+as+margin+narrows&rft.atitle=CNBC&rft.aulast=Novet%2C+J.&rft.au=Novet%2C+J.&rft.date=27+April+2023&rft_id=https%3A%2F%2Fwww.cnbc.com%2F2023%2F04%2F27%2Faws-q1-earnings-report-2023.html&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSGlobal-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AWSGlobal_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-AWSGlobal_2-1\">2.1<\/a><\/sup> <sup><a href=\"#cite_ref-AWSGlobal_2-2\">2.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/about-aws\/global-infrastructure\/\" target=\"_blank\">\"Global Infrastructure\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/about-aws\/global-infrastructure\/\" target=\"_blank\">https:\/\/aws.amazon.com\/about-aws\/global-infrastructure\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Global+Infrastructure&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fabout-aws%2Fglobal-infrastructure%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ZhangAmazon22-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ZhangAmazon22_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Zhang, M. (15 June 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/dgtlinfra.com\/amazon-web-services-aws-data-center-locations\/\" target=\"_blank\">\"Amazon Web Services (AWS) Data Center Locations: Regions and Availability Zones\"<\/a>. <i>Dgtl Infra<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/dgtlinfra.com\/amazon-web-services-aws-data-center-locations\/\" target=\"_blank\">https:\/\/dgtlinfra.com\/amazon-web-services-aws-data-center-locations\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Amazon+Web+Services+%28AWS%29+Data+Center+Locations%3A+Regions+and+Availability+Zones&rft.atitle=Dgtl+Infra&rft.aulast=Zhang%2C+M.&rft.au=Zhang%2C+M.&rft.date=15+June+2022&rft_id=https%3A%2F%2Fdgtlinfra.com%2Famazon-web-services-aws-data-center-locations%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSSolutionsLib-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSSolutionsLib_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/solutions\/\" target=\"_blank\">\"AWS Solutions Library\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/solutions\/\" target=\"_blank\">https:\/\/aws.amazon.com\/solutions\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AWS+Solutions+Library&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fsolutions%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSGlidewell17-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSGlidewell17_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210924151843\/https:\/\/www.qlik.com\/us\/-\/media\/files\/resource-library\/global-us\/direct\/case-studies\/cs-glidewell-laboratories-qlik-and-amazon-case-study-en.pdf\" target=\"_blank\">\"Glidewell Laboratories Gains Deeper Data Insights Faster with Amazon Redshift and Attunity\"<\/a> (PDF). Amazon Web Services. 2017. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.qlik.com\/us\/-\/media\/files\/resource-library\/global-us\/direct\/case-studies\/cs-glidewell-laboratories-qlik-and-amazon-case-study-en.pdf\" target=\"_blank\">the original<\/a> on 24 September 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210924151843\/https:\/\/www.qlik.com\/us\/-\/media\/files\/resource-library\/global-us\/direct\/case-studies\/cs-glidewell-laboratories-qlik-and-amazon-case-study-en.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210924151843\/https:\/\/www.qlik.com\/us\/-\/media\/files\/resource-library\/global-us\/direct\/case-studies\/cs-glidewell-laboratories-qlik-and-amazon-case-study-en.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Glidewell+Laboratories+Gains+Deeper+Data+Insights+Faster+with+Amazon+Redshift+and+Attunity&rft.atitle=&rft.date=2017&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210924151843%2Fhttps%3A%2F%2Fwww.qlik.com%2Fus%2F-%2Fmedia%2Ffiles%2Fresource-library%2Fglobal-us%2Fdirect%2Fcase-studies%2Fcs-glidewell-laboratories-qlik-and-amazon-case-study-en.pdf&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSDataEx-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSDataEx_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210425134409\/https:\/\/aws.amazon.com\/data-exchange\/\" target=\"_blank\">\"AWS Data Exchange\"<\/a>. Amazon Web Services. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/data-exchange\/\" target=\"_blank\">the original<\/a> on 28 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210425134409\/https:\/\/aws.amazon.com\/data-exchange\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210425134409\/https:\/\/aws.amazon.com\/data-exchange\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AWS+Data+Exchange&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210425134409%2Fhttps%3A%2F%2Faws.amazon.com%2Fdata-exchange%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSNational14-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSNational14_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/solutions\/case-studies\/openei\/\" target=\"_blank\">\"National Renewable Energy Laboratory\u2019s OpenEI.org Case Study\"<\/a>. Amazon Web Services. 2014<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/solutions\/case-studies\/openei\/\" target=\"_blank\">https:\/\/aws.amazon.com\/solutions\/case-studies\/openei\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=National+Renewable+Energy+Laboratory%E2%80%99s+OpenEI.org+Case+Study&rft.atitle=&rft.date=2014&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fsolutions%2Fcase-studies%2Fopenei%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OzdemirPfizer20-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OzdemirPfizer20_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Ozdemir, D. (29 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/interestingengineering.com\/pfizer-amazon-and-astrazeneca-team-up-to-build-laboratory-in-israel\" target=\"_blank\">\"Pfizer, Amazon, and AstraZeneca Team Up To Build Laboratory in Israel\"<\/a>. <i>Interesting Engineering<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/interestingengineering.com\/pfizer-amazon-and-astrazeneca-team-up-to-build-laboratory-in-israel\" target=\"_blank\">https:\/\/interestingengineering.com\/pfizer-amazon-and-astrazeneca-team-up-to-build-laboratory-in-israel<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Pfizer%2C+Amazon%2C+and+AstraZeneca+Team+Up+To+Build+Laboratory+in+Israel&rft.atitle=Interesting+Engineering&rft.aulast=Ozdemir%2C+D.&rft.au=Ozdemir%2C+D.&rft.date=29+December+2020&rft_id=https%3A%2F%2Finterestingengineering.com%2Fpfizer-amazon-and-astrazeneca-team-up-to-build-laboratory-in-israel&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CokerBuild19-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CokerBuild19_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Coker, S.; Atnoor, D.; Buckner, P. (11 September 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/blogs\/industries\/building-the-foundation-for-lab-of-the-future-using-aws\/\" target=\"_blank\">\"Building the foundation for Lab of the Future using AWS\"<\/a>. <i>AWS for Industries<\/i>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/blogs\/industries\/building-the-foundation-for-lab-of-the-future-using-aws\/\" target=\"_blank\">https:\/\/aws.amazon.com\/blogs\/industries\/building-the-foundation-for-lab-of-the-future-using-aws\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Building+the+foundation+for+Lab+of+the+Future+using+AWS&rft.atitle=AWS+for+Industries&rft.aulast=Coker%2C+S.%3B+Atnoor%2C+D.%3B+Buckner%2C+P.&rft.au=Coker%2C+S.%3B+Atnoor%2C+D.%3B+Buckner%2C+P.&rft.date=11+September+2019&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fblogs%2Findustries%2Fbuilding-the-foundation-for-lab-of-the-future-using-aws%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AbbotCloud-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AbbotCloud_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.starlims.com\/offerings\/cloud-services\/\" target=\"_blank\">\"Cloud Services\"<\/a>. STARLIMS Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.starlims.com\/offerings\/cloud-services\/\" target=\"_blank\">https:\/\/www.starlims.com\/offerings\/cloud-services\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Services&rft.atitle=&rft.pub=STARLIMS+Corporation&rft_id=https%3A%2F%2Fwww.starlims.com%2Fofferings%2Fcloud-services%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSCore17-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSCore17_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20170507183040\/https:\/\/aws.amazon.com\/solutions\/case-studies\/core-informatics\/\" target=\"_blank\">\"Core Informatics Case Study\"<\/a>. Amazon Web Services. 2017. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/solutions\/case-studies\/core-informatics\/\" target=\"_blank\">the original<\/a> on 07 May 2017<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20170507183040\/https:\/\/aws.amazon.com\/solutions\/case-studies\/core-informatics\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20170507183040\/https:\/\/aws.amazon.com\/solutions\/case-studies\/core-informatics\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Core+Informatics+Case+Study&rft.atitle=&rft.date=2017&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20170507183040%2Fhttps%3A%2F%2Faws.amazon.com%2Fsolutions%2Fcase-studies%2Fcore-informatics%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LLXCloud-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LLXCloud_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Casper, C.. <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.lablynx.com\/news-events\/securing-your-lims-in-the-cloud\/\" target=\"_blank\">\"Securing Your LIMS in the Cloud\"<\/a>. LabLynx, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.lablynx.com\/news-events\/securing-your-lims-in-the-cloud\/\" target=\"_blank\">https:\/\/www.lablynx.com\/news-events\/securing-your-lims-in-the-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Securing+Your+LIMS+in+the+Cloud&rft.atitle=&rft.aulast=Casper%2C+C.&rft.au=Casper%2C+C.&rft.pub=LabLynx%2C+Inc&rft_id=https%3A%2F%2Fwww.lablynx.com%2Fnews-events%2Fsecuring-your-lims-in-the-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OrchardAnnounce20-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OrchardAnnounce20_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.orchardsoft.com\/press_release\/orchard-announces-amazon-web-servicebased-cloud-services-solution-for-its-orchard-harvest-customers\/\" target=\"_blank\">\"Orchard Announces Amazon Web Service\u2013based Cloud Services Solution for Its Orchard Harvest Customers\"<\/a>. Orchard Software Corporation. 5 October 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.orchardsoft.com\/press_release\/orchard-announces-amazon-web-servicebased-cloud-services-solution-for-its-orchard-harvest-customers\/\" target=\"_blank\">https:\/\/www.orchardsoft.com\/press_release\/orchard-announces-amazon-web-servicebased-cloud-services-solution-for-its-orchard-harvest-customers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Orchard+Announces+Amazon+Web+Service%E2%80%93based+Cloud+Services+Solution+for+Its+Orchard+Harvest+Customers&rft.atitle=&rft.date=5+October+2020&rft.pub=Orchard+Software+Corporation&rft_id=https%3A%2F%2Fwww.orchardsoft.com%2Fpress_release%2Forchard-announces-amazon-web-servicebased-cloud-services-solution-for-its-orchard-harvest-customers%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSPDEv18-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSPDEv18_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/solutions\/case-studies\/pdevidence\/\" target=\"_blank\">\"PDEvidence Helps Solve Crimes Faster Using Automated AWS-Based System\"<\/a>. Amazon Web Services. 2018<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/solutions\/case-studies\/pdevidence\/\" target=\"_blank\">https:\/\/aws.amazon.com\/solutions\/case-studies\/pdevidence\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=PDEvidence+Helps+Solve+Crimes+Faster+Using+Automated+AWS-Based+System&rft.atitle=&rft.date=2018&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fsolutions%2Fcase-studies%2Fpdevidence%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HallNew20-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HallNew20_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Hall, H. (4 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.rdworldonline.com\/new-deployment-model-optimizes-lims-implementation-in-the-amazon-web-services-cloud\/\" target=\"_blank\">\"New deployment model optimizes LIMS implementation in the Amazon Web Services Cloud\"<\/a>. <i>R&D World<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.rdworldonline.com\/new-deployment-model-optimizes-lims-implementation-in-the-amazon-web-services-cloud\/\" target=\"_blank\">https:\/\/www.rdworldonline.com\/new-deployment-model-optimizes-lims-implementation-in-the-amazon-web-services-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=New+deployment+model+optimizes+LIMS+implementation+in+the+Amazon+Web+Services+Cloud&rft.atitle=R%26D+World&rft.aulast=Hall%2C+H.&rft.au=Hall%2C+H.&rft.date=4+August+2020&rft_id=https%3A%2F%2Fwww.rdworldonline.com%2Fnew-deployment-model-optimizes-lims-implementation-in-the-amazon-web-services-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSApplication-16\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AWSApplication_16-0\">16.0<\/a><\/sup> <sup><a href=\"#cite_ref-AWSApplication_16-1\">16.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/products\/application-integration\/\" target=\"_blank\">\"Application Integration on AWS\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/products\/application-integration\/\" target=\"_blank\">https:\/\/aws.amazon.com\/products\/application-integration\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Application+Integration+on+AWS&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fproducts%2Fapplication-integration%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSOutposts-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSOutposts_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/outposts\/\" target=\"_blank\">\"AWS Outposts\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/outposts\/\" target=\"_blank\">https:\/\/aws.amazon.com\/outposts\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AWS+Outposts&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Foutposts%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-RajamaniFrom20-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-RajamaniFrom20_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Rajamani, S.; Bartley, J. (27 November 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/blogs\/storage\/from-on-premises-to-aws-hybrid-cloud-architecture-for-network-file-shares\/\" target=\"_blank\">\"From on premises to AWS: Hybrid-cloud architecture for network file shares\"<\/a>. <i>AWS Storage Blog<\/i>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/blogs\/storage\/from-on-premises-to-aws-hybrid-cloud-architecture-for-network-file-shares\/\" target=\"_blank\">https:\/\/aws.amazon.com\/blogs\/storage\/from-on-premises-to-aws-hybrid-cloud-architecture-for-network-file-shares\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=From+on+premises+to+AWS%3A+Hybrid-cloud+architecture+for+network+file+shares&rft.atitle=AWS+Storage+Blog&rft.aulast=Rajamani%2C+S.%3B+Bartley%2C+J.&rft.au=Rajamani%2C+S.%3B+Bartley%2C+J.&rft.date=27+November+2020&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fblogs%2Fstorage%2Ffrom-on-premises-to-aws-hybrid-cloud-architecture-for-network-file-shares%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-RIQTop-19\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-RIQTop_19-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">RIQ News Desk. <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.readitquik.com\/articles\/cloud-3\/top-7-aws-outages-that-wreaked-havoc\/\" target=\"_blank\">\"Top 7 AWS Outages That Wreaked Havoc\"<\/a>. <i>ReadITQuik<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.readitquik.com\/articles\/cloud-3\/top-7-aws-outages-that-wreaked-havoc\/\" target=\"_blank\">https:\/\/www.readitquik.com\/articles\/cloud-3\/top-7-aws-outages-that-wreaked-havoc\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+7+AWS+Outages+That+Wreaked+Havoc&rft.atitle=ReadITQuik&rft.aulast=RIQ+News+Desk&rft.au=RIQ+News+Desk&rft_id=https%3A%2F%2Fwww.readitquik.com%2Farticles%2Fcloud-3%2Ftop-7-aws-outages-that-wreaked-havoc%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SwearingenWhen18-20\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SwearingenWhen18_20-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Swearingen, J. (2 March 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/nymag.com\/intelligencer\/2018\/03\/when-amazon-web-services-goes-down-so-does-a-lot-of-the-web.html\" target=\"_blank\">\"When Amazon Web Services Goes Down, So Does a Lot of the Web\"<\/a>. <i>Intelligencer<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/nymag.com\/intelligencer\/2018\/03\/when-amazon-web-services-goes-down-so-does-a-lot-of-the-web.html\" target=\"_blank\">https:\/\/nymag.com\/intelligencer\/2018\/03\/when-amazon-web-services-goes-down-so-does-a-lot-of-the-web.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=When+Amazon+Web+Services+Goes+Down%2C+So+Does+a+Lot+of+the+Web&rft.atitle=Intelligencer&rft.aulast=Swearingen%2C+J.&rft.au=Swearingen%2C+J.&rft.date=2+March+2018&rft_id=https%3A%2F%2Fnymag.com%2Fintelligencer%2F2018%2F03%2Fwhen-amazon-web-services-goes-down-so-does-a-lot-of-the-web.html&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MaloneBusinesses20-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MaloneBusinesses20_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Malone, K. (30 November 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ciodive.com\/news\/aws-outage-cloud-recovery-interoperability\/589844\/\" target=\"_blank\">\"Businesses can avoid cloud provider downtime with redundancy \u2014 but at what cost?\"<\/a>. <i>CIODive<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ciodive.com\/news\/aws-outage-cloud-recovery-interoperability\/589844\/\" target=\"_blank\">https:\/\/www.ciodive.com\/news\/aws-outage-cloud-recovery-interoperability\/589844\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Businesses+can+avoid+cloud+provider+downtime+with+redundancy+%E2%80%94+but+at+what+cost%3F&rft.atitle=CIODive&rft.aulast=Malone%2C+K.&rft.au=Malone%2C+K.&rft.date=30+November+2020&rft_id=https%3A%2F%2Fwww.ciodive.com%2Fnews%2Faws-outage-cloud-recovery-interoperability%2F589844%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSAmazonSLA20-22\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSAmazonSLA20_22-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compute\/sla\/\" target=\"_blank\">\"Amazon Compute Service Level Agreement\"<\/a>. Amazon Web Services. 25 May 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/compute\/sla\/\" target=\"_blank\">https:\/\/aws.amazon.com\/compute\/sla\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Amazon+Compute+Service+Level+Agreement&rft.atitle=&rft.date=25+May+2022&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fcompute%2Fsla%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSCloudfront-23\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSCloudfront_23-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/cloudfront\/\" target=\"_blank\">\"Amazon Cloudfront\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/cloudfront\/\" target=\"_blank\">https:\/\/aws.amazon.com\/cloudfront\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Amazon+Cloudfront&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fcloudfront%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSDataSync-24\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AWSDataSync_24-0\">24.0<\/a><\/sup> <sup><a href=\"#cite_ref-AWSDataSync_24-1\">24.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/datasync\/\" target=\"_blank\">\"AWS DataSync\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/datasync\/\" target=\"_blank\">https:\/\/aws.amazon.com\/datasync\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AWS+DataSync&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fdatasync%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BeerTheImport20-25\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BeerTheImport20_25-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Beer, K. (11 June 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/blogs\/security\/importance-of-encryption-and-how-aws-can-help\/\" target=\"_blank\">\"The importance of encryption and how AWS can help\"<\/a>. <i>AWS Security Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/blogs\/security\/importance-of-encryption-and-how-aws-can-help\/\" target=\"_blank\">https:\/\/aws.amazon.com\/blogs\/security\/importance-of-encryption-and-how-aws-can-help\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+importance+of+encryption+and+how+AWS+can+help&rft.atitle=AWS+Security+Blog&rft.aulast=Beer%2C+K.&rft.au=Beer%2C+K.&rft.date=11+June+2020&rft_id=https%3A%2F%2Faws.amazon.com%2Fblogs%2Fsecurity%2Fimportance-of-encryption-and-how-aws-can-help%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HyunLogical20-26\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HyunLogical20_26-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Hyun, M.; Anderson, T. (29 July 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/blogs\/security\/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era\/\" target=\"_blank\">\"Logical separation: Moving beyond physical isolation in the cloud computing era\"<\/a>. <i>AWS Security Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/blogs\/security\/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era\/\" target=\"_blank\">https:\/\/aws.amazon.com\/blogs\/security\/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Logical+separation%3A+Moving+beyond+physical+isolation+in+the+cloud+computing+era&rft.atitle=AWS+Security+Blog&rft.aulast=Hyun%2C+M.%3B+Anderson%2C+T.&rft.au=Hyun%2C+M.%3B+Anderson%2C+T.&rft.date=29+July+2020&rft_id=https%3A%2F%2Faws.amazon.com%2Fblogs%2Fsecurity%2Flogical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSPenetrat-27\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AWSPenetrat_27-0\">27.0<\/a><\/sup> <sup><a href=\"#cite_ref-AWSPenetrat_27-1\">27.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/security\/penetration-testing\/\" target=\"_blank\">\"Penetration Testing\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/security\/penetration-testing\/\" target=\"_blank\">https:\/\/aws.amazon.com\/security\/penetration-testing\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Penetration+Testing&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fsecurity%2Fpenetration-testing%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HackerOneAmazon-28\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HackerOneAmazon_28-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/hackerone.com\/amazonvrp?type=team\" target=\"_blank\">\"Amazon Vulnerability Research Program\"<\/a>. HackerOne. April 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/hackerone.com\/amazonvrp?type=team\" target=\"_blank\">https:\/\/hackerone.com\/amazonvrp?type=team<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Amazon+Vulnerability+Research+Program&rft.atitle=&rft.date=April+2020&rft.pub=HackerOne&rft_id=https%3A%2F%2Fhackerone.com%2Famazonvrp%3Ftype%3Dteam&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSRisk21-29\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSRisk21_29-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-risk-and-compliance\/aws-risk-and-compliance-program.html\" target=\"_blank\">\"AWS risk and compliance program\"<\/a>. <i>Amazon Web Services: Risk and Compliance<\/i>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-risk-and-compliance\/aws-risk-and-compliance-program.html\" target=\"_blank\">https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-risk-and-compliance\/aws-risk-and-compliance-program.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AWS+risk+and+compliance+program&rft.atitle=Amazon+Web+Services%3A+Risk+and+Compliance&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Fdocs.aws.amazon.com%2Fwhitepapers%2Flatest%2Faws-risk-and-compliance%2Faws-risk-and-compliance-program.html&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSIntrusion-30\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSIntrusion_30-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/d1.awsstatic.com\/Marketplace\/scenarios\/security\/SEC_01_TSB_Final.pdf\" target=\"_blank\">\"Intrusion Detection Systems and Intrusion Prevention Systems for EC2 Instances\"<\/a> (PDF). Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/d1.awsstatic.com\/Marketplace\/scenarios\/security\/SEC_01_TSB_Final.pdf\" target=\"_blank\">https:\/\/d1.awsstatic.com\/Marketplace\/scenarios\/security\/SEC_01_TSB_Final.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Intrusion+Detection+Systems+and+Intrusion+Prevention+Systems+for+EC2+Instances&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Fd1.awsstatic.com%2FMarketplace%2Fscenarios%2Fsecurity%2FSEC_01_TSB_Final.pdf&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MegiddoHowYou21-31\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MegiddoHowYou21_31-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Megiddo, A. (12 March 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/blogs\/security\/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account\/\" target=\"_blank\">\"How you can use Amazon GuardDuty to detect suspicious activity within your AWS account\"<\/a>. <i>AWS Security Blog<\/i>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/blogs\/security\/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account\/\" target=\"_blank\">https:\/\/aws.amazon.com\/blogs\/security\/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+you+can+use+Amazon+GuardDuty+to+detect+suspicious+activity+within+your+AWS+account&rft.atitle=AWS+Security+Blog&rft.aulast=Megiddo%2C+A.&rft.au=Megiddo%2C+A.&rft.date=12+March+2021&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fblogs%2Fsecurity%2Fhow-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSPrivacy-32\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSPrivacy_32-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/privacy\/\" target=\"_blank\">\"Privacy Notice\"<\/a>. Amazon Web Services. 30 June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/privacy\/\" target=\"_blank\">https:\/\/aws.amazon.com\/privacy\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Privacy+Notice&rft.atitle=&rft.date=30+June+2023&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fprivacy%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSHIPAA-33\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSHIPAA_33-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/hipaa-compliance\/\" target=\"_blank\">\"HIPAA\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/compliance\/hipaa-compliance\/\" target=\"_blank\">https:\/\/aws.amazon.com\/compliance\/hipaa-compliance\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=HIPAA&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fcompliance%2Fhipaa-compliance%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSAgreement-34\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSAgreement_34-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/agreement\/\" target=\"_blank\">\"AWS Customer Agreement\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/agreement\/\" target=\"_blank\">https:\/\/aws.amazon.com\/agreement\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AWS+Customer+Agreement&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fagreement%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSFailure-35\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSFailure_35-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.aws.amazon.com\/wellarchitected\/latest\/reliability-pillar\/failure-management.html\" target=\"_blank\">\"Failure Management\"<\/a>. <i>Reliability Pillar<\/i>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.aws.amazon.com\/wellarchitected\/latest\/reliability-pillar\/failure-management.html\" target=\"_blank\">https:\/\/docs.aws.amazon.com\/wellarchitected\/latest\/reliability-pillar\/failure-management.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Failure+Management&rft.atitle=Reliability+Pillar&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Fdocs.aws.amazon.com%2Fwellarchitected%2Flatest%2Freliability-pillar%2Ffailure-management.html&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OlesAGuide19-36\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OlesAGuide19_36-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Oles, B. (14 August 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/severalnines.com\/blog\/guide-automated-cloud-database-deployments\/\" target=\"_blank\">\"A Guide to Automated Cloud Database Deployments\"<\/a>. <i>SeveralNines<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/severalnines.com\/blog\/guide-automated-cloud-database-deployments\/\" target=\"_blank\">https:\/\/severalnines.com\/blog\/guide-automated-cloud-database-deployments\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=A+Guide+to+Automated+Cloud+Database+Deployments&rft.atitle=SeveralNines&rft.aulast=Oles%2C+B.&rft.au=Oles%2C+B.&rft.date=14+August+2019&rft_id=https%3A%2F%2Fseveralnines.com%2Fblog%2Fguide-automated-cloud-database-deployments%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSMSSP-37\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSMSSP_37-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/mssp\/\" target=\"_blank\">\"AWS Managed Security Service Providers\"<\/a>. AWS<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/mssp\/\" target=\"_blank\">https:\/\/aws.amazon.com\/mssp\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AWS+Managed+Security+Service+Providers&rft.atitle=&rft.pub=AWS&rft_id=https%3A%2F%2Faws.amazon.com%2Fmssp%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSMana-38\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSMana_38-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/managed-services\/\" target=\"_blank\">\"AWS Managed Services\"<\/a>. AWS<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/managed-services\/\" target=\"_blank\">https:\/\/aws.amazon.com\/managed-services\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AWS+Managed+Services&rft.atitle=&rft.pub=AWS&rft_id=https%3A%2F%2Faws.amazon.com%2Fmanaged-services%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSManFeat-39\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSManFeat_39-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/managed-services\/features\/\" target=\"_blank\">\"AWS Managed Services Features\"<\/a>. AWS<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/managed-services\/features\/\" target=\"_blank\">https:\/\/aws.amazon.com\/managed-services\/features\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=AWS+Managed+Services+Features&rft.atitle=&rft.pub=AWS&rft_id=https%3A%2F%2Faws.amazon.com%2Fmanaged-services%2Ffeatures%2F&rfr_id=info:sid\/en.wikipedia.org:Amazon_Web_Services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816042737\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.354 seconds\nReal time usage: 0.375 seconds\nPreprocessor visited node count: 27343\/1000000\nPost\u2010expand include size: 157970\/2097152 bytes\nTemplate argument size: 65491\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 53247\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 329.156 1 -total\n 83.01% 273.238 1 Template:Reflist\n 71.16% 234.235 39 Template:Cite_web\n 66.16% 217.783 39 Template:Citation\/core\n 12.13% 39.922 1 Template:Infobox_company\n 10.97% 36.120 1 Template:Infobox\n 10.40% 34.243 20 Template:Date\n 7.04% 23.159 81 Template:Infobox\/row\n 4.39% 14.440 57 Template:Citation\/make_link\n 1.95% 6.431 1 Template:URL\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12472-0!canonical and timestamp 20230816042737 and revision id 52682. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Amazon_Web_Services\">https:\/\/www.limswiki.org\/index.php\/Amazon_Web_Services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","aa59005d6d3f6c0608f84c7ec811f8d6_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/0\/02\/512px-Amazon_Web_Services_Logo.png"],"aa59005d6d3f6c0608f84c7ec811f8d6_timestamp":1692220361,"e9be3baac342297a3bdc810f251aaa22_type":"article","e9be3baac342297a3bdc810f251aaa22_title":"Alibaba Cloud","e9be3baac342297a3bdc810f251aaa22_url":"https:\/\/www.limswiki.org\/index.php\/Alibaba_Cloud","e9be3baac342297a3bdc810f251aaa22_plaintext":"\n\nAlibaba CloudFrom LIMSWikiJump to navigationJump to searchAlibaba Cloud\nIndustry\n \nCloud computing, Web servicesFounder(s)\n \nJack MaHeadquarters\n \nHangzhou , China Area served\n \nWorldwideKey people\n \nDaniel Zhang (CEO)Products\n \nIaaS, PaaS, SaaS, DBaaSRevenue\n \n$2.71 billion (Q1 2023)[1]Parent\n \nAlibaba GroupWebsite\n \nalibabacloud.com \n\n\r\n\nAlibaba Cloud ( also known as Aliyun) is a Chinese cloud computing company that provides public, private, hybrid, and multicloud solutions to enterprises, organizations, governments, and individuals. Alibaba has data centers primarily in China but also some outside of China, including North America, Europe, the Middle East, Australia, Japan, and other parts of the Asia Pacific region.[2] The company provides more than 100 different products and services representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, cloud communication, data analysis, media management, container and middleware management, developer support, internet of things, and artificial intelligence.[3]\nIn May 2023, the company approved the spin off its cloud division, the Cloud Intelligence Group, \"via a stock dividend distribution to shareholders, aiming to complete the public listing within the next 12 months.\"[1][4]\n\nContents \n\n1 Provider research \n2 Managed security services \n3 Additional information \n\n3.1 Documentation and other media \n3.2 External links \n\n\n4 References \n\n\n\nProvider research \nThis section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n\r\n\n1. What experience do you have working with laboratory customers in our specific industry?\nThis question must be asked of the cloud provider yourself to gain a true understanding of how they may have worked with labs in your industry. However, here's a little background on Alibaba's connections with laboratories in general, based off publicly available information. According to Alibaba Cloud, their services have received \"regular and stringent evaluations\" by the China National Accreditation Service for Conformity Assessment (CNAS) and its accredited body the State Information Center Software Testing Center.[5] CNAS is known to be the same accreditation body that is also responsible for the accreditation of laboratories in China.[6] This in itself doesn't mean Alibaba has strong experience working with laboratories, but it is nonetheless encouraging\u2014particularly if CNAS accreditation is rigorous\u2014that Alibaba has been seemingly been vetted by CNAS. As for direct experience with laboratories, Alibaba reportedly had interactions with some laboratories as part of a COVID-19 initiative in 2020.[7] Laboratories that do or at some point have worked off Alibaba Cloud as part of their tech stack include Anbison Laboratories[8] and BGI Genomics[9].\n\r\n\n2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nLike question one, it will ultimately be up to your organization to get an answer tailored to your systems and business processes. However, this much can be said about Alibaba integrations. The company provides a Data Integration product described as \"a stable, efficient, and scalable data synchronization service. It is designed to migrate and synchronize data between various heterogeneous data sources in complex network environments at a high speed and in a stable manner.\" This appears to be primarily for data synchronization among supported structured, semi-structured, and unstructured data stores, not data consumption.[10] Consult their documentation on data integration for more details. Alibaba also discusses hybrid integration of your organization's backend systems here, and the company leans on its Elastic Compute Service, Server Load Balancer, Express Connect, and Virtual Private Cloud to do this. The company also provides a one-page sheet explaining how it handles backend system integration. Again, your existing systems and business processes may need to be altered slightly to work with Alibaba's services, which is why you'll be asking this question.\n\r\n\n3. What is the average total historical downtime for the service(s) we're interested in?\nLittle public information is made available about historic outages and downtime. You'll largely have to ask this of Alibaba and see what response they give you. Alibaba has demonstrated a desire to increase availability and make increases in availability in multiple areas of its services, including a push to \"99.995 percent availability for services deployed across multiple availability zones within a cloud region\" and \"99.975 percent for single instances.\"[11] You may wish to consult Alibaba Cloud's lengthy whitepaper on the architecture and availability of its solutions. That said, outages have been reported in 2015[12], 2019[13], and 2022.[14]\n\r\n\n4. Do we receive comprehensive downtime support in the case of downtime?\nAlibaba does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with Alibaba what downtime support they provide based on the services your organization are interested in.\n\r\n\n5. Where are your servers located, and how is data securely transferred to and from those servers?\nAlibaba has data centers primarily in China but also some outside of China, including North America, Europe, the Middle East, Australia, Japan, and other parts of the Asia Pacific region. Alibaba uses its Content Delivery Network, which \"distributes user requests to the most suitable nodes, allowing the fastest possible retrieval of requested content.\"[2] Alibaba addresses data transmission security in its security whitepaper on pages 133 (in regards to its cryptographic service) and 163 (in regards to the entire service), mentioning the standard trifecta of HTTPS, VPN gateways, and SSL certificates. In regards to data localization requirements, it's not clear how Alibaba honors those requirements on a superficial level; you'll have to have direct discussions with the Alibaba and review their compliance materials in regards to any data localization requirements you may have. Tangentially, a 2020 report stated that Alibaba finds data localization requirements in regulatory models such as Europe's General Data Protection Regulation (GDPR) to be too stifling and has been petitioning the Chinese government to take a more light-handed approach to data localization.[15] Despite this, China has marched ahead with its data localization requirements into 2023, causing some multinational organization to rethink their market strategy.[16]\n\r\n\n6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nAlibaba discusses personnel management in regards to physical data security in its security whitepaper on pages 15\u201318. However, it does not reference the certifications and training required for those who have permission to access your data. (Though certifications like the ACA Cloud Security Certification apparently exist.) You will have to inquire with Alibaba about these considerations when asking this question.\n\r\n\n7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nNot all Alibaba machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n\r\n\n8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nIt does not appear that Alibaba supports physical separation approaches to sensitive and regulated data. They cite \"a higher cost structure and lower utilization resulting from less efficient use of space as well as limited redundancy options and features\" in regards to physical separation practices. They argue that logical separation is a better approach \"via logical access controls, permission management, network traffic routing, and encryption.\" They add that uses needing to meet \"security outcomes equivalent to physical separation\" can also take advantage of a virtual private cloud \"or use encryption solutions to encrypt data at-rest and in-transit.\"[17]\nAlibaba does, however, address the concept of tenant isolation in its security whitepaper in multiple places. Tenant isolation is enabled by default on Alibaba. This is largely accomplished with virtualization methods. Reference section 5.1.3.1 of the whitepaper for more details. Further technical details, if required, may be garnered in discussion with Alibaba.\n\r\n\n9. Do you have documented data security policies?\nAlibaba documents its security practices in several places:\n\nAlibaba security whitepaper\nAlibaba security page\nAlibaba trust center\nSome security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an Alibaba representative to obtain them.\n\r\n\n10. How do you test your platform's security?\nIn its security whitepaper, Alibaba addresses penetration testing (page 27), noting they use \"attack-and-defense drills ... designed to objectively test the defense and threat detection capabilities of Alibaba Cloud, enhance the core security capabilities of Alibaba Cloud, and improve the security defense system.\"[18] For more on these drills, discuss the topic with Alibaba. There are other scattered pieces of information related to non-Alibaba personnel testing the platform. For example, an Alibaba user can apply for a license to conduct penetration tests for Alibaba Cloud products.[19] Alibaba also appears to have had a Crowdsourced Security Testing program[20], but much of the documentation about the program seems to have gone missing from the Alibaba Cloud site. A page detailing how to register for the program also disappeared[21], and as such, it's not clear how active the program is today. A related set of vulnerability rewards programs, encouraging people to test Alibaba's security, may also still be available through the Alibaba Security Response Center.\n\r\n\n11. What are your policies for security audits, intrusion detection, and intrusion reporting?\nAudits: Alibaba cooperates \"with independent third-party security regulation and audit agencies to audit and evaluate the security and compliance stance of Alibaba Cloud.\"[18] This is demonstrated by its compliance credentials (e.g., see pages 6\u201310 of the company's security whitepaper or its trust center). Alibaba also provides tools to customers (e.g., Cloud Config) allowing them to run their own security audits on their own data.[18][22]\nIntrusion detection and reporting: Alibaba Cloud allows users to install a small app called Security Center on their virtual machines (VMs) that can handle intrusion detection in real time. Per the security whitepaper, \"intrusion detection for VMs includes remote logon detection, Webshell detection and removal, anomaly detection (detection of abnormal process behaviors and abnormal network connections), and detection of changes in key files and suspicious accounts in systems and applications. Security Center can also intelligently learn application whitelists.\" This same app can also be used with Alibaba's Container Service. Intrusion detection services are also found within Alibaba's Cloud Firewall.[18] In the case of Cloud Firewall, reporting is included.[23] Reporting is presumably also a component of Security Center; confirm this with Alibaba.\n\r\n\n12. What data logging information is kept and acted upon in relation to our data?\nMentions of a \"central logging platform\" are made in both the company's security whitepaper and its SOC 3 report. The SOC 3 report in particular says this[24]:\n\nLogs of activities performed on the cloud platform collected through the central logging platform are imported into real-time and offline computing platforms. Logs are processed and analysed through security monitoring algorithms in each computing platform for anomaly analysis and detection.\nIt's not clear, however, to what extent logging information is stored and acted upon in regards to a specific customer. Discuss this topic further with an Alibaba representative.\n\r\n\n13. How thorough are those logs and can we audit them on-demand?\nPresumably, any logging related to Cloud Config, Security Center, Cloud Firewall, etc. are available to authorized users, though the fine details of this should be confirmed with Alibaba. In regards to auditing internal operation logs, Alibaba has this to say[18]:\n\nAlthough Alibaba Cloud has obtained industry-leading third-party compliance certifications, efforts must also be made to give users the confidence that their data and resources are properly protected and managed within the cloud platform. To this end, Alibaba Cloud provides the ability to make relevant internal operations transparent to the users by providing internal operation logs in selected products (such as OSS). This allows users to monitor and audit internal cloud platform operations when using Alibaba Cloud products.\n\r\n\n14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nYes, Alibaba will sign a business associate agreement.[25] Consult their HIPAA whitepaper for more details on their approach to HIPAA compliance.\n\r\n\n15. What happens to our data should the contract expire or be terminated?\nDirect your attention to the service agreement associated with the product you use. Some service agreements for particular products are available in the Alibaba Cloud Document Center, while others may be difficult to track down. If you can't find the details of a service agreement for the product you're interested in, address this with an Alibaba representative. That said, here's an example from the Alibaba Terms of Service[26]\n\nWhen the service period expires, the service is terminated in advance (including early termination agreed by both parties, early termination due to other reasons, etc.) or you have arrears, unless otherwise specified by laws and regulations, required by the competent department or agreed by both parties, Alibaba Cloud will only continue to store your user business data (if any) within a certain buffer period (subject to the time limit specified in the proprietary terms, product documents, service instructions, etc. applicable to the service you ordered). At the end of the buffer period, Alibaba Cloud will delete all user business data, including all cached or backup copies, and will no longer retain any of your user business data ... Once the user's business data is deleted, it cannot be recovered; You should bear the consequences and responsibilities arising from the deletion of data. You understand and agree that Alibaba Cloud has no obligation to continue to retain, export or return user business data.\n\r\n\n16. What happens to our data should you go out of business or suffer a catastrophic event?\nIt's not publicly clear how Alibaba would handle your data should they go out of business; consult with an Alibaba representative about this topic. As for catastrophic events, Alibaba's Object Storage Service (OSS) is based on zone-redundant storage (ZRS). \"ZRS distributes user data across three zones within the same region. Even if one zone becomes unavailable, the data is still accessible. The ZRS feature can provide data durability (designed for) of 99.9999999999% (twelve 9's) and service availability of 99.995%.\"[27] It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with an Alibaba representative. \n\r\n\n17. Can we use your interface to extract our data when we want, and in what format will it be?\nAlibaba doesn't make it 100 percent publicly clear how data migration from Alibaba to another cloud service would work. However, they do outline several other data migration scenarios, including the scenario of migrating from Alibaba Cloud to an on-premises system. It's unclear whether or not a third-party cloud transfer service would be required or useful when moving from Alibaba Cloud to another cloud service. In the end, if there are still questions on this topic, discuss it with an Alibaba representative.\n\r\n\n18. Are your support services native or outsourced\/offshored?\nIt is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an Alibaba representative.\n\nManaged security services \nAlibaba Cloud Managed Security Service is described by Alibaba as \"a security technology and consulting service designed to establish, and optimize, security protection systems so that users can ensure the security of their business on the cloud.\"[28] The company primarily touts managed detection and response, security assessment, and security hardening as part of its MSS. This includes[28]:\n\nManaged detection and response: overall security consulting, security monitoring and inspection, incident response, and cloud application and hardware configuration\nSecurity assessment: online assessment and scanning of current security system, data analysis from that assessment and scanning, and reporting of data and recommendations\nSecurity hardening: reinforcement range confirmation, hardening plan development, and plan implementation and testing\n\r\n\n\nAdditional information \nDocumentation and other media \nAvailability whitepaper\nHIPAA whitepaper\nSecurity whitepaper\nExternal links \nAlibaba Cloud architecture framework or description\nAlibaba Cloud Managed Security Service\nAlibaba Cloud shared responsibility model\nAlibaba Cloud trust center\nReferences \n\n\n\u2191 1.0 1.1 Wulhelm, A. (18 May 2023). \"Alibaba\u2019s cloud spinoff may serve as a good yardstick to value other major players\". Tech Crunch. https:\/\/techcrunch.com\/2023\/05\/18\/alibaba-cloud-spin-off-analysis\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 2.0 2.1 \"Alibaba Cloud's Global Infrastructure\". Alibaba Cloud. https:\/\/www.alibabacloud.com\/global-locations . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Alibaba Cloud Products & Services\". Alibaba Cloud. https:\/\/www.alibabacloud.com\/product . Retrieved 28 July 2023 .   \n \n\n\u2191 Mahta, C.; Horwitz, J. (18 May 2023). \"Alibaba misses revenue estimate, approves cloud unit spinoff\". Reuters. https:\/\/www.reuters.com\/business\/retail-consumer\/alibaba-fourth-quarter-revenue-rises-2-2023-05-18\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"CNAS\". Alibaba Cloud. https:\/\/www.alibabacloud.com\/trust-center\/cnas . Retrieved 28 July 2023 .   \n \n\n\u2191 \"CNAS Introduction\". China National Accreditation Service for Conformity Assessment. https:\/\/www.cnas.org.cn\/english\/introduction\/12\/718683.shtml . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Alibaba Cloud Offers AI, Cloud Services to Help Battle Covid-19 Globally\". Alibaba Cloud. 19 March 2020. https:\/\/www.alibabacloud.com\/press-room\/alibaba-cloud-ai-cloud-services-to-help-battle-covid-19 . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Anbison Laboratories\". ZoomInfo. https:\/\/www.zoominfo.com\/c\/anbison-laboratories-co-ltd\/345850572 . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Unleashing the Power of Precision Medicine Using the Hybrid Cloud\" (PDF). Intel. 2016. Archived from the original on 09 April 2021. https:\/\/web.archive.org\/web\/20210409184731\/https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/white-papers\/unleashing-power-of-precision-medicine-hybrid-cloud-paper.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Data Integration: Overview\". Alibaba Cloud. 10 April 2023. https:\/\/www.alibabacloud.com\/help\/en\/dataworks\/user-guide\/overview-6 . Retrieved 28 July 2023 .   \n \n\n\u2191 Mah, P. (2 January 2020). \"Alibaba Cloud upgrades SLA for multi-zone instances\". Data Center Dynamics. https:\/\/www.datacenterdynamics.com\/en\/news\/alibaba-cloud-upgrades-sla-multi-zone-instances\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Mah, P. (26 June 2015). \"Aliyun cloud suffers prolonged disruption in Hong Kong\". Data Center Dynamics. https:\/\/www.datacenterdynamics.com\/en\/news\/aliyun-cloud-suffers-prolonged-disruption-in-hong-kong\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Fu, Y. (3 March 2019). \"Alibaba Cloud Reports IO Hang Error in North China\". EqualOcean. https:\/\/equalocean.com\/news\/201903031507 . Retrieved 28 July 2023 .   \n \n\n\u2191 Liao, R. (29 December 2022). \"Alibaba CEO to oversee cloud arm following major server outage\". TechCrunch. https:\/\/techcrunch.com\/2022\/12\/29\/alibaba-reshuffle-2022\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Lu, X. (4 June 2020). \"Is China Changing Its Thinking on Data Localization?\". The Diplomat. https:\/\/thediplomat.com\/2020\/06\/is-china-changing-its-thinking-on-data-localization\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Cline, J. (25 October 2022). \"China\u2019s new data-transfer mandate prompting multinationals to rethink market strategy\". PwC. https:\/\/www.pwc.com\/us\/en\/tech-effect\/cybersecurity\/security-assessments-for-china-cross-border-data-transfers.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Security Compliance FAQs\". Alibaba Cloud. https:\/\/www.alibabacloud.com\/trust-center\/faq . Retrieved 28 July 2023 .   \n \n\n\u2191 18.0 18.1 18.2 18.3 18.4 \"Alibaba Cloud Security White Paper - International Edition, Version 2.1\" (PDF). Alibaba Cloud. February 2021. https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Apply for a penetration test license\". Alibaba Cloud. 6 March 2019. https:\/\/www.alibabacloud.com\/help\/en\/security-control\/latest\/apply-for-a-penetration-test-license . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Alibaba Cloud Crowdsourced Security Testing\" (PDF). Alibaba Cloud. 16 May 2019. http:\/\/static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com\/download\/pdf\/DNXIAN1846009_en-US_intl_190516194424_public_8c46d47183231dcdd2ff90881a425617.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Crowdsourced security testing platform procedure for enterprises\". Alibaba Cloud. 13 January 2020. Archived from the original on 10 April 2021. https:\/\/web.archive.org\/web\/20210101000000*\/https:\/\/www.alibabacloud.com\/help\/doc-detail\/28394.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cloud Config\". Alibaba Cloud. https:\/\/www.alibabacloud.com\/product\/cloud-config . Retrieved 28 July 2023 .   \n \n\n\u2191 Kaushik, S. (27 January 2021). \"Alibaba Cloud Firewall: The Next-Gen Firewall as a Service\". Medium. https:\/\/alibaba-cloud.medium.com\/alibaba-cloud-firewall-the-next-gen-firewall-as-a-service-836f524d8392 . Retrieved 28 July 2023 .   \n \n\n\u2191 \"System and Organization Controls 3 Report Report on Alibaba Cloud\u2019s Cloud Services System\" (PDF). Alibaba Cloud. 1 November 2018. https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/video\/Alibaba%20Cloud_%20SOC3_Report%20_EN_Final.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"HIPAA\/HITECH\". Alibaba Cloud. https:\/\/www.alibabacloud.com\/trust-center\/hipaa . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Terms of Services\". Alibaba Cloud. 20 January 2023. https:\/\/www.alibabacloud.com\/help\/en\/advisor\/latest\/terms-of-service . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Disaster recovery\". Alibaba Cloud. 17 May 2023. https:\/\/www.alibabacloud.com\/help\/en\/oss\/support\/disaster-recovery . Retrieved 28 July 2023 .   \n \n\n\u2191 28.0 28.1 \"Managed Security Service\". Alibaba Cloud. https:\/\/www.alibabacloud.com\/product\/mss . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Alibaba_Cloud\">https:\/\/www.limswiki.org\/index.php\/Alibaba_Cloud<\/a>\nNavigation menuPage actionsPageDiscussionView sourceHistoryPage actionsPageDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 28 July 2023, at 16:00.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 2,090 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","e9be3baac342297a3bdc810f251aaa22_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Alibaba_Cloud rootpage-Alibaba_Cloud skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Alibaba Cloud<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n<p><br \/>\n<b>Alibaba Cloud<\/b> ( also known as <b>Aliyun<\/b>) is a Chinese <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> company that provides public, private, hybrid, and multicloud solutions to enterprises, organizations, governments, and individuals. Alibaba has data centers primarily in China but also some outside of China, including North America, Europe, the Middle East, Australia, Japan, and other parts of the Asia Pacific region.<sup id=\"rdp-ebb-cite_ref-AlibabaGlobal_2-0\" class=\"reference\"><a href=\"#cite_note-AlibabaGlobal-2\">[2]<\/a><\/sup> The company provides more than 100 different products and services representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, cloud communication, <a href=\"https:\/\/www.limswiki.org\/index.php\/Data_analysis\" title=\"Data analysis\" class=\"wiki-link\" data-key=\"545c95e40ca67c9e63cd0a16042a5bd1\">data analysis<\/a>, media management, container and <a href=\"https:\/\/www.limswiki.org\/index.php\/Middleware\" title=\"Middleware\" class=\"wiki-link\" data-key=\"82ee1d9577571b4f9e4d83d6d6124c81\">middleware<\/a> management, developer support, <a href=\"https:\/\/www.limswiki.org\/index.php\/Internet_of_things\" title=\"Internet of things\" class=\"wiki-link\" data-key=\"13e0b826fa1770fe4bea72e3cb942f0f\">internet of things<\/a>, and <a href=\"https:\/\/www.limswiki.org\/index.php\/Artificial_intelligence\" title=\"Artificial intelligence\" class=\"wiki-link\" data-key=\"0c45a597361ca47e1cd8112af676276e\">artificial intelligence<\/a>.<sup id=\"rdp-ebb-cite_ref-AlibabaCloudProducts_3-0\" class=\"reference\"><a href=\"#cite_note-AlibabaCloudProducts-3\">[3]<\/a><\/sup>\n<\/p><p>In May 2023, the company approved the spin off its cloud division, the Cloud Intelligence Group, \"via a stock dividend distribution to shareholders, aiming to complete the public listing within the next 12 months.\"<sup id=\"rdp-ebb-cite_ref-WulhelmAlibaba23_1-1\" class=\"reference\"><a href=\"#cite_note-WulhelmAlibaba23-1\">[1]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-MehtaAlibaba23_4-0\" class=\"reference\"><a href=\"#cite_note-MehtaAlibaba23-4\">[4]<\/a><\/sup>\n<\/p>\n\n\n<h2><span class=\"mw-headline\" id=\"Provider_research\">Provider research<\/span><\/h2>\n<p>This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\" title=\"LII:Choosing and Implementing a Cloud-based Service for Your Laboratory\" class=\"wiki-link\" data-key=\"a51267fd73f6c39f0130677409233940\">Choosing and Implementing a Cloud-based Service for Your Laboratory<\/a><\/i>. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.\n<\/p><p><br \/>\n1. <b>What experience do you have working with laboratory customers in our specific industry?<\/b>\n<\/p><p>This question must be asked of the cloud provider yourself to gain a true understanding of how they may have worked with <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">labs<\/a> in your industry. However, here's a little background on Alibaba's connections with laboratories in general, based off publicly available information. According to Alibaba Cloud, their services have received \"regular and stringent evaluations\" by the China National Accreditation Service for Conformity Assessment (CNAS) and its accredited body the State Information Center Software Testing Center.<sup id=\"rdp-ebb-cite_ref-AlibabaCNAS_5-0\" class=\"reference\"><a href=\"#cite_note-AlibabaCNAS-5\">[5]<\/a><\/sup> CNAS is known to be the same accreditation body that is also responsible for the accreditation of laboratories in China.<sup id=\"rdp-ebb-cite_ref-CNSASIntro_6-0\" class=\"reference\"><a href=\"#cite_note-CNSASIntro-6\">[6]<\/a><\/sup> This in itself doesn't mean Alibaba has strong experience working with laboratories, but it is nonetheless encouraging\u2014particularly if CNAS accreditation is rigorous\u2014that Alibaba has been seemingly been vetted by CNAS. As for direct experience with laboratories, Alibaba reportedly had interactions with some laboratories as part of a <a href=\"https:\/\/www.limswiki.org\/index.php\/COVID-19\" class=\"mw-redirect wiki-link\" title=\"COVID-19\" data-key=\"da9bd20c492b2a17074ad66c2fe25652\">COVID-19<\/a> initiative in 2020.<sup id=\"rdp-ebb-cite_ref-AlibabaCOVID20_7-0\" class=\"reference\"><a href=\"#cite_note-AlibabaCOVID20-7\">[7]<\/a><\/sup> Laboratories that do or at some point have worked off Alibaba Cloud as part of their tech stack include Anbison Laboratories<sup id=\"rdp-ebb-cite_ref-ZoomInfoAnbison_8-0\" class=\"reference\"><a href=\"#cite_note-ZoomInfoAnbison-8\">[8]<\/a><\/sup> and BGI Genomics<sup id=\"rdp-ebb-cite_ref-IntelUnleash16_9-0\" class=\"reference\"><a href=\"#cite_note-IntelUnleash16-9\">[9]<\/a><\/sup>.\n<\/p><p><br \/>\n2. <b>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/b>\n<\/p><p>Like question one, it will ultimately be up to your organization to get an answer tailored to your systems and business processes. However, this much can be said about Alibaba integrations. The company provides a Data Integration product described as \"a stable, efficient, and scalable data synchronization service. It is designed to migrate and synchronize data between various heterogeneous data sources in complex network environments at a high speed and in a stable manner.\" This appears to be primarily for data synchronization among supported structured, semi-structured, and unstructured data stores, not data consumption.<sup id=\"rdp-ebb-cite_ref-AlibabaDataInt21_10-0\" class=\"reference\"><a href=\"#cite_note-AlibabaDataInt21-10\">[10]<\/a><\/sup> Consult their documentation on <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/help\/en\/dataworks\/user-guide\/overview-6\" target=\"_blank\">data integration<\/a> for more details. Alibaba also discusses hybrid integration of your organization's backend systems <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/solutions\/hybrid\/backend-integration\" target=\"_blank\">here<\/a>, and the company leans on its Elastic Compute Service, Server Load Balancer, Express Connect, and Virtual Private Cloud to do this. The company also provides a one-page sheet explaining how it handles <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/Hybrid_Cloud_Solution\/One%20Pager%20-%20Hybrid%20Cloud%20Backend%20System%20Integration.pdf?spm=a3c0i.9133035.7801883710.7.4a3d3441icYWXn&file=One%20Pager%20-%20Hybrid%20Cloud%20Backend%20System%20Integration.pdf\" target=\"_blank\">backend system integration<\/a>. Again, your existing systems and business processes may need to be altered slightly to work with Alibaba's services, which is why you'll be asking this question.\n<\/p><p><br \/>\n3. <b>What is the average total historical downtime for the service(s) we're interested in?<\/b>\n<\/p><p>Little public information is made available about historic outages and downtime. You'll largely have to ask this of Alibaba and see what response they give you. Alibaba has demonstrated a desire to increase availability and make increases in availability in multiple areas of its services, including a push to \"99.995 percent availability for services deployed across multiple availability zones within a cloud region\" and \"99.975 percent for single instances.\"<sup id=\"rdp-ebb-cite_ref-MahAlibabaUpg20_11-0\" class=\"reference\"><a href=\"#cite_note-MahAlibabaUpg20-11\">[11]<\/a><\/sup> You may wish to consult Alibaba Cloud's <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20solution%20High%20availability%20solution%2020210322-updated.pdf\" target=\"_blank\">lengthy whitepaper<\/a> on the architecture and availability of its solutions. That said, outages have been reported in 2015<sup id=\"rdp-ebb-cite_ref-MahAliyun15_12-0\" class=\"reference\"><a href=\"#cite_note-MahAliyun15-12\">[12]<\/a><\/sup>, 2019<sup id=\"rdp-ebb-cite_ref-FuAlibaba19_13-0\" class=\"reference\"><a href=\"#cite_note-FuAlibaba19-13\">[13]<\/a><\/sup>, and 2022.<sup id=\"rdp-ebb-cite_ref-LiaoAlibabaCEO22_14-0\" class=\"reference\"><a href=\"#cite_note-LiaoAlibabaCEO22-14\">[14]<\/a><\/sup>\n<\/p><p><br \/>\n4. <b>Do we receive comprehensive downtime support in the case of downtime?<\/b>\n<\/p><p>Alibaba does not make this answer clear. However, the answer is likely tied to what <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/support\/after-sales\" target=\"_blank\">after-sales support plan<\/a> you choose. Confirm with Alibaba what downtime support they provide based on the services your organization are interested in.\n<\/p><p><br \/>\n5. <b>Where are your servers located, and how is data securely transferred to and from those servers?<\/b>\n<\/p><p>Alibaba has <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/global-locations\" target=\"_blank\">data centers<\/a> primarily in China but also some outside of China, including North America, Europe, the Middle East, Australia, Japan, and other parts of the Asia Pacific region. Alibaba uses its Content Delivery Network, which \"distributes user requests to the most suitable nodes, allowing the fastest possible retrieval of requested content.\"<sup id=\"rdp-ebb-cite_ref-AlibabaGlobal_2-1\" class=\"reference\"><a href=\"#cite_note-AlibabaGlobal-2\">[2]<\/a><\/sup> Alibaba addresses data transmission security in its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf\" target=\"_blank\">security whitepaper<\/a> on pages 133 (in regards to its cryptographic service) and 163 (in regards to the entire service), mentioning the standard trifecta of HTTPS, VPN gateways, and SSL certificates. In regards to data localization requirements, it's not clear how Alibaba honors those requirements on a superficial level; you'll have to have direct discussions with the Alibaba and review their compliance materials in regards to any data localization requirements you may have. Tangentially, a 2020 report stated that Alibaba finds data localization requirements in regulatory models such as Europe's <a href=\"https:\/\/www.limswiki.org\/index.php\/General_Data_Protection_Regulation\" title=\"General Data Protection Regulation\" class=\"wiki-link\" data-key=\"3f4bdf6f0dcb360b1e79aad8674c2447\">General Data Protection Regulation<\/a> (GDPR) to be too stifling and has been petitioning the Chinese government to take a more light-handed approach to data localization.<sup id=\"rdp-ebb-cite_ref-LuIsChina20_15-0\" class=\"reference\"><a href=\"#cite_note-LuIsChina20-15\">[15]<\/a><\/sup> Despite this, China has marched ahead with its data localization requirements into 2023, causing some multinational organization to rethink their market strategy.<sup id=\"rdp-ebb-cite_ref-ClineChina22_16-0\" class=\"reference\"><a href=\"#cite_note-ClineChina22-16\">[16]<\/a><\/sup>\n<\/p><p><br \/>\n6. <b>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/b>\n<\/p><p>Alibaba discusses personnel management in regards to physical data security in its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf\" target=\"_blank\">security whitepaper<\/a> on pages 15\u201318. However, it does not reference the certifications and training required for those who have permission to access your data. (Though certifications like the <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/edu.alibabacloud.com\/certification\/aca_cloudsecurity\" target=\"_blank\">ACA Cloud Security Certification<\/a> apparently exist.) You will have to inquire with Alibaba about these considerations when asking this question.\n<\/p><p><br \/>\n7. <b>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/b>\n<\/p><p>Not all <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/global-locations\" target=\"_blank\">Alibaba machines<\/a> have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.\n<\/p><p><br \/>\n8. <b>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/b>\n<\/p><p>It does not appear that Alibaba supports physical separation approaches to sensitive and regulated data. They cite \"a higher cost structure and lower utilization resulting from less efficient use of space as well as limited redundancy options and features\" in regards to physical separation practices. They argue that logical separation is a better approach \"via logical access controls, permission management, network traffic routing, and encryption.\" They add that uses needing to meet \"security outcomes equivalent to physical separation\" can also take advantage of a virtual private cloud \"or use <a href=\"https:\/\/www.limswiki.org\/index.php\/Encryption\" title=\"Encryption\" class=\"wiki-link\" data-key=\"86a503652ed5cc9d8e2b0252a480b5e1\">encryption<\/a> solutions to encrypt data at-rest and in-transit.\"<sup id=\"rdp-ebb-cite_ref-AlibabaTrustFAQ_17-0\" class=\"reference\"><a href=\"#cite_note-AlibabaTrustFAQ-17\">[17]<\/a><\/sup>\n<\/p><p>Alibaba does, however, address the concept of tenant isolation in its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf\" target=\"_blank\">security whitepaper<\/a> in multiple places. Tenant isolation is enabled by default on Alibaba. This is largely accomplished with <a href=\"https:\/\/www.limswiki.org\/index.php\/Virtualization\" title=\"Virtualization\" class=\"wiki-link\" data-key=\"e6ef1e0497ceb6545c0948d436eba29c\">virtualization<\/a> methods. Reference section 5.1.3.1 of the whitepaper for more details. Further technical details, if required, may be garnered in discussion with Alibaba.\n<\/p><p><br \/>\n9. <b>Do you have documented data security policies?<\/b>\n<\/p><p>Alibaba documents its security practices in several places:\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf\" target=\"_blank\">Alibaba security whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/solutions\/security\" target=\"_blank\">Alibaba security page<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/trust-center\" target=\"_blank\">Alibaba trust center<\/a><\/li><\/ul>\n<p>Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an Alibaba representative to obtain them.\n<\/p><p><br \/>\n10. <b>How do you test your platform's security?<\/b>\n<\/p><p>In its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf\" target=\"_blank\">security whitepaper<\/a>, Alibaba addresses penetration testing (page 27), noting they use \"attack-and-defense drills ... designed to objectively test the defense and threat detection capabilities of Alibaba Cloud, enhance the core security capabilities of Alibaba Cloud, and improve the security defense system.\"<sup id=\"rdp-ebb-cite_ref-AlibabaSecurityWhite21_18-0\" class=\"reference\"><a href=\"#cite_note-AlibabaSecurityWhite21-18\">[18]<\/a><\/sup> For more on these drills, discuss the topic with Alibaba. There are other scattered pieces of information related to non-Alibaba personnel testing the platform. For example, an Alibaba user can apply for a license to conduct penetration tests for Alibaba Cloud products.<sup id=\"rdp-ebb-cite_ref-AlibabaApply19_19-0\" class=\"reference\"><a href=\"#cite_note-AlibabaApply19-19\">[19]<\/a><\/sup> Alibaba also appears to have had a Crowdsourced Security Testing program<sup id=\"rdp-ebb-cite_ref-AlibabaCrowd19_20-0\" class=\"reference\"><a href=\"#cite_note-AlibabaCrowd19-20\">[20]<\/a><\/sup>, but much of the documentation about the program seems to have gone missing from the Alibaba Cloud site. A page detailing how to register for the program also disappeared<sup id=\"rdp-ebb-cite_ref-AlibabaCrowd20_21-0\" class=\"reference\"><a href=\"#cite_note-AlibabaCrowd20-21\">[21]<\/a><\/sup>, and as such, it's not clear how active the program is today. A related set of vulnerability rewards programs, encouraging people to test Alibaba's security, may also still be available through the <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/security.alibaba.com\/\" target=\"_blank\">Alibaba Security Response Center<\/a>.\n<\/p><p><br \/>\n11. <b>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/b>\n<\/p><p><i>Audits<\/i>: Alibaba cooperates \"with independent third-party security regulation and audit agencies to audit and evaluate the security and compliance stance of Alibaba Cloud.\"<sup id=\"rdp-ebb-cite_ref-AlibabaSecurityWhite21_18-1\" class=\"reference\"><a href=\"#cite_note-AlibabaSecurityWhite21-18\">[18]<\/a><\/sup> This is demonstrated by its compliance credentials (e.g., see pages 6\u201310 of the company's <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf\" target=\"_blank\">security whitepaper<\/a> or its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/trust-center\" target=\"_blank\">trust center<\/a>). Alibaba also provides tools to customers (e.g., Cloud Config) allowing them to run their own security audits on their own data.<sup id=\"rdp-ebb-cite_ref-AlibabaSecurityWhite21_18-2\" class=\"reference\"><a href=\"#cite_note-AlibabaSecurityWhite21-18\">[18]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AlibabaCloudConfig_22-0\" class=\"reference\"><a href=\"#cite_note-AlibabaCloudConfig-22\">[22]<\/a><\/sup>\n<\/p><p><i>Intrusion detection and reporting<\/i>: Alibaba Cloud allows users to install a small app called Security Center on their virtual machines (VMs) that can handle intrusion detection in real time. Per the security whitepaper, \"intrusion detection for VMs includes remote logon detection, Webshell detection and removal, anomaly detection (detection of abnormal process behaviors and abnormal network connections), and detection of changes in key files and suspicious accounts in systems and applications. Security Center can also intelligently learn application whitelists.\" This same app can also be used with Alibaba's Container Service. Intrusion detection services are also found within Alibaba's Cloud Firewall.<sup id=\"rdp-ebb-cite_ref-AlibabaSecurityWhite21_18-3\" class=\"reference\"><a href=\"#cite_note-AlibabaSecurityWhite21-18\">[18]<\/a><\/sup> In the case of Cloud Firewall, reporting is included.<sup id=\"rdp-ebb-cite_ref-KaushikAlibaba20_23-0\" class=\"reference\"><a href=\"#cite_note-KaushikAlibaba20-23\">[23]<\/a><\/sup> Reporting is presumably also a component of Security Center; confirm this with Alibaba.\n<\/p><p><br \/>\n12. <b>What data logging information is kept and acted upon in relation to our data?<\/b>\n<\/p><p>Mentions of a \"central logging platform\" are made in both the company's <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf\" target=\"_blank\">security whitepaper<\/a> and its <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/video\/Alibaba%20Cloud_%20SOC3_Report%20_EN_Final.pdf\" target=\"_blank\">SOC 3 report<\/a>. The SOC 3 report in particular says this<sup id=\"rdp-ebb-cite_ref-AlibabaSystemAnd18_24-0\" class=\"reference\"><a href=\"#cite_note-AlibabaSystemAnd18-24\">[24]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Logs of activities performed on the cloud platform collected through the central logging platform are imported into real-time and offline computing platforms. Logs are processed and analysed through security monitoring algorithms in each computing platform for anomaly analysis and detection.<\/p><\/blockquote>\n<p>It's not clear, however, to what extent logging information is stored and acted upon in regards to a specific customer. Discuss this topic further with an Alibaba representative.\n<\/p><p><br \/>\n13. <b>How thorough are those logs and can we audit them on-demand?<\/b>\n<\/p><p>Presumably, any logging related to Cloud Config, Security Center, Cloud Firewall, etc. are available to authorized users, though the fine details of this should be confirmed with Alibaba. In regards to auditing internal operation logs, Alibaba has this to say<sup id=\"rdp-ebb-cite_ref-AlibabaSecurityWhite21_18-4\" class=\"reference\"><a href=\"#cite_note-AlibabaSecurityWhite21-18\">[18]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Although Alibaba Cloud has obtained industry-leading third-party compliance certifications, efforts must also be made to give users the confidence that their data and resources are properly protected and managed within the cloud platform. To this end, Alibaba Cloud provides the ability to make relevant internal operations transparent to the users by providing internal operation logs in selected products (such as OSS). This allows users to monitor and audit internal cloud platform operations when using Alibaba Cloud products.<\/p><\/blockquote>\n<p><br \/>\n14. <b>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/b>\n<\/p><p>Yes, Alibaba will sign a business associate agreement.<sup id=\"rdp-ebb-cite_ref-AlibabaHIPAA_25-0\" class=\"reference\"><a href=\"#cite_note-AlibabaHIPAA-25\">[25]<\/a><\/sup> Consult their <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/files.alicdn.com\/tpsservice\/ed492ff176c48b0a0beda7728c19c0d7.pdf?spm=a3c0i.148033.7266455040.1.f6c753e7QUUR4K&file=ed492ff176c48b0a0beda7728c19c0d7.pdf\" target=\"_blank\">HIPAA whitepaper<\/a> for more details on their approach to <a href=\"https:\/\/www.limswiki.org\/index.php\/HIPAA\" class=\"mw-redirect wiki-link\" title=\"HIPAA\" data-key=\"70050974d1eda9ff8cf9ecf7e4fcd015\">HIPAA<\/a> compliance.\n<\/p><p><br \/>\n15. <b>What happens to our data should the contract expire or be terminated?<\/b>\n<\/p><p>Direct your attention to the service agreement associated with the product you use. Some service agreements for particular products are available in the Alibaba Cloud Document Center, while others may be difficult to track down. If you can't find the details of a service agreement for the product you're interested in, address this with an Alibaba representative. That said, here's an example from the Alibaba Terms of Service<sup id=\"rdp-ebb-cite_ref-AlibabaMachine19_26-0\" class=\"reference\"><a href=\"#cite_note-AlibabaMachine19-26\">[26]<\/a><\/sup>\n<\/p>\n<blockquote><p>When the service period expires, the service is terminated in advance (including early termination agreed by both parties, early termination due to other reasons, etc.) or you have arrears, unless otherwise specified by laws and regulations, required by the competent department or agreed by both parties, Alibaba Cloud will only continue to store your user business data (if any) within a certain buffer period (subject to the time limit specified in the proprietary terms, product documents, service instructions, etc. applicable to the service you ordered). At the end of the buffer period, Alibaba Cloud will delete all user business data, including all cached or backup copies, and will no longer retain any of your user business data ... Once the user's business data is deleted, it cannot be recovered; You should bear the consequences and responsibilities arising from the deletion of data. You understand and agree that Alibaba Cloud has no obligation to continue to retain, export or return user business data.<\/p><\/blockquote>\n<p><br \/>\n16. <b>What happens to our data should you go out of business or suffer a catastrophic event?<\/b>\n<\/p><p>It's not publicly clear how Alibaba would handle your data should they go out of business; consult with an Alibaba representative about this topic. As for catastrophic events, Alibaba's Object Storage Service (OSS) is based on zone-redundant storage (ZRS). \"ZRS distributes user data across three zones within the same region. Even if one zone becomes unavailable, the data is still accessible. The ZRS feature can provide data durability (designed for) of 99.9999999999% (twelve 9's) and service availability of 99.995%.\"<sup id=\"rdp-ebb-cite_ref-AlibabaDisaster20_27-0\" class=\"reference\"><a href=\"#cite_note-AlibabaDisaster20-27\">[27]<\/a><\/sup> It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with an Alibaba representative. \n<\/p><p><br \/>\n17. <b>Can we use your interface to extract our data when we want, and in what format will it be?<\/b>\n<\/p><p>Alibaba doesn't make it 100 percent publicly clear how data migration from Alibaba to another cloud service would work. However, they do outline <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/help\/en\/dts\/user-guide\/overview-of-data-migration-scenarios\" target=\"_blank\">several other data migration scenarios<\/a>, including the scenario of <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/blog\/trouble-free-cloud-migration-4-migrate-data-from-alibaba-cloud-to-on-premises-systems_594528\" target=\"_blank\">migrating from Alibaba Cloud to an on-premises system<\/a>. It's unclear whether or not a third-party cloud transfer service would be required or useful when moving from Alibaba Cloud to another cloud service. In the end, if there are still questions on this topic, discuss it with an Alibaba representative.\n<\/p><p><br \/>\n18. <b>Are your support services native or outsourced\/offshored?<\/b>\n<\/p><p>It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an Alibaba representative.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Managed_security_services\">Managed security services<\/span><\/h2>\n<p>Alibaba Cloud Managed Security Service is described by Alibaba as \"a security technology and consulting service designed to establish, and optimize, security protection systems so that users can ensure the security of their business on the cloud.\"<sup id=\"rdp-ebb-cite_ref-AlibabaMSS_28-0\" class=\"reference\"><a href=\"#cite_note-AlibabaMSS-28\">[28]<\/a><\/sup> The company primarily touts managed detection and response, security assessment, and security hardening as part of its MSS. This includes<sup id=\"rdp-ebb-cite_ref-AlibabaMSS_28-1\" class=\"reference\"><a href=\"#cite_note-AlibabaMSS-28\">[28]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Managed detection and response<\/b>: overall security consulting, security monitoring and inspection, incident response, and cloud application and hardware configuration<\/li>\n<li><b>Security assessment<\/b>: online assessment and scanning of current security system, data analysis from that assessment and scanning, and reporting of data and recommendations<\/li>\n<li><b>Security hardening<\/b>: reinforcement range confirmation, hardening plan development, and plan implementation and testing<\/li><\/ul>\n<p><br \/>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"Additional_information\">Additional information<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"Documentation_and_other_media\">Documentation and other media<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20solution%20High%20availability%20solution%2020210322-updated.pdf\" target=\"_blank\">Availability whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/files.alicdn.com\/tpsservice\/ed492ff176c48b0a0beda7728c19c0d7.pdf?spm=a3c0i.148033.7266455040.1.f6c753e7QUUR4K&file=ed492ff176c48b0a0beda7728c19c0d7.pdf\" target=\"_blank\">HIPAA whitepaper<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf\" target=\"_blank\">Security whitepaper<\/a><\/li><\/ul>\n<h3><span class=\"mw-headline\" id=\"External_links\">External links<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/architecture\/index\" target=\"_blank\">Alibaba Cloud architecture framework or description<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/product\/mss\" target=\"_blank\">Alibaba Cloud Managed Security Service<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/solutions\/security\" target=\"_blank\">Alibaba Cloud shared responsibility model<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/trust-center\" target=\"_blank\">Alibaba Cloud trust center<\/a><\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-WulhelmAlibaba23-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-WulhelmAlibaba23_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-WulhelmAlibaba23_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Wulhelm, A. (18 May 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/techcrunch.com\/2023\/05\/18\/alibaba-cloud-spin-off-analysis\/\" target=\"_blank\">\"Alibaba\u2019s cloud spinoff may serve as a good yardstick to value other major players\"<\/a>. <i>Tech Crunch<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/techcrunch.com\/2023\/05\/18\/alibaba-cloud-spin-off-analysis\/\" target=\"_blank\">https:\/\/techcrunch.com\/2023\/05\/18\/alibaba-cloud-spin-off-analysis\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba%E2%80%99s+cloud+spinoff+may+serve+as+a+good+yardstick+to+value+other+major+players&rft.atitle=Tech+Crunch&rft.aulast=Wulhelm%2C+A.&rft.au=Wulhelm%2C+A.&rft.date=18+May+2023&rft_id=https%3A%2F%2Ftechcrunch.com%2F2023%2F05%2F18%2Falibaba-cloud-spin-off-analysis%2F&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaGlobal-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AlibabaGlobal_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-AlibabaGlobal_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/global-locations\" target=\"_blank\">\"Alibaba Cloud's Global Infrastructure\"<\/a>. Alibaba Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/global-locations\" target=\"_blank\">https:\/\/www.alibabacloud.com\/global-locations<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba+Cloud%27s+Global+Infrastructure&rft.atitle=&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Fglobal-locations&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaCloudProducts-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaCloudProducts_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/product\" target=\"_blank\">\"Alibaba Cloud Products & Services\"<\/a>. Alibaba Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/product\" target=\"_blank\">https:\/\/www.alibabacloud.com\/product<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba+Cloud+Products+%26+Services&rft.atitle=&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Fproduct&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MehtaAlibaba23-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MehtaAlibaba23_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mahta, C.; Horwitz, J. (18 May 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.reuters.com\/business\/retail-consumer\/alibaba-fourth-quarter-revenue-rises-2-2023-05-18\/\" target=\"_blank\">\"Alibaba misses revenue estimate, approves cloud unit spinoff\"<\/a>. <i>Reuters<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.reuters.com\/business\/retail-consumer\/alibaba-fourth-quarter-revenue-rises-2-2023-05-18\/\" target=\"_blank\">https:\/\/www.reuters.com\/business\/retail-consumer\/alibaba-fourth-quarter-revenue-rises-2-2023-05-18\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba+misses+revenue+estimate%2C+approves+cloud+unit+spinoff&rft.atitle=Reuters&rft.aulast=Mahta%2C+C.%3B+Horwitz%2C+J.&rft.au=Mahta%2C+C.%3B+Horwitz%2C+J.&rft.date=18+May+2023&rft_id=https%3A%2F%2Fwww.reuters.com%2Fbusiness%2Fretail-consumer%2Falibaba-fourth-quarter-revenue-rises-2-2023-05-18%2F&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaCNAS-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaCNAS_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/trust-center\/cnas\" target=\"_blank\">\"CNAS\"<\/a>. Alibaba Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/trust-center\/cnas\" target=\"_blank\">https:\/\/www.alibabacloud.com\/trust-center\/cnas<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=CNAS&rft.atitle=&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Ftrust-center%2Fcnas&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CNSASIntro-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CNSASIntro_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cnas.org.cn\/english\/introduction\/12\/718683.shtml\" target=\"_blank\">\"CNAS Introduction\"<\/a>. China National Accreditation Service for Conformity Assessment<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cnas.org.cn\/english\/introduction\/12\/718683.shtml\" target=\"_blank\">https:\/\/www.cnas.org.cn\/english\/introduction\/12\/718683.shtml<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=CNAS+Introduction&rft.atitle=&rft.pub=China+National+Accreditation+Service+for+Conformity+Assessment&rft_id=https%3A%2F%2Fwww.cnas.org.cn%2Fenglish%2Fintroduction%2F12%2F718683.shtml&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaCOVID20-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaCOVID20_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/press-room\/alibaba-cloud-ai-cloud-services-to-help-battle-covid-19\" target=\"_blank\">\"Alibaba Cloud Offers AI, Cloud Services to Help Battle Covid-19 Globally\"<\/a>. Alibaba Cloud. 19 March 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/press-room\/alibaba-cloud-ai-cloud-services-to-help-battle-covid-19\" target=\"_blank\">https:\/\/www.alibabacloud.com\/press-room\/alibaba-cloud-ai-cloud-services-to-help-battle-covid-19<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba+Cloud+Offers+AI%2C+Cloud+Services+to+Help+Battle+Covid-19+Globally&rft.atitle=&rft.date=19+March+2020&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Fpress-room%2Falibaba-cloud-ai-cloud-services-to-help-battle-covid-19&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ZoomInfoAnbison-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ZoomInfoAnbison_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.zoominfo.com\/c\/anbison-laboratories-co-ltd\/345850572\" target=\"_blank\">\"Anbison Laboratories\"<\/a>. <i>ZoomInfo<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.zoominfo.com\/c\/anbison-laboratories-co-ltd\/345850572\" target=\"_blank\">https:\/\/www.zoominfo.com\/c\/anbison-laboratories-co-ltd\/345850572<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Anbison+Laboratories&rft.atitle=ZoomInfo&rft_id=https%3A%2F%2Fwww.zoominfo.com%2Fc%2Fanbison-laboratories-co-ltd%2F345850572&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IntelUnleash16-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IntelUnleash16_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210409184731\/https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/white-papers\/unleashing-power-of-precision-medicine-hybrid-cloud-paper.pdf\" target=\"_blank\">\"Unleashing the Power of Precision Medicine Using the Hybrid Cloud\"<\/a> (PDF). Intel. 2016. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/white-papers\/unleashing-power-of-precision-medicine-hybrid-cloud-paper.pdf\" target=\"_blank\">the original<\/a> on 09 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210409184731\/https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/white-papers\/unleashing-power-of-precision-medicine-hybrid-cloud-paper.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210409184731\/https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/white-papers\/unleashing-power-of-precision-medicine-hybrid-cloud-paper.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Unleashing+the+Power+of+Precision+Medicine+Using+the+Hybrid+Cloud&rft.atitle=&rft.date=2016&rft.pub=Intel&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210409184731%2Fhttps%3A%2F%2Fwww.intel.com%2Fcontent%2Fdam%2Fwww%2Fpublic%2Fus%2Fen%2Fdocuments%2Fwhite-papers%2Funleashing-power-of-precision-medicine-hybrid-cloud-paper.pdf&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaDataInt21-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaDataInt21_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/help\/en\/dataworks\/user-guide\/overview-6\" target=\"_blank\">\"Data Integration: Overview\"<\/a>. Alibaba Cloud. 10 April 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/help\/en\/dataworks\/user-guide\/overview-6\" target=\"_blank\">https:\/\/www.alibabacloud.com\/help\/en\/dataworks\/user-guide\/overview-6<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+Integration%3A+Overview&rft.atitle=&rft.date=10+April+2023&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Fhelp%2Fen%2Fdataworks%2Fuser-guide%2Foverview-6&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MahAlibabaUpg20-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MahAlibabaUpg20_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mah, P. (2 January 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.datacenterdynamics.com\/en\/news\/alibaba-cloud-upgrades-sla-multi-zone-instances\/\" target=\"_blank\">\"Alibaba Cloud upgrades SLA for multi-zone instances\"<\/a>. <i>Data Center Dynamics<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.datacenterdynamics.com\/en\/news\/alibaba-cloud-upgrades-sla-multi-zone-instances\/\" target=\"_blank\">https:\/\/www.datacenterdynamics.com\/en\/news\/alibaba-cloud-upgrades-sla-multi-zone-instances\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba+Cloud+upgrades+SLA+for+multi-zone+instances&rft.atitle=Data+Center+Dynamics&rft.aulast=Mah%2C+P.&rft.au=Mah%2C+P.&rft.date=2+January+2020&rft_id=https%3A%2F%2Fwww.datacenterdynamics.com%2Fen%2Fnews%2Falibaba-cloud-upgrades-sla-multi-zone-instances%2F&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MahAliyun15-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MahAliyun15_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mah, P. (26 June 2015). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.datacenterdynamics.com\/en\/news\/aliyun-cloud-suffers-prolonged-disruption-in-hong-kong\/\" target=\"_blank\">\"Aliyun cloud suffers prolonged disruption in Hong Kong\"<\/a>. <i>Data Center Dynamics<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.datacenterdynamics.com\/en\/news\/aliyun-cloud-suffers-prolonged-disruption-in-hong-kong\/\" target=\"_blank\">https:\/\/www.datacenterdynamics.com\/en\/news\/aliyun-cloud-suffers-prolonged-disruption-in-hong-kong\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Aliyun+cloud+suffers+prolonged+disruption+in+Hong+Kong&rft.atitle=Data+Center+Dynamics&rft.aulast=Mah%2C+P.&rft.au=Mah%2C+P.&rft.date=26+June+2015&rft_id=https%3A%2F%2Fwww.datacenterdynamics.com%2Fen%2Fnews%2Faliyun-cloud-suffers-prolonged-disruption-in-hong-kong%2F&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FuAlibaba19-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FuAlibaba19_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Fu, Y. (3 March 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/equalocean.com\/news\/201903031507\" target=\"_blank\">\"Alibaba Cloud Reports IO Hang Error in North China\"<\/a>. <i>EqualOcean<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/equalocean.com\/news\/201903031507\" target=\"_blank\">https:\/\/equalocean.com\/news\/201903031507<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba+Cloud+Reports+IO+Hang+Error+in+North+China&rft.atitle=EqualOcean&rft.aulast=Fu%2C+Y.&rft.au=Fu%2C+Y.&rft.date=3+March+2019&rft_id=https%3A%2F%2Fequalocean.com%2Fnews%2F201903031507&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LiaoAlibabaCEO22-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LiaoAlibabaCEO22_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Liao, R. (29 December 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/techcrunch.com\/2022\/12\/29\/alibaba-reshuffle-2022\/\" target=\"_blank\">\"Alibaba CEO to oversee cloud arm following major server outage\"<\/a>. <i>TechCrunch<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/techcrunch.com\/2022\/12\/29\/alibaba-reshuffle-2022\/\" target=\"_blank\">https:\/\/techcrunch.com\/2022\/12\/29\/alibaba-reshuffle-2022\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba+CEO+to+oversee+cloud+arm+following+major+server+outage&rft.atitle=TechCrunch&rft.aulast=Liao%2C+R.&rft.au=Liao%2C+R.&rft.date=29+December+2022&rft_id=https%3A%2F%2Ftechcrunch.com%2F2022%2F12%2F29%2Falibaba-reshuffle-2022%2F&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LuIsChina20-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LuIsChina20_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lu, X. (4 June 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/thediplomat.com\/2020\/06\/is-china-changing-its-thinking-on-data-localization\/\" target=\"_blank\">\"Is China Changing Its Thinking on Data Localization?\"<\/a>. <i>The Diplomat<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/thediplomat.com\/2020\/06\/is-china-changing-its-thinking-on-data-localization\/\" target=\"_blank\">https:\/\/thediplomat.com\/2020\/06\/is-china-changing-its-thinking-on-data-localization\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Is+China+Changing+Its+Thinking+on+Data+Localization%3F&rft.atitle=The+Diplomat&rft.aulast=Lu%2C+X.&rft.au=Lu%2C+X.&rft.date=4+June+2020&rft_id=https%3A%2F%2Fthediplomat.com%2F2020%2F06%2Fis-china-changing-its-thinking-on-data-localization%2F&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ClineChina22-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ClineChina22_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Cline, J. (25 October 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.pwc.com\/us\/en\/tech-effect\/cybersecurity\/security-assessments-for-china-cross-border-data-transfers.html\" target=\"_blank\">\"China\u2019s new data-transfer mandate prompting multinationals to rethink market strategy\"<\/a>. PwC<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.pwc.com\/us\/en\/tech-effect\/cybersecurity\/security-assessments-for-china-cross-border-data-transfers.html\" target=\"_blank\">https:\/\/www.pwc.com\/us\/en\/tech-effect\/cybersecurity\/security-assessments-for-china-cross-border-data-transfers.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=China%E2%80%99s+new+data-transfer+mandate+prompting+multinationals+to+rethink+market+strategy&rft.atitle=&rft.aulast=Cline%2C+J.&rft.au=Cline%2C+J.&rft.date=25+October+2022&rft.pub=PwC&rft_id=https%3A%2F%2Fwww.pwc.com%2Fus%2Fen%2Ftech-effect%2Fcybersecurity%2Fsecurity-assessments-for-china-cross-border-data-transfers.html&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaTrustFAQ-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaTrustFAQ_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/trust-center\/faq\" target=\"_blank\">\"Security Compliance FAQs\"<\/a>. Alibaba Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/trust-center\/faq\" target=\"_blank\">https:\/\/www.alibabacloud.com\/trust-center\/faq<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Security+Compliance+FAQs&rft.atitle=&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Ftrust-center%2Ffaq&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaSecurityWhite21-18\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AlibabaSecurityWhite21_18-0\">18.0<\/a><\/sup> <sup><a href=\"#cite_ref-AlibabaSecurityWhite21_18-1\">18.1<\/a><\/sup> <sup><a href=\"#cite_ref-AlibabaSecurityWhite21_18-2\">18.2<\/a><\/sup> <sup><a href=\"#cite_ref-AlibabaSecurityWhite21_18-3\">18.3<\/a><\/sup> <sup><a href=\"#cite_ref-AlibabaSecurityWhite21_18-4\">18.4<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf\" target=\"_blank\">\"Alibaba Cloud Security White Paper - International Edition, Version 2.1\"<\/a> (PDF). Alibaba Cloud. February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf\" target=\"_blank\">https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/2021\/Whitepaper\/Alibaba%20Cloud%20Security%20Whitepaper%20-%20International%20Edition%20V2.1%20%282021%29.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba+Cloud+Security+White+Paper+-+International+Edition%2C+Version+2.1&rft.atitle=&rft.date=February+2021&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Falicloud-common.oss-ap-southeast-1.aliyuncs.com%2F2021%2FWhitepaper%2FAlibaba%2520Cloud%2520Security%2520Whitepaper%2520-%2520International%2520Edition%2520V2.1%2520%25282021%2529.pdf&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaApply19-19\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaApply19_19-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/help\/en\/security-control\/latest\/apply-for-a-penetration-test-license\" target=\"_blank\">\"Apply for a penetration test license\"<\/a>. Alibaba Cloud. 6 March 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/help\/en\/security-control\/latest\/apply-for-a-penetration-test-license\" target=\"_blank\">https:\/\/www.alibabacloud.com\/help\/en\/security-control\/latest\/apply-for-a-penetration-test-license<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Apply+for+a+penetration+test+license&rft.atitle=&rft.date=6+March+2019&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Fhelp%2Fen%2Fsecurity-control%2Flatest%2Fapply-for-a-penetration-test-license&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaCrowd19-20\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaCrowd19_20-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"http:\/\/static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com\/download\/pdf\/DNXIAN1846009_en-US_intl_190516194424_public_8c46d47183231dcdd2ff90881a425617.pdf\" target=\"_blank\">\"Alibaba Cloud Crowdsourced Security Testing\"<\/a> (PDF). Alibaba Cloud. 16 May 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com\/download\/pdf\/DNXIAN1846009_en-US_intl_190516194424_public_8c46d47183231dcdd2ff90881a425617.pdf\" target=\"_blank\">http:\/\/static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com\/download\/pdf\/DNXIAN1846009_en-US_intl_190516194424_public_8c46d47183231dcdd2ff90881a425617.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba+Cloud+Crowdsourced+Security+Testing&rft.atitle=&rft.date=16+May+2019&rft.pub=Alibaba+Cloud&rft_id=http%3A%2F%2Fstatic-aliyun-doc.oss-cn-hangzhou.aliyuncs.com%2Fdownload%2Fpdf%2FDNXIAN1846009_en-US_intl_190516194424_public_8c46d47183231dcdd2ff90881a425617.pdf&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaCrowd20-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaCrowd20_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210101000000*\/https:\/\/www.alibabacloud.com\/help\/doc-detail\/28394.html\" target=\"_blank\">\"Crowdsourced security testing platform procedure for enterprises\"<\/a>. Alibaba Cloud. 13 January 2020. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/help\/doc-detail\/28394.html\" target=\"_blank\">the original<\/a> on 10 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210101000000*\/https:\/\/www.alibabacloud.com\/help\/doc-detail\/28394.html\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210101000000*\/https:\/\/www.alibabacloud.com\/help\/doc-detail\/28394.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Crowdsourced+security+testing+platform+procedure+for+enterprises&rft.atitle=&rft.date=13+January+2020&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210101000000%2A%2Fhttps%3A%2F%2Fwww.alibabacloud.com%2Fhelp%2Fdoc-detail%2F28394.html&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaCloudConfig-22\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaCloudConfig_22-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/product\/cloud-config\" target=\"_blank\">\"Cloud Config\"<\/a>. Alibaba Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/product\/cloud-config\" target=\"_blank\">https:\/\/www.alibabacloud.com\/product\/cloud-config<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Config&rft.atitle=&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Fproduct%2Fcloud-config&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KaushikAlibaba20-23\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-KaushikAlibaba20_23-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Kaushik, S. (27 January 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alibaba-cloud.medium.com\/alibaba-cloud-firewall-the-next-gen-firewall-as-a-service-836f524d8392\" target=\"_blank\">\"Alibaba Cloud Firewall: The Next-Gen Firewall as a Service\"<\/a>. <i>Medium<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/alibaba-cloud.medium.com\/alibaba-cloud-firewall-the-next-gen-firewall-as-a-service-836f524d8392\" target=\"_blank\">https:\/\/alibaba-cloud.medium.com\/alibaba-cloud-firewall-the-next-gen-firewall-as-a-service-836f524d8392<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Alibaba+Cloud+Firewall%3A+The+Next-Gen+Firewall+as+a+Service&rft.atitle=Medium&rft.aulast=Kaushik%2C+S.&rft.au=Kaushik%2C+S.&rft.date=27+January+2021&rft_id=https%3A%2F%2Falibaba-cloud.medium.com%2Falibaba-cloud-firewall-the-next-gen-firewall-as-a-service-836f524d8392&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaSystemAnd18-24\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaSystemAnd18_24-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/video\/Alibaba%20Cloud_%20SOC3_Report%20_EN_Final.pdf\" target=\"_blank\">\"System and Organization Controls 3 Report Report on Alibaba Cloud\u2019s Cloud Services System\"<\/a> (PDF). Alibaba Cloud. 1 November 2018<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/video\/Alibaba%20Cloud_%20SOC3_Report%20_EN_Final.pdf\" target=\"_blank\">https:\/\/alicloud-common.oss-ap-southeast-1.aliyuncs.com\/video\/Alibaba%20Cloud_%20SOC3_Report%20_EN_Final.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=System+and+Organization+Controls+3+Report+Report+on+Alibaba+Cloud%E2%80%99s+Cloud+Services+System&rft.atitle=&rft.date=1+November+2018&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Falicloud-common.oss-ap-southeast-1.aliyuncs.com%2Fvideo%2FAlibaba%2520Cloud_%2520SOC3_Report%2520_EN_Final.pdf&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaHIPAA-25\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaHIPAA_25-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/trust-center\/hipaa\" target=\"_blank\">\"HIPAA\/HITECH\"<\/a>. Alibaba Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/trust-center\/hipaa\" target=\"_blank\">https:\/\/www.alibabacloud.com\/trust-center\/hipaa<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=HIPAA%2FHITECH&rft.atitle=&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Ftrust-center%2Fhipaa&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaMachine19-26\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaMachine19_26-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/help\/en\/advisor\/latest\/terms-of-service\" target=\"_blank\">\"Terms of Services\"<\/a>. Alibaba Cloud. 20 January 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/help\/en\/advisor\/latest\/terms-of-service\" target=\"_blank\">https:\/\/www.alibabacloud.com\/help\/en\/advisor\/latest\/terms-of-service<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Terms+of+Services&rft.atitle=&rft.date=20+January+2023&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Fhelp%2Fen%2Fadvisor%2Flatest%2Fterms-of-service&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaDisaster20-27\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlibabaDisaster20_27-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/help\/en\/oss\/support\/disaster-recovery\" target=\"_blank\">\"Disaster recovery\"<\/a>. Alibaba Cloud. 17 May 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/help\/en\/oss\/support\/disaster-recovery\" target=\"_blank\">https:\/\/www.alibabacloud.com\/help\/en\/oss\/support\/disaster-recovery<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Disaster+recovery&rft.atitle=&rft.date=17+May+2023&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Fhelp%2Fen%2Foss%2Fsupport%2Fdisaster-recovery&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlibabaMSS-28\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AlibabaMSS_28-0\">28.0<\/a><\/sup> <sup><a href=\"#cite_ref-AlibabaMSS_28-1\">28.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/product\/mss\" target=\"_blank\">\"Managed Security Service\"<\/a>. Alibaba Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.alibabacloud.com\/product\/mss\" target=\"_blank\">https:\/\/www.alibabacloud.com\/product\/mss<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Security+Service&rft.atitle=&rft.pub=Alibaba+Cloud&rft_id=https%3A%2F%2Fwww.alibabacloud.com%2Fproduct%2Fmss&rfr_id=info:sid\/en.wikipedia.org:Alibaba_Cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816125227\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.926 seconds\nReal time usage: 1.472 seconds\nPreprocessor visited node count: 22792\/1000000\nPost\u2010expand include size: 121323\/2097152 bytes\nTemplate argument size: 55767\/2097152 bytes\nHighest expansion depth: 32\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 39701\/5000000 bytes\nLua time usage: 0.020\/7 seconds\nLua virtual size: 4923392\/52428800 bytes\nLua estimated memory usage: 0 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 554.831 1 -total\n 65.29% 362.225 1 Template:Reflist\n 57.06% 316.576 28 Template:Cite_web\n 52.74% 292.642 28 Template:Citation\/core\n 31.90% 176.994 1 Template:Infobox_company\n 30.87% 171.277 1 Template:Infobox\n 27.70% 153.679 81 Template:Infobox\/row\n 23.61% 130.990 1 Template:URL\n 21.26% 117.969 1 Template:Str_right\n 20.58% 114.209 1 Template:Str_sub_long\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12468-0!canonical and timestamp 20230816125226 and revision id 52681. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Alibaba_Cloud\">https:\/\/www.limswiki.org\/index.php\/Alibaba_Cloud<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","e9be3baac342297a3bdc810f251aaa22_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/9\/9c\/%E0%B8%A0%E0%B8%B2%E0%B8%9E%E0%B9%80%E0%B8%A7%E0%B9%87%E0%B8%9A%E0%B9%84%E0%B8%8B%E0%B8%95%E0%B9%8C%E0%B8%AD%E0%B8%B2%E0%B8%A5%E0%B8%B5%E0%B8%9A%E0%B8%B2%E0%B8%9A%E0%B8%B2%E0%B8%84%E0%B8%A3%E0%B8%B2%E0%B8%A7%E0%B8%94%E0%B9%8C.png"],"e9be3baac342297a3bdc810f251aaa22_timestamp":1692220361,"406be09edfd2af1794e15e3bfb661bc0_type":"article","406be09edfd2af1794e15e3bfb661bc0_title":"7.4 Consultancy and support services","406be09edfd2af1794e15e3bfb661bc0_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Consultancy_and_support_services","406be09edfd2af1794e15e3bfb661bc0_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Final thoughts and additional resources\/Consultancy and support servicesFrom LIMSWikiJump to navigationJump to search7.4 Consultancy and support services \nNote: This is intended to be a sampling of consultancies that provide cloud computing service assistance, most with some kind of experience working with labs. It's not intended to be a complete list.\n\nA-LIGN ASSURANCE\nAccenture\nAstrix\nCSols\nEdafio Technology Services\nKalioTek\nQuantori\nSimtech Consulting\nSynivate\nTCG Digital\nVertex Laboratories\n\r\n\n\n-----Go to Appendix 1 and 2 or Appendix 3 of this guide-----\nCitation information for this chapter \nChapter: 7. Final thoughts and additional resources\nTitle: Choosing and Implementing a Cloud-based Service for Your Laboratory\nEdition: Second edition\nAuthor for citation: Shawn E. Douglas\nLicense for content: Creative Commons Attribution-ShareAlike 4.0 International\nPublication date: August 2023\n\r\n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Consultancy_and_support_services\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Consultancy_and_support_services<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 16 August 2023, at 21:08.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 237 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","406be09edfd2af1794e15e3bfb661bc0_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Final_thoughts_and_additional_resources_Consultancy_and_support_services rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Final_thoughts_and_additional_resources_Consultancy_and_support_services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Final thoughts and additional resources\/Consultancy and support services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><h3><span class=\"mw-headline\" id=\"7.4_Consultancy_and_support_services\">7.4 Consultancy and support services<\/span><\/h3>\n<p>Note: This is intended to be a sampling of consultancies that provide cloud computing service assistance, most with some kind of experience working with labs. It's not intended to be a complete list.\n<\/p>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/a-lign.com\/\" target=\"_blank\">A-LIGN ASSURANCE<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.accenture.com\/us-en\/services\/life-sciences\/life-sciences-technology\" target=\"_blank\">Accenture<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/astrixinc.com\/new-professional-services\/\" target=\"_blank\">Astrix<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.csolsinc.com\/services\/\" target=\"_blank\">CSols<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/edafio.com\/services\/\" target=\"_blank\">Edafio Technology Services<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.kaliotek.com\/life-sciences-2\/\" target=\"_blank\">KalioTek<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/quantori.com\/cloud-engineering\/aws\" target=\"_blank\">Quantori<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.simtech.nl\/\" target=\"_blank\">Simtech Consulting<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/synivate.com\/services\/\" target=\"_blank\">Synivate<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tcgdigital.com\/cloud\/\" target=\"_blank\">TCG Digital<\/a><\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vertexlabs.info\/solutions\/\" target=\"_blank\">Vertex Laboratories<\/a><\/li><\/ul>\n<p><br \/>\n<\/p>\n<div align=\"center\">-----Go to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction\" class=\"wiki-link\" data-key=\"a5122d160da552b7fab8ca62d4bc6155\">Appendix 1 and 2<\/a> or <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/RFI questions for cloud providers\" class=\"wiki-link\" data-key=\"ed9df165f2657d5bb145909d714c2690\">Appendix 3<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"Citation_information_for_this_chapter\">Citation information for this chapter<\/span><\/h2>\n<p><b>Chapter<\/b>: 7. Final thoughts and additional resources\n<\/p><p><b>Title<\/b>: <i>Choosing and Implementing a Cloud-based Service for Your Laboratory<\/i>\n<\/p><p><b>Edition<\/b>: Second edition\n<\/p><p><b>Author for citation<\/b>: Shawn E. Douglas\n<\/p><p><b>License for content<\/b>: <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/\" target=\"_blank\">Creative Commons Attribution-ShareAlike 4.0 International<\/a>\n<\/p><p><b>Publication date<\/b>: August 2023\n<\/p><p><br \/>\n<\/p>\n<!-- \nNewPP limit report\nCached time: 20230816210843\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.006 seconds\nReal time usage: 0.008 seconds\nPreprocessor visited node count: 11\/1000000\nPost\u2010expand include size: 881\/2097152 bytes\nTemplate argument size: 0\/2097152 bytes\nHighest expansion depth: 3\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 0\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 2.819 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Consultancy_and_support_services\n100.00% 2.819 1 -total\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13058-0!canonical and timestamp 20230816210844 and revision id 52910. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Consultancy_and_support_services\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Consultancy_and_support_services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","406be09edfd2af1794e15e3bfb661bc0_images":[],"406be09edfd2af1794e15e3bfb661bc0_timestamp":1692220360,"1eeb2eecdbf4b97c32746a8ad1d40768_type":"article","1eeb2eecdbf4b97c32746a8ad1d40768_title":"7.3 Associations, organizations, and interest groups","1eeb2eecdbf4b97c32746a8ad1d40768_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Associations,_organizations,_and_interest_groups","1eeb2eecdbf4b97c32746a8ad1d40768_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Final thoughts and additional resources\/Associations, organizations, and interest groupsFrom LIMSWikiJump to navigationJump to search 7.3 Associations, organizations, and interest groups \nCloud Computing Association: \"an independent membership organization dedicated to building a community of end-users and service providers of cloud-based solutions and products\"\nCloud Industry Forum: a not-for-profit company that \"champions and advocates the adoption and use of cloud-based services by businesses\"\nCloud Security Alliance: an \"organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment\"\nInternet Association: a \"trade association that exclusively represents leading global internet companies on matters of public policy\"\nLegal Cloud Computing Association: an association that \"collaborates with Bar Associations and Law Societies to define industry-leading best practices\"\nSIG-CLOUD: a special interest group of the Services Society that \"promotes creative thinking, long-term visions, and innovative methodologies to respond to the emerging cloud computing technologies and applications\"\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Associations,_organizations,_and_interest_groups\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Associations,_organizations,_and_interest_groups<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:47.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 232 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","1eeb2eecdbf4b97c32746a8ad1d40768_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Final_thoughts_and_additional_resources_Associations_organizations_and_interest_groups rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Final_thoughts_and_additional_resources_Associations_organizations_and_interest_groups skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Final thoughts and additional resources\/Associations, organizations, and interest groups<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><h3><span id=\"rdp-ebb-7.3_Associations,_organizations,_and_interest_groups\"><\/span><span class=\"mw-headline\" id=\"7.3_Associations.2C_organizations.2C_and_interest_groups\">7.3 Associations, organizations, and interest groups<\/span><\/h3>\n<ul><li><a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.cloudcomputingassn.org\/\" target=\"_blank\">Cloud Computing Association<\/a>: \"an independent membership organization dedicated to building a community of end-users and service providers of cloud-based solutions and products\"<\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudindustryforum.org\/content\/about-cloud-industry-forum\" target=\"_blank\">Cloud Industry Forum<\/a>: a not-for-profit company that \"champions and advocates the adoption and use of cloud-based services by businesses\"<\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloudsecurityalliance.org\/\" target=\"_blank\">Cloud Security Alliance<\/a>: an \"organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment\"<\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/internetassociation.org\/contact\/\" target=\"_blank\">Internet Association<\/a>: a \"trade association that exclusively represents leading global internet companies on matters of public policy\"<\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.legalcloudcomputingassociation.org\/\" target=\"_blank\">Legal Cloud Computing Association<\/a>: an association that \"collaborates with Bar Associations and Law Societies to define industry-leading best practices\"<\/li>\n<li><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.servicessociety.org\/sigcloud\" target=\"_blank\">SIG-CLOUD<\/a>: a special interest group of the Services Society that \"promotes creative thinking, long-term visions, and innovative methodologies to respond to the emerging cloud computing technologies and applications\"<\/li><\/ul>\n<!-- \nNewPP limit report\nCached time: 20230816205959\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.004 seconds\nReal time usage: 0.005 seconds\nPreprocessor visited node count: 4\/1000000\nPost\u2010expand include size: 1348\/2097152 bytes\nTemplate argument size: 0\/2097152 bytes\nHighest expansion depth: 3\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 0\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 2.407 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Associations,_organizations,_and_interest_groups\n100.00% 2.407 1 -total\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13057-0!canonical and timestamp 20230816205959 and revision id 46407. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Associations,_organizations,_and_interest_groups\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Associations,_organizations,_and_interest_groups<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","1eeb2eecdbf4b97c32746a8ad1d40768_images":[],"1eeb2eecdbf4b97c32746a8ad1d40768_timestamp":1692220360,"c7d3e391ad370ee11ef8ace6bb205f75_type":"article","c7d3e391ad370ee11ef8ace6bb205f75_title":"7.2 Key reading and reference material","c7d3e391ad370ee11ef8ace6bb205f75_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material","c7d3e391ad370ee11ef8ace6bb205f75_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Final thoughts and additional resources\/Key reading and reference materialFrom LIMSWikiJump to navigationJump to search7.2 Key reading and reference material \nKey reading:\n\nAgilent Technologies (21 February 2019). \"Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps\" (PDF). Agilent Technologies. https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf .   \nanjalibo6rb0 (27 January 2023). \"Vendor Lock-in in Cloud Computing\". Geeks for Geeks. https:\/\/www.geeksforgeeks.org\/vendor-lock-in-in-cloud-computing\/ .   \nCloud Security Alliance (6 August 2019). \"Top Threats to Cloud Computing: The Egregious 11\" (PDF). https:\/\/cloudsecurityalliance.org\/artifacts\/top-threats-to-cloud-computing-egregious-eleven\/ .   \nEustice, J.C. (2018). \"Understand the intersection between data privacy laws and cloud computing\". Legal Technology, Products, and Services. Thomson Reuters. https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing .   \nInCountry Staff (18 November 2021). \"Data residency laws by country: An overview\". InCountry. https:\/\/incountry.com\/blog\/data-residency-laws-by-country-overview\/ .   \nJones, E. (11 August 2023). \"A Comprehensive Guide to Cloud Security in 2023 (Risks, Best Practices, Certifications)\". Kinsta. https:\/\/kinsta.com\/blog\/cloud-security\/ .   \nKirvan, P. (17 December 2020). \"Top cloud compliance standards and how to use them\". TechTarget SearchCompliance. Archived from the original on 21 December 2020. https:\/\/web.archive.org\/web\/20201221150028\/https:\/\/searchcompliance.techtarget.com\/tip\/Top-cloud-compliance-standards-and-how-to-use-them .   \nLevite, A.; Kalwani, G. (9 November 2020). \"Cloud Governance Challenges: A Survey of Policy and Regulatory Issues\". Carnegie Endowment for International Peace. https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124 .   \nMaurer, T.; Hinck, G. (31 August 2020). \"Cloud Security: A Primer for Policymakers\". Carnegie Endowment for International Peace. https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597 .   \nOlavsrud, T. (13 April 2012). \"Why Open Source Is the Key to Cloud Innovation\". CIO. https:\/\/www.cio.com\/article\/284247\/software-as-a-service-why-open-source-is-the-key-to-cloud-innovation.html .   \nPratt, M.K. (14 December 2020). \"Building stronger multicloud security: 3 key elements\". CSO. https:\/\/www.csoonline.com\/article\/569951\/building-stronger-multicloud-security-3-key-elements.html .   \nRamalingam, C.; Mohan, P. (2021). \"Addressing Semantics Standards for Cloud Portability and Interoperability in Multi Cloud Environment\". Symmetry 13: 317. doi:10.3390\/sym13020317.   \nTiller, D. (2019). \"Is the Cloud a Safe Place for Your Data?: How Life Science Organizations Can Ensure Integrity and Security in a SaaS Environment\" (PDF). IDBS. Archived from the original on 08 March 2021. https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf .   \nTrianz (29 May 2022). \"How Managed Cloud Security Works, and Why You Might Want It\". https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works .   \nWojan, T.R.; National Center for Science and Engineering Statistics (25 August 2022). \"Digitalization, Cloud Computing, and Innovation in U.S. Businesses\". National Science Foundation. https:\/\/ncses.nsf.gov\/pubs\/ncses22213 .   \n\r\n\nReference material:\n\nAO Kaspersky Lab (2023). \"What is Cloud Security?\". Resource Center. https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security .   \nCenter for Internet Security (2021). \"The Beginner\u2019s Guide to Secure Cloud Configurations\". CIS Blog. https:\/\/www.cisecurity.org\/insights\/blog\/secure-cloud-products-and-services-with-new-cis-benchmarks .   \nKearns, D.K. (13 January 2018). \"Planning & Management Methods for Migration to a Cloud Environment\". The MITRE Corporation. https:\/\/www.mitre.org\/news-insights\/publication\/planning-management-methods-migration-cloud-environment .   \nOffice for Civil Rights (23 December 2022). \"Guidance on HIPAA & Cloud Computing\". Health Information Privacy. U.S. Department of Health & Human Services. https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html .   \nSouppaya, M.; Morello, J.; Scarfone, K. (September 2017). \"SP 800-190 Application Container Security Guide\". NIST. https:\/\/csrc.nist.gov\/pubs\/sp\/800\/190\/final .   \nThe Linux Foundation (12 July 2023). \"Kubernetes Documentation\". https:\/\/kubernetes.io\/docs\/home\/ .   \n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:46.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 276 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","c7d3e391ad370ee11ef8ace6bb205f75_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Final_thoughts_and_additional_resources_Key_reading_and_reference_material rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Final_thoughts_and_additional_resources_Key_reading_and_reference_material skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Final thoughts and additional resources\/Key reading and reference material<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><h3><span class=\"mw-headline\" id=\"7.2_Key_reading_and_reference_material\">7.2 Key reading and reference material<\/span><\/h3>\n<p><b>Key reading<\/b>:\n<\/p>\n<ul><li><span class=\"citation web\">Agilent Technologies (21 February 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf\" target=\"_blank\">\"Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps\"<\/a> (PDF). Agilent Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf\" target=\"_blank\">https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Adoption+for+Lab+Informatics%3A+Trends%2C+Opportunities%2C+Considerations%2C+Next+Steps&rft.atitle=&rft.aulast=Agilent+Technologies&rft.au=Agilent+Technologies&rft.date=21+February+2019&rft.pub=Agilent+Technologies&rft_id=https%3A%2F%2Fwww.agilent.com%2Fcs%2Flibrary%2Fwhitepaper%2Fpublic%2Fwhitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">anjalibo6rb0 (27 January 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.geeksforgeeks.org\/vendor-lock-in-in-cloud-computing\/\" target=\"_blank\">\"Vendor Lock-in in Cloud Computing\"<\/a>. <i>Geeks for Geeks<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.geeksforgeeks.org\/vendor-lock-in-in-cloud-computing\/\" target=\"_blank\">https:\/\/www.geeksforgeeks.org\/vendor-lock-in-in-cloud-computing\/<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Vendor+Lock-in+in+Cloud+Computing&rft.atitle=Geeks+for+Geeks&rft.aulast=anjalibo6rb0&rft.au=anjalibo6rb0&rft.date=27+January+2023&rft_id=https%3A%2F%2Fwww.geeksforgeeks.org%2Fvendor-lock-in-in-cloud-computing%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Cloud Security Alliance (6 August 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/top-threats-to-cloud-computing-egregious-eleven\/\" target=\"_blank\">\"Top Threats to Cloud Computing: The Egregious 11\"<\/a> (PDF)<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/top-threats-to-cloud-computing-egregious-eleven\/\" target=\"_blank\">https:\/\/cloudsecurityalliance.org\/artifacts\/top-threats-to-cloud-computing-egregious-eleven\/<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+Threats+to+Cloud+Computing%3A+The+Egregious+11&rft.atitle=&rft.aulast=Cloud+Security+Alliance&rft.au=Cloud+Security+Alliance&rft.date=6+August+2019&rft_id=https%3A%2F%2Fcloudsecurityalliance.org%2Fartifacts%2Ftop-threats-to-cloud-computing-egregious-eleven%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Eustice, J.C. (2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">\"Understand the intersection between data privacy laws and cloud computing\"<\/a>. <i>Legal Technology, Products, and Services<\/i>. Thomson Reuters<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Understand+the+intersection+between+data+privacy+laws+and+cloud+computing&rft.atitle=Legal+Technology%2C+Products%2C+and+Services&rft.aulast=Eustice%2C+J.C.&rft.au=Eustice%2C+J.C.&rft.date=2018&rft.pub=Thomson+Reuters&rft_id=https%3A%2F%2Flegal.thomsonreuters.com%2Fen%2Finsights%2Farticles%2Funderstanding-data-privacy-and-cloud-computing&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">InCountry Staff (18 November 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/incountry.com\/blog\/data-residency-laws-by-country-overview\/\" target=\"_blank\">\"Data residency laws by country: An overview\"<\/a>. <i>InCountry<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/incountry.com\/blog\/data-residency-laws-by-country-overview\/\" target=\"_blank\">https:\/\/incountry.com\/blog\/data-residency-laws-by-country-overview\/<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+residency+laws+by+country%3A+An+overview&rft.atitle=InCountry&rft.aulast=InCountry+Staff&rft.au=InCountry+Staff&rft.date=18+November+2021&rft_id=https%3A%2F%2Fincountry.com%2Fblog%2Fdata-residency-laws-by-country-overview%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Jones, E. (11 August 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/kinsta.com\/blog\/cloud-security\/\" target=\"_blank\">\"A Comprehensive Guide to Cloud Security in 2023 (Risks, Best Practices, Certifications)\"<\/a>. <i>Kinsta<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/kinsta.com\/blog\/cloud-security\/\" target=\"_blank\">https:\/\/kinsta.com\/blog\/cloud-security\/<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=A+Comprehensive+Guide+to+Cloud+Security+in+2023+%28Risks%2C+Best+Practices%2C+Certifications%29&rft.atitle=Kinsta&rft.aulast=Jones%2C+E.&rft.au=Jones%2C+E.&rft.date=11+August+2023&rft_id=https%3A%2F%2Fkinsta.com%2Fblog%2Fcloud-security%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Kirvan, P. (17 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201221150028\/https:\/\/searchcompliance.techtarget.com\/tip\/Top-cloud-compliance-standards-and-how-to-use-them\" target=\"_blank\">\"Top cloud compliance standards and how to use them\"<\/a>. <i>TechTarget SearchCompliance<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/searchcompliance.techtarget.com\/tip\/Top-cloud-compliance-standards-and-how-to-use-them\" target=\"_blank\">the original<\/a> on 21 December 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20201221150028\/https:\/\/searchcompliance.techtarget.com\/tip\/Top-cloud-compliance-standards-and-how-to-use-them\" target=\"_blank\">https:\/\/web.archive.org\/web\/20201221150028\/https:\/\/searchcompliance.techtarget.com\/tip\/Top-cloud-compliance-standards-and-how-to-use-them<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+cloud+compliance+standards+and+how+to+use+them&rft.atitle=TechTarget+SearchCompliance&rft.aulast=Kirvan%2C+P.&rft.au=Kirvan%2C+P.&rft.date=17+December+2020&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20201221150028%2Fhttps%3A%2F%2Fsearchcompliance.techtarget.com%2Ftip%2FTop-cloud-compliance-standards-and-how-to-use-them&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Levite, A.; Kalwani, G. (9 November 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124\" target=\"_blank\">\"Cloud Governance Challenges: A Survey of Policy and Regulatory Issues\"<\/a>. Carnegie Endowment for International Peace<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124\" target=\"_blank\">https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Governance+Challenges%3A+A+Survey+of+Policy+and+Regulatory+Issues&rft.atitle=&rft.aulast=Levite%2C+A.%3B+Kalwani%2C+G.&rft.au=Levite%2C+A.%3B+Kalwani%2C+G.&rft.date=9+November+2020&rft.pub=Carnegie+Endowment+for+International+Peace&rft_id=https%3A%2F%2Fcarnegieendowment.org%2F2020%2F11%2F09%2Fcloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Maurer, T.; Hinck, G. (31 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">\"Cloud Security: A Primer for Policymakers\"<\/a>. Carnegie Endowment for International Peace<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Security%3A+A+Primer+for+Policymakers&rft.atitle=&rft.aulast=Maurer%2C+T.%3B+Hinck%2C+G.&rft.au=Maurer%2C+T.%3B+Hinck%2C+G.&rft.date=31+August+2020&rft.pub=Carnegie+Endowment+for+International+Peace&rft_id=https%3A%2F%2Fcarnegieendowment.org%2F2020%2F08%2F31%2Fcloud-security-primer-for-policymakers-pub-82597&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Olavsrud, T. (13 April 2012). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cio.com\/article\/284247\/software-as-a-service-why-open-source-is-the-key-to-cloud-innovation.html\" target=\"_blank\">\"Why Open Source Is the Key to Cloud Innovation\"<\/a>. <i>CIO<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cio.com\/article\/284247\/software-as-a-service-why-open-source-is-the-key-to-cloud-innovation.html\" target=\"_blank\">https:\/\/www.cio.com\/article\/284247\/software-as-a-service-why-open-source-is-the-key-to-cloud-innovation.html<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Why+Open+Source+Is+the+Key+to+Cloud+Innovation&rft.atitle=CIO&rft.aulast=Olavsrud%2C+T.&rft.au=Olavsrud%2C+T.&rft.date=13+April+2012&rft_id=https%3A%2F%2Fwww.cio.com%2Farticle%2F284247%2Fsoftware-as-a-service-why-open-source-is-the-key-to-cloud-innovation.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Pratt, M.K. (14 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.csoonline.com\/article\/569951\/building-stronger-multicloud-security-3-key-elements.html\" target=\"_blank\">\"Building stronger multicloud security: 3 key elements\"<\/a>. <i>CSO<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.csoonline.com\/article\/569951\/building-stronger-multicloud-security-3-key-elements.html\" target=\"_blank\">https:\/\/www.csoonline.com\/article\/569951\/building-stronger-multicloud-security-3-key-elements.html<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Building+stronger+multicloud+security%3A+3+key+elements&rft.atitle=CSO&rft.aulast=Pratt%2C+M.K.&rft.au=Pratt%2C+M.K.&rft.date=14+December+2020&rft_id=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F569951%2Fbuilding-stronger-multicloud-security-3-key-elements.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation Journal\">Ramalingam, C.; Mohan, P. (2021). \"Addressing Semantics Standards for Cloud Portability and Interoperability in Multi Cloud Environment\". <i>Symmetry<\/i> <b>13<\/b>: 317. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.3390%2Fsym13020317\" target=\"_blank\">10.3390\/sym13020317<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Addressing+Semantics+Standards+for+Cloud+Portability+and+Interoperability+in+Multi+Cloud+Environment&rft.jtitle=Symmetry&rft.aulast=Ramalingam%2C+C.%3B+Mohan%2C+P.&rft.au=Ramalingam%2C+C.%3B+Mohan%2C+P.&rft.date=2021&rft.volume=13&rft.pages=317&rft_id=info:doi\/10.3390%2Fsym13020317&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Tiller, D. (2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf\" target=\"_blank\">\"Is the Cloud a Safe Place for Your Data?: How Life Science Organizations Can Ensure Integrity and Security in a SaaS Environment\"<\/a> (PDF). IDBS. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf\" target=\"_blank\">the original<\/a> on 08 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Is+the+Cloud+a+Safe+Place+for+Your+Data%3F%3A+How+Life+Science+Organizations+Can+Ensure+Integrity+and+Security+in+a+SaaS+Environment&rft.atitle=&rft.aulast=Tiller%2C+D.&rft.au=Tiller%2C+D.&rft.date=2019&rft.pub=IDBS&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210308231558%2Fhttps%3A%2F%2Fstorage.pardot.com%2F468401%2F1614781936jHqdU6H6%2FWhitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Trianz (29 May 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works\" target=\"_blank\">\"How Managed Cloud Security Works, and Why You Might Want It\"<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works\" target=\"_blank\">https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+Managed+Cloud+Security+Works%2C+and+Why+You+Might+Want+It&rft.atitle=&rft.aulast=Trianz&rft.au=Trianz&rft.date=29+May+2022&rft_id=https%3A%2F%2Fwww.trianz.com%2Finsights%2Fmanaged-cloud-security-services-how-and-why-it-works&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Wojan, T.R.; National Center for Science and Engineering Statistics (25 August 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/ncses.nsf.gov\/pubs\/ncses22213\" target=\"_blank\">\"Digitalization, Cloud Computing, and Innovation in U.S. Businesses\"<\/a>. National Science Foundation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/ncses.nsf.gov\/pubs\/ncses22213\" target=\"_blank\">https:\/\/ncses.nsf.gov\/pubs\/ncses22213<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Digitalization%2C+Cloud+Computing%2C+and+Innovation+in+U.S.+Businesses&rft.atitle=&rft.aulast=Wojan%2C+T.R.%3B+National+Center+for+Science+and+Engineering+Statistics&rft.au=Wojan%2C+T.R.%3B+National+Center+for+Science+and+Engineering+Statistics&rft.date=25+August+2022&rft.pub=National+Science+Foundation&rft_id=https%3A%2F%2Fncses.nsf.gov%2Fpubs%2Fncses22213&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<p><br \/>\n<b>Reference material<\/b>:\n<\/p>\n<ul><li><span class=\"citation web\">AO Kaspersky Lab (2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security\" target=\"_blank\">\"What is Cloud Security?\"<\/a>. <i>Resource Center<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security\" target=\"_blank\">https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Cloud+Security%3F&rft.atitle=Resource+Center&rft.aulast=AO+Kaspersky+Lab&rft.au=AO+Kaspersky+Lab&rft.date=2023&rft_id=https%3A%2F%2Fusa.kaspersky.com%2Fresource-center%2Fdefinitions%2Fwhat-is-cloud-security&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Center for Internet Security (2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisecurity.org\/insights\/blog\/secure-cloud-products-and-services-with-new-cis-benchmarks\" target=\"_blank\">\"The Beginner\u2019s Guide to Secure Cloud Configurations\"<\/a>. <i>CIS Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cisecurity.org\/insights\/blog\/secure-cloud-products-and-services-with-new-cis-benchmarks\" target=\"_blank\">https:\/\/www.cisecurity.org\/insights\/blog\/secure-cloud-products-and-services-with-new-cis-benchmarks<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+Beginner%E2%80%99s+Guide+to+Secure+Cloud+Configurations&rft.atitle=CIS+Blog&rft.aulast=Center+for+Internet+Security&rft.au=Center+for+Internet+Security&rft.date=2021&rft_id=https%3A%2F%2Fwww.cisecurity.org%2Finsights%2Fblog%2Fsecure-cloud-products-and-services-with-new-cis-benchmarks&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Kearns, D.K. (13 January 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mitre.org\/news-insights\/publication\/planning-management-methods-migration-cloud-environment\" target=\"_blank\">\"Planning & Management Methods for Migration to a Cloud Environment\"<\/a>. The MITRE Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.mitre.org\/news-insights\/publication\/planning-management-methods-migration-cloud-environment\" target=\"_blank\">https:\/\/www.mitre.org\/news-insights\/publication\/planning-management-methods-migration-cloud-environment<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Planning+%26+Management+Methods+for+Migration+to+a+Cloud+Environment&rft.atitle=&rft.aulast=Kearns%2C+D.K.&rft.au=Kearns%2C+D.K.&rft.date=13+January+2018&rft.pub=The+MITRE+Corporation&rft_id=https%3A%2F%2Fwww.mitre.org%2Fnews-insights%2Fpublication%2Fplanning-management-methods-migration-cloud-environment&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Office for Civil Rights (23 December 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html\" target=\"_blank\">\"Guidance on HIPAA & Cloud Computing\"<\/a>. <i>Health Information Privacy<\/i>. U.S. Department of Health & Human Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html\" target=\"_blank\">https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Guidance+on+HIPAA+%26+Cloud+Computing&rft.atitle=Health+Information+Privacy&rft.aulast=Office+for+Civil+Rights&rft.au=Office+for+Civil+Rights&rft.date=23+December+2022&rft.pub=U.S.+Department+of+Health+%26+Human+Services&rft_id=https%3A%2F%2Fwww.hhs.gov%2Fhipaa%2Ffor-professionals%2Fspecial-topics%2Fhealth-information-technology%2Fcloud-computing%2Findex.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">Souppaya, M.; Morello, J.; Scarfone, K. (September 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/190\/final\" target=\"_blank\">\"SP 800-190 <i>Application Container Security Guide<\/i>\"<\/a>. NIST<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/190\/final\" target=\"_blank\">https:\/\/csrc.nist.gov\/pubs\/sp\/800\/190\/final<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SP+800-190+%27%27Application+Container+Security+Guide%27%27&rft.atitle=&rft.aulast=Souppaya%2C+M.%3B+Morello%2C+J.%3B+Scarfone%2C+K.&rft.au=Souppaya%2C+M.%3B+Morello%2C+J.%3B+Scarfone%2C+K.&rft.date=September+2017&rft.pub=NIST&rft_id=https%3A%2F%2Fcsrc.nist.gov%2Fpubs%2Fsp%2F800%2F190%2Ffinal&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n<ul><li><span class=\"citation web\">The Linux Foundation (12 July 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/kubernetes.io\/docs\/home\/\" target=\"_blank\">\"Kubernetes Documentation\"<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/kubernetes.io\/docs\/home\/\" target=\"_blank\">https:\/\/kubernetes.io\/docs\/home\/<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Kubernetes+Documentation&rft.atitle=&rft.aulast=The+Linux+Foundation&rft.au=The+Linux+Foundation&rft.date=12+July+2023&rft_id=https%3A%2F%2Fkubernetes.io%2Fdocs%2Fhome%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\"><span style=\"display: none;\"> <\/span><\/span><\/li><\/ul>\n\n<!-- \nNewPP limit report\nCached time: 20230816205959\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.183 seconds\nReal time usage: 0.192 seconds\nPreprocessor visited node count: 14595\/1000000\nPost\u2010expand include size: 125122\/2097152 bytes\nTemplate argument size: 43529\/2097152 bytes\nHighest expansion depth: 17\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 21\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 178.965 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\n100.00% 178.965 1 -total\n 88.40% 158.205 21 Template:Citation\/core\n 86.04% 153.974 20 Template:Cite_web\n 18.40% 32.930 20 Template:Date\n 10.30% 18.428 1 Template:Cite_journal\n 5.30% 9.492 33 Template:Citation\/make_link\n 4.60% 8.227 1 Template:Citation\/identifier\n 1.38% 2.464 2 Template:Hide_in_print\n 1.22% 2.184 1 Template:Only_in_print\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13056-0!canonical and timestamp 20230816205959 and revision id 46406. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","c7d3e391ad370ee11ef8ace6bb205f75_images":[],"c7d3e391ad370ee11ef8ace6bb205f75_timestamp":1692220360,"e7e8242bf570be61f5e6832d83935ad5_type":"article","e7e8242bf570be61f5e6832d83935ad5_title":"7.1 Final thoughts","e7e8242bf570be61f5e6832d83935ad5_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Final_thoughts","e7e8242bf570be61f5e6832d83935ad5_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Final thoughts and additional resources\/Final thoughtsFrom LIMSWikiJump to navigationJump to search-----Return to the beginning of this guide-----\n7. Final thoughts and additional resources \n7.1 Final thoughts \nThe cloud is about how you do computing, not where you do computing.\r\n \r\n- Paul Maritz, former CEO of VMware\nThis quote from Paul Maritz has been floating around for some time, but how relevant is it today? The first chapter of this guide examined what cloud computing actually is and how it has changed since the mid-2000s. We've gone from talking about how to implement web services at the turn of the century to advanced cloud services that are going \"hybrid\" or \"serverless.\" Despite the massive shift in thinking, however, one aspect has always remained the same: you have to have internet access to use services provided on the web. In that sense, the \"where\" of the performed computing is important. In another sense, \"where\" matters, as we discovered in the second chapter on cloud standards, regulations, and security. Where the data is created and where it resides are important considerations for regulatory purposes, as are the methods used to secure the cloud, and who holds responsibility for them. \"Where\" is also a consideration when asking about your data in the cloud. Its location is relevant to not only risk assessments and risk management practices\u2014as described in the third chapter\u2014but also to where you do your work: the laboratory. In the fourth chapter we discussed how a laboratory and its unique workflows, industries services, and affecting regulations shape decisions on cloud projects, while also addressing the benefits and drawbacks. In the fifth, we explained the concept of managed security services, which further abstracted the \u201chow\u201d and \u201cwhere\u201d of computing via the third party, who manages the security of your cloud and on-premises solutions remotely! And in the sixth chapter, we distilled much of the previous chapters down into how a laboratory chooses and implements one or more cloud solutions. Even there, \"where\" comes into play, as you ask the cloud service provider where their servers are located and where your data will be stored, while you ask yourself \"where\" you envision your lab with cloud computing solutions in the future.\nWhen considering all this, however, Maritz was only partially off. There are many \"wheres\" to choosing and implementing a cloud-based service for your laboratory, including where you do your computing from, and even where your security is managed from. But cloud computing is certainly more about \u201chow\u201d you do computing in your laboratory. Cloud computing has proven to be at least a partially disruptive force over the years, changing organizations' IT departments, security planning, budgeting, and many other aspects, often for the better, though with its own complications. Laboratories can now host laboratory information management systems (LIMS) and electronic laboratory notebooks (ELNs) in the cloud and use infrastructure as a service (IaaS) to host serverless code that triggers when a cloud-connected instrument takes a reading and uploads the data. Laboratory users can now pull up information about not only automated lab procedures but also the security status of the equipment managing those procedures using a tablet while parked in the grocery store parking lot. Environmental sensors in Alaska can send data to a software as a service (SaaS) application hosted in Europe for processing, and then be accessed by an authorized user in Australia. Yes, the where of it all is related, but ultimately how the laboratory computes has now been changed with cloud computing.\nThat doesn't mean there are fewer considerations and complications with a shift to the cloud. The laboratory should approach any migration to or addition of cloud services with assertive yet balanced project planning that takes into account organizational goals, management buy-in, necessary stakeholders, scope and responsibility, existing IT and data structures, risk management and regulatory considerations, budgeting and IT requirements, provider vetting, training, maintenance, and security monitoring. Vetting providers and their services can be particularly time-consuming, but it remains a critical component of any cloud-based move in your lab. Given all these complications, laboratories shouldn't be afraid to seek additional help from knowledgeable consultants and managed security service providers with experience implementing and securing cloud services in laboratories, particularly when in-house expertise is lacking.\nHopefully this guide has been a boon to understanding cloud computing and all the considerations that come with it. Laboratories have much to consider when moving to or adding to their position in the cloud. The fact that you've made it through this document is a strong testament to your desire to ensure the success of a cloud project for your lab going forward. Good fortunes to you and your organization going forward.\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Final_thoughts\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Final_thoughts<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:46.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 255 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","e7e8242bf570be61f5e6832d83935ad5_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Final_thoughts_and_additional_resources_Final_thoughts rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Final_thoughts_and_additional_resources_Final_thoughts skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Final thoughts and additional resources\/Final thoughts<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><div align=\"center\">-----Return to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction\" class=\"wiki-link\" data-key=\"a5122d160da552b7fab8ca62d4bc6155\">the beginning<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"7._Final_thoughts_and_additional_resources\">7. Final thoughts and additional resources<\/span><\/h2>\n<h3><span class=\"mw-headline\" id=\"7.1_Final_thoughts\">7.1 Final thoughts<\/span><\/h3>\n<blockquote><p>The cloud is about how you do computing, not where you do computing.<br \/> <br \/>- Paul Maritz, former CEO of VMware<\/p><\/blockquote>\n<p>This quote from Paul Maritz has been floating around for some time, but how relevant is it today? The first chapter of this guide examined what <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> actually is and how it has changed since the mid-2000s. We've gone from talking about how to implement web services at the turn of the century to advanced cloud services that are going \"hybrid\" or \"serverless.\" Despite the massive shift in thinking, however, one aspect has always remained the same: you have to have internet access to use services provided on the web. In that sense, the \"where\" of the performed computing is important. In another sense, \"where\" matters, as we discovered in the second chapter on cloud standards, regulations, and security. Where the data is created and where it resides are important considerations for regulatory purposes, as are the methods used to secure the cloud, and who holds responsibility for them. \"Where\" is also a consideration when asking about your data in the cloud. Its location is relevant to not only risk assessments and <a href=\"https:\/\/www.limswiki.org\/index.php\/Risk_management\" title=\"Risk management\" class=\"wiki-link\" data-key=\"ecfbfb2550c23f053bd1aa0d9ea63e4e\">risk management<\/a> practices\u2014as described in the third chapter\u2014but also to where you do your work: the laboratory. In the fourth chapter we discussed how a laboratory and its unique <a href=\"https:\/\/www.limswiki.org\/index.php\/Workflow\" title=\"Workflow\" class=\"wiki-link\" data-key=\"92bd8748272e20d891008dcb8243e8a8\">workflows<\/a>, industries services, and affecting regulations shape decisions on cloud projects, while also addressing the benefits and drawbacks. In the fifth, we explained the concept of managed security services, which further abstracted the \u201chow\u201d and \u201cwhere\u201d of computing via the third party, who manages the security of your cloud and on-premises solutions remotely! And in the sixth chapter, we distilled much of the previous chapters down into how a <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratory<\/a> chooses and implements one or more cloud solutions. Even there, \"where\" comes into play, as you ask the cloud service provider where their servers are located and where your data will be stored, while you ask yourself \"where\" you envision your lab with cloud computing solutions in the future.\n<\/p><p>When considering all this, however, Maritz was only partially off. There are many \"wheres\" to choosing and implementing a cloud-based service for your laboratory, including where you do your computing from, and even where your security is managed from. But cloud computing is certainly more about \u201chow\u201d you do computing in your laboratory. Cloud computing has proven to be at least a partially disruptive force over the years, changing organizations' IT departments, security planning, budgeting, and many other aspects, often for the better, though with its own complications. Laboratories can now host <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory_information_management_system\" title=\"Laboratory information management system\" class=\"wiki-link\" data-key=\"8ff56a51d34c9b1806fcebdcde634d00\">laboratory information management systems<\/a> (LIMS) and <a href=\"https:\/\/www.limswiki.org\/index.php\/Electronic_laboratory_notebook\" title=\"Electronic laboratory notebook\" class=\"wiki-link\" data-key=\"a9fbbd5e0807980106763fab31f1e72f\">electronic laboratory notebooks<\/a> (ELNs) in the cloud and use <a href=\"https:\/\/www.limswiki.org\/index.php\/Infrastructure_as_a_service\" title=\"Infrastructure as a service\" class=\"wiki-link\" data-key=\"70b93c66f23363688d45f0d354e5c032\">infrastructure as a service<\/a> (IaaS) to host serverless code that triggers when a cloud-connected instrument takes a reading and uploads the data. Laboratory users can now pull up information about not only automated lab procedures but also the security status of the equipment managing those procedures using a tablet while parked in the grocery store parking lot. Environmental sensors in Alaska can send data to a <a href=\"https:\/\/www.limswiki.org\/index.php\/Software_as_a_service\" title=\"Software as a service\" class=\"wiki-link\" data-key=\"ae8c8a7cd5ee1a264f4f0bbd4a4caedd\">software as a service<\/a> (SaaS) application hosted in Europe for processing, and then be accessed by an authorized user in Australia. Yes, the where of it all is related, but ultimately how the laboratory computes has now been changed with cloud computing.\n<\/p><p>That doesn't mean there are fewer considerations and complications with a shift to the cloud. The laboratory should approach any migration to or addition of cloud services with assertive yet balanced project planning that takes into account organizational goals, management buy-in, necessary stakeholders, scope and responsibility, existing IT and data structures, risk management and regulatory considerations, budgeting and IT requirements, provider vetting, training, maintenance, and security monitoring. Vetting providers and their services can be particularly time-consuming, but it remains a critical component of any cloud-based move in your lab. Given all these complications, laboratories shouldn't be afraid to seek additional help from knowledgeable consultants and managed security service providers with experience implementing and securing cloud services in laboratories, particularly when in-house expertise is lacking.\n<\/p><p>Hopefully this guide has been a boon to understanding cloud computing and all the considerations that come with it. Laboratories have much to consider when moving to or adding to their position in the cloud. The fact that you've made it through this document is a strong testament to your desire to ensure the success of a cloud project for your lab going forward. Good fortunes to you and your organization going forward.\n<\/p>\n<!-- \nNewPP limit report\nCached time: 20230816205959\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.006 seconds\nReal time usage: 0.009 seconds\nPreprocessor visited node count: 8\/1000000\nPost\u2010expand include size: 5035\/2097152 bytes\nTemplate argument size: 0\/2097152 bytes\nHighest expansion depth: 3\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 0\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 4.871 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Final_thoughts\n100.00% 4.871 1 -total\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13055-0!canonical and timestamp 20230816205959 and revision id 46405. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Final_thoughts\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Final_thoughts<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","e7e8242bf570be61f5e6832d83935ad5_images":[],"e7e8242bf570be61f5e6832d83935ad5_timestamp":1692220360,"dc2b0daa94b0a62bc61f28ac50252e2c_type":"article","dc2b0daa94b0a62bc61f28ac50252e2c_title":"6.4 What questions should be asked of a cloud provider?","dc2b0daa94b0a62bc61f28ac50252e2c_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F","dc2b0daa94b0a62bc61f28ac50252e2c_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Considerations when choosing and implementing a cloud solution\/What questions should be asked of a cloud provider?From LIMSWikiJump to navigationJump to searchContents \n\n1 6.4 What questions should be asked of a cloud provider? \n\n1.1 6.4.1 Using a request for information (RFI) process \n\n\n2 References \n3 Citation information for this chapter \n\n\n\n 6.4 What questions should be asked of a cloud provider? \nHere we provide a concise listing of 18 questions your organization should be asking any cloud providers being considered for your cloud project. (A broader list of questions is discussed in the next subsection about RFIs.) As part of the discovery phase of your formal cloud project, some of these questions may have been asked prior, but many of them will likely not have been addressed in prior discussions. Most of these questions have already been addressed in prior sections of this guide, but a \"shopping list\" is always handy, yes? Like the prior list, the ordering here means little, aside from perhaps an attempt at semi-logical progression from introduction to the provider to wrapping up agreements.[1][2][3][4][5][6]\n\nWhat experience do you have working with laboratory customers in our specific industry?\nCan your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?\nWhat is the average total historical downtime for the service(s) we're interested in?\nDo we receive comprehensive downtime support in the case of downtime?\nWhere are your servers located, and how is data securely transferred to and from those servers?\nWho will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?\nWill our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?\nHow segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)\nDo you have documented data security policies?\nHow do you test your platform's security?\nWhat are your policies for security audits, intrusion detection, and intrusion reporting?\nWhat data logging information is kept and acted upon in relation to our data?\nHow thorough are those logs and can we audit them on-demand?\nFor HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?\nWhat happens to our data should the contract expire or be terminated?\nWhat happens to our data should you go out of business or suffer a catastrophic event?\nCan we use your interface to extract our data when we want, and in what format will it be?\nAre your support services native or outsourced\/offshored?\n 6.4.1 Using a request for information (RFI) process \nWe've already talked about the RFI process in the previous chapter, so we won't rehash the specifics here. However, note that the 18 critical questions prior are also addressed, along with many others, in the cloud computing RFI questions posed in Appendix 3. Like the list of RFI questions to ask of MSSPs, the cloud computing RFI questions represent a thorough list of potential questions to ask of a cloud provider. Your lab will still want to keep any RFI derived from those questions succinct in order to get the most responses, keeping in mind that it doesn't need to address every question but rather have enough critical questions to narrow down your search to a few quality candidates. From there, you can return to the RFI questions and ask more pointed ones of those candidates you narrowed your list down to. \nThe format of the questions is the same as those found in the MSSP RFI, and there's even some crossover in several cases.\n\nReferences \n\n\n\u2191 Association of Public Health Laboratories (2017). \"Breaking Through the Cloud: A Laboratory Guide to Cloud Computing\" (PDF). Association of Public Health Laboratories. https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"A Helpful Guide to Cloud Computing in a Laboratory\". InterFocus Blog. InterFocus Ltd. 5 October 2020. https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Eustice, J.C. (2018). \"Understand the intersection between data privacy laws and cloud computing\". Legal Technology, Products, and Services. Thomson Reuters. https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing . Retrieved 28 July 2023 .   \n \n\n\u2191 Ward, S. (9 October 2019). \"Cloud Computing for the Laboratory: Using data in the cloud - What it means for data security\". Lab Manager. https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736 . Retrieved 28 July 2023 .   \n \n\n\u2191 LBMC (24 February 2021). \"Nine Due Diligence Questions to Ask Cloud Service Providers\". LBMC Blog. https:\/\/www.lbmc.com\/blog\/questions-cloud-service-providers\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Thomson Reuters (3 March 2021). \"Three questions you need to ask your cloud vendors\". Thomson Reuters Legal Blog. Archived from the original on 04 March 2021. https:\/\/web.archive.org\/web\/20210304141517\/https:\/\/legal.thomsonreuters.com\/blog\/3-questions-you-need-to-ask-your-cloud-vendors\/ . Retrieved 28 July 2023 .   \n \n\n\n\r\n\n\n-----Go to the next chapter of this guide-----\nCitation information for this chapter \nChapter: 6. Considerations when choosing and implementing a cloud solution\nTitle: Choosing and Implementing a Cloud-based Service for Your Laboratory\nEdition: Second edition\nAuthor for citation: Shawn E. Douglas\nLicense for content: Creative Commons Attribution-ShareAlike 4.0 International\nPublication date: August 2023\n\r\n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 16 August 2023, at 21:08.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 254 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","dc2b0daa94b0a62bc61f28ac50252e2c_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Considerations_when_choosing_and_implementing_a_cloud_solution_What_questions_should_be_asked_of_a_cloud_provider rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Considerations_when_choosing_and_implementing_a_cloud_solution_What_questions_should_be_asked_of_a_cloud_provider skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Considerations when choosing and implementing a cloud solution\/What questions should be asked of a cloud provider?<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n\n<h3><span id=\"rdp-ebb-6.4_What_questions_should_be_asked_of_a_cloud_provider?\"><\/span><span class=\"mw-headline\" id=\"6.4_What_questions_should_be_asked_of_a_cloud_provider.3F\">6.4 What questions should be asked of a cloud provider?<\/span><\/h3>\n<p>Here we provide a concise listing of 18 questions your organization should be asking any cloud providers being considered for your cloud project. (A broader list of questions is discussed in the next subsection about RFIs.) As part of the discovery phase of your formal cloud project, some of these questions may have been asked prior, but many of them will likely not have been addressed in prior discussions. Most of these questions have already been addressed in prior sections of this guide, but a \"shopping list\" is always handy, yes? Like the prior list, the ordering here means little, aside from perhaps an attempt at semi-logical progression from introduction to the provider to wrapping up agreements.<sup id=\"rdp-ebb-cite_ref-APHLBreaking17_1-0\" class=\"reference\"><a href=\"#cite_note-APHLBreaking17-1\">[1]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-IFAhelp20_2-0\" class=\"reference\"><a href=\"#cite_note-IFAhelp20-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-EusticeUnder18_3-0\" class=\"reference\"><a href=\"#cite_note-EusticeUnder18-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-WardCloud19_4-0\" class=\"reference\"><a href=\"#cite_note-WardCloud19-4\">[4]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-LBMCNine21_5-0\" class=\"reference\"><a href=\"#cite_note-LBMCNine21-5\">[5]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-TRThree21_6-0\" class=\"reference\"><a href=\"#cite_note-TRThree21-6\">[6]<\/a><\/sup>\n<\/p>\n<ol><li>What experience do you have working with laboratory customers in our specific industry?<\/li>\n<li>Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?<\/li>\n<li>What is the average total historical downtime for the service(s) we're interested in?<\/li>\n<li>Do we receive comprehensive downtime support in the case of downtime?<\/li>\n<li>Where are your servers located, and how is data securely transferred to and from those servers?<\/li>\n<li>Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?<\/li>\n<li>Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?<\/li>\n<li>How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)<\/li>\n<li>Do you have documented data security policies?<\/li>\n<li>How do you test your platform's security?<\/li>\n<li>What are your policies for security audits, intrusion detection, and intrusion reporting?<\/li>\n<li>What data logging information is kept and acted upon in relation to our data?<\/li>\n<li>How thorough are those logs and can we audit them on-demand?<\/li>\n<li>For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?<\/li>\n<li>What happens to our data should the contract expire or be terminated?<\/li>\n<li>What happens to our data should you go out of business or suffer a catastrophic event?<\/li>\n<li>Can we use your interface to extract our data when we want, and in what format will it be?<\/li>\n<li>Are your support services native or outsourced\/offshored?<\/li><\/ol>\n<h4><span id=\"rdp-ebb-6.4.1_Using_a_request_for_information_(RFI)_process\"><\/span><span class=\"mw-headline\" id=\"6.4.1_Using_a_request_for_information_.28RFI.29_process\">6.4.1 Using a request for information (RFI) process<\/span><\/h4>\n<p>We've already talked about the RFI process in the previous chapter, so we won't rehash the specifics here. However, note that the 18 critical questions prior are also addressed, along with many others, in the cloud computing RFI questions posed in Appendix 3. Like the list of RFI questions to ask of MSSPs, the cloud computing RFI questions represent a thorough list of potential questions to ask of a cloud provider. Your lab will still want to keep any RFI derived from those questions succinct in order to get the most responses, keeping in mind that it doesn't need to address every question but rather have enough critical questions to narrow down your search to a few quality candidates. From there, you can return to the RFI questions and ask more pointed ones of those candidates you narrowed your list down to. \n<\/p><p>The format of the questions is the same as those found in the MSSP RFI, and there's even some crossover in several cases.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-APHLBreaking17-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-APHLBreaking17_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Association of Public Health Laboratories (2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf\" target=\"_blank\">\"Breaking Through the Cloud: A Laboratory Guide to Cloud Computing\"<\/a> (PDF). Association of Public Health Laboratories<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf\" target=\"_blank\">https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Breaking+Through+the+Cloud%3A+A+Laboratory+Guide+to+Cloud+Computing&rft.atitle=&rft.aulast=Association+of+Public+Health+Laboratories&rft.au=Association+of+Public+Health+Laboratories&rft.date=2017&rft.pub=Association+of+Public+Health+Laboratories&rft_id=https%3A%2F%2Fwww.aphl.org%2FaboutAPHL%2Fpublications%2FDocuments%2FINFO-2017Jun-Cloud-Computing.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IFAhelp20-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IFAhelp20_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/\" target=\"_blank\">\"A Helpful Guide to Cloud Computing in a Laboratory\"<\/a>. <i>InterFocus Blog<\/i>. InterFocus Ltd. 5 October 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/\" target=\"_blank\">https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=A+Helpful+Guide+to+Cloud+Computing+in+a+Laboratory&rft.atitle=InterFocus+Blog&rft.date=5+October+2020&rft.pub=InterFocus+Ltd&rft_id=https%3A%2F%2Fwww.mynewlab.com%2Fblog%2Fa-helpful-guide-to-cloud-computing-in-a-laboratory%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EusticeUnder18-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-EusticeUnder18_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Eustice, J.C. (2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">\"Understand the intersection between data privacy laws and cloud computing\"<\/a>. <i>Legal Technology, Products, and Services<\/i>. Thomson Reuters<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Understand+the+intersection+between+data+privacy+laws+and+cloud+computing&rft.atitle=Legal+Technology%2C+Products%2C+and+Services&rft.aulast=Eustice%2C+J.C.&rft.au=Eustice%2C+J.C.&rft.date=2018&rft.pub=Thomson+Reuters&rft_id=https%3A%2F%2Flegal.thomsonreuters.com%2Fen%2Finsights%2Farticles%2Funderstanding-data-privacy-and-cloud-computing&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WardCloud19-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WardCloud19_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Ward, S. (9 October 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736\" target=\"_blank\">\"Cloud Computing for the Laboratory: Using data in the cloud - What it means for data security\"<\/a>. <i>Lab Manager<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736\" target=\"_blank\">https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Computing+for+the+Laboratory%3A+Using+data+in+the+cloud+-+What+it+means+for+data+security&rft.atitle=Lab+Manager&rft.aulast=Ward%2C+S.&rft.au=Ward%2C+S.&rft.date=9+October+2019&rft_id=https%3A%2F%2Fwww.labmanager.com%2Fcloud-computing-for-the-laboratory-736&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LBMCNine21-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LBMCNine21_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">LBMC (24 February 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.lbmc.com\/blog\/questions-cloud-service-providers\/\" target=\"_blank\">\"Nine Due Diligence Questions to Ask Cloud Service Providers\"<\/a>. <i>LBMC Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.lbmc.com\/blog\/questions-cloud-service-providers\/\" target=\"_blank\">https:\/\/www.lbmc.com\/blog\/questions-cloud-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Nine+Due+Diligence+Questions+to+Ask+Cloud+Service+Providers&rft.atitle=LBMC+Blog&rft.aulast=LBMC&rft.au=LBMC&rft.date=24+February+2021&rft_id=https%3A%2F%2Fwww.lbmc.com%2Fblog%2Fquestions-cloud-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TRThree21-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TRThree21_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Thomson Reuters (3 March 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210304141517\/https:\/\/legal.thomsonreuters.com\/blog\/3-questions-you-need-to-ask-your-cloud-vendors\/\" target=\"_blank\">\"Three questions you need to ask your cloud vendors\"<\/a>. <i>Thomson Reuters Legal Blog<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/legal.thomsonreuters.com\/blog\/3-questions-you-need-to-ask-your-cloud-vendors\/\" target=\"_blank\">the original<\/a> on 04 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210304141517\/https:\/\/legal.thomsonreuters.com\/blog\/3-questions-you-need-to-ask-your-cloud-vendors\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210304141517\/https:\/\/legal.thomsonreuters.com\/blog\/3-questions-you-need-to-ask-your-cloud-vendors\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Three+questions+you+need+to+ask+your+cloud+vendors&rft.atitle=Thomson+Reuters+Legal+Blog&rft.aulast=Thomson+Reuters&rft.au=Thomson+Reuters&rft.date=3+March+2021&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210304141517%2Fhttps%3A%2F%2Flegal.thomsonreuters.com%2Fblog%2F3-questions-you-need-to-ask-your-cloud-vendors%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<p><br \/>\n<\/p>\n<div align=\"center\">-----Go to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Final_thoughts\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Final thoughts and additional resources\/Final thoughts\" class=\"wiki-link\" data-key=\"e7e8242bf570be61f5e6832d83935ad5\">the next chapter<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"Citation_information_for_this_chapter\">Citation information for this chapter<\/span><\/h2>\n<p><b>Chapter<\/b>: 6. Considerations when choosing and implementing a cloud solution\n<\/p><p><b>Title<\/b>: <i>Choosing and Implementing a Cloud-based Service for Your Laboratory<\/i>\n<\/p><p><b>Edition<\/b>: Second edition\n<\/p><p><b>Author for citation<\/b>: Shawn E. Douglas\n<\/p><p><b>License for content<\/b>: <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/\" target=\"_blank\">Creative Commons Attribution-ShareAlike 4.0 International<\/a>\n<\/p><p><b>Publication date<\/b>: August 2023\n<\/p><p><br \/>\n<\/p>\n<!-- \nNewPP limit report\nCached time: 20230816210828\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.073 seconds\nReal time usage: 0.082 seconds\nPreprocessor visited node count: 4374\/1000000\nPost\u2010expand include size: 37422\/2097152 bytes\nTemplate argument size: 14350\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 10459\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 73.223 1 -total\n 89.33% 65.409 1 Template:Reflist\n 72.91% 53.389 6 Template:Cite_web\n 64.80% 47.451 6 Template:Citation\/core\n 17.17% 12.570 6 Template:Date\n 10.55% 7.726 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider?\n 6.69% 4.897 12 Template:Citation\/make_link\n 3.61% 2.642 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13054-0!canonical and timestamp 20230816210831 and revision id 52909. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","dc2b0daa94b0a62bc61f28ac50252e2c_images":[],"dc2b0daa94b0a62bc61f28ac50252e2c_timestamp":1692220360,"2596b5f01edfd87717eacea81b2b20db_type":"article","2596b5f01edfd87717eacea81b2b20db_title":"6.3 What questions should you ask yourself?","2596b5f01edfd87717eacea81b2b20db_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F","2596b5f01edfd87717eacea81b2b20db_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Considerations when choosing and implementing a cloud solution\/What questions should you ask yourself?From LIMSWikiJump to navigationJump to search 6.3 What questions should you ask yourself? \nHere we provide a concise listing of questions your organization should be asking internally at various steps of a cloud project. If you've followed a formal project management path, your lab may have asked many of these questions already during goal setting, scope setting, risk assessment, and requirement documentation. If so, fantastic; you have most of the answers. However, if prior cloud project management steps failed to address them, now is certainly the time, before you start your laboratory's provider research in earnest. While these questions are loosely ordered in a traditional project management path, their order is not significant otherwise. Just be sure your laboratory has considered or will be considering these questions.[1][2][3][4][5][6]\nWhat do we hope to achieve by transitioning operations to the cloud?\nWho among staff is best able to act as a go-between with the executive team in order to increase support for cloud adoption?\nHave we developed a comprehensive project plan with goals, objectives, benefits, etc. and how cloud computing factors into them?\nIf not, who can be trusted to develop and implement such a cloud computing plan for our lab, or the organization as a whole?\nDo we fully understand the regulations and accreditation requirements that drive security for our organization and its data?\nWhat proficiencies and skills do lab technicians and IT staff currently have in computing, and cloud computing in particular?\nHave we polled our users and relevant stakeholders about how they currently use existing computing services and access their data as part of their workflow? (For example, if internet access isn't readily available in the lab, this will have to change with cloud.)\nWhat kind of data are we putting in the cloud?\nHas anyone conducted an independent assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of health or other sensitive data and information stored in our systems?\nDo we fully understand the informatics strengths and gaps within our organization?\nDo we fully understand the risks associated with cloud computing and how to best mitigate them?\nAre we willing to take the time to compare the operational effectiveness, costs, risks, and security concerns of multiple cloud providers before we make a decision?\nHow bad can things go wrong if we (or the cloud provider) are attacked?\nWhat will we (and the cloud provider) do to proactively detect, prevent, and remediate security breaches?\nWhat will our back-up and protection mechanisms be to mitigate data loss due to fire or other catastrophic events both on-premises and in the cloud?\nReferences \n\n\n\u2191 Agilent Technologies (21 February 2019). \"Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps\" (PDF). Agilent Technologies. https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Association of Public Health Laboratories (2017). \"Breaking Through the Cloud: A Laboratory Guide to Cloud Computing\" (PDF). Association of Public Health Laboratories. https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"A Helpful Guide to Cloud Computing in a Laboratory\". InterFocus Blog. InterFocus Ltd. 5 October 2020. https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 O'Malley, K. (19 February 2021). \"Is Moving Operational Technology to the Cloud a Good Idea?\". SecurityRoundtable.org. https:\/\/www.securityroundtable.org\/is-moving-operational-technology-to-the-cloud-a-good-idea\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Eustice, J.C. (2018). \"Understand the intersection between data privacy laws and cloud computing\". Legal Technology, Products, and Services. Thomson Reuters. https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing . Retrieved 28 July 2023 .   \n \n\n\u2191 Donnelly, C. (8 April 2021). \"The OVHCloud fire: Assessing the after-effects on datacentre operators and cloud users\". ComputerWeekly. Archived from the original on 08 April 2021. https:\/\/web.archive.org\/web\/20210408103340\/https:\/\/www.computerweekly.com\/news\/252498983\/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:44.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 224 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","2596b5f01edfd87717eacea81b2b20db_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Considerations_when_choosing_and_implementing_a_cloud_solution_What_questions_should_you_ask_yourself rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Considerations_when_choosing_and_implementing_a_cloud_solution_What_questions_should_you_ask_yourself skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Considerations when choosing and implementing a cloud solution\/What questions should you ask yourself?<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><h3><span id=\"rdp-ebb-6.3_What_questions_should_you_ask_yourself?\"><\/span><span class=\"mw-headline\" id=\"6.3_What_questions_should_you_ask_yourself.3F\">6.3 What questions should you ask yourself?<\/span><\/h3>\n<div class=\"floatright\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Cloud_Computing_(6648686983).jpg\" class=\"image wiki-link\" data-key=\"71ee9f8aafb8a188b517bb6437ea4f5e\"><img alt=\"Cloud Computing (6648686983).jpg\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/5\/58\/Cloud_Computing_%286648686983%29.jpg\" decoding=\"async\" width=\"350\" height=\"248\" \/><\/a><\/div><p>Here we provide a concise listing of questions your organization should be asking internally at various steps of a cloud project. If you've followed a formal project management path, your lab may have asked many of these questions already during goal setting, scope setting, risk assessment, and requirement documentation. If so, fantastic; you have most of the answers. However, if prior cloud project management steps failed to address them, now is certainly the time, before you start your laboratory's provider research in earnest. While these questions are loosely ordered in a traditional project management path, their order is not significant otherwise. Just be sure your laboratory has considered or will be considering these questions.<sup id=\"rdp-ebb-cite_ref-AgilentCloud19_1-0\" class=\"reference\"><a href=\"#cite_note-AgilentCloud19-1\">[1]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-APHLBreaking17_2-0\" class=\"reference\"><a href=\"#cite_note-APHLBreaking17-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-IFAhelp20_3-0\" class=\"reference\"><a href=\"#cite_note-IFAhelp20-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-O.27MalleyIsMov21_4-0\" class=\"reference\"><a href=\"#cite_note-O.27MalleyIsMov21-4\">[4]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-EusticeUnder18_5-0\" class=\"reference\"><a href=\"#cite_note-EusticeUnder18-5\">[5]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-DonnellyTheOVH21_6-0\" class=\"reference\"><a href=\"#cite_note-DonnellyTheOVH21-6\">[6]<\/a><\/sup>\n<\/p><ol><li>What do we hope to achieve by transitioning operations to the cloud?<\/li>\n<li>Who among staff is best able to act as a go-between with the executive team in order to increase support for cloud adoption?<\/li>\n<li>Have we developed a comprehensive project plan with goals, objectives, benefits, etc. and how cloud computing factors into them?<\/li>\n<li>If not, who can be trusted to develop and implement such a cloud computing plan for our lab, or the organization as a whole?<\/li>\n<li>Do we fully understand the regulations and accreditation requirements that drive security for our organization and its data?<\/li>\n<li>What proficiencies and skills do lab technicians and IT staff currently have in computing, and cloud computing in particular?<\/li>\n<li>Have we polled our users and relevant stakeholders about how they currently use existing computing services and access their data as part of their workflow? (For example, if internet access isn't readily available in the lab, this will have to change with cloud.)<\/li>\n<li>What kind of data are we putting in the cloud?<\/li>\n<li>Has anyone conducted an independent assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of health or other sensitive data and information stored in our systems?<\/li>\n<li>Do we fully understand the <a href=\"https:\/\/www.limswiki.org\/index.php\/Informatics_(academic_field)\" title=\"Informatics (academic field)\" class=\"wiki-link\" data-key=\"0391318826a5d9f9a1a1bcc88394739f\">informatics<\/a> strengths and gaps within our organization?<\/li>\n<li>Do we fully understand the risks associated with cloud computing and how to best mitigate them?<\/li>\n<li>Are we willing to take the time to compare the operational effectiveness, costs, risks, and security concerns of multiple cloud providers before we make a decision?<\/li>\n<li>How bad can things go wrong if we (or the cloud provider) are attacked?<\/li>\n<li>What will we (and the cloud provider) do to proactively detect, prevent, and remediate security breaches?<\/li>\n<li>What will our back-up and protection mechanisms be to mitigate data loss due to fire or other catastrophic events both on-premises and in the cloud?<\/li><\/ol>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-AgilentCloud19-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AgilentCloud19_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Agilent Technologies (21 February 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf\" target=\"_blank\">\"Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps\"<\/a> (PDF). Agilent Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf\" target=\"_blank\">https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Adoption+for+Lab+Informatics%3A+Trends%2C+Opportunities%2C+Considerations%2C+Next+Steps&rft.atitle=&rft.aulast=Agilent+Technologies&rft.au=Agilent+Technologies&rft.date=21+February+2019&rft.pub=Agilent+Technologies&rft_id=https%3A%2F%2Fwww.agilent.com%2Fcs%2Flibrary%2Fwhitepaper%2Fpublic%2Fwhitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-APHLBreaking17-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-APHLBreaking17_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Association of Public Health Laboratories (2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf\" target=\"_blank\">\"Breaking Through the Cloud: A Laboratory Guide to Cloud Computing\"<\/a> (PDF). Association of Public Health Laboratories<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf\" target=\"_blank\">https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Breaking+Through+the+Cloud%3A+A+Laboratory+Guide+to+Cloud+Computing&rft.atitle=&rft.aulast=Association+of+Public+Health+Laboratories&rft.au=Association+of+Public+Health+Laboratories&rft.date=2017&rft.pub=Association+of+Public+Health+Laboratories&rft_id=https%3A%2F%2Fwww.aphl.org%2FaboutAPHL%2Fpublications%2FDocuments%2FINFO-2017Jun-Cloud-Computing.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IFAhelp20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IFAhelp20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/\" target=\"_blank\">\"A Helpful Guide to Cloud Computing in a Laboratory\"<\/a>. <i>InterFocus Blog<\/i>. InterFocus Ltd. 5 October 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/\" target=\"_blank\">https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=A+Helpful+Guide+to+Cloud+Computing+in+a+Laboratory&rft.atitle=InterFocus+Blog&rft.date=5+October+2020&rft.pub=InterFocus+Ltd&rft_id=https%3A%2F%2Fwww.mynewlab.com%2Fblog%2Fa-helpful-guide-to-cloud-computing-in-a-laboratory%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-O.27MalleyIsMov21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-O.27MalleyIsMov21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">O'Malley, K. (19 February 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.securityroundtable.org\/is-moving-operational-technology-to-the-cloud-a-good-idea\/\" target=\"_blank\">\"Is Moving Operational Technology to the Cloud a Good Idea?\"<\/a>. <i>SecurityRoundtable.org<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.securityroundtable.org\/is-moving-operational-technology-to-the-cloud-a-good-idea\/\" target=\"_blank\">https:\/\/www.securityroundtable.org\/is-moving-operational-technology-to-the-cloud-a-good-idea\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Is+Moving+Operational+Technology+to+the+Cloud+a+Good+Idea%3F&rft.atitle=SecurityRoundtable.org&rft.aulast=O%27Malley%2C+K.&rft.au=O%27Malley%2C+K.&rft.date=19+February+2021&rft_id=https%3A%2F%2Fwww.securityroundtable.org%2Fis-moving-operational-technology-to-the-cloud-a-good-idea%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EusticeUnder18-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-EusticeUnder18_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Eustice, J.C. (2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">\"Understand the intersection between data privacy laws and cloud computing\"<\/a>. <i>Legal Technology, Products, and Services<\/i>. Thomson Reuters<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Understand+the+intersection+between+data+privacy+laws+and+cloud+computing&rft.atitle=Legal+Technology%2C+Products%2C+and+Services&rft.aulast=Eustice%2C+J.C.&rft.au=Eustice%2C+J.C.&rft.date=2018&rft.pub=Thomson+Reuters&rft_id=https%3A%2F%2Flegal.thomsonreuters.com%2Fen%2Finsights%2Farticles%2Funderstanding-data-privacy-and-cloud-computing&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DonnellyTheOVH21-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DonnellyTheOVH21_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Donnelly, C. (8 April 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210408103340\/https:\/\/www.computerweekly.com\/news\/252498983\/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users\" target=\"_blank\">\"The OVHCloud fire: Assessing the after-effects on datacentre operators and cloud users\"<\/a>. <i>ComputerWeekly<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.computerweekly.com\/news\/252498983\/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users\" target=\"_blank\">the original<\/a> on 08 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210408103340\/https:\/\/www.computerweekly.com\/news\/252498983\/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210408103340\/https:\/\/www.computerweekly.com\/news\/252498983\/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+OVHCloud+fire%3A+Assessing+the+after-effects+on+datacentre+operators+and+cloud+users&rft.atitle=ComputerWeekly&rft.aulast=Donnelly%2C+C.&rft.au=Donnelly%2C+C.&rft.date=8+April+2021&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210408103340%2Fhttps%3A%2F%2Fwww.computerweekly.com%2Fnews%2F252498983%2FOVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205958\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.357 seconds\nReal time usage: 0.828 seconds\nPreprocessor visited node count: 4346\/1000000\nPost\u2010expand include size: 39474\/2097152 bytes\nTemplate argument size: 16646\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 11145\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 68.174 1 -total\n 87.69% 59.780 1 Template:Reflist\n 72.12% 49.169 6 Template:Cite_web\n 64.70% 44.111 6 Template:Citation\/core\n 15.40% 10.501 6 Template:Date\n 12.18% 8.304 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself?\n 5.80% 3.957 11 Template:Citation\/make_link\n 3.13% 2.136 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13053-0!canonical and timestamp 20230816205957 and revision id 46403. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","2596b5f01edfd87717eacea81b2b20db_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/5\/58\/Cloud_Computing_%286648686983%29.jpg"],"2596b5f01edfd87717eacea81b2b20db_timestamp":1692220360,"5d4f0fe2817a20a0501ab40aa7e367f0_type":"article","5d4f0fe2817a20a0501ab40aa7e367f0_title":"6.2 What should your lab look for in a cloud provider?","5d4f0fe2817a20a0501ab40aa7e367f0_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F","5d4f0fe2817a20a0501ab40aa7e367f0_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Considerations when choosing and implementing a cloud solution\/What should your lab look for in a cloud provider?From LIMSWikiJump to navigationJump to search 6.2 What should your lab look for in a cloud provider? \nAdmittedly, it may appear that the previous section sets a relatively high bar for providers of cloud services. The reality of some cloud providers may be less than that ideal, however. For example, customer service may be lacking in some companies, or the agent assigned to work with you is having a rough patch and isn't addressing your lab's needs that well. The CSP's contract language may not be clear, the warranty less than ideal, or the security lacking for your lab's needs. It's even possible that the CSP doesn't have much experience working with laboratories to begin with. This requires strong initial reconnaissance (i.e., due diligence) on the part of your laboratory and its cloud project stakeholders, finding available options and running them through iterative filters to better vet those CSPs who are most likely to meet the lab's needs. And even then, after that internal due diligence\u2014which may include a request for information (RFI)\u2014it's possible that what those CSPs are offering doesn't completely agree with your lab's stated requirements, requiring careful evaluation of the differences in order to understand the potential effects and internal changes to organizational goals and service expectations.[1]\nWhat should these initial filters look like? Aspects of the answer have been touched upon already in prior chapters, and some haven't. Let's break it down.\nService and deployment models offered: We've already talked at length about the various service and deployment models, their benefits and risks, and what they bring to the table for laboratories. In the end, the specifics of this important filter will be decided by the goals and requirements decided upon in your laboratory's cloud project planning.\nTechnologies used: Though cloud providers largely have relatively agnostic open-source architecture components, each may have a few nuances that would affect your deployment onto their service. Your laboratory's cloud project planning will have ideally identified any technology-specific nuances to your applications and data, which will further guide your filters. If other Google applications play a significant role in your organization's operations, Google Cloud may have a slight edge as far as integrations go.\nCompliance offerings and security: Most labs work in some sort of regulatory environment. Those regulations may vary slightly from industry to industry (e.g., the regulatory demands for the cannabis testing lab will differ from those of the clinical testing lab), and how each cloud provider addresses them will differ, sometimes significantly. One would assume that, for example, a SaaS vendor offering a cloud-based laboratory information management system (LIMS) has baked in all the necessary regulatory considerations into their offering and underlying infrastructure, but this can't necessarily be taken for granted. This is where you ask the public cloud provider for their documented compliance certifications, attestations, alignments, and frameworks relevant to your lab that qualify their infrastructure, or ask the SaaS vendor to provide their own documentation on how their software\u2014and, if applicable, any third-party infrastructure as a service (IaaS)\u2014remains compliant or betters lab compliance in the cloud. Additionally, how the SaaS software vendor handles validation may be an important filter to consider.[2]\nShared responsibility: Whether through an outright model or by explaining in contract language, a CSP should be able to make clear the differences in responsibility for the security of a cloud service offering. It's always a plus when the CSP provides this information on their website, but you may have to ask a representative to explain the CSP's approach. Those who can't, or those whose responsibility burden isn't compatible with your laboratory's needs may get stuck in the filter.\nRisk management and insurance: While your laboratory will most certainly need to address its own risk management practices, as well as whether or not cybersecurity insurance makes sense, don't forget to investigate these matters with any potential CSP. Are they willing to discuss their risk management strategies as applied to their software and infrastructure? Do they have cyber insurance, and if so, what are the details? These may not be deal-breakers, per se, but if you're splitting hairs between two providers, one with a solid cyber insurance policy and one not so much, it may be a determining factor.\nInteroperability and portability: The question of interoperability and portability\u2014the vendor lock-in question\u2014may or may not be considered a major risk factor for your laboratory. But if ensuring your laboratory can pick up its data and applications and move them relatively painlessly to another CSP is a concern, you'll investigate these matters before deciding on your CSP. This may be particularly tricky with a SaaS provider; you may be able to extract your data from their application if they go bankrupt or you decide to move to a new application, but how portable will it be for the next migration?\nPricing, warranty, and support: Transparency at every pricing step is important for any laboratory trying to determine what the current and future budget for cloud services will be. It's especially imperative for laboratories funded in part by grants. As Navale and Bourne note in their discussion on cloud computing for biomedical science, \"[c]loud vendors are seeking an all-in model. Once you commit to using their services, you continue to do so or pay a significant penalty. This, combined with being a pay-as-you-go model, has implications when mapped to the up-front funding models of typical grants.\"[3] As such, your lab will not only look for clear pricing but will also ask about any unanticipated \"gotcha\" fees and penalties that may apply to your use of the service. Investigating CSPs for their approaches to warrantying their services and products, and supporting them when things go wrong, should also not be overlooked.\nSoftware development practices: Writing for CSols, a laboratory informatics consultancy, consultant Bob McDowall emphasizes several areas of a developer's software development practices that laboratories seeking a SaaS solution should consider. Can the SaaS vendor[4]:\n\ndescribe their software development life cycle and how it benefits your lab?\nprovide reliable support for their application?\nexplain the virtual IT infrastructure running the software?\ndescribe the GxP and other regulatory-based training staff have?\nexplain how the application is configured prior to laboratory validation?\nexplain its approach to risk management with any underlying IaaS supplier?\ndefine in a clear manner the work to be performed and how it's expressed in any agreement?\nbatch \"agile\" cloud software releases into a single annual upgrade, vs. updating every quarter, for validated environments such as pharmaceuticals?\nTrust and reputation: This may be one of the more difficult, or at least time-consuming, investigative steps when considering CSPs. Most CSPs will have a trust center or document explaining the myriad ways you, the customer, should put trust in their services (a one-to-one opinion). However, reputation is based on an aggregate of opinions from a community towards the CSP, which is, broadly speaking, based on experiences concerning the transparency, accountability, and value provided by the CSP.[5] The CSP usually supplies you with information concerning trust, but reputation is discovered not only through, e.g., case studies supplied by the CSP but also by having conversations with past and current clients of the CSP. In both cases, though a non-trivial process, your lab should take the time to pass any prospective CSPs through these filters.\nService-level agreement: A service-level agreement (SLA) defines the service expectations between the laboratory and the CSP, how meeting those expectations should be measured, and what should happen if those expectations are not met.[6] Let's talk a bit more about that in the next subsection.\n\n6.2.1 Service-level agreements \nAt various points in this guide we've talked about various contracts and agreements, but only a little bit about SLAs. Last chapter we said the SLA essentially defines all the responsibility the cloud provider holds, as well as your laboratory, for the supply and use of the CSP's services. This is the \"meat and potatoes\" of the service paperwork that will cross your eyes. The SLA, in a sense, offers a set of primary legal protections and, ideally, clearly expresses the expectations placed at the feet of both parties. With a well-crafted, signed SLA, neither party can say they were unaware of a stipulation, responsibility, or expectation. By signing the SLA, the laboratory also admits that the document is largely representative of the technological or organizational goals of the lab, and the CSP of its goals.\nSLAs will have numerous components to it addressing both the implementation and use of the service and the management aspects of the service, indicating what services are provided and excluded, the conditions of availability for the provided services, any differing service levels, each party's responsibilities, reporting processes, escalation and dispute procedures, remediation and indemnification methods, cost compromises, and contract change management.[6] It would be beyond the scope of this guide to provide broad information about all the elements of an SLA and how to approach them; entire books have been written about the subject over the years.[7][8] However, let's look at a few of those aspects, from the perspective of the laboratory examining a CSP's SLA.\nIn early 2020, laboratory informatics and scientific consultancy Astrix provided some key insights about SLAs for labs moving to the cloud. Astrix president Dale Curtis emphasized that when examining any SLA, ensure that it's largely addressing \"what\" questions rather than digging into the minutia of \"how\" questions; too much \"how\" and you start losing the other benefits inherent to the SLA.[9] Does the SLA address \"what\"[9]:\n\nthe specific parameters of the business-significant services offered to your laboratory are, and what happens when those parameters are not met?\nthe ownership rights to service data are for both parties, including discussion of the data request and return processes and their timelines, the format the data will be returned in, the retention times of your data after a CSP closure or contract termination, and the penalties for non-compliance?\nyour laboratory's rights to continue and discontinue services are \"within and outside of contract renewal timelines,\" and what the associated costs and penalties may be?\nthe standards and regulatory requirements affecting the CSP's cloud service(s) are, giving you any rights to audit the service for compliance?\nthe incident resolution process looks like, and how long it will take to complete?\nthe change management process for updates and upgrades looks like, including how it will be communicated and scheduled?\nthe CSP's disaster recovery process is and what you, the lab, should expect in case of various risks and disasters being realized?\nReferences \n\n\n\u2191 Federal Financial Institutions Examination Council (June 2004). \"Outsourcing Technology Services\" (PDF). FFIEC. Archived from the original on 01 February 2022. https:\/\/web.archive.org\/web\/20220201011601\/https:\/\/ithandbook.ffiec.gov\/media\/274841\/ffiec_itbooklet_outsourcingtechnologyservices.pdf . Retrieved 23 May 2021 .   \n \n\n\u2191 Brady, N. (6 August 2019). \"A Guide to Validated Software as a Service (SaaS)\". Compliant Cloud. Archived from the original on 07 November 2020. https:\/\/web.archive.org\/web\/20201107225517\/https:\/\/www.compliantcloud.com\/a-guide-to-validated-software-as-a-service-saas\/ . Retrieved 21 August 2021 .   \n \n\n\u2191 Navale, V.; Bourne, P.E. (2018). \"Cloud computing applications for biomedical science: A perspective\". PLoS Computational Biology 14 (6): e1006144. doi:10.1371\/journal.pcbi.1006144. PMC PMC6002019. PMID 29902176. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019 .   \n \n\n\u2191 McDowall, B. (27 August 2020). \"Clouds or Clods? Software as a Service in GxP Regulated Laboratories\". CSols Blog. CSols, Inc. https:\/\/www.csolsinc.com\/blog\/clouds-or-clods-software-as-a-service-in-gxp-regulated-laboratories\/ . Retrieved 15 August 2023 .   \n \n\n\u2191 Huang, J.; Nicol, D.M. (2013). \"Trust mechanisms for cloud computing\". Journal of Cloud Computing 2: 9. doi:10.1186\/2192-113X-2-9.   \n \n\n\u2191 6.0 6.1 Overby, S.; Greiner, L.; Paul, L.G. (5 July 2017). \"What is an SLA? Best practices for service-level agreements\". CIO. https:\/\/www.cio.com\/article\/274740\/outsourcing-sla-definitions-and-solutions.html . Retrieved 21 August 2021 .   \n \n\n\u2191 Wieder, P.; Butler, J.M.; Theilmann, W. et al., ed. (2011). Service Level Agreements for Cloud Computing. Springer. ISBN 9781461416159.   \n \n\n\u2191 Russo, M.A. (2018). The Cloud Service Level Agreement: A Supplement for NIST 800-171 Implementation. Syber Risk. ISBN 9781983156533.   \n \n\n\u2191 9.0 9.1 Curtis Jr., D. (24 January 2020). \"Considerations for Cloud Hosting Your Laboratory Informatics Systems\". Astrix, Inc. https:\/\/astrixinc.com\/considerations-for-cloud-hosting-your-laboratory-informatics-systems\/ . Retrieved 21 August 2021 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:43.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 230 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","5d4f0fe2817a20a0501ab40aa7e367f0_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Considerations_when_choosing_and_implementing_a_cloud_solution_What_should_your_lab_look_for_in_a_cloud_provider rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Considerations_when_choosing_and_implementing_a_cloud_solution_What_should_your_lab_look_for_in_a_cloud_provider skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Considerations when choosing and implementing a cloud solution\/What should your lab look for in a cloud provider?<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><h3><span id=\"rdp-ebb-6.2_What_should_your_lab_look_for_in_a_cloud_provider?\"><\/span><span class=\"mw-headline\" id=\"6.2_What_should_your_lab_look_for_in_a_cloud_provider.3F\">6.2 What should your lab look for in a cloud provider?<\/span><\/h3>\n<p>Admittedly, it may appear that the previous section sets a relatively high bar for providers of cloud services. The reality of some cloud providers may be less than that ideal, however. For example, customer service may be lacking in some companies, or the agent assigned to work with you is having a rough patch and isn't addressing your lab's needs that well. The CSP's contract language may not be clear, the warranty less than ideal, or the security lacking for your lab's needs. It's even possible that the CSP doesn't have much experience working with laboratories to begin with. This requires strong initial reconnaissance (i.e., due diligence) on the part of your laboratory and its cloud project stakeholders, finding available options and running them through iterative filters to better vet those CSPs who are most likely to meet the lab's needs. And even then, after that internal due diligence\u2014which may include a request for information (RFI)\u2014it's possible that what those CSPs are offering doesn't completely agree with your lab's stated requirements, requiring careful evaluation of the differences in order to understand the potential effects and internal changes to organizational goals and service expectations.<sup id=\"rdp-ebb-cite_ref-FFIEC_Out04_1-0\" class=\"reference\"><a href=\"#cite_note-FFIEC_Out04-1\">[1]<\/a><\/sup>\n<\/p><p>What should these initial filters look like? Aspects of the answer have been touched upon already in prior chapters, and some haven't. Let's break it down.\n<\/p><p><b>Service and deployment models offered<\/b>: We've already talked at length about the various service and deployment models, their benefits and risks, and what they bring to the table for laboratories. In the end, the specifics of this important filter will be decided by the goals and requirements decided upon in your laboratory's cloud project planning.\n<\/p><p><b>Technologies used<\/b>: Though cloud providers largely have relatively agnostic open-source architecture components, each may have a few nuances that would affect your deployment onto their service. Your laboratory's cloud project planning will have ideally identified any technology-specific nuances to your applications and data, which will further guide your filters. If other Google applications play a significant role in your organization's operations, Google Cloud may have a slight edge as far as integrations go.\n<\/p><p><b>Compliance offerings and security<\/b>: Most labs work in some sort of regulatory environment. Those regulations may vary slightly from industry to industry (e.g., the regulatory demands for the cannabis testing lab will differ from those of the clinical testing lab), and how each cloud provider addresses them will differ, sometimes significantly. One would assume that, for example, a SaaS vendor offering a cloud-based <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory_information_management_system\" title=\"Laboratory information management system\" class=\"wiki-link\" data-key=\"8ff56a51d34c9b1806fcebdcde634d00\">laboratory information management system<\/a> (LIMS) has baked in all the necessary regulatory considerations into their offering and underlying infrastructure, but this can't necessarily be taken for granted. This is where you ask the public cloud provider for their documented compliance certifications, attestations, alignments, and frameworks relevant to your lab that qualify their infrastructure, or ask the SaaS vendor to provide their own documentation on how their software\u2014and, if applicable, any third-party <a href=\"https:\/\/www.limswiki.org\/index.php\/Infrastructure_as_a_service\" title=\"Infrastructure as a service\" class=\"wiki-link\" data-key=\"70b93c66f23363688d45f0d354e5c032\">infrastructure as a service<\/a> (IaaS)\u2014remains compliant or betters lab compliance in the cloud. Additionally, how the SaaS software vendor handles validation may be an important filter to consider.<sup id=\"rdp-ebb-cite_ref-BradyAGuide19_2-0\" class=\"reference\"><a href=\"#cite_note-BradyAGuide19-2\">[2]<\/a><\/sup>\n<\/p><p><b>Shared responsibility<\/b>: Whether through an outright model or by explaining in contract language, a CSP should be able to make clear the differences in responsibility for the security of a cloud service offering. It's always a plus when the CSP provides this information on their website, but you may have to ask a representative to explain the CSP's approach. Those who can't, or those whose responsibility burden isn't compatible with your laboratory's needs may get stuck in the filter.\n<\/p><p><b>Risk management and insurance<\/b>: While your laboratory will most certainly need to address its own risk management practices, as well as whether or not cybersecurity insurance makes sense, don't forget to investigate these matters with any potential CSP. Are they willing to discuss their risk management strategies as applied to their software and infrastructure? Do they have cyber insurance, and if so, what are the details? These may not be deal-breakers, per se, but if you're splitting hairs between two providers, one with a solid cyber insurance policy and one not so much, it may be a determining factor.\n<\/p><p><b>Interoperability and portability<\/b>: The question of interoperability and portability\u2014the vendor lock-in question\u2014may or may not be considered a major risk factor for your laboratory. But if ensuring your laboratory can pick up its data and applications and move them relatively painlessly to another CSP is a concern, you'll investigate these matters before deciding on your CSP. This may be particularly tricky with a SaaS provider; you may be able to extract your data from their application if they go bankrupt or you decide to move to a new application, but how portable will it be for the next migration?\n<\/p><p><b>Pricing, warranty, and support<\/b>: Transparency at every pricing step is important for any laboratory trying to determine what the current and future budget for cloud services will be. It's especially imperative for laboratories funded in part by grants. As Navale and Bourne note in their discussion on cloud computing for biomedical science, \"[c]loud vendors are seeking an all-in model. Once you commit to using their services, you continue to do so or pay a significant penalty. This, combined with being a pay-as-you-go model, has implications when mapped to the up-front funding models of typical grants.\"<sup id=\"rdp-ebb-cite_ref-NavaleCloud18_3-0\" class=\"reference\"><a href=\"#cite_note-NavaleCloud18-3\">[3]<\/a><\/sup> As such, your lab will not only look for clear pricing but will also ask about any unanticipated \"gotcha\" fees and penalties that may apply to your use of the service. Investigating CSPs for their approaches to warrantying their services and products, and supporting them when things go wrong, should also not be overlooked.\n<\/p><p><b>Software development practices<\/b>: Writing for CSols, a <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory_informatics\" title=\"Laboratory informatics\" class=\"wiki-link\" data-key=\"00edfa43edcde538a695f6d429280301\">laboratory informatics<\/a> consultancy, consultant Bob McDowall emphasizes several areas of a developer's software development practices that laboratories seeking a SaaS solution should consider. Can the SaaS vendor<sup id=\"rdp-ebb-cite_ref-McDowallClouds20_4-0\" class=\"reference\"><a href=\"#cite_note-McDowallClouds20-4\">[4]<\/a><\/sup>:\n<\/p>\n<ul><li>describe their software development life cycle and how it benefits your lab?<\/li>\n<li>provide reliable support for their application?<\/li>\n<li>explain the virtual IT infrastructure running the software?<\/li>\n<li>describe the GxP and other regulatory-based training staff have?<\/li>\n<li>explain how the application is configured prior to laboratory validation?<\/li>\n<li>explain its approach to risk management with any underlying IaaS supplier?<\/li>\n<li>define in a clear manner the work to be performed and how it's expressed in any agreement?<\/li>\n<li>batch \"agile\" cloud software releases into a single annual upgrade, vs. updating every quarter, for validated environments such as pharmaceuticals?<\/li><\/ul>\n<p><b>Trust and reputation<\/b>: This may be one of the more difficult, or at least time-consuming, investigative steps when considering CSPs. Most CSPs will have a trust center or document explaining the myriad ways you, the customer, should put trust in their services (a one-to-one opinion). However, reputation is based on an aggregate of opinions from a community towards the CSP, which is, broadly speaking, based on experiences concerning the transparency, accountability, and value provided by the CSP.<sup id=\"rdp-ebb-cite_ref-HuangTrust13_5-0\" class=\"reference\"><a href=\"#cite_note-HuangTrust13-5\">[5]<\/a><\/sup> The CSP usually supplies you with information concerning trust, but reputation is discovered not only through, e.g., case studies supplied by the CSP but also by having conversations with past and current clients of the CSP. In both cases, though a non-trivial process, your lab should take the time to pass any prospective CSPs through these filters.\n<\/p><p><b>Service-level agreement<\/b>: A service-level agreement (SLA) defines the service expectations between the laboratory and the CSP, how meeting those expectations should be measured, and what should happen if those expectations are not met.<sup id=\"rdp-ebb-cite_ref-OverbyWhatIs17_6-0\" class=\"reference\"><a href=\"#cite_note-OverbyWhatIs17-6\">[6]<\/a><\/sup> Let's talk a bit more about that in the next subsection.\n<\/p>\n<h4><span class=\"mw-headline\" id=\"6.2.1_Service-level_agreements\">6.2.1 Service-level agreements<\/span><\/h4>\n<p>At various points in this guide we've talked about various contracts and agreements, but only a little bit about SLAs. Last chapter we said the SLA essentially defines all the responsibility the cloud provider holds, as well as your laboratory, for the supply and use of the CSP's services. This is the \"meat and potatoes\" of the service paperwork that will cross your eyes. The SLA, in a sense, offers a set of primary legal protections and, ideally, clearly expresses the expectations placed at the feet of both parties. With a well-crafted, signed SLA, neither party can say they were unaware of a stipulation, responsibility, or expectation. By signing the SLA, the laboratory also admits that the document is largely representative of the technological or organizational goals of the lab, and the CSP of its goals.\n<\/p><p>SLAs will have numerous components to it addressing both the implementation and use of the service and the management aspects of the service, indicating what services are provided and excluded, the conditions of availability for the provided services, any differing service levels, each party's responsibilities, reporting processes, escalation and dispute procedures, remediation and indemnification methods, cost compromises, and contract change management.<sup id=\"rdp-ebb-cite_ref-OverbyWhatIs17_6-1\" class=\"reference\"><a href=\"#cite_note-OverbyWhatIs17-6\">[6]<\/a><\/sup> It would be beyond the scope of this guide to provide broad information about all the elements of an SLA and how to approach them; entire books have been written about the subject over the years.<sup id=\"rdp-ebb-cite_ref-WiederService11_7-0\" class=\"reference\"><a href=\"#cite_note-WiederService11-7\">[7]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-RussoTheCloud18_8-0\" class=\"reference\"><a href=\"#cite_note-RussoTheCloud18-8\">[8]<\/a><\/sup> However, let's look at a few of those aspects, from the perspective of the laboratory examining a CSP's SLA.\n<\/p><p>In early 2020, laboratory informatics and scientific consultancy Astrix provided some key insights about SLAs for labs moving to the cloud. Astrix president Dale Curtis emphasized that when examining any SLA, ensure that it's largely addressing \"what\" questions rather than digging into the minutia of \"how\" questions; too much \"how\" and you start losing the other benefits inherent to the SLA.<sup id=\"rdp-ebb-cite_ref-CurtisConsid20_9-0\" class=\"reference\"><a href=\"#cite_note-CurtisConsid20-9\">[9]<\/a><\/sup> Does the SLA address \"what\"<sup id=\"rdp-ebb-cite_ref-CurtisConsid20_9-1\" class=\"reference\"><a href=\"#cite_note-CurtisConsid20-9\">[9]<\/a><\/sup>:\n<\/p>\n<ul><li>the specific parameters of the business-significant services offered to your laboratory are, and what happens when those parameters are not met?<\/li>\n<li>the ownership rights to service data are for both parties, including discussion of the data request and return processes and their timelines, the format the data will be returned in, the retention times of your data after a CSP closure or contract termination, and the penalties for non-compliance?<\/li>\n<li>your laboratory's rights to continue and discontinue services are \"within and outside of contract renewal timelines,\" and what the associated costs and penalties may be?<\/li>\n<li>the standards and regulatory requirements affecting the CSP's cloud service(s) are, giving you any rights to audit the service for compliance?<\/li>\n<li>the incident resolution process looks like, and how long it will take to complete?<\/li>\n<li>the change management process for updates and upgrades looks like, including how it will be communicated and scheduled?<\/li>\n<li>the CSP's disaster recovery process is and what you, the lab, should expect in case of various risks and disasters being realized?<\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-FFIEC_Out04-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FFIEC_Out04_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Federal Financial Institutions Examination Council (June 2004). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20220201011601\/https:\/\/ithandbook.ffiec.gov\/media\/274841\/ffiec_itbooklet_outsourcingtechnologyservices.pdf\" target=\"_blank\">\"Outsourcing Technology Services\"<\/a> (PDF). FFIEC. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/ithandbook.ffiec.gov\/media\/274841\/ffiec_itbooklet_outsourcingtechnologyservices.pdf\" target=\"_blank\">the original<\/a> on 01 February 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20220201011601\/https:\/\/ithandbook.ffiec.gov\/media\/274841\/ffiec_itbooklet_outsourcingtechnologyservices.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20220201011601\/https:\/\/ithandbook.ffiec.gov\/media\/274841\/ffiec_itbooklet_outsourcingtechnologyservices.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 23 May 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Outsourcing+Technology+Services&rft.atitle=&rft.aulast=Federal+Financial+Institutions+Examination+Council&rft.au=Federal+Financial+Institutions+Examination+Council&rft.date=June+2004&rft.pub=FFIEC&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20220201011601%2Fhttps%3A%2F%2Fithandbook.ffiec.gov%2Fmedia%2F274841%2Fffiec_itbooklet_outsourcingtechnologyservices.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BradyAGuide19-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BradyAGuide19_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Brady, N. (6 August 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201107225517\/https:\/\/www.compliantcloud.com\/a-guide-to-validated-software-as-a-service-saas\/\" target=\"_blank\">\"A Guide to Validated Software as a Service (SaaS)\"<\/a>. <i>Compliant Cloud<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.compliantcloud.com\/a-guide-to-validated-software-as-a-service-saas\/\" target=\"_blank\">the original<\/a> on 07 November 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20201107225517\/https:\/\/www.compliantcloud.com\/a-guide-to-validated-software-as-a-service-saas\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20201107225517\/https:\/\/www.compliantcloud.com\/a-guide-to-validated-software-as-a-service-saas\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 21 August 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=A+Guide+to+Validated+Software+as+a+Service+%28SaaS%29&rft.atitle=Compliant+Cloud&rft.aulast=Brady%2C+N.&rft.au=Brady%2C+N.&rft.date=6+August+2019&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20201107225517%2Fhttps%3A%2F%2Fwww.compliantcloud.com%2Fa-guide-to-validated-software-as-a-service-saas%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NavaleCloud18-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NavaleCloud18_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Navale, V.; Bourne, P.E. (2018). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019\" target=\"_blank\">\"Cloud computing applications for biomedical science: A perspective\"<\/a>. <i>PLoS Computational Biology<\/i> <b>14<\/b> (6): e1006144. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1371%2Fjournal.pcbi.1006144\" target=\"_blank\">10.1371\/journal.pcbi.1006144<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC6002019\/\" target=\"_blank\">PMC6002019<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/29902176\" target=\"_blank\">29902176<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Cloud+computing+applications+for+biomedical+science%3A+A+perspective&rft.jtitle=PLoS+Computational+Biology&rft.aulast=Navale%2C+V.%3B+Bourne%2C+P.E.&rft.au=Navale%2C+V.%3B+Bourne%2C+P.E.&rft.date=2018&rft.volume=14&rft.issue=6&rft.pages=e1006144&rft_id=info:doi\/10.1371%2Fjournal.pcbi.1006144&rft_id=info:pmc\/PMC6002019&rft_id=info:pmid\/29902176&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC6002019&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-McDowallClouds20-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-McDowallClouds20_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">McDowall, B. (27 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.csolsinc.com\/blog\/clouds-or-clods-software-as-a-service-in-gxp-regulated-laboratories\/\" target=\"_blank\">\"Clouds or Clods? Software as a Service in GxP Regulated Laboratories\"<\/a>. <i>CSols Blog<\/i>. CSols, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.csolsinc.com\/blog\/clouds-or-clods-software-as-a-service-in-gxp-regulated-laboratories\/\" target=\"_blank\">https:\/\/www.csolsinc.com\/blog\/clouds-or-clods-software-as-a-service-in-gxp-regulated-laboratories\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Clouds+or+Clods%3F+Software+as+a+Service+in+GxP+Regulated+Laboratories&rft.atitle=CSols+Blog&rft.aulast=McDowall%2C+B.&rft.au=McDowall%2C+B.&rft.date=27+August+2020&rft.pub=CSols%2C+Inc&rft_id=https%3A%2F%2Fwww.csolsinc.com%2Fblog%2Fclouds-or-clods-software-as-a-service-in-gxp-regulated-laboratories%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HuangTrust13-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HuangTrust13_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Huang, J.; Nicol, D.M. (2013). \"Trust mechanisms for cloud computing\". <i>Journal of Cloud Computing<\/i> <b>2<\/b>: 9. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1186%2F2192-113X-2-9\" target=\"_blank\">10.1186\/2192-113X-2-9<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Trust+mechanisms+for+cloud+computing&rft.jtitle=Journal+of+Cloud+Computing&rft.aulast=Huang%2C+J.%3B+Nicol%2C+D.M.&rft.au=Huang%2C+J.%3B+Nicol%2C+D.M.&rft.date=2013&rft.volume=2&rft.pages=9&rft_id=info:doi\/10.1186%2F2192-113X-2-9&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OverbyWhatIs17-6\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OverbyWhatIs17_6-0\">6.0<\/a><\/sup> <sup><a href=\"#cite_ref-OverbyWhatIs17_6-1\">6.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Overby, S.; Greiner, L.; Paul, L.G. (5 July 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cio.com\/article\/274740\/outsourcing-sla-definitions-and-solutions.html\" target=\"_blank\">\"What is an SLA? Best practices for service-level agreements\"<\/a>. <i>CIO<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cio.com\/article\/274740\/outsourcing-sla-definitions-and-solutions.html\" target=\"_blank\">https:\/\/www.cio.com\/article\/274740\/outsourcing-sla-definitions-and-solutions.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 21 August 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+an+SLA%3F+Best+practices+for+service-level+agreements&rft.atitle=CIO&rft.aulast=Overby%2C+S.%3B+Greiner%2C+L.%3B+Paul%2C+L.G.&rft.au=Overby%2C+S.%3B+Greiner%2C+L.%3B+Paul%2C+L.G.&rft.date=5+July+2017&rft_id=https%3A%2F%2Fwww.cio.com%2Farticle%2F274740%2Foutsourcing-sla-definitions-and-solutions.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WiederService11-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WiederService11_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation book\">Wieder, P.; Butler, J.M.; Theilmann, W. et al., ed. (2011). <i>Service Level Agreements for Cloud Computing<\/i>. Springer. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/International_Standard_Book_Number\" data-key=\"f64947ba21e884434bd70e8d9e60bae6\">ISBN<\/a> 9781461416159.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Service+Level+Agreements+for+Cloud+Computing&rft.date=2011&rft.pub=Springer&rft.isbn=9781461416159&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-RussoTheCloud18-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-RussoTheCloud18_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation book\">Russo, M.A. (2018). <i>The Cloud Service Level Agreement: A Supplement for NIST 800-171 Implementation<\/i>. Syber Risk. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/International_Standard_Book_Number\" data-key=\"f64947ba21e884434bd70e8d9e60bae6\">ISBN<\/a> 9781983156533.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=The+Cloud+Service+Level+Agreement%3A+A+Supplement+for+NIST+800-171+Implementation&rft.aulast=Russo%2C+M.A.&rft.au=Russo%2C+M.A.&rft.date=2018&rft.pub=Syber+Risk&rft.isbn=9781983156533&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CurtisConsid20-9\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CurtisConsid20_9-0\">9.0<\/a><\/sup> <sup><a href=\"#cite_ref-CurtisConsid20_9-1\">9.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Curtis Jr., D. (24 January 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/astrixinc.com\/considerations-for-cloud-hosting-your-laboratory-informatics-systems\/\" target=\"_blank\">\"Considerations for Cloud Hosting Your Laboratory Informatics Systems\"<\/a>. Astrix, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/astrixinc.com\/considerations-for-cloud-hosting-your-laboratory-informatics-systems\/\" target=\"_blank\">https:\/\/astrixinc.com\/considerations-for-cloud-hosting-your-laboratory-informatics-systems\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 21 August 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Considerations+for+Cloud+Hosting+Your+Laboratory+Informatics+Systems&rft.atitle=&rft.aulast=Curtis+Jr.%2C+D.&rft.au=Curtis+Jr.%2C+D.&rft.date=24+January+2020&rft.pub=Astrix%2C+Inc&rft_id=https%3A%2F%2Fastrixinc.com%2Fconsiderations-for-cloud-hosting-your-laboratory-informatics-systems%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205957\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.109 seconds\nReal time usage: 0.124 seconds\nPreprocessor visited node count: 6563\/1000000\nPost\u2010expand include size: 62806\/2097152 bytes\nTemplate argument size: 19419\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 16621\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 114.711 1 -total\n 90.70% 104.043 1 Template:Reflist\n 64.33% 73.797 9 Template:Citation\/core\n 42.46% 48.711 5 Template:Cite_web\n 22.88% 26.248 2 Template:Cite_journal\n 13.21% 15.156 2 Template:Cite_book\n 10.69% 12.267 5 Template:Date\n 9.19% 10.545 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider?\n 7.64% 8.768 14 Template:Citation\/make_link\n 7.15% 8.203 6 Template:Citation\/identifier\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13052-0!canonical and timestamp 20230816205957 and revision id 46402. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","5d4f0fe2817a20a0501ab40aa7e367f0_images":[],"5d4f0fe2817a20a0501ab40aa7e367f0_timestamp":1692220360,"f5afb6897c6e2d7da619535848a35dc1_type":"article","f5afb6897c6e2d7da619535848a35dc1_title":"6.1 What are the various characteristics of an average cloud provider?","f5afb6897c6e2d7da619535848a35dc1_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F","f5afb6897c6e2d7da619535848a35dc1_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Considerations when choosing and implementing a cloud solution\/What are the various characteristics of an average cloud provider?From LIMSWikiJump to navigationJump to search-----Return to the beginning of this guide-----\n6. Considerations when choosing and implementing a cloud solution \nMuch has been said to this point about cloud computing, the importance of security to the technology, the risks inherent to it, and how to manage those risks. We've also looked at cloud computing within the realm of the laboratory and how security, risk, and risk management fit into the laboratory's concerns. Now it's time to take that knowledge and those concerns directly to the task of choosing one or more cloud services to implement in your lab. (Appendix 1 of this guide provides a list of profiles for top public, hybrid, and multicloud providers to consider.)\nPrior chapters have highlighted the fact that choosing to move towards a cloud-based approach in your organization is a process in itself, a process deserving of a plan. Just as risk management is part of an overall cybersecurity plan, choosing and implementing a cloud project is part of an overall cloud migration plan.[1] By this point, you've hopefully already:\n\nstated the goals of the cloud project and received management buy-in;\nidentified the project stakeholders;\ndeveloped scope and responsibility documentation;\nexamined and classified your existing\u2014and future\u2014data for criticality, sensitivity, cleanliness, suitability, etc.;\nidentified relevant risks associated with the five risk categories as part of an overall\/enterprise risk management assessment; and\nidentified computing requirements and objectives, including the need for any data cleansing and migration tools.\nOf course, there's more to the cloud migration plan, including documenting and training on processes and procedures, monitoring performance and security controls, and employing corrective action, but those come after you've chosen and implemented your cloud solution(s). The following sections examine what aspects to consider as part of that process, including what an average cloud service provider (CSP) should look like, what to look for in a CSP (including their service agreements), what your organization should ask of itself, and what your organization should be asking of the CSP.\n\r\n\n\n 6.1 What are the various characteristics of an average cloud provider? \nThis guide has, at least indirectly, addressed the question of what makes a cloud provider what they are. But let's collect some of those disparate thoughts spread across the prior chapters to paint a portrait of an average cloud provider. Broadly speaking, a cloud provider could be a public cloud provider such as Amazon Web Services (AWS) or Google Cloud, a hybrid cloud provider like Dell Technologies Cloud, a multicloud provider such as VMware Cloud, or any of thousands of software developers offering a software as a service (SaaS) option. These providers offer one or more services under various service models, using either their own cloud computing infrastructure, or\u2014as is the case with some software vendors\u2014through the use of another company's cloud computing infrastructure. But in the end, they are all offering a service. Yes, there is actually something tangible (a cloud product) associated with this service, but the actual provision, maintenance, security management, etc. of the product is part of the offered service to you, the customer.\nA cloud service being both a service and a tangible product, the average cloud provider will also intertwine their service with their product as part of their interactions with your lab. When engaging with your lab, they will ideally[2]:\n\nstrike up a good rapport with your organization;\nmake a genuine attempt to understand your organization's needs;\nassist you with envisioning the positive outcomes using the service;\nbe attentive to you feelings and concerns about their service;\nprovide testimonials and case studies; and\ndemonstrate how they are uniquely positioned to provide their service.\nAgain, being a service, the CSP will ideally have a knowledgeable and experienced team of individuals who understand the various aspects of providing a cloud service. It may be difficult to ascertain how knowledgeable and experienced the overall team is, but, assuming your communications become more than an initial inquiry, you may eventually reach a point where you're assigned a service agent. That person will hopefully be able to answer all your questions or be able to quickly get answers for you. Based upon the questions you ask of that agent, you should gain confidence in their knowledge about the product, as well as address how it relates to the industry your laboratory serves. If the cloud provider is providing a SaaS solution, they should be able to demonstrate the solution for you and provide additional feedback in a recorded question and answer session, all of which can be referred back to by your lab at a later date. Tangentially, the CSP and its service agent should also be able to guide you to documentation and even case studies demonstrating how they are able to help your laboratory be successful in the cloud, while also finding that success in a secure and regulated manner.\nThrough their interactions with you, the CSP should also be able to demonstrate expertise in security, compliance, and data migration. They may do this through meaningful conversation, as well as by making critical documents such as their SOC 2 audit report available to you. They will also discuss their shared responsibility model with you and what that means contractually. If certain aspects of security appear to be amiss from a proposed contract, the provider will ideally be flexible enough to attach additional clauses and assurances, where reasonable, to help alleviate your lab's security concerns. Data migration concerns should also be addressed by detailing the infrastructure behind the service you want to use and how that infrastructure may impact your lab and its data. This includes addressing the nuances of the CSP's cloud storage and archiving systems, as well as any risk management strategies that may impact your more sensitive data.\nFinally, the CSP should be upfront about support, warranty, and costs. If your laboratory is operating on a twenty-four hour basis and something goes wrong at 2:00 a.m., the CSP should be there to provide support (as long as its stipulated for the services you're contracted for) at that hour. Those cloud services will also come with appropriate warranties for performance, compliance, non-infringement, etc.[3] And the costs provided to you, as well as future price changes, should be transparently communicated to you and your lab at all steps of the professional relationship.\n\nReferences \n\n\n\u2191 \"The Ultimate Cloud Migration Project Plan for SMBs\". Buchanan Technologies. https:\/\/www.buchanan.com\/cloud-migration-project-plan\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Charles, J. (13 July 2020). \"7 Things You Need to Know About Selling Services\". Small Business Trends. https:\/\/smallbiztrends.com\/2016\/10\/selling-services.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Parks, R.S.; Voorheis, K.; Glenn, H.M. (1 May 2018). \"Key issues when contracting for cloud services\". International Law Office. Archived from the original on 28 July 2023. https:\/\/web.archive.org\/web\/20210331232429\/https:\/\/www.internationallawoffice.com\/Newsletters\/Tech-Data-Telecoms-Media\/USA\/Hunton-Williams-LLP\/Key-Issues-When-Contracting-for-Cloud-Services . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:43.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 217 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","f5afb6897c6e2d7da619535848a35dc1_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Considerations_when_choosing_and_implementing_a_cloud_solution_What_are_the_various_characteristics_of_an_average_cloud_provider rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Considerations_when_choosing_and_implementing_a_cloud_solution_What_are_the_various_characteristics_of_an_average_cloud_provider skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Considerations when choosing and implementing a cloud solution\/What are the various characteristics of an average cloud provider?<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><div align=\"center\">-----Return to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction\" class=\"wiki-link\" data-key=\"a5122d160da552b7fab8ca62d4bc6155\">the beginning<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"6._Considerations_when_choosing_and_implementing_a_cloud_solution\">6. Considerations when choosing and implementing a cloud solution<\/span><\/h2>\n<div class=\"floatright\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Quanta_Computer_cloud_computing_servers_at_COSCUP_20120819.jpg\" class=\"image wiki-link\" data-key=\"22d8e477be748c3d625d747527db7be2\"><img alt=\"Quanta Computer cloud computing servers at COSCUP 20120819.jpg\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/e\/ed\/Quanta_Computer_cloud_computing_servers_at_COSCUP_20120819.jpg\" decoding=\"async\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a><\/div><p>Much has been said to this point about <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a>, the importance of security to the technology, the risks inherent to it, and how to manage those risks. We've also looked at cloud computing within the realm of the <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratory<\/a> and how security, risk, and <a href=\"https:\/\/www.limswiki.org\/index.php\/Risk_management\" title=\"Risk management\" class=\"wiki-link\" data-key=\"ecfbfb2550c23f053bd1aa0d9ea63e4e\">risk management<\/a> fit into the laboratory's concerns. Now it's time to take that knowledge and those concerns directly to the task of choosing one or more cloud services to implement in your lab. (Appendix 1 of this guide provides a list of profiles for top public, hybrid, and multicloud providers to consider.)\n<\/p><p>Prior chapters have highlighted the fact that choosing to move towards a cloud-based approach in your organization is a process in itself, a process deserving of a plan. Just as risk management is part of an overall <a href=\"https:\/\/www.limswiki.org\/index.php\/Cybersecurity\" class=\"mw-redirect wiki-link\" title=\"Cybersecurity\" data-key=\"ba653dc2a1384e5f9f6ac9dc1a740109\">cybersecurity<\/a> plan, choosing and implementing a cloud project is part of an overall cloud migration plan.<sup id=\"rdp-ebb-cite_ref-BuchananTheUltimate_1-0\" class=\"reference\"><a href=\"#cite_note-BuchananTheUltimate-1\">[1]<\/a><\/sup> By this point, you've hopefully already:\n<\/p>\n<ul><li>stated the goals of the cloud project and received management buy-in;<\/li>\n<li>identified the project stakeholders;<\/li>\n<li>developed scope and responsibility documentation;<\/li>\n<li>examined and classified your existing\u2014and future\u2014data for criticality, sensitivity, cleanliness, suitability, etc.;<\/li>\n<li>identified relevant risks associated with the five risk categories as part of an overall\/enterprise risk management assessment; and<\/li>\n<li>identified computing requirements and objectives, including the need for any <a href=\"https:\/\/www.limswiki.org\/index.php\/Data_cleansing\" title=\"Data cleansing\" class=\"wiki-link\" data-key=\"c0cec85355e07dc9cbfe96983a4e27a2\">data cleansing<\/a> and migration tools.<\/li><\/ul>\n<p>Of course, there's more to the cloud migration plan, including documenting and training on processes and procedures, monitoring performance and security controls, and employing corrective action, but those come after you've chosen and implemented your cloud solution(s). The following sections examine what aspects to consider as part of that process, including what an average cloud service provider (CSP) should look like, what to look for in a CSP (including their service agreements), what your organization should ask of itself, and what your organization should be asking of the CSP.\n<\/p><p><br \/>\n<\/p>\n<h3><span id=\"rdp-ebb-6.1_What_are_the_various_characteristics_of_an_average_cloud_provider?\"><\/span><span class=\"mw-headline\" id=\"6.1_What_are_the_various_characteristics_of_an_average_cloud_provider.3F\">6.1 What are the various characteristics of an average cloud provider?<\/span><\/h3>\n<p>This guide has, at least indirectly, addressed the question of what makes a cloud provider what they are. But let's collect some of those disparate thoughts spread across the prior chapters to paint a portrait of an average cloud provider. Broadly speaking, a cloud provider could be a public cloud provider such as Amazon Web Services (AWS) or Google Cloud, a hybrid cloud provider like Dell Technologies Cloud, a multicloud provider such as VMware Cloud, or any of thousands of software developers offering a <a href=\"https:\/\/www.limswiki.org\/index.php\/Software_as_a_service\" title=\"Software as a service\" class=\"wiki-link\" data-key=\"ae8c8a7cd5ee1a264f4f0bbd4a4caedd\">software as a service<\/a> (SaaS) option. These providers offer one or more services under various service models, using either their own cloud computing infrastructure, or\u2014as is the case with some software vendors\u2014through the use of another company's cloud computing infrastructure. But in the end, they are all offering a service. Yes, there is actually something tangible (a cloud product) associated with this service, but the actual provision, maintenance, security management, etc. of the product is part of the offered service to you, the customer.\n<\/p><p>A cloud service being both a service and a tangible product, the average cloud provider will also intertwine their service with their product as part of their interactions with your lab. When engaging with your lab, they will ideally<sup id=\"rdp-ebb-cite_ref-Charles7Things20_2-0\" class=\"reference\"><a href=\"#cite_note-Charles7Things20-2\">[2]<\/a><\/sup>:\n<\/p>\n<ul><li>strike up a good rapport with your organization;<\/li>\n<li>make a genuine attempt to understand your organization's needs;<\/li>\n<li>assist you with envisioning the positive outcomes using the service;<\/li>\n<li>be attentive to you feelings and concerns about their service;<\/li>\n<li>provide testimonials and case studies; and<\/li>\n<li>demonstrate how they are uniquely positioned to provide their service.<\/li><\/ul>\n<p>Again, being a service, the CSP will ideally have a knowledgeable and experienced team of individuals who understand the various aspects of providing a cloud service. It may be difficult to ascertain how knowledgeable and experienced the overall team is, but, assuming your communications become more than an initial inquiry, you may eventually reach a point where you're assigned a service agent. That person will hopefully be able to answer all your questions or be able to quickly get answers for you. Based upon the questions you ask of that agent, you should gain confidence in their knowledge about the product, as well as address how it relates to the industry your laboratory serves. If the cloud provider is providing a SaaS solution, they should be able to demonstrate the solution for you and provide additional feedback in a recorded question and answer session, all of which can be referred back to by your lab at a later date. Tangentially, the CSP and its service agent should also be able to guide you to documentation and even case studies demonstrating how they are able to help your laboratory be successful in the cloud, while also finding that success in a secure and regulated manner.\n<\/p><p>Through their interactions with you, the CSP should also be able to demonstrate expertise in security, compliance, and data migration. They may do this through meaningful conversation, as well as by making critical documents such as their SOC 2 audit report available to you. They will also discuss their shared responsibility model with you and what that means contractually. If certain aspects of security appear to be amiss from a proposed contract, the provider will ideally be flexible enough to attach additional clauses and assurances, where reasonable, to help alleviate your lab's security concerns. Data migration concerns should also be addressed by detailing the infrastructure behind the service you want to use and how that infrastructure may impact your lab and its data. This includes addressing the nuances of the CSP's cloud storage and archiving systems, as well as any risk management strategies that may impact your more sensitive data.\n<\/p><p>Finally, the CSP should be upfront about support, warranty, and costs. If your laboratory is operating on a twenty-four hour basis and something goes wrong at 2:00 a.m., the CSP should be there to provide support (as long as its stipulated for the services you're contracted for) at that hour. Those cloud services will also come with appropriate warranties for performance, compliance, non-infringement, etc.<sup id=\"rdp-ebb-cite_ref-ParksKey18_3-0\" class=\"reference\"><a href=\"#cite_note-ParksKey18-3\">[3]<\/a><\/sup> And the costs provided to you, as well as future price changes, should be transparently communicated to you and your lab at all steps of the professional relationship.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-BuchananTheUltimate-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BuchananTheUltimate_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.buchanan.com\/cloud-migration-project-plan\/\" target=\"_blank\">\"The Ultimate Cloud Migration Project Plan for SMBs\"<\/a>. Buchanan Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.buchanan.com\/cloud-migration-project-plan\/\" target=\"_blank\">https:\/\/www.buchanan.com\/cloud-migration-project-plan\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+Ultimate+Cloud+Migration+Project+Plan+for+SMBs&rft.atitle=&rft.pub=Buchanan+Technologies&rft_id=https%3A%2F%2Fwww.buchanan.com%2Fcloud-migration-project-plan%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Charles7Things20-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Charles7Things20_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Charles, J. (13 July 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/smallbiztrends.com\/2016\/10\/selling-services.html\" target=\"_blank\">\"7 Things You Need to Know About Selling Services\"<\/a>. <i>Small Business Trends<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/smallbiztrends.com\/2016\/10\/selling-services.html\" target=\"_blank\">https:\/\/smallbiztrends.com\/2016\/10\/selling-services.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=7+Things+You+Need+to+Know+About+Selling+Services&rft.atitle=Small+Business+Trends&rft.aulast=Charles%2C+J.&rft.au=Charles%2C+J.&rft.date=13+July+2020&rft_id=https%3A%2F%2Fsmallbiztrends.com%2F2016%2F10%2Fselling-services.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ParksKey18-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ParksKey18_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Parks, R.S.; Voorheis, K.; Glenn, H.M. (1 May 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210331232429\/https:\/\/www.internationallawoffice.com\/Newsletters\/Tech-Data-Telecoms-Media\/USA\/Hunton-Williams-LLP\/Key-Issues-When-Contracting-for-Cloud-Services\" target=\"_blank\">\"Key issues when contracting for cloud services\"<\/a>. <i>International Law Office<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.internationallawoffice.com\/Newsletters\/Tech-Data-Telecoms-Media\/USA\/Hunton-Williams-LLP\/Key-Issues-When-Contracting-for-Cloud-Services\" target=\"_blank\">the original<\/a> on 28 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210331232429\/https:\/\/www.internationallawoffice.com\/Newsletters\/Tech-Data-Telecoms-Media\/USA\/Hunton-Williams-LLP\/Key-Issues-When-Contracting-for-Cloud-Services\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210331232429\/https:\/\/www.internationallawoffice.com\/Newsletters\/Tech-Data-Telecoms-Media\/USA\/Hunton-Williams-LLP\/Key-Issues-When-Contracting-for-Cloud-Services<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Key+issues+when+contracting+for+cloud+services&rft.atitle=International+Law+Office&rft.aulast=Parks%2C+R.S.%3B+Voorheis%2C+K.%3B+Glenn%2C+H.M.&rft.au=Parks%2C+R.S.%3B+Voorheis%2C+K.%3B+Glenn%2C+H.M.&rft.date=1+May+2018&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210331232429%2Fhttps%3A%2F%2Fwww.internationallawoffice.com%2FNewsletters%2FTech-Data-Telecoms-Media%2FUSA%2FHunton-Williams-LLP%2FKey-Issues-When-Contracting-for-Cloud-Services&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205957\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.354 seconds\nReal time usage: 0.838 seconds\nPreprocessor visited node count: 2115\/1000000\nPost\u2010expand include size: 24696\/2097152 bytes\nTemplate argument size: 8395\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 5463\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 43.750 1 -total\n 86.98% 38.052 1 Template:Reflist\n 67.32% 29.453 3 Template:Cite_web\n 58.19% 25.457 3 Template:Citation\/core\n 13.65% 5.973 2 Template:Date\n 12.84% 5.616 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider?\n 7.69% 3.362 6 Template:Citation\/make_link\n 4.62% 2.023 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13051-0!canonical and timestamp 20230816205956 and revision id 46401. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","f5afb6897c6e2d7da619535848a35dc1_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/e\/ed\/Quanta_Computer_cloud_computing_servers_at_COSCUP_20120819.jpg"],"f5afb6897c6e2d7da619535848a35dc1_timestamp":1692220360,"fdcca14cc0c87caa6d62c62a5ab55ad1_type":"article","fdcca14cc0c87caa6d62c62a5ab55ad1_title":"5.3 Choosing a provider for managed security services","fdcca14cc0c87caa6d62c62a5ab55ad1_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services","fdcca14cc0c87caa6d62c62a5ab55ad1_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Managed security services and quality assurance\/Choosing a provider for managed security servicesFrom LIMSWikiJump to navigationJump to searchContents \n\n1 5.3 Choosing a provider for managed security services \n\n1.1 5.3.1 Using a request for information (RFI) process \n\n\n2 References \n3 Citation information for this chapter \n\n\n\n5.3 Choosing a provider for managed security services \nMany MSSP options exist for labs seeking MSS. (Appendix 2 of this guide provides a list of profiles for top MSSPs to consider.) In some cases, if the lab is already using a public or hybrid cloud provider, that provider may already offer MSS to its customers, providing a certain level of convenience and familiarity to the lab. (For example, both IBM and Cisco, which offer public and hybrid cloud services, are ranked among the top 70 MSSPs in several publications.[1][2][3]) However, in some cases it may make sense for the lab to look beyond their cloud provider, particularly if their cloud provider doesn't supply MSS to its clients.\nAs discussed prior, a knowledgeable and well-run MSSP can provide many benefits to the cloud-based lab, but what should stand out about the MSSP you select? When choosing a provider of comprehensive cloud-based MSS, you'll be looking for not only years of experience managing cloud installations, but also that the provider is able to[4][5][6][7]:\n\ndemonstrate deep knowledge of cloud-agnostic, industry-relevant best practices and approaches to security frameworks and their implementation;\ndemonstrate deep knowledge of regulatory mechanisms affecting your data and how to approach cloud security based upon those regulatory requirements;\ndescribe what certifications, training, and continuing education requirements are met by staff;\nleverage existing and emerging cloud security tools (e.g., security information and event management [SIEM] software) for automating security processes in a scalable future-proof fashion;\nvalidate how their cloud security tools accomplish what they're intended to do, as well as how gathered information is analyzed both automatically and by the provider's analysts;\ndemonstrate how their approaches to security management can fit into or further mold your current IT and risk management strategies;\nprovide transparent pricing (e.g., is it tiered or bundled, based on number of users, something else) and make clear what the service covers;\nprovide examples of existing and past customers willing to give feedback about their experience with the provider;\nprovide a single point of contact to act as a security advocate to you during the entirety of your contract; and\nsupport not only open-source security management tools, but also be flexible enough to integrate your own proprietary solutions and their associated licenses into the managed service.\nOf course, cost will also be of concern. However, a blanket \"how much does it cost\" question isn't going to produce a simple answer; there will be many variables (e.g., business needs, current solutions, current IT staffing, regulatory requirements, etc.) within your organization that make it difficult for an MSSP to provide a canned response. They will need to respond to your lab\u2019s needs, which may be different from another lab's.[8] Additionally, costs associated with MSS can vary, not only from provider to provider but also based upon each provider's pricing model. Will they charge your lab based upon number of users, number of devices, or some other mechanism? Does the MSSP provide a flat rate for protecting your cloud resources, or do they offer different tiers or bundles of services? And will the MSSP providing cloud-based MMS also manage your non-cloud resources? A \"per user\" or \"per device\" approach to pricing may make sense for small labs, but larger organizations may balk at such inflated costs, preferring a flat rate or tiered package of services. Those tiered services may be based on either a user number range or based on a set of offered services.[5]\nUltimately, before approaching an MSSP, your lab will have needed to go through multiple steps internally, stating IT goals, identifying technology and education gaps, and determining a budget to support those goals and gaps. If your lab doesn't have a clear picture of what it has, where it wants to be, and what it will need to get there, it will make selection process even more difficult. As such, your lab may want to consider the request for information (RFI) process as part of your selection process.\n\n 5.3.1 Using a request for information (RFI) process \nIn some cases\u2014particularly if your organization is of significant size\u2014it may make sense to issue a formal RFI or request for proposal (RFP) and have major cloud MSSPs approach your lab with how they can meet its needs. The RFI and RFP are traditional means towards soliciting bidding interest in an organization's project, typically containing the organization's specific requirements and vital questions that the bidder should be able to effectively answer. However, even if your organization chooses to do most of the investigative work of researching and approaching cloud MSSPs, turning to a key set of questions typically found in an RFI is extremely valuable for \"fact finding.\" \nAn RFI is an ideal means for learning more about a potential solution and how it can solve your problems, or for when you're not even sure how to solve your problem yet. However, the RFI should not be unduly long and tedious to complete for prospective vendors; it should be concise, direct, and honest. This means not only presenting a clear and humble vision of your own organization and its goals, but also asking just the right amount of questions to allow potential vendors to demonstrate their expertise and provide a clearer picture of who they are. Some take a technical approach to an RFI, using dense language and complicated spreadsheets for fact finding. However, vendors appreciate a slightly more inviting approach, with practical questions or requests that are carefully chosen because they matter to you.[9] Remember, however, that an RFI is not meant to answer all of your questions. The RFI is meant as a means to help narrow down your search to a few quality candidates while learning more about each other.[9] Once the pool of potential MSSPs is narrowed down, more pointed questions can be asked to ensure those providers meet your needs. \nBe cognizant, however, that just like CSPs, there may be no MSSP that can meet each and every need of your lab. Your lab will have to make important decisions about which requirements are non-negotiable and which are more flexible. The MSSPs you engage with may be able to provide realistic advice in this regard, based upon your lab's requirements and their past experience with labs. As such, those MSSPs with real-world experience protecting the information systems of laboratories may have a strong leg up on other MSSPs, as they can make informed comments about your lab\u2019s requirements based on their past experiences.\nFor your convenience, Appendix 3 of this guide includes a comprehensive list of RFI questions to ask of MSSPs, as well as cloud providers. If you have zero experience developing an RFI, you may want to first seek out various example RFIs on the internet, as well as some basic advice articles on the topic. Some websites may provide templates to examine for further details. However, the templates in Appendix 3 attempt to provide basic background about the RFI process as well. This includes addressing important questions related to your business so providers responding to your RFI better understand your lab's goals and requirements.\nNow that we've addressed MSSPs, it's time to move on and take a look at the considerations required when choosing and implementing a cloud solution. The next chapter will look at the various characteristics of an average cloud provider, what you should look for in a cloud provider, the questions your organization should ask of itself, and the questions your organization should be asking cloud providers.\n\nReferences \n\n\n\u2191 \"Top 250 MSSPs for 2022: Companies 70 to 61\". Top 250 MSSPs: Cybersecurity Company List and Research for 2020. MSSP Alert. September 2022. https:\/\/www.msspalert.com\/top250\/list-2022\/19\/ . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Top 100 Managed Security Service Providers (MSSPs)\". Cyber Defense Magazine. Cyber Defense Media Group. 18 February 2021. https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/ . Retrieved 01 August 2023 .   \n \n\n\u2191 \"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\". Software Testing Help. 14 July 2023. https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"How Managed Cloud Security Works, and Why You Might Want It\". Trianz. 29 March 2021. https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works . Retrieved 28 July 2023 .   \n \n\n\u2191 5.0 5.1 \"How Much Does Managed Security Services Cost?\". RSI Security. 20 August 2020. https:\/\/blog.rsisecurity.com\/how-much-does-managed-security-services-cost\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Russell, J. (10 January 2022). \"10 Tips for selecting a Managed Security Services Provider (MSSP)\". HarmonyTech Blog. https:\/\/www.harmony-tech.com\/10-tips-for-selecting-a-managed-security-services-provider-mssp\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"How to Choose an MSSP\" (PDF). NTT Security. November 2016. Archived from the original on 08 May 2021. https:\/\/web.archive.org\/web\/20210508224537\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_data_sheet_how_to_choose_an_mssp_uea_v1 . Retrieved 28 July 2023 .   \n \n\n\u2191 Dosal, E. (2 May 2019). \"Is Managed Security Worth the Cost?\". Compuquip Blog. https:\/\/www.compuquip.com\/blog\/is-managed-security-worth-the-cost . Retrieved 28 July 2023 .   \n \n\n\u2191 9.0 9.1 Holmes, T.. \"It's a Match: How to Run a Good RFI, RFP, or RFQ and Find the Right Partner\". AllCloud Blog. https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/ . Retrieved 28 July 2023 .   \n \n\n\n\r\n\n\n-----Go to the next chapter of this guide-----\nCitation information for this chapter \nChapter: 5. Managed security services and quality assurance\nTitle: Choosing and Implementing a Cloud-based Service for Your Laboratory\nEdition: Second edition\nAuthor for citation: Shawn E. Douglas\nLicense for content: Creative Commons Attribution-ShareAlike 4.0 International\nPublication date: August 2023\n\r\n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 16 August 2023, at 21:08.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 282 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","fdcca14cc0c87caa6d62c62a5ab55ad1_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Managed_security_services_and_quality_assurance_Choosing_a_provider_for_managed_security_services rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Managed_security_services_and_quality_assurance_Choosing_a_provider_for_managed_security_services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Managed security services and quality assurance\/Choosing a provider for managed security services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n\n<h3><span class=\"mw-headline\" id=\"5.3_Choosing_a_provider_for_managed_security_services\">5.3 Choosing a provider for managed security services<\/span><\/h3>\n<div class=\"floatright\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:NSOC-2012.jpg\" class=\"image wiki-link\" data-key=\"72cc8b0a8e10442806f051cf8c73e2a5\"><img alt=\"NSOC-2012.jpg\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/5\/5a\/NSOC-2012.jpg\" decoding=\"async\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a><\/div><p>Many MSSP options exist for labs seeking MSS. (Appendix 2 of this guide provides a list of profiles for top MSSPs to consider.) In some cases, if the lab is already using a public or hybrid cloud provider, that provider may already offer MSS to its customers, providing a certain level of convenience and familiarity to the lab. (For example, both IBM and Cisco, which offer public and hybrid cloud services, are ranked among the top 70 MSSPs in several publications.<sup id=\"rdp-ebb-cite_ref-MSSPCyber20_1-0\" class=\"reference\"><a href=\"#cite_note-MSSPCyber20-1\">[1]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CDMMSSPs21_2-0\" class=\"reference\"><a href=\"#cite_note-CDMMSSPs21-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-STHTop15_21_3-0\" class=\"reference\"><a href=\"#cite_note-STHTop15_21-3\">[3]<\/a><\/sup>) However, in some cases it may make sense for the lab to look beyond their cloud provider, particularly if their cloud provider doesn't supply MSS to its clients.\n<\/p><p>As discussed prior, a knowledgeable and well-run MSSP can provide many benefits to the cloud-based lab, but what should stand out about the MSSP you select? When choosing a provider of comprehensive cloud-based MSS, you'll be looking for not only years of experience managing cloud installations, but also that the provider is able to<sup id=\"rdp-ebb-cite_ref-TrianzHowMana21_4-0\" class=\"reference\"><a href=\"#cite_note-TrianzHowMana21-4\">[4]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-RSIHowMuch20_5-0\" class=\"reference\"><a href=\"#cite_note-RSIHowMuch20-5\">[5]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-Russell10Tips21_6-0\" class=\"reference\"><a href=\"#cite_note-Russell10Tips21-6\">[6]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-NTTHowToChoose16_7-0\" class=\"reference\"><a href=\"#cite_note-NTTHowToChoose16-7\">[7]<\/a><\/sup>:\n<\/p>\n<ul><li>demonstrate deep knowledge of cloud-agnostic, industry-relevant best practices and approaches to security frameworks and their implementation;<\/li>\n<li>demonstrate deep knowledge of regulatory mechanisms affecting your data and how to approach cloud security based upon those regulatory requirements;<\/li>\n<li>describe what certifications, training, and continuing education requirements are met by staff;<\/li>\n<li>leverage existing and emerging cloud security tools (e.g., security information and event management [SIEM] software) for automating security processes in a scalable future-proof fashion;<\/li>\n<li>validate how their cloud security tools accomplish what they're intended to do, as well as how gathered information is analyzed both automatically and by the provider's analysts;<\/li>\n<li>demonstrate how their approaches to security management can fit into or further mold your current IT and risk management strategies;<\/li>\n<li>provide transparent pricing (e.g., is it tiered or bundled, based on number of users, something else) and make clear what the service covers;<\/li>\n<li>provide examples of existing and past customers willing to give feedback about their experience with the provider;<\/li>\n<li>provide a single point of contact to act as a security advocate to you during the entirety of your contract; and<\/li>\n<li>support not only open-source security management tools, but also be flexible enough to integrate your own proprietary solutions and their associated licenses into the managed service.<\/li><\/ul>\n<p>Of course, cost will also be of concern. However, a blanket \"how much does it cost\" question isn't going to produce a simple answer; there will be many variables (e.g., business needs, current solutions, current IT staffing, regulatory requirements, etc.) within your organization that make it difficult for an MSSP to provide a canned response. They will need to respond to your lab\u2019s needs, which may be different from another lab's.<sup id=\"rdp-ebb-cite_ref-DosalIsMan19_8-0\" class=\"reference\"><a href=\"#cite_note-DosalIsMan19-8\">[8]<\/a><\/sup> Additionally, costs associated with MSS can vary, not only from provider to provider but also based upon each provider's pricing model. Will they charge your lab based upon number of users, number of devices, or some other mechanism? Does the MSSP provide a flat rate for protecting your cloud resources, or do they offer different tiers or bundles of services? And will the MSSP providing cloud-based MMS also manage your non-cloud resources? A \"per user\" or \"per device\" approach to pricing may make sense for small labs, but larger organizations may balk at such inflated costs, preferring a flat rate or tiered package of services. Those tiered services may be based on either a user number range or based on a set of offered services.<sup id=\"rdp-ebb-cite_ref-RSIHowMuch20_5-1\" class=\"reference\"><a href=\"#cite_note-RSIHowMuch20-5\">[5]<\/a><\/sup>\n<\/p><p>Ultimately, before approaching an MSSP, your lab will have needed to go through multiple steps internally, stating IT goals, identifying technology and education gaps, and determining a budget to support those goals and gaps. If your lab doesn't have a clear picture of what it has, where it wants to be, and what it will need to get there, it will make selection process even more difficult. As such, your lab may want to consider the request for information (RFI) process as part of your selection process.\n<\/p>\n<h4><span id=\"rdp-ebb-5.3.1_Using_a_request_for_information_(RFI)_process\"><\/span><span class=\"mw-headline\" id=\"5.3.1_Using_a_request_for_information_.28RFI.29_process\">5.3.1 Using a request for information (RFI) process<\/span><\/h4>\n<p>In some cases\u2014particularly if your organization is of significant size\u2014it may make sense to issue a formal RFI or request for proposal (RFP) and have major cloud MSSPs approach your lab with how they can meet its needs. The RFI and RFP are traditional means towards soliciting bidding interest in an organization's project, typically containing the organization's specific requirements and vital questions that the bidder should be able to effectively answer. However, even if your organization chooses to do most of the investigative work of researching and approaching cloud MSSPs, turning to a key set of questions typically found in an RFI is extremely valuable for \"fact finding.\" \n<\/p><p>An RFI is an ideal means for learning more about a potential solution and how it can solve your problems, or for when you're not even sure how to solve your problem yet. However, the RFI should not be unduly long and tedious to complete for prospective vendors; it should be concise, direct, and honest. This means not only presenting a clear and humble vision of your own organization and its goals, but also asking just the right amount of questions to allow potential vendors to demonstrate their expertise and provide a clearer picture of who they are. Some take a technical approach to an RFI, using dense language and complicated spreadsheets for fact finding. However, vendors appreciate a slightly more inviting approach, with practical questions or requests that are carefully chosen because they matter to you.<sup id=\"rdp-ebb-cite_ref-HolmesItsAMatch_9-0\" class=\"reference\"><a href=\"#cite_note-HolmesItsAMatch-9\">[9]<\/a><\/sup> Remember, however, that an RFI is not meant to answer all of your questions. The RFI is meant as a means to help narrow down your search to a few quality candidates while learning more about each other.<sup id=\"rdp-ebb-cite_ref-HolmesItsAMatch_9-1\" class=\"reference\"><a href=\"#cite_note-HolmesItsAMatch-9\">[9]<\/a><\/sup> Once the pool of potential MSSPs is narrowed down, more pointed questions can be asked to ensure those providers meet your needs. \n<\/p><p>Be cognizant, however, that just like CSPs, there may be no MSSP that can meet each and every need of your lab. Your lab will have to make important decisions about which requirements are non-negotiable and which are more flexible. The MSSPs you engage with may be able to provide realistic advice in this regard, based upon your lab's requirements and their past experience with labs. As such, those MSSPs with real-world experience protecting the information systems of laboratories may have a strong leg up on other MSSPs, as they can make informed comments about your lab\u2019s requirements based on their past experiences.\n<\/p><p>For your convenience, Appendix 3 of this guide includes a comprehensive list of RFI questions to ask of MSSPs, as well as cloud providers. If you have zero experience developing an RFI, you may want to first seek out various example RFIs on the internet, as well as some basic advice articles on the topic. Some websites may provide templates to examine for further details. However, the templates in Appendix 3 attempt to provide basic background about the RFI process as well. This includes addressing important questions related to your business so providers responding to your RFI better understand your lab's goals and requirements.\n<\/p><p>Now that we've addressed MSSPs, it's time to move on and take a look at the considerations required when choosing and implementing a cloud solution. The next chapter will look at the various characteristics of an average cloud provider, what you should look for in a cloud provider, the questions your organization should ask of itself, and the questions your organization should be asking cloud providers.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-MSSPCyber20-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSSPCyber20_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/19\/\" target=\"_blank\">\"Top 250 MSSPs for 2022: Companies 70 to 61\"<\/a>. <i>Top 250 MSSPs: Cybersecurity Company List and Research for 2020<\/i>. MSSP Alert. September 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.msspalert.com\/top250\/list-2022\/19\/\" target=\"_blank\">https:\/\/www.msspalert.com\/top250\/list-2022\/19\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+250+MSSPs+for+2022%3A+Companies+70+to+61&rft.atitle=Top+250+MSSPs%3A+Cybersecurity+Company+List+and+Research+for+2020&rft.date=September+2022&rft.pub=MSSP+Alert&rft_id=https%3A%2F%2Fwww.msspalert.com%2Ftop250%2Flist-2022%2F19%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CDMMSSPs21-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CDMMSSPs21_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">\"Top 100 Managed Security Service Providers (MSSPs)\"<\/a>. <i>Cyber Defense Magazine<\/i>. Cyber Defense Media Group. 18 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/\" target=\"_blank\">https:\/\/www.cyberdefensemagazine.com\/top-100-managed-security-service-providers-mssps\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 01 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+100+Managed+Security+Service+Providers+%28MSSPs%29&rft.atitle=Cyber+Defense+Magazine&rft.date=18+February+2021&rft.pub=Cyber+Defense+Media+Group&rft_id=https%3A%2F%2Fwww.cyberdefensemagazine.com%2Ftop-100-managed-security-service-providers-mssps%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-STHTop15_21-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-STHTop15_21_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">\"Top 15 Best Managed Security Service Providers (MSSPs) In 2023\"<\/a>. Software Testing Help. 14 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/\" target=\"_blank\">https:\/\/www.softwaretestinghelp.com\/managed-security-service-providers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+15+Best+Managed+Security+Service+Providers+%28MSSPs%29+In+2023&rft.atitle=&rft.date=14+July+2023&rft.pub=Software+Testing+Help&rft_id=https%3A%2F%2Fwww.softwaretestinghelp.com%2Fmanaged-security-service-providers%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TrianzHowMana21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TrianzHowMana21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works\" target=\"_blank\">\"How Managed Cloud Security Works, and Why You Might Want It\"<\/a>. Trianz. 29 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works\" target=\"_blank\">https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+Managed+Cloud+Security+Works%2C+and+Why+You+Might+Want+It&rft.atitle=&rft.date=29+March+2021&rft.pub=Trianz&rft_id=https%3A%2F%2Fwww.trianz.com%2Finsights%2Fmanaged-cloud-security-services-how-and-why-it-works&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-RSIHowMuch20-5\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-RSIHowMuch20_5-0\">5.0<\/a><\/sup> <sup><a href=\"#cite_ref-RSIHowMuch20_5-1\">5.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blog.rsisecurity.com\/how-much-does-managed-security-services-cost\/\" target=\"_blank\">\"How Much Does Managed Security Services Cost?\"<\/a>. RSI Security. 20 August 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blog.rsisecurity.com\/how-much-does-managed-security-services-cost\/\" target=\"_blank\">https:\/\/blog.rsisecurity.com\/how-much-does-managed-security-services-cost\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+Much+Does+Managed+Security+Services+Cost%3F&rft.atitle=&rft.date=20+August+2020&rft.pub=RSI+Security&rft_id=https%3A%2F%2Fblog.rsisecurity.com%2Fhow-much-does-managed-security-services-cost%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Russell10Tips21-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Russell10Tips21_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Russell, J. (10 January 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.harmony-tech.com\/10-tips-for-selecting-a-managed-security-services-provider-mssp\/\" target=\"_blank\">\"10 Tips for selecting a Managed Security Services Provider (MSSP)\"<\/a>. <i>HarmonyTech Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.harmony-tech.com\/10-tips-for-selecting-a-managed-security-services-provider-mssp\/\" target=\"_blank\">https:\/\/www.harmony-tech.com\/10-tips-for-selecting-a-managed-security-services-provider-mssp\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=10+Tips+for+selecting+a+Managed+Security+Services+Provider+%28MSSP%29&rft.atitle=HarmonyTech+Blog&rft.aulast=Russell%2C+J.&rft.au=Russell%2C+J.&rft.date=10+January+2022&rft_id=https%3A%2F%2Fwww.harmony-tech.com%2F10-tips-for-selecting-a-managed-security-services-provider-mssp%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NTTHowToChoose16-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NTTHowToChoose16_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210508224537\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_data_sheet_how_to_choose_an_mssp_uea_v1\" target=\"_blank\">\"How to Choose an MSSP\"<\/a> (PDF). NTT Security. November 2016. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_data_sheet_how_to_choose_an_mssp_uea_v1\" target=\"_blank\">the original<\/a> on 08 May 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210508224537\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_data_sheet_how_to_choose_an_mssp_uea_v1\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210508224537\/https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/us_data_sheet_how_to_choose_an_mssp_uea_v1<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+to+Choose+an+MSSP&rft.atitle=&rft.date=November+2016&rft.pub=NTT+Security&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210508224537%2Fhttps%3A%2F%2Fwww.nttsecurity.com%2Fdocs%2Flibrariesprovider3%2Fresources%2Fus_data_sheet_how_to_choose_an_mssp_uea_v1&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DosalIsMan19-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DosalIsMan19_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Dosal, E. (2 May 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.compuquip.com\/blog\/is-managed-security-worth-the-cost\" target=\"_blank\">\"Is Managed Security Worth the Cost?\"<\/a>. <i>Compuquip Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.compuquip.com\/blog\/is-managed-security-worth-the-cost\" target=\"_blank\">https:\/\/www.compuquip.com\/blog\/is-managed-security-worth-the-cost<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Is+Managed+Security+Worth+the+Cost%3F&rft.atitle=Compuquip+Blog&rft.aulast=Dosal%2C+E.&rft.au=Dosal%2C+E.&rft.date=2+May+2019&rft_id=https%3A%2F%2Fwww.compuquip.com%2Fblog%2Fis-managed-security-worth-the-cost&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HolmesItsAMatch-9\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-HolmesItsAMatch_9-0\">9.0<\/a><\/sup> <sup><a href=\"#cite_ref-HolmesItsAMatch_9-1\">9.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Holmes, T.. <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/\" target=\"_blank\">\"It's a Match: How to Run a Good RFI, RFP, or RFQ and Find the Right Partner\"<\/a>. <i>AllCloud Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/\" target=\"_blank\">https:\/\/allcloud.io\/blog\/its-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=It%27s+a+Match%3A+How+to+Run+a+Good+RFI%2C+RFP%2C+or+RFQ+and+Find+the+Right+Partner&rft.atitle=AllCloud+Blog&rft.aulast=Holmes%2C+T.&rft.au=Holmes%2C+T.&rft_id=https%3A%2F%2Fallcloud.io%2Fblog%2Fits-a-match-how-to-run-a-good-rfi-rfp-or-rfq-and-find-the-right-partner%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<p><br \/>\n<\/p>\n<div align=\"center\">-----Go to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Considerations when choosing and implementing a cloud solution\/What are the various characteristics of an average cloud provider?\" class=\"wiki-link\" data-key=\"f5afb6897c6e2d7da619535848a35dc1\">the next chapter<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"Citation_information_for_this_chapter\">Citation information for this chapter<\/span><\/h2>\n<p><b>Chapter<\/b>: 5. Managed security services and quality assurance\n<\/p><p><b>Title<\/b>: <i>Choosing and Implementing a Cloud-based Service for Your Laboratory<\/i>\n<\/p><p><b>Edition<\/b>: Second edition\n<\/p><p><b>Author for citation<\/b>: Shawn E. Douglas\n<\/p><p><b>License for content<\/b>: <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/\" target=\"_blank\">Creative Commons Attribution-ShareAlike 4.0 International<\/a>\n<\/p><p><b>Publication date<\/b>: August 2023\n<\/p><p><br \/>\n<\/p>\n<!-- \nNewPP limit report\nCached time: 20230816210806\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.104 seconds\nReal time usage: 0.113 seconds\nPreprocessor visited node count: 6277\/1000000\nPost\u2010expand include size: 52836\/2097152 bytes\nTemplate argument size: 17979\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 14826\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 94.198 1 -total\n 90.14% 84.913 1 Template:Reflist\n 74.78% 70.445 9 Template:Cite_web\n 68.15% 64.192 9 Template:Citation\/core\n 16.88% 15.898 8 Template:Date\n 9.76% 9.194 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\n 6.25% 5.883 15 Template:Citation\/make_link\n 3.00% 2.826 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13050-0!canonical and timestamp 20230816210808 and revision id 52908. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","fdcca14cc0c87caa6d62c62a5ab55ad1_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/5\/5a\/NSOC-2012.jpg"],"fdcca14cc0c87caa6d62c62a5ab55ad1_timestamp":1692220360,"fdbc78a3fed7fade69aa42c5a9b5cc07_type":"article","fdbc78a3fed7fade69aa42c5a9b5cc07_title":"5.2 Managed security services and the laboratory","fdbc78a3fed7fade69aa42c5a9b5cc07_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory","fdbc78a3fed7fade69aa42c5a9b5cc07_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Managed security services and quality assurance\/Managed security services and the laboratoryFrom LIMSWikiJump to navigationJump to searchContents \n\n1 5.2 Managed security services and the laboratory \n\n1.1 5.2.1 The quality assurance officer \n1.2 5.2.2 The shared responsibility model in the scope of security management and quality assurance \n\n\n2 References \n\n\n\n5.2 Managed security services and the laboratory \nThe previous chapter explored many aspects of informatics in the laboratory, emphasizing that while software and hardware systems bring many benefits to the laboratory, a thoughtful, organization-wide approach to managing the risks that that software and hardware introduces\u2014particularly when related to cloud computing\u2014is required. Given these complications, it's unsurprising to learn some laboratories have turned to MSSPs to help them meet regulatory requirements and maintain the security of their on-premises and cloud-based data solutions. Examples of industries with research and laboratory work served by MSSPs over the years include the gemstone testing and grading[1], energy research and supply[2], clinical and forensic toxicology[3], and healthcare industries.[4][5] In all these examples, the implication is that proprietary trade secrets, critical infrastructure, or sensitive patient data must be protected. The laboratories operating in those industries could have attempted to keep security efforts in-house, but for one reason or another they chose to outsource a significant portion of that protection to a third-party MSSP.\nBut why even bother with this level of security? As previous chapters have noted, regulatory requirements are a significant driver to that end; if the lab won't meet its regulatory requirements, it risks major fines at a minimum, or at worst going out of business. In fact, some 60 percent of small businesses end up closing shop within six months of a cyberattack.[6] This happens for multiple reasons, with costs related to compliance fines, breach notifications, post-breach customer protection, public relations, reputation loss, attorney's fees, litigation, and operational disruption often laying waste to the business.[7] And it happens to businesses in almost every industry.\nLaboratories are not exempt from these cyberattacks and losses, whether using on-premises systems or turning to the cloud. In 2019, Canadian laboratory testing business LifeLabs suffered a cyberattack on its systems that saw the attackers steal information and request a ransom to have the data returned. While it's not clear exactly what went wrong, talk of \"[f]urther strengthening our systems to deter future incidents\"[8] indicates something was off about LifeLabs' computer systems, something that likely could have been prevented with properly managed security services. In 2021, clinical at-home laboratory provider Apex Laboratory announced that it had been attacked by ransomware that hit its systems, which allowed hackers to take sensitive patient information and forcefully encrypt system and other data files until a ransom was paid.[9] This kind of attack also could have been prevented\u2014or the damage at least mitigated\u2014with active MSS protections. And in May 2021, news broke that benevolent hacking group Sakura Samurai, as part of a \"vulnerability disclosure program\" through the U.S. Department of Energy's Fermilab, had tracked down multiple vulnerabilities in Fermilab's systems, which have since reportedly been corrected.[10][11] Would have a knowledgeable and experienced MSSP caught these issues before Sakura Samurai?\nHowever, the use of an MSSP in the laboratory can't prevent all cases of inadvertently compromising sensitive information. Take for example the case of the Wyoming Department of Health, which accidentally exposed sensitive health information about COVID-19, influenza, and controlled substance analyses in late 2020. An April 2021 news report indicated that more than 164,000 Wyoming residents were affected by the accidental uploading of files containing their testing information as part of a batch file upload to a public-facing GitHub server. While GitHub itself did not cause the release, the upload of the files\u2014which were not intended to be in the upload batch of otherwise normal software code files\u2014to the public servers by the Department of Health did. The Wyoming Department of Health notes that \"[b]usiness practices have been revised to include prohibiting the use of GitHub or other public repositories and employees have been retrained.\"[12] \nThis statement highlights that, ultimately, internal process and procedure that didn't address the use and corresponding potential risks of public-facing servers within day-to-day operations was to blame. Strictly speaking, any MSS in place could not have prevented the upload to GitHub, unless the MSSP had prior identified this type of risk and brought it to the attention of the laboratory. It's possible an MSSP could have encouraged the lab to turn to group policies or some other access control to limit internet access from laboratory computers[13], though a careful balance of managing security risk with ensuring lab tech productivity would still need to be maintained. However, in the end, this is largely a story of internal laboratory policy, not something an MSS could prevent unless previously anticipated. This naturally brings up the discussion about a laboratory's quality assurance officer and their increasingly important role in addressing cybersecurity and choosing CSPs and MSSPs for the lab.\n\n5.2.1 The quality assurance officer \nImagine a medical device manufacturer (which happens to incorporate laboratories, but that's not the main point here). A medical device manufacturer works in a highly regulated industry that not just asks but demands quality from the manufactured medical devices. As many such devices are increasingly electronic\u2014and even network-enabled\u2014it's imperative that cybersecurity is considered in their design and use.[14] As David Jensen of MasterControl noted in 2017: \"The technologies that elevate the quality of life for patients can be used by cyber actors to undermine both the manufacturing organization and the products themselves. This means cybersecurity is as much a quality issue as it is a security issue.\"[15]\nNote that Jensen related \"cybersecurity\" and \"quality\" together, which naturally leads to a discussion of the quality management system (QMS). A QMS is \"a set of related and interacting elements that organizations use to direct and control how quality policies are implemented and quality objectives are achieved.\"[16] Those elements include, but are not limited to, documented processes, management models, business strategies, human capital, and information technology. Not only does the QMS help guide the implementation and achievement of organizational policy and objectives for resource management and personnel, but also it prompts an organization to focus on the core elements of quality management within its products and services: planning, control, assurance, and improvement. And just as the development and use of a QMS is often driven by standards (e.g., ISO\/IEC 17025:2017 and ISO 13485:2016), the QMS often drives the organization to adopt other standards as part of bringing quality to the organization. Using our medical device manufacturer as an example, their QMS may direct them to use the ANSI\/CAN\/UL 2900-1 standard for ensuring medical device cybersecurity protection.[17]\nNot only is the QMS vital to medical device manufacturers[15][18][19][20], but also the QMS plays an important role in most any laboratory's operations.[21][22] And in the laboratory, a quality assurance officer or manager is responsible for helping develop and maintain the laboratory's QMS, which optimally will address the importance of cybersecurity in meeting the laboratory\u2019s goals. But the connection between a laboratory's quality assurance officer and cybersecurity is sadly not well represented in the cloud computing era. Look through the job descriptions on online job boards for quality assurance officers and you will rarely find the word \"security\" mentioned. Sure, the relationship between \"quality\" and \"security\" gets discussed in the context of modern software development[23], but what about within the context of a laboratory's operational quality and the people who drive it forward? \nIn a 2019 journal article for Lab Manager magazine, Sandia National Laboratories' chief information officer Carol Jones stated that \"[c]ybersecurity is not just a technology problem; it is a people, process, and knowledge problem.\"[24] While this is an accurate statement, shouldn't cybersecurity also be a quality problem for a laboratory? Yes, well-trained people, vetted processes, and relevant and timely knowledge is required to ensure secure operations, but quality management and assurance\u2014which incorporates that training, SOPs, and knowledge\u2014should also be part of that equation. One could argue that the responsibilities of a quality assurance officer or manager are already numerous and weighty. But shouldn't that person at least have a modicum of understanding about how well-implemented IT and software security in the lab correlates to improved quality assurance outcomes?[25]\nAt this juncture, several questions must be asked about the quality assurance officer or manager in a laboratory operating in the 2020s:\n\nWhat is the importance of the quality assurance officer (QAO), and do they understand cybersecurity?\nHow does the QAO help ensure quality of operations with security as a managed service?\nHow do standard operating procedures (SOPs), security audits, and other elements of a QMS positively affect quality assurance by addressing cybersecurity and cloud hosting processes?\nThe importance of a QAO and their security knowledge\nFirst, the definition of what a QAO does will largely vary from company to company. However, turning to Bartram and Ballance's 1996 guide Water Quality Monitoring, the author's describe a quality assurance officer as someone \"to liaise with management, to manage data archives, to conduct regular audits and reviews of the QA system, and to report on any QA issues to the program or institution manager.\"[26] They add that the QAO is also \"responsible for regularly inspecting all aspects of the [record keeping] system to ensure staff compliance, for reporting on such inspections and audits to management, and for recommending improvements.\"[26] But what of a more modern definition? Turning to ISO 9000, we get a bland and non-informative definition of quality assurance itself: \"part of quality management focused on providing confidence that quality requirements will be fulfilled.\"[27] By extension, we then get \"a person responsible for providing confidence that requirements for organizational quality are fulfilled.\" This is a broad description, sadly. However, pulling from Bartram and Ballance, the ISO, and other sources[28][29], we could go with something like:\n\nA quality assurance officer (QAO) is an individual responsible for ensuring organizational quality through the regular management, monitoring, review, and auditing of documentation, record systems, data, and processes as they relate to organizational quality and compliance frameworks and initiatives, while also reporting timely results, making recommendations based on those results, and assisting with training staff on approved recommendations.\nGiven that definition, does the average QAO need to understand at least the basics of cybersecurity? That's arguable, to be sure. After all, there are job positions such as the \"cybersecurity quality and compliance officer\" and the like[28], with an individual who works directly with an IT department and its cybersecurity team to ensure all mandatory laws and regulatory requirements are being adhered to, much in the same way a QAO does but on a broader organizational basis. But what about the laboratory realm? Major laboratories with significant resources may have these sorts of positions, but smaller, independent labs may not. In that case, laboratory personnel will often wear many hats, including \"the tech person\" or \"laboratory systems engineer.\" (See Joe Liscouski's discussion of the \"laboratory systems engineer\" in his 2020 guide Laboratory Technology Planning and Management: The Practice of Laboratory Systems Engineering for more on this topic.[30]) However, given that the security surrounding an organization's electronic efforts is vital to maintaining quality operations, and also given that\u2014hopefully\u2014cybersecurity efforts are documented and trained upon, it's not that far a leap to suggest that the laboratory QAO should have a rudimentary understanding of IT systems and how they are secured. If cybersecurity is interwoven into the laboratory culture, including quality management, the tech-savvy QAO will be a boon to the overall quality assurance process.\nThe QAO and managed security services\nWhere does a QAO and an MSS intersect in the lab? Judging by the previous statement that the QAO may need to review organizational documentation and training material regarding cybersecurity\u2014and even audit or assess personnel on their use of that documentation and training\u2014we can see deduce that a QAO may be required to audit the effectiveness of any implemented MSS, or at least the documentation and processes related to the MSS. Again, it's likely in mid- to large size organizations this responsibility will fall upon the shoulders of an IT lead or IT quality officer. However, these resources may not be readily available in some laboratory settings. If those resources aren't available, the QAO may be required to know more than they expected about what managed security services entail. They won't need to be MSS experts, but as the nature of computing in the laboratory continues to evolve, having laboratory staff with relevant knowledge of automation, data management systems, and even the cloud is increasingly vital.[30]\nThe QMS and cybersecurity\nIn 2019, scientific and business consultancy Brevitas brought up the challenges of addressing cybersecurity in laboratories and other settings, noting evolving guidance that strives to address the business policies, security controls, informatics systems, and security monitoring required to better ensure the integrity and security of electronic records and data. They are one of a handful of consultancies that have publicly tied these types of standard-driven cybersecurity measures directly to the QMS[31]:\n\nThe challenge is in ensuring that these measures are effectively integrated into the existing processes outlined in the organization\u2019s quality management system (QMS). Consideration needs to be given to first integrating cybersecurity into risk and\/or criticality assessments, then downstream into system security testing during qualification and\/or validation activities. As the technological landscape evolves, organizations must be more effective in their implementation of cybersecurity measures to ensure the safety of their electronic records and data. These measures must be considered as part of the QMS for all activities involved in the lifecycle of a computerized system.\nAs has been previously mentioned, this type of philosophy is already woven into the fabric of medical device regulation and standardization, with 21 CFR 820 on quality system regulation, ISO 13485:2016 on quality management systems, and ANSI\/CAN\/UL 2900 on ensuring medical device security driving how medical device cybersecurity is addressed in the manufacturer's quality management system.[20][32][33][34][35] And it may be even easier for medical device manufacturers\u2014as well as other laboratory types\u2014to compile, organize, disseminate, and train upon cybersecurity risk analysis data and procedural documentation with the help of an electronic QMS.[15] However, we can turn to some other businesses who have included security standards in their quality management system. Technology consultancy Konsolute has discussed why it chose to integrate ISO 27001 on information security management (and the information security management system or ISMS) into its business processes and the development of its electronic QMS, noting benefits of improved compliance, lower security risk, improved financial savings, improved reputation, and more new business.[36] \nAs it turns out, the ISMS and ISO 27001 have a bit in common with the QMS and ISO 9001, primarily with the goal of improving quality within the organization. Here again we see the link between a focus on cybersecurity and ensuring quality within an organization.[37][38] Senior associate Nikita Patel of Schellman & Company highlighted this association in 2017, saying that an organization \"achieving this dual certification of an ISO 9001 and ISO 27001 can prove incredibly useful\u2014in doing so, an organization can simultaneously demonstrate an organization\u2019s ability and commitment to information security risk management, while also validating their dedication to the optimal delivery of their quality products and services.\"[38] From addressing anything from scoping, leadership, human resources support, and document management to internal auditing, measurement and monitoring, management review, and continual improvement, both the ISMS, focused on information security, and QMS, focused on organizational quality, improve the overall quality of an organization and its efforts.\nThe QAO in the context of these three points\nWhere does this all place the quality assurance officer in the scope of laboratory quality and information security? Whether it's managed security services, private or public cloud services, in-house networking, or a mix of all these, the modern laboratory is a technology-driven business requiring modern approaches to addressing the risks that technology carries with it. An on-site IT staff may handle many of the details associated with those efforts, but the QAO of the 2020s needs to also be familiar with how that technology works and how it impacts organizational quality initiatives. The QAO will interact with the lab's QMS, and perhaps even the ISMS if one separately exists. Ideally cybersecurity policy and procedure will already be woven into the various elements of the QMS, or, worst case, the lab doesn't have much of a cybersecurity policy. This is where the QAO of today's lab must shine, \"ensuring organizational quality through the regular management, monitoring, review, and auditing of documentation, record systems, data, and processes as they relate to organizational quality and compliance frameworks and initiatives.\" That means also understanding how managed security services and cloud services operate. It's perhaps a tall ask, but in today's competitive laboratory environment, the tech-savvy QAO is more important than ever.\n\n5.2.2 The shared responsibility model in the scope of security management and quality assurance \nBefore we move on to choosing an MMSP, we need to briefly mention the shared responsibility model and how it relates to both the MSSP's (and CSP\u2019s) services and assuring quality within the laboratory. Back in Chapter 2, we discussed the shared responsibility model, occasionally referred to as the \"shared security model.\" We said the shared responsibility model is useful because it clarifies elements of responsibility for information security between the laboratory and the CSP in regards to provided cloud services. A trusted CSP should be able to make both levels of responsibility clear at every step of the way, from early contract discussions to late-stage changes to customer services. The CSP remains responsible for certain levels of the IT infrastructure and software, while the laboratory remains responsible for the security of the guest OS, account security, firewall settings, and more. This delineation of responsibility varies from provider to provider, but optimally the information is related clearly to the lab by each.\nWhen it comes to MSSPs and the cloud, they are capable of further reducing the burden of responsibility the laboratory has in regards to not only their cloud services but also any networked on-premises systems. An MSSP can take on the responsibility of the guest OS, network configuration, firewall settings, and server-side encryption, as well as a select portion of client-side data encryption, data integrity authentication, application hardening, and network traffic monitoring and protection.[39][40] This frees the laboratory from even more security detail, providing monetary, quality, and time investment benefits. As noted earlier, however, the laboratory is not completely free from worrying about security. A company culture of cybersecurity and quality must continue to be driven by strong management buy-in, well-documented business and quality policies, well-considered and -enforced operational policies, and regular quality training.\nThat said, how does the shared responsibility model affect the work of the QAO and laboratory's overall efforts to ensure security in the cloud, particularly with an MSSP? Primarily, shared responsibility says that the laboratory can't take a \"set it and forget it\" approach to security, even with a CSP and MSSP taking a significant portion of the responsibility off the laboratory's hands. Going back to the Wyoming Department of Health and its accidental upload of patient data to a public server, neither a cloud provider nor an MSSP could do much in this situation. We don't know the circumstances and technology surrounding their incident, but let's imagine that the public health lab was using a CSP and an MSSP. Certainly, the CSP would have no real say in how the lab uploaded content to a server outside its domain. The MSSP largely would have no blame either, as they likely wouldn't even be aware of the public server being uploaded to. No, that would be an internal policy issue, a solid example of how the laboratory would still have a shared stake in the responsibility of security at the lab.\nFrom that example, we'd have to turn to the work of laboratory staff and management, including the QAO. Again, imagining a scenario where the lab was using both a CSP and an MSSP, a number of questions would arise, primary among them being \"were they fully aware of and committed to the security responsibility they shared with their service providers?\" That level of responsibility would include engaging in cybersecurity discussions among management and key IT personnel, having frank discussions about risk, and bringing in outside help where expertise was lacking. It would also include having a thorough understanding of how lab workers do their job, including learning about any public servers they were using. And it would also, ideally, involve discussion about that laboratory workflow with the MSSP. With all these elements, the likelihood of foreseeing the risk associated with uploading data to public servers from laboratory computers would be optimistically high. Finally, if we add the element of either a laboratory QAO or \"cybersecurity quality and compliance officer,\" one could imagine the scenario turning out differently for the Department of Health. In the end, however, it would have still required knowledgeable personnel, a strong laboratory-wide focus on cybersecurity, and a committed QAO familiar with the importance of the shared responsibility model\u2014and at least the basics of information security\u2014to help ensure the quality of laboratory operations and the information security required of them.\n\nReferences \n\n\n\u2191 VirtualArmour International (8 April 2019). \"VirtualArmour Expands Managed Cybersecurity Services with Global Gemological Organization\". Intrado GlobeNewswire. https:\/\/www.globenewswire.com\/news-release\/2019\/04\/08\/1799042\/0\/en\/VirtualArmour-Expands-Managed-Cybersecurity-Services-with-Global-Gemological-Organization.html . Retrieved 28 July 2023 .   \n \n\n\u2191 PreScouter (October 2017). \"Managed Cybersecurity Service Providers for Electric Utilities\" (PDF). American Public Power Association. https:\/\/www.publicpower.org\/system\/files\/documents\/cybersecurity-service_providers_guide.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Case Study: Managed Detection Response for Toxicology Laboratory\". Frontier Technologies, Inc. 2020. Archived from the original on 14 April 2021. https:\/\/web.archive.org\/web\/20210414070225\/https:\/\/ftiusa.com\/case-studies\/case-study-managed-detection-response-for-toxicology-laboratory\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Healthcare Managed Security Services Forum\". Cylera. November 2020. https:\/\/resources.cylera.com\/healthcare-managed-security-services-forum . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Putting Information Exchange to Work for Healthcare\". ANXeBusiness Corp. http:\/\/anxebiz.anx.com\/content\/industries\/healthcare . Retrieved 28 July 2023 .   \n \n\n\u2191 Galvin, J. (7 May 2018). \"60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here's How to Protect Yourself\". Inc.com. https:\/\/www.inc.com\/joe-galvin\/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"BLOG: Cost of Cyber Crime to Small Businesses\". Virginia SBDC Blog. Virginia SBDC. 30 May 2017. Archived from the original on 27 December 2020. https:\/\/web.archive.org\/web\/20201227041535\/https:\/\/www.virginiasbdc.org\/blog-cost-of-cyber-crime-to-small-businesses\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Canadian Lab Test Firm LifeLabs Pays Ransom After Data Breach\". Security. BNP Media. 26 December 2019. https:\/\/www.securitymagazine.com\/articles\/91467-canadian-lab-test-firm-lifelabs-pays-ransom-after-data-breach . Retrieved 28 July 2023 .   \n \n\n\u2191 Arghire, I. (4 January 2021). \"Apex Laboratory Says Patient Data Stolen in Ransomware Attack\". Security Week. https:\/\/www.securityweek.com\/apex-laboratory-says-patient-data-stolen-ransomware-attack . Retrieved 28 July 2023 .   \n \n\n\u2191 Kirk, J. (7 May 2021). \"US Physics Laboratory Exposed Documents, Credentials\". Bank Info Security. https:\/\/www.bankinfosecurity.com\/us-physics-laboratory-exposed-documents-credentials-a-16536 . Retrieved 28 July 2023 .   \n \n\n\u2191 Willis, R. (6 May 2021). \"Fermilab Hack, April\/May 2021\". Robert Willis Hacking. https:\/\/robertwillishacking.com\/fermilab-hack-april-may-2021\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Flack, B. (27 April 2021). \"Wyoming Department of Health Announces Data Breach of Thousands of Wyoming Residents\". SweetwaterNow. Archived from the original on 27 April 2021. https:\/\/web.archive.org\/web\/20210427221317if_\/https:\/\/www.sweetwaternow.com\/wyoming-department-of-health-announces-data-breach-of-thousands-of-wyoming-residents\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Paul (3 June 2019). \"How To Restrict Internet Access Using Group Policy (GPO)\". The Sysadmin Channel. https:\/\/thesysadminchannel.com\/how-to-restrict-internet-access-using-group-policy-gpo\/ . Retrieved 03 June 2019 .   \n \n\n\u2191 Nayyar, S. (22 December 2020). \"The Unique Threats Posed By Medical IoT Devices And What To Do About Them\". Forbes. https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2020\/12\/22\/the-unique-threats-posed-by-medical-iot-devices-and-what-to-do-about-them\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 15.0 15.1 15.2 Jensen, D. (3 June 2017). \"How an Electronic Quality Management System Helps With Cybersecurity\". MasterControl. Archived from the original on 23 May 2021. https:\/\/web.archive.org\/web\/20210523211209\/https:\/\/www.mastercontrol.com\/gxp-lifeline\/how-an-electronic-quality-management-system-helps-with-cybersecurity\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Shoemaker, D.; Sigler, K. (2014). Cybersecurity: Engineering a Secure Information Technology Organization. Cengage Learning. pp. 62\u201363. ISBN 9781285169903. https:\/\/books.google.com\/books?id=b1s8AwAAQBAJ&pg=PA62 .   \n \n\n\u2191 Wirth, A.; Gates, C.; Smith, J. (2020). Medical Device Cybersecurity for Engineers and Manufacturers. Artech House. pp. 23\u201324. ISBN 9781630818159. https:\/\/books.google.com\/books?id=oawCEAAAQBAJ&pg=PA23 .   \n \n\n\u2191 Therapeutic Goods Administration (March 2021). \"Medical device cyber security guidance for industry\" (PDF). Commonwealth of Australia. https:\/\/www.tga.gov.au\/sites\/default\/files\/medical-device-cyber-security-guidance-industry.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Risk Management Best Practices for Cybersecurity Compliance\". AssurX Blog. AssurX, Inc. 30 January 2017. https:\/\/www.assurx.com\/risk-management-cybersecurity-compliance\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 20.0 20.1 \"Cybersecurity & Quality Management System Integration\". Apraciti. https:\/\/apraciti.com\/cybersecurity-quality-management-system-integration\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 World Health Organization (2011). Laboratory Quality Management System Handbook. World Health Organization. ISBN 9789241548274. https:\/\/www.who.int\/publications\/i\/item\/9789241548274 .   \n \n\n\u2191 United States Geological Survey. \"Quality Management System for USGS Laboratories\". United States Geological Survey. https:\/\/www.usgs.gov\/office-of-science-quality-and-integrity\/quality-management-system-usgs-laboratories . Retrieved 28 July 2023 .   \n \n\n\u2191 Worrall, J. (18 August 2020). \"Why Quality & Security Both Matter in Software\". DarkReading. https:\/\/www.darkreading.com\/vulnerabilities-threats\/why-quality-security-both-matter-in-software . Retrieved 28 July 2023 .   \n \n\n\u2191 Tulsi, B.B. (4 September 2019). \"Greater Awareness and Vigilance in Laboratory Data Security\". Lab Manager. https:\/\/www.labmanager.com\/greater-awareness-and-vigilance-in-laboratory-data-security-776 . Retrieved 28 July 2023 .   \n \n\n\u2191 Hamidovic, H. (2012). \"Fundamental Concepts of IT Security Assurance\". ISACA Journal 2: 45\u20139. https:\/\/www.isacajournal-digital.org\/isacajournal\/2012vol2?article_id=1078418&pg=45 .   \n \n\n\u2191 26.0 26.1 Bartram, J.; Ballance, R., ed. (2020). Water Quality Monitoring: A practical guide to the design and implementation of freshwater quality studies and monitoring programmes. CRC Press. p. 218. ISBN 9780419223207. https:\/\/books.google.com\/books?id=5PQCEAAAQBAJ&pg=PA218 .   \n \n\n\u2191 \"ISO 9000:2015(en) Quality management systems \u2014 Fundamentals and vocabulary\". ISO. 2015. https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso:9000:ed-4:v1:en . Retrieved 28 July 2023 .   \n \n\n\u2191 28.0 28.1 Genesis IT&T (10 May 2021). \"Cybersecurity Quality and Compliance Officer - 6 Month Contract\". Seek. Archived from the original on 28 July 2023. https:\/\/web.archive.org\/web\/20210524220443\/https:\/\/www.seek.com.au\/job\/52226409?type=standard . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Quality Control Officer - What They Do\". Zippia. https:\/\/www.zippia.com\/quality-control-officer-jobs\/what-does-a-quality-control-officer-do\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 30.0 30.1 Liscouski, J. (December 2020). \"Laboratory Technology Planning and Management: The Practice of Laboratory Systems Engineering\".   \n \n\n\u2191 \"Cybersecurity Response\". Brevitas. 2019. https:\/\/brevitas.us\/cybersecurity-response\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Lincoln, J.E. (17 April 2017). \"Cybersecurity - Buzzword or Serious Safety Concern?\". IVT Network. Archived from the original on 25 May 2021. https:\/\/web.archive.org\/web\/20210525165934\/https:\/\/www.ivtnetwork.com\/article\/cybersecurity-buzzword-or-serious-safety-concern . Retrieved 28 July 2023 .   \n \n\n\u2191 Heyl, J. (October 2017). \"Overview of UL 2900 - Medical Device Cybersecurity Workshop\" (PDF). UL. https:\/\/www.cybersecuritysummit.org\/wp-content\/uploads\/2017\/10\/4.00-Justin-Heyl.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"UL 2900: A Cybersecurity aid for industry and regulators\" (PDF). UL. 2019. https:\/\/fda.report\/media\/123068\/UL2900-Cybersecurity-Aid.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"ISO 13485:2016 Medical devices \u2014 Quality management systems \u2014 Requirements for regulatory purposes\". ISO. March 2016. https:\/\/www.iso.org\/standard\/59752.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cybersecurity of the future: Why we include ISO 27001 as standard in our Quality Management System\". Konsolute. 30 April 2021. https:\/\/www.konsolute.com\/blog\/iso-27001-cybersecurity-quality-management\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Information Security Management System (ISMS)\". CVG Strategy. 2020. https:\/\/cvgstrategy.com\/information-security-management-system\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 38.0 38.1 Patel, N. (16 October 2017). \"ISO 9001 and 27001 \u2013 The Relationship\". Schellman Blog. Schellman & Company. Archived from the original on 28 February 2021. https:\/\/web.archive.org\/web\/20210228030103\/https:\/\/www.schellman.com\/blog\/iso-9001-and-27001-the-relationship . Retrieved 28 July 2023 .   \n \n\n\u2191 Wang, K. (14 October 2020). \"Shared Responsibility in the Cloud: Reduce Your Security Burden With a Managed Security Service Provider (MSSP)\". Cloudticity Blog. Cloudticity. https:\/\/blog.cloudticity.com\/shared-responsibility-cloud-managed-service-provider-security . Retrieved 28 July 2023 .   \n \n\n\u2191 Savir, L. (16 August 2023). \"How a Managed Service Provider Can Harden Security Across Your Business and Save on Costs\". AllCloud Blog. https:\/\/allcloud.io\/blog\/how-a-managed-service-provider-can-harden-security-across-your-business-and-save-on-costs\/ . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:39.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 505 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","fdbc78a3fed7fade69aa42c5a9b5cc07_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Managed_security_services_and_quality_assurance_Managed_security_services_and_the_laboratory rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Managed_security_services_and_quality_assurance_Managed_security_services_and_the_laboratory skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Managed security services and quality assurance\/Managed security services and the laboratory<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n\n<h3><span class=\"mw-headline\" id=\"5.2_Managed_security_services_and_the_laboratory\">5.2 Managed security services and the laboratory<\/span><\/h3>\n<p>The previous chapter explored many aspects of informatics in the laboratory, emphasizing that while software and hardware systems bring many benefits to the laboratory, a thoughtful, organization-wide approach to managing the risks that that software and hardware introduces\u2014particularly when related to cloud computing\u2014is required. Given these complications, it's unsurprising to learn some laboratories have turned to MSSPs to help them meet regulatory requirements and maintain the security of their on-premises and cloud-based data solutions. Examples of industries with research and laboratory work served by MSSPs over the years include the gemstone testing and grading<sup id=\"rdp-ebb-cite_ref-IntradoVirtualArmour19_1-0\" class=\"reference\"><a href=\"#cite_note-IntradoVirtualArmour19-1\">[1]<\/a><\/sup>, energy research and supply<sup id=\"rdp-ebb-cite_ref-PreScouterManaged17_2-0\" class=\"reference\"><a href=\"#cite_note-PreScouterManaged17-2\">[2]<\/a><\/sup>, clinical and forensic toxicology<sup id=\"rdp-ebb-cite_ref-FrontierCaseStudy20_3-0\" class=\"reference\"><a href=\"#cite_note-FrontierCaseStudy20-3\">[3]<\/a><\/sup>, and healthcare industries.<sup id=\"rdp-ebb-cite_ref-CyleraHealthcare20_4-0\" class=\"reference\"><a href=\"#cite_note-CyleraHealthcare20-4\">[4]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-ANXPutting_5-0\" class=\"reference\"><a href=\"#cite_note-ANXPutting-5\">[5]<\/a><\/sup> In all these examples, the implication is that proprietary trade secrets, critical infrastructure, or sensitive patient data must be protected. The laboratories operating in those industries could have attempted to keep security efforts in-house, but for one reason or another they chose to outsource a significant portion of that protection to a third-party MSSP.\n<\/p><p>But why even bother with this level of security? As previous chapters have noted, regulatory requirements are a significant driver to that end; if the lab won't meet its regulatory requirements, it risks major fines at a minimum, or at worst going out of business. In fact, some 60 percent of small businesses end up closing shop within six months of a cyberattack.<sup id=\"rdp-ebb-cite_ref-Galvin60_18_6-0\" class=\"reference\"><a href=\"#cite_note-Galvin60_18-6\">[6]<\/a><\/sup> This happens for multiple reasons, with costs related to compliance fines, breach notifications, post-breach customer protection, public relations, reputation loss, attorney's fees, litigation, and operational disruption often laying waste to the business.<sup id=\"rdp-ebb-cite_ref-SBDCC_BlogCost17_7-0\" class=\"reference\"><a href=\"#cite_note-SBDCC_BlogCost17-7\">[7]<\/a><\/sup> And it happens to businesses in almost every industry.\n<\/p><p>Laboratories are not exempt from these cyberattacks and losses, whether using on-premises systems or turning to the cloud. In 2019, Canadian laboratory testing business LifeLabs suffered a cyberattack on its systems that saw the attackers steal information and request a ransom to have the data returned. While it's not clear exactly what went wrong, talk of \"[f]urther strengthening our systems to deter future incidents\"<sup id=\"rdp-ebb-cite_ref-SecurityCanadian19_8-0\" class=\"reference\"><a href=\"#cite_note-SecurityCanadian19-8\">[8]<\/a><\/sup> indicates something was off about LifeLabs' computer systems, something that likely could have been prevented with properly managed security services. In 2021, clinical at-home laboratory provider Apex Laboratory announced that it had been attacked by ransomware that hit its systems, which allowed hackers to take sensitive patient information and forcefully encrypt system and other data files until a ransom was paid.<sup id=\"rdp-ebb-cite_ref-ArghireApex21_9-0\" class=\"reference\"><a href=\"#cite_note-ArghireApex21-9\">[9]<\/a><\/sup> This kind of attack also could have been prevented\u2014or the damage at least mitigated\u2014with active MSS protections. And in May 2021, news broke that benevolent hacking group Sakura Samurai, as part of a \"vulnerability disclosure program\" through the U.S. Department of Energy's Fermilab, had tracked down multiple vulnerabilities in Fermilab's systems, which have since reportedly been corrected.<sup id=\"rdp-ebb-cite_ref-KirkUS21_10-0\" class=\"reference\"><a href=\"#cite_note-KirkUS21-10\">[10]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-WillisFermilab21_11-0\" class=\"reference\"><a href=\"#cite_note-WillisFermilab21-11\">[11]<\/a><\/sup> Would have a knowledgeable and experienced MSSP caught these issues before Sakura Samurai?\n<\/p><p>However, the use of an MSSP in the laboratory can't prevent all cases of inadvertently compromising sensitive information. Take for example the case of the Wyoming Department of Health, which accidentally exposed sensitive health information about COVID-19, influenza, and controlled substance analyses in late 2020. An April 2021 news report indicated that more than 164,000 Wyoming residents were affected by the accidental uploading of files containing their testing information as part of a batch file upload to a public-facing GitHub server. While GitHub itself did not cause the release, the upload of the files\u2014which were not intended to be in the upload batch of otherwise normal software code files\u2014to the public servers by the Department of Health did. The Wyoming Department of Health notes that \"[b]usiness practices have been revised to include prohibiting the use of GitHub or other public repositories and employees have been retrained.\"<sup id=\"rdp-ebb-cite_ref-FlackWyoming21_12-0\" class=\"reference\"><a href=\"#cite_note-FlackWyoming21-12\">[12]<\/a><\/sup> \n<\/p><p>This statement highlights that, ultimately, internal process and procedure that didn't address the use and corresponding potential risks of public-facing servers within day-to-day operations was to blame. Strictly speaking, any MSS in place could not have prevented the upload to GitHub, unless the MSSP had prior identified this type of risk and brought it to the attention of the laboratory. It's possible an MSSP could have encouraged the lab to turn to group policies or some other access control to limit internet access from laboratory computers<sup id=\"rdp-ebb-cite_ref-PaulHowTo19_13-0\" class=\"reference\"><a href=\"#cite_note-PaulHowTo19-13\">[13]<\/a><\/sup>, though a careful balance of managing security risk with ensuring lab tech productivity would still need to be maintained. However, in the end, this is largely a story of internal laboratory policy, not something an MSS could prevent unless previously anticipated. This naturally brings up the discussion about a laboratory's quality assurance officer and their increasingly important role in addressing cybersecurity and choosing CSPs and MSSPs for the lab.\n<\/p>\n<h4><span class=\"mw-headline\" id=\"5.2.1_The_quality_assurance_officer\">5.2.1 The quality assurance officer<\/span><\/h4>\n<div class=\"floatleft\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Quality_assurance_laboratory_140305-N-OE749-012.jpg\" class=\"image wiki-link\" data-key=\"f00061be57ef955e807c94d2edeb05d3\"><img alt=\"Quality assurance laboratory 140305-N-OE749-012.jpg\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/3\/3d\/Quality_assurance_laboratory_140305-N-OE749-012.jpg\" decoding=\"async\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a><\/div><p>Imagine a medical device manufacturer (which happens to incorporate laboratories, but that's not the main point here). A medical device manufacturer works in a highly regulated industry that not just asks but demands quality from the manufactured medical devices. As many such devices are increasingly electronic\u2014and even network-enabled\u2014it's imperative that cybersecurity is considered in their design and use.<sup id=\"rdp-ebb-cite_ref-NayyarTheUnique20_14-0\" class=\"reference\"><a href=\"#cite_note-NayyarTheUnique20-14\">[14]<\/a><\/sup> As David Jensen of MasterControl noted in 2017: \"The technologies that elevate the quality of life for patients can be used by cyber actors to undermine both the manufacturing organization and the products themselves. This means cybersecurity is as much a quality issue as it is a security issue.\"<sup id=\"rdp-ebb-cite_ref-JensenHow17_15-0\" class=\"reference\"><a href=\"#cite_note-JensenHow17-15\">[15]<\/a><\/sup>\n<\/p><p>Note that Jensen related \"cybersecurity\" and \"quality\" together, which naturally leads to a discussion of the <a href=\"https:\/\/www.limswiki.org\/index.php\/Quality_management_system\" title=\"Quality management system\" class=\"wiki-link\" data-key=\"dfecf3cd6f18d4a5e9ac49ca360b447d\">quality management system<\/a> (QMS). A QMS is \"a set of related and interacting elements that organizations use to direct and control how quality policies are implemented and quality objectives are achieved.\"<sup id=\"rdp-ebb-cite_ref-ShoemakerCyber14_16-0\" class=\"reference\"><a href=\"#cite_note-ShoemakerCyber14-16\">[16]<\/a><\/sup> Those elements include, but are not limited to, documented processes, management models, business strategies, human capital, and information technology. Not only does the QMS help guide the implementation and achievement of organizational policy and objectives for resource management and personnel, but also it prompts an organization to focus on the core elements of quality management within its products and services: planning, control, assurance, and improvement. And just as the development and use of a QMS is often driven by standards (e.g., <a href=\"https:\/\/www.limswiki.org\/index.php\/ISO\/IEC_17025\" title=\"ISO\/IEC 17025\" class=\"wiki-link\" data-key=\"0a89cebb34370dd860cce86881cbf29c\">ISO\/IEC 17025:2017<\/a> and <a href=\"https:\/\/www.limswiki.org\/index.php\/ISO_13485\" title=\"ISO 13485\" class=\"wiki-link\" data-key=\"27e9e00b401ddda3d2c10a91ea0ad936\">ISO 13485:2016<\/a>), the QMS often drives the organization to adopt other standards as part of bringing quality to the organization. Using our medical device manufacturer as an example, their QMS may direct them to use the ANSI\/CAN\/UL 2900-1 standard for ensuring medical device cybersecurity protection.<sup id=\"rdp-ebb-cite_ref-WirthMedical20_17-0\" class=\"reference\"><a href=\"#cite_note-WirthMedical20-17\">[17]<\/a><\/sup>\n<\/p><p>Not only is the QMS vital to medical device manufacturers<sup id=\"rdp-ebb-cite_ref-JensenHow17_15-1\" class=\"reference\"><a href=\"#cite_note-JensenHow17-15\">[15]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AGMedical21_18-0\" class=\"reference\"><a href=\"#cite_note-AGMedical21-18\">[18]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AssurXRisk17_19-0\" class=\"reference\"><a href=\"#cite_note-AssurXRisk17-19\">[19]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-ApracitiCyber_20-0\" class=\"reference\"><a href=\"#cite_note-ApracitiCyber-20\">[20]<\/a><\/sup>, but also the QMS plays an important role in most any laboratory's operations.<sup id=\"rdp-ebb-cite_ref-WHOLab11_21-0\" class=\"reference\"><a href=\"#cite_note-WHOLab11-21\">[21]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-USGSQuality_22-0\" class=\"reference\"><a href=\"#cite_note-USGSQuality-22\">[22]<\/a><\/sup> And in the laboratory, a quality assurance officer or manager is responsible for helping develop and maintain the laboratory's QMS, which optimally will address the importance of cybersecurity in meeting the laboratory\u2019s goals. But the connection between a laboratory's quality assurance officer and cybersecurity is sadly not well represented in the cloud computing era. Look through the job descriptions on online job boards for quality assurance officers and you will rarely find the word \"security\" mentioned. Sure, the relationship between \"quality\" and \"security\" gets discussed in the context of modern software development<sup id=\"rdp-ebb-cite_ref-WorrallWhy20_23-0\" class=\"reference\"><a href=\"#cite_note-WorrallWhy20-23\">[23]<\/a><\/sup>, but what about within the context of a laboratory's operational quality and the people who drive it forward? \n<\/p><p>In a 2019 journal article for <i>Lab Manager<\/i> magazine, Sandia National Laboratories' chief information officer Carol Jones stated that \"[c]ybersecurity is not just a technology problem; it is a people, process, and knowledge problem.\"<sup id=\"rdp-ebb-cite_ref-TulsiGreater19_24-0\" class=\"reference\"><a href=\"#cite_note-TulsiGreater19-24\">[24]<\/a><\/sup> While this is an accurate statement, shouldn't cybersecurity also be a quality problem for a laboratory? Yes, well-trained people, vetted processes, and relevant and timely knowledge is required to ensure secure operations, but quality management and assurance\u2014which incorporates that training, SOPs, and knowledge\u2014should also be part of that equation. One could argue that the responsibilities of a quality assurance officer or manager are already numerous and weighty. But shouldn't that person at least have a modicum of understanding about how well-implemented IT and software security in the lab correlates to improved quality assurance outcomes?<sup id=\"rdp-ebb-cite_ref-\" class=\"reference\"><a href=\"#cite_note-\">[25]<\/a><\/sup>\n<\/p><p>At this juncture, several questions must be asked about the quality assurance officer or manager in a laboratory operating in the 2020s:\n<\/p>\n<ul><li>What is the importance of the quality assurance officer (QAO), and do they understand cybersecurity?<\/li>\n<li>How does the QAO help ensure quality of operations with security as a managed service?<\/li>\n<li>How do standard operating procedures (SOPs), security audits, and other elements of a QMS positively affect quality assurance by addressing cybersecurity and cloud hosting processes?<\/li><\/ul>\n<p><b>The importance of a QAO and their security knowledge<\/b>\n<\/p><p>First, the definition of what a QAO does will largely vary from company to company. However, turning to Bartram and Ballance's 1996 guide <i>Water Quality Monitoring,<\/i> the author's describe a quality assurance officer as someone \"to liaise with management, to manage data archives, to conduct regular audits and reviews of the QA system, and to report on any QA issues to the program or institution manager.\"<sup id=\"rdp-ebb-cite_ref-BartramWater20_26-0\" class=\"reference\"><a href=\"#cite_note-BartramWater20-26\">[26]<\/a><\/sup> They add that the QAO is also \"responsible for regularly inspecting all aspects of the [record keeping] system to ensure staff compliance, for reporting on such inspections and audits to management, and for recommending improvements.\"<sup id=\"rdp-ebb-cite_ref-BartramWater20_26-1\" class=\"reference\"><a href=\"#cite_note-BartramWater20-26\">[26]<\/a><\/sup> But what of a more modern definition? Turning to ISO 9000, we get a bland and non-informative definition of quality assurance itself: \"part of quality management focused on providing confidence that quality requirements will be fulfilled.\"<sup id=\"rdp-ebb-cite_ref-ISO9000_27-0\" class=\"reference\"><a href=\"#cite_note-ISO9000-27\">[27]<\/a><\/sup> By extension, we then get \"a person responsible for providing confidence that requirements for organizational quality are fulfilled.\" This is a broad description, sadly. However, pulling from Bartram and Ballance, the ISO, and other sources<sup id=\"rdp-ebb-cite_ref-SeekCyber21_28-0\" class=\"reference\"><a href=\"#cite_note-SeekCyber21-28\">[28]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-ZippiaQuality_29-0\" class=\"reference\"><a href=\"#cite_note-ZippiaQuality-29\">[29]<\/a><\/sup>, we could go with something like:\n<\/p>\n<blockquote><p>A quality assurance officer (QAO) is an individual responsible for ensuring organizational quality through the regular management, monitoring, review, and auditing of documentation, record systems, data, and processes as they relate to organizational quality and compliance frameworks and initiatives, while also reporting timely results, making recommendations based on those results, and assisting with training staff on approved recommendations.<\/p><\/blockquote>\n<p>Given that definition, does the average QAO need to understand at least the basics of cybersecurity? That's arguable, to be sure. After all, there are job positions such as the \"cybersecurity quality and compliance officer\" and the like<sup id=\"rdp-ebb-cite_ref-SeekCyber21_28-1\" class=\"reference\"><a href=\"#cite_note-SeekCyber21-28\">[28]<\/a><\/sup>, with an individual who works directly with an IT department and its cybersecurity team to ensure all mandatory laws and regulatory requirements are being adhered to, much in the same way a QAO does but on a broader organizational basis. But what about the laboratory realm? Major laboratories with significant resources may have these sorts of positions, but smaller, independent labs may not. In that case, laboratory personnel will often wear many hats, including \"the tech person\" or \"laboratory systems engineer.\" (See Joe Liscouski's discussion of the \"laboratory systems engineer\" in his 2020 guide <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Laboratory_Technology_Planning_and_Management:_The_Practice_of_Laboratory_Systems_Engineering\" title=\"LII:Laboratory Technology Planning and Management: The Practice of Laboratory Systems Engineering\" class=\"wiki-link\" data-key=\"655f7d48a642e9b45533745af73f0d59\">Laboratory Technology Planning and Management: The Practice of Laboratory Systems Engineering<\/a><\/i> for more on this topic.<sup id=\"rdp-ebb-cite_ref-LiskouskiLab20_30-0\" class=\"reference\"><a href=\"#cite_note-LiskouskiLab20-30\">[30]<\/a><\/sup>) However, given that the security surrounding an organization's electronic efforts is vital to maintaining quality operations, and also given that\u2014hopefully\u2014cybersecurity efforts are documented and trained upon, it's not that far a leap to suggest that the laboratory QAO should have a rudimentary understanding of IT systems and how they are secured. If cybersecurity is interwoven into the laboratory culture, including quality management, the tech-savvy QAO will be a boon to the overall quality assurance process.\n<\/p><p><b>The QAO and managed security services<\/b>\n<\/p><p>Where does a QAO and an MSS intersect in the lab? Judging by the previous statement that the QAO may need to review organizational documentation and training material regarding cybersecurity\u2014and even audit or assess personnel on their use of that documentation and training\u2014we can see deduce that a QAO may be required to audit the effectiveness of any implemented MSS, or at least the documentation and processes related to the MSS. Again, it's likely in mid- to large size organizations this responsibility will fall upon the shoulders of an IT lead or IT quality officer. However, these resources may not be readily available in some laboratory settings. If those resources aren't available, the QAO may be required to know more than they expected about what managed security services entail. They won't need to be MSS experts, but as the nature of computing in the laboratory continues to evolve, having laboratory staff with relevant knowledge of automation, data management systems, and even the cloud is increasingly vital.<sup id=\"rdp-ebb-cite_ref-LiskouskiLab20_30-1\" class=\"reference\"><a href=\"#cite_note-LiskouskiLab20-30\">[30]<\/a><\/sup>\n<\/p><p><b>The QMS and cybersecurity<\/b>\n<\/p><p>In 2019, scientific and business consultancy Brevitas brought up the challenges of addressing cybersecurity in laboratories and other settings, noting evolving guidance that strives to address the business policies, security controls, informatics systems, and security monitoring required to better ensure the integrity and security of electronic records and data. They are one of a handful of consultancies that have publicly tied these types of standard-driven cybersecurity measures directly to the QMS<sup id=\"rdp-ebb-cite_ref-BrevitasCyber19_31-0\" class=\"reference\"><a href=\"#cite_note-BrevitasCyber19-31\">[31]<\/a><\/sup>:\n<\/p>\n<blockquote><p>The challenge is in ensuring that these measures are effectively integrated into the existing processes outlined in the organization\u2019s quality management system (QMS). Consideration needs to be given to first integrating cybersecurity into risk and\/or criticality assessments, then downstream into system security testing during qualification and\/or validation activities. As the technological landscape evolves, organizations must be more effective in their implementation of cybersecurity measures to ensure the safety of their electronic records and data. These measures must be considered as part of the QMS for all activities involved in the lifecycle of a computerized system.<\/p><\/blockquote>\n<p>As has been previously mentioned, this type of philosophy is already woven into the fabric of medical device regulation and standardization, with 21 CFR 820 on quality system regulation, ISO 13485:2016 on quality management systems, and ANSI\/CAN\/UL 2900 on ensuring medical device security driving how medical device cybersecurity is addressed in the manufacturer's quality management system.<sup id=\"rdp-ebb-cite_ref-ApracitiCyber_20-1\" class=\"reference\"><a href=\"#cite_note-ApracitiCyber-20\">[20]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-LincolnCyber17_32-0\" class=\"reference\"><a href=\"#cite_note-LincolnCyber17-32\">[32]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-HeylOverview17_33-0\" class=\"reference\"><a href=\"#cite_note-HeylOverview17-33\">[33]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-UL2900ACyber19_34-0\" class=\"reference\"><a href=\"#cite_note-UL2900ACyber19-34\">[34]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-ISO13485_35-0\" class=\"reference\"><a href=\"#cite_note-ISO13485-35\">[35]<\/a><\/sup> And it may be even easier for medical device manufacturers\u2014as well as other laboratory types\u2014to compile, organize, disseminate, and train upon cybersecurity risk analysis data and procedural documentation with the help of an electronic QMS.<sup id=\"rdp-ebb-cite_ref-JensenHow17_15-2\" class=\"reference\"><a href=\"#cite_note-JensenHow17-15\">[15]<\/a><\/sup> However, we can turn to some other businesses who have included security standards in their quality management system. Technology consultancy Konsolute has discussed why it chose to integrate ISO 27001 on information security management (and the information security management system or ISMS) into its business processes and the development of its electronic QMS, noting benefits of improved compliance, lower security risk, improved financial savings, improved reputation, and more new business.<sup id=\"rdp-ebb-cite_ref-KonsoluteCyber21_36-0\" class=\"reference\"><a href=\"#cite_note-KonsoluteCyber21-36\">[36]<\/a><\/sup> \n<\/p><p>As it turns out, the ISMS and ISO 27001 have a bit in common with the QMS and ISO 9001, primarily with the goal of improving quality within the organization. Here again we see the link between a focus on cybersecurity and ensuring quality within an organization.<sup id=\"rdp-ebb-cite_ref-CVGInform20_37-0\" class=\"reference\"><a href=\"#cite_note-CVGInform20-37\">[37]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-PatelISO17_38-0\" class=\"reference\"><a href=\"#cite_note-PatelISO17-38\">[38]<\/a><\/sup> Senior associate Nikita Patel of Schellman & Company highlighted this association in 2017, saying that an organization \"achieving this dual certification of an ISO 9001 and ISO 27001 can prove incredibly useful\u2014in doing so, an organization can simultaneously demonstrate an organization\u2019s ability and commitment to information security risk management, while also validating their dedication to the optimal delivery of their quality products and services.\"<sup id=\"rdp-ebb-cite_ref-PatelISO17_38-1\" class=\"reference\"><a href=\"#cite_note-PatelISO17-38\">[38]<\/a><\/sup> From addressing anything from scoping, leadership, human resources support, and document management to internal auditing, measurement and monitoring, management review, and <a href=\"https:\/\/www.limswiki.org\/index.php\/Continual_improvement_process\" title=\"Continual improvement process\" class=\"wiki-link\" data-key=\"fd7b54be3f6cdd0e8ed84d501486d668\">continual improvement<\/a>, both the ISMS, focused on information security, and QMS, focused on organizational quality, improve the overall quality of an organization and its efforts.\n<\/p><p><b>The QAO in the context of these three points<\/b>\n<\/p><p>Where does this all place the quality assurance officer in the scope of laboratory quality and information security? Whether it's managed security services, private or public cloud services, in-house networking, or a mix of all these, the modern laboratory is a technology-driven business requiring modern approaches to addressing the risks that technology carries with it. An on-site IT staff may handle many of the details associated with those efforts, but the QAO of the 2020s needs to also be familiar with how that technology works and how it impacts organizational quality initiatives. The QAO will interact with the lab's QMS, and perhaps even the ISMS if one separately exists. Ideally cybersecurity policy and procedure will already be woven into the various elements of the QMS, or, worst case, the lab doesn't have much of a cybersecurity policy. This is where the QAO of today's lab must shine, \"ensuring organizational quality through the regular management, monitoring, review, and auditing of documentation, record systems, data, and processes as they relate to organizational quality and compliance frameworks and initiatives.\" That means also understanding how managed security services and cloud services operate. It's perhaps a tall ask, but in today's competitive laboratory environment, the tech-savvy QAO is more important than ever.\n<\/p>\n<h4><span class=\"mw-headline\" id=\"5.2.2_The_shared_responsibility_model_in_the_scope_of_security_management_and_quality_assurance\">5.2.2 The shared responsibility model in the scope of security management and quality assurance<\/span><\/h4>\n<p>Before we move on to choosing an MMSP, we need to briefly mention the shared responsibility model and how it relates to both the MSSP's (and CSP\u2019s) services and assuring quality within the laboratory. Back in Chapter 2, we discussed the shared responsibility model, occasionally referred to as the \"shared security model.\" We said the shared responsibility model is useful because it clarifies elements of responsibility for information security between the laboratory and the CSP in regards to provided cloud services. A trusted CSP should be able to make both levels of responsibility clear at every step of the way, from early contract discussions to late-stage changes to customer services. The CSP remains responsible for certain levels of the IT infrastructure and software, while the laboratory remains responsible for the security of the guest OS, account security, firewall settings, and more. This delineation of responsibility varies from provider to provider, but optimally the information is related clearly to the lab by each.\n<\/p><p>When it comes to MSSPs and the cloud, they are capable of further reducing the burden of responsibility the laboratory has in regards to not only their cloud services but also any networked on-premises systems. An MSSP can take on the responsibility of the guest OS, network configuration, firewall settings, and server-side encryption, as well as a select portion of client-side data encryption, data integrity authentication, application hardening, and network traffic monitoring and protection.<sup id=\"rdp-ebb-cite_ref-WangShared20_39-0\" class=\"reference\"><a href=\"#cite_note-WangShared20-39\">[39]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-SavirHowAMan_40-0\" class=\"reference\"><a href=\"#cite_note-SavirHowAMan-40\">[40]<\/a><\/sup> This frees the laboratory from even more security detail, providing monetary, quality, and time investment benefits. As noted earlier, however, the laboratory is not completely free from worrying about security. A company culture of cybersecurity and quality must continue to be driven by strong management buy-in, well-documented business and quality policies, well-considered and -enforced operational policies, and regular quality training.\n<\/p><p>That said, how does the shared responsibility model affect the work of the QAO and laboratory's overall efforts to ensure security in the cloud, particularly with an MSSP? Primarily, shared responsibility says that the laboratory can't take a \"set it and forget it\" approach to security, even with a CSP and MSSP taking a significant portion of the responsibility off the laboratory's hands. Going back to the Wyoming Department of Health and its accidental upload of patient data to a public server, neither a cloud provider nor an MSSP could do much in this situation. We don't know the circumstances and technology surrounding their incident, but let's imagine that the public health lab was using a CSP and an MSSP. Certainly, the CSP would have no real say in how the lab uploaded content to a server outside its domain. The MSSP largely would have no blame either, as they likely wouldn't even be aware of the public server being uploaded to. No, that would be an internal policy issue, a solid example of how the laboratory would still have a shared stake in the responsibility of security at the lab.\n<\/p><p>From that example, we'd have to turn to the work of laboratory staff and management, including the QAO. Again, imagining a scenario where the lab was using both a CSP and an MSSP, a number of questions would arise, primary among them being \"were they fully aware of and committed to the security responsibility they shared with their service providers?\" That level of responsibility would include engaging in cybersecurity discussions among management and key IT personnel, having frank discussions about risk, and bringing in outside help where expertise was lacking. It would also include having a thorough understanding of how lab workers do their job, including learning about any public servers they were using. And it would also, ideally, involve discussion about that laboratory workflow with the MSSP. With all these elements, the likelihood of foreseeing the risk associated with uploading data to public servers from laboratory computers would be optimistically high. Finally, if we add the element of either a laboratory QAO or \"cybersecurity quality and compliance officer,\" one could imagine the scenario turning out differently for the Department of Health. In the end, however, it would have still required knowledgeable personnel, a strong laboratory-wide focus on cybersecurity, and a committed QAO familiar with the importance of the shared responsibility model\u2014and at least the basics of information security\u2014to help ensure the quality of laboratory operations and the information security required of them.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-IntradoVirtualArmour19-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IntradoVirtualArmour19_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">VirtualArmour International (8 April 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.globenewswire.com\/news-release\/2019\/04\/08\/1799042\/0\/en\/VirtualArmour-Expands-Managed-Cybersecurity-Services-with-Global-Gemological-Organization.html\" target=\"_blank\">\"VirtualArmour Expands Managed Cybersecurity Services with Global Gemological Organization\"<\/a>. <i>Intrado GlobeNewswire<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.globenewswire.com\/news-release\/2019\/04\/08\/1799042\/0\/en\/VirtualArmour-Expands-Managed-Cybersecurity-Services-with-Global-Gemological-Organization.html\" target=\"_blank\">https:\/\/www.globenewswire.com\/news-release\/2019\/04\/08\/1799042\/0\/en\/VirtualArmour-Expands-Managed-Cybersecurity-Services-with-Global-Gemological-Organization.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=VirtualArmour+Expands+Managed+Cybersecurity+Services+with+Global+Gemological+Organization&rft.atitle=Intrado+GlobeNewswire&rft.aulast=VirtualArmour+International&rft.au=VirtualArmour+International&rft.date=8+April+2019&rft_id=https%3A%2F%2Fwww.globenewswire.com%2Fnews-release%2F2019%2F04%2F08%2F1799042%2F0%2Fen%2FVirtualArmour-Expands-Managed-Cybersecurity-Services-with-Global-Gemological-Organization.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PreScouterManaged17-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PreScouterManaged17_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">PreScouter (October 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.publicpower.org\/system\/files\/documents\/cybersecurity-service_providers_guide.pdf\" target=\"_blank\">\"Managed Cybersecurity Service Providers for Electric Utilities\"<\/a> (PDF). American Public Power Association<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.publicpower.org\/system\/files\/documents\/cybersecurity-service_providers_guide.pdf\" target=\"_blank\">https:\/\/www.publicpower.org\/system\/files\/documents\/cybersecurity-service_providers_guide.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Cybersecurity+Service+Providers+for+Electric+Utilities&rft.atitle=&rft.aulast=PreScouter&rft.au=PreScouter&rft.date=October+2017&rft.pub=American+Public+Power+Association&rft_id=https%3A%2F%2Fwww.publicpower.org%2Fsystem%2Ffiles%2Fdocuments%2Fcybersecurity-service_providers_guide.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FrontierCaseStudy20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FrontierCaseStudy20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210414070225\/https:\/\/ftiusa.com\/case-studies\/case-study-managed-detection-response-for-toxicology-laboratory\/\" target=\"_blank\">\"Case Study: Managed Detection Response for Toxicology Laboratory\"<\/a>. Frontier Technologies, Inc. 2020. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/ftiusa.com\/case-studies\/case-study-managed-detection-response-for-toxicology-laboratory\/\" target=\"_blank\">the original<\/a> on 14 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210414070225\/https:\/\/ftiusa.com\/case-studies\/case-study-managed-detection-response-for-toxicology-laboratory\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210414070225\/https:\/\/ftiusa.com\/case-studies\/case-study-managed-detection-response-for-toxicology-laboratory\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Case+Study%3A+Managed+Detection+Response+for+Toxicology+Laboratory&rft.atitle=&rft.date=2020&rft.pub=Frontier+Technologies%2C+Inc&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210414070225%2Fhttps%3A%2F%2Fftiusa.com%2Fcase-studies%2Fcase-study-managed-detection-response-for-toxicology-laboratory%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CyleraHealthcare20-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CyleraHealthcare20_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/resources.cylera.com\/healthcare-managed-security-services-forum\" target=\"_blank\">\"Healthcare Managed Security Services Forum\"<\/a>. Cylera. November 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/resources.cylera.com\/healthcare-managed-security-services-forum\" target=\"_blank\">https:\/\/resources.cylera.com\/healthcare-managed-security-services-forum<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Healthcare+Managed+Security+Services+Forum&rft.atitle=&rft.date=November+2020&rft.pub=Cylera&rft_id=https%3A%2F%2Fresources.cylera.com%2Fhealthcare-managed-security-services-forum&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ANXPutting-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ANXPutting_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"http:\/\/anxebiz.anx.com\/content\/industries\/healthcare\" target=\"_blank\">\"Putting Information Exchange to Work for Healthcare\"<\/a>. ANXeBusiness Corp<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/anxebiz.anx.com\/content\/industries\/healthcare\" target=\"_blank\">http:\/\/anxebiz.anx.com\/content\/industries\/healthcare<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Putting+Information+Exchange+to+Work+for+Healthcare&rft.atitle=&rft.pub=ANXeBusiness+Corp&rft_id=http%3A%2F%2Fanxebiz.anx.com%2Fcontent%2Findustries%2Fhealthcare&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Galvin60_18-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Galvin60_18_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Galvin, J. (7 May 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.inc.com\/joe-galvin\/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html\" target=\"_blank\">\"60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here's How to Protect Yourself\"<\/a>. <i>Inc.com<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.inc.com\/joe-galvin\/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html\" target=\"_blank\">https:\/\/www.inc.com\/joe-galvin\/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=60+Percent+of+Small+Businesses+Fold+Within+6+Months+of+a+Cyber+Attack.+Here%27s+How+to+Protect+Yourself&rft.atitle=Inc.com&rft.aulast=Galvin%2C+J.&rft.au=Galvin%2C+J.&rft.date=7+May+2018&rft_id=https%3A%2F%2Fwww.inc.com%2Fjoe-galvin%2F60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SBDCC_BlogCost17-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SBDCC_BlogCost17_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201227041535\/https:\/\/www.virginiasbdc.org\/blog-cost-of-cyber-crime-to-small-businesses\/\" target=\"_blank\">\"BLOG: Cost of Cyber Crime to Small Businesses\"<\/a>. <i>Virginia SBDC Blog<\/i>. Virginia SBDC. 30 May 2017. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.virginiasbdc.org\/blog-cost-of-cyber-crime-to-small-businesses\/\" target=\"_blank\">the original<\/a> on 27 December 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20201227041535\/https:\/\/www.virginiasbdc.org\/blog-cost-of-cyber-crime-to-small-businesses\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20201227041535\/https:\/\/www.virginiasbdc.org\/blog-cost-of-cyber-crime-to-small-businesses\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=BLOG%3A+Cost+of+Cyber+Crime+to+Small+Businesses&rft.atitle=Virginia+SBDC+Blog&rft.date=30+May+2017&rft.pub=Virginia+SBDC&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20201227041535%2Fhttps%3A%2F%2Fwww.virginiasbdc.org%2Fblog-cost-of-cyber-crime-to-small-businesses%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SecurityCanadian19-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SecurityCanadian19_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.securitymagazine.com\/articles\/91467-canadian-lab-test-firm-lifelabs-pays-ransom-after-data-breach\" target=\"_blank\">\"Canadian Lab Test Firm LifeLabs Pays Ransom After Data Breach\"<\/a>. <i>Security<\/i>. BNP Media. 26 December 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.securitymagazine.com\/articles\/91467-canadian-lab-test-firm-lifelabs-pays-ransom-after-data-breach\" target=\"_blank\">https:\/\/www.securitymagazine.com\/articles\/91467-canadian-lab-test-firm-lifelabs-pays-ransom-after-data-breach<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Canadian+Lab+Test+Firm+LifeLabs+Pays+Ransom+After+Data+Breach&rft.atitle=Security&rft.date=26+December+2019&rft.pub=BNP+Media&rft_id=https%3A%2F%2Fwww.securitymagazine.com%2Farticles%2F91467-canadian-lab-test-firm-lifelabs-pays-ransom-after-data-breach&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ArghireApex21-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ArghireApex21_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Arghire, I. (4 January 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.securityweek.com\/apex-laboratory-says-patient-data-stolen-ransomware-attack\" target=\"_blank\">\"Apex Laboratory Says Patient Data Stolen in Ransomware Attack\"<\/a>. <i>Security Week<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.securityweek.com\/apex-laboratory-says-patient-data-stolen-ransomware-attack\" target=\"_blank\">https:\/\/www.securityweek.com\/apex-laboratory-says-patient-data-stolen-ransomware-attack<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Apex+Laboratory+Says+Patient+Data+Stolen+in+Ransomware+Attack&rft.atitle=Security+Week&rft.aulast=Arghire%2C+I.&rft.au=Arghire%2C+I.&rft.date=4+January+2021&rft_id=https%3A%2F%2Fwww.securityweek.com%2Fapex-laboratory-says-patient-data-stolen-ransomware-attack&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KirkUS21-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-KirkUS21_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Kirk, J. (7 May 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.bankinfosecurity.com\/us-physics-laboratory-exposed-documents-credentials-a-16536\" target=\"_blank\">\"US Physics Laboratory Exposed Documents, Credentials\"<\/a>. <i>Bank Info Security<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.bankinfosecurity.com\/us-physics-laboratory-exposed-documents-credentials-a-16536\" target=\"_blank\">https:\/\/www.bankinfosecurity.com\/us-physics-laboratory-exposed-documents-credentials-a-16536<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=US+Physics+Laboratory+Exposed+Documents%2C+Credentials&rft.atitle=Bank+Info+Security&rft.aulast=Kirk%2C+J.&rft.au=Kirk%2C+J.&rft.date=7+May+2021&rft_id=https%3A%2F%2Fwww.bankinfosecurity.com%2Fus-physics-laboratory-exposed-documents-credentials-a-16536&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WillisFermilab21-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WillisFermilab21_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Willis, R. (6 May 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/robertwillishacking.com\/fermilab-hack-april-may-2021\/\" target=\"_blank\">\"Fermilab Hack, April\/May 2021\"<\/a>. <i>Robert Willis Hacking<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/robertwillishacking.com\/fermilab-hack-april-may-2021\/\" target=\"_blank\">https:\/\/robertwillishacking.com\/fermilab-hack-april-may-2021\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Fermilab+Hack%2C+April%2FMay+2021&rft.atitle=Robert+Willis+Hacking&rft.aulast=Willis%2C+R.&rft.au=Willis%2C+R.&rft.date=6+May+2021&rft_id=https%3A%2F%2Frobertwillishacking.com%2Ffermilab-hack-april-may-2021%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FlackWyoming21-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FlackWyoming21_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Flack, B. (27 April 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210427221317if_\/https:\/\/www.sweetwaternow.com\/wyoming-department-of-health-announces-data-breach-of-thousands-of-wyoming-residents\/\" target=\"_blank\">\"Wyoming Department of Health Announces Data Breach of Thousands of Wyoming Residents\"<\/a>. <i>SweetwaterNow<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.sweetwaternow.com\/wyoming-department-of-health-announces-data-breach-of-thousands-of-wyoming-residents\/\" target=\"_blank\">the original<\/a> on 27 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210427221317if_\/https:\/\/www.sweetwaternow.com\/wyoming-department-of-health-announces-data-breach-of-thousands-of-wyoming-residents\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210427221317if_\/https:\/\/www.sweetwaternow.com\/wyoming-department-of-health-announces-data-breach-of-thousands-of-wyoming-residents\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Wyoming+Department+of+Health+Announces+Data+Breach+of+Thousands+of+Wyoming+Residents&rft.atitle=SweetwaterNow&rft.aulast=Flack%2C+B.&rft.au=Flack%2C+B.&rft.date=27+April+2021&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210427221317if_%2Fhttps%3A%2F%2Fwww.sweetwaternow.com%2Fwyoming-department-of-health-announces-data-breach-of-thousands-of-wyoming-residents%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PaulHowTo19-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PaulHowTo19_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Paul (3 June 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/thesysadminchannel.com\/how-to-restrict-internet-access-using-group-policy-gpo\/\" target=\"_blank\">\"How To Restrict Internet Access Using Group Policy (GPO)\"<\/a>. <i>The Sysadmin Channel<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/thesysadminchannel.com\/how-to-restrict-internet-access-using-group-policy-gpo\/\" target=\"_blank\">https:\/\/thesysadminchannel.com\/how-to-restrict-internet-access-using-group-policy-gpo\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 03 June 2019<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+To+Restrict+Internet+Access+Using+Group+Policy+%28GPO%29&rft.atitle=The+Sysadmin+Channel&rft.aulast=Paul&rft.au=Paul&rft.date=3+June+2019&rft_id=https%3A%2F%2Fthesysadminchannel.com%2Fhow-to-restrict-internet-access-using-group-policy-gpo%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NayyarTheUnique20-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NayyarTheUnique20_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Nayyar, S. (22 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2020\/12\/22\/the-unique-threats-posed-by-medical-iot-devices-and-what-to-do-about-them\/\" target=\"_blank\">\"The Unique Threats Posed By Medical IoT Devices And What To Do About Them\"<\/a>. <i>Forbes<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2020\/12\/22\/the-unique-threats-posed-by-medical-iot-devices-and-what-to-do-about-them\/\" target=\"_blank\">https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2020\/12\/22\/the-unique-threats-posed-by-medical-iot-devices-and-what-to-do-about-them\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+Unique+Threats+Posed+By+Medical+IoT+Devices+And+What+To+Do+About+Them&rft.atitle=Forbes&rft.aulast=Nayyar%2C+S.&rft.au=Nayyar%2C+S.&rft.date=22+December+2020&rft_id=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fforbestechcouncil%2F2020%2F12%2F22%2Fthe-unique-threats-posed-by-medical-iot-devices-and-what-to-do-about-them%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-JensenHow17-15\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-JensenHow17_15-0\">15.0<\/a><\/sup> <sup><a href=\"#cite_ref-JensenHow17_15-1\">15.1<\/a><\/sup> <sup><a href=\"#cite_ref-JensenHow17_15-2\">15.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Jensen, D. (3 June 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210523211209\/https:\/\/www.mastercontrol.com\/gxp-lifeline\/how-an-electronic-quality-management-system-helps-with-cybersecurity\/\" target=\"_blank\">\"How an Electronic Quality Management System Helps With Cybersecurity\"<\/a>. MasterControl. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mastercontrol.com\/gxp-lifeline\/how-an-electronic-quality-management-system-helps-with-cybersecurity\/\" target=\"_blank\">the original<\/a> on 23 May 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210523211209\/https:\/\/www.mastercontrol.com\/gxp-lifeline\/how-an-electronic-quality-management-system-helps-with-cybersecurity\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210523211209\/https:\/\/www.mastercontrol.com\/gxp-lifeline\/how-an-electronic-quality-management-system-helps-with-cybersecurity\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+an+Electronic+Quality+Management+System+Helps+With+Cybersecurity&rft.atitle=&rft.aulast=Jensen%2C+D.&rft.au=Jensen%2C+D.&rft.date=3+June+2017&rft.pub=MasterControl&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210523211209%2Fhttps%3A%2F%2Fwww.mastercontrol.com%2Fgxp-lifeline%2Fhow-an-electronic-quality-management-system-helps-with-cybersecurity%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ShoemakerCyber14-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ShoemakerCyber14_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation book\">Shoemaker, D.; Sigler, K. (2014). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/books.google.com\/books?id=b1s8AwAAQBAJ&pg=PA62\" target=\"_blank\"><i>Cybersecurity: Engineering a Secure Information Technology Organization<\/i><\/a>. Cengage Learning. pp. 62\u201363. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/International_Standard_Book_Number\" data-key=\"f64947ba21e884434bd70e8d9e60bae6\">ISBN<\/a> 9781285169903<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/books.google.com\/books?id=b1s8AwAAQBAJ&pg=PA62\" target=\"_blank\">https:\/\/books.google.com\/books?id=b1s8AwAAQBAJ&pg=PA62<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Cybersecurity%3A+Engineering+a+Secure+Information+Technology+Organization&rft.aulast=Shoemaker%2C+D.%3B+Sigler%2C+K.&rft.au=Shoemaker%2C+D.%3B+Sigler%2C+K.&rft.date=2014&rft.pages=pp.%26nbsp%3B62%E2%80%9363&rft.pub=Cengage+Learning&rft.isbn=9781285169903&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3Db1s8AwAAQBAJ%26pg%3DPA62&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WirthMedical20-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WirthMedical20_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation book\">Wirth, A.; Gates, C.; Smith, J. (2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/books.google.com\/books?id=oawCEAAAQBAJ&pg=PA23\" target=\"_blank\"><i>Medical Device Cybersecurity for Engineers and Manufacturers<\/i><\/a>. Artech House. pp. 23\u201324. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/International_Standard_Book_Number\" data-key=\"f64947ba21e884434bd70e8d9e60bae6\">ISBN<\/a> 9781630818159<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/books.google.com\/books?id=oawCEAAAQBAJ&pg=PA23\" target=\"_blank\">https:\/\/books.google.com\/books?id=oawCEAAAQBAJ&pg=PA23<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Medical+Device+Cybersecurity+for+Engineers+and+Manufacturers&rft.aulast=Wirth%2C+A.%3B+Gates%2C+C.%3B+Smith%2C+J.&rft.au=Wirth%2C+A.%3B+Gates%2C+C.%3B+Smith%2C+J.&rft.date=2020&rft.pages=pp.%26nbsp%3B23%E2%80%9324&rft.pub=Artech+House&rft.isbn=9781630818159&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DoawCEAAAQBAJ%26pg%3DPA23&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AGMedical21-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AGMedical21_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Therapeutic Goods Administration (March 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tga.gov.au\/sites\/default\/files\/medical-device-cyber-security-guidance-industry.pdf\" target=\"_blank\">\"Medical device cyber security guidance for industry\"<\/a> (PDF). Commonwealth of Australia<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tga.gov.au\/sites\/default\/files\/medical-device-cyber-security-guidance-industry.pdf\" target=\"_blank\">https:\/\/www.tga.gov.au\/sites\/default\/files\/medical-device-cyber-security-guidance-industry.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Medical+device+cyber+security+guidance+for+industry&rft.atitle=&rft.aulast=Therapeutic+Goods+Administration&rft.au=Therapeutic+Goods+Administration&rft.date=March+2021&rft.pub=Commonwealth+of+Australia&rft_id=https%3A%2F%2Fwww.tga.gov.au%2Fsites%2Fdefault%2Ffiles%2Fmedical-device-cyber-security-guidance-industry.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AssurXRisk17-19\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AssurXRisk17_19-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.assurx.com\/risk-management-cybersecurity-compliance\/\" target=\"_blank\">\"Risk Management Best Practices for Cybersecurity Compliance\"<\/a>. <i>AssurX Blog<\/i>. AssurX, Inc. 30 January 2017<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.assurx.com\/risk-management-cybersecurity-compliance\/\" target=\"_blank\">https:\/\/www.assurx.com\/risk-management-cybersecurity-compliance\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Risk+Management+Best+Practices+for+Cybersecurity+Compliance&rft.atitle=AssurX+Blog&rft.date=30+January+2017&rft.pub=AssurX%2C+Inc&rft_id=https%3A%2F%2Fwww.assurx.com%2Frisk-management-cybersecurity-compliance%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ApracitiCyber-20\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-ApracitiCyber_20-0\">20.0<\/a><\/sup> <sup><a href=\"#cite_ref-ApracitiCyber_20-1\">20.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/apraciti.com\/cybersecurity-quality-management-system-integration\/\" target=\"_blank\">\"Cybersecurity & Quality Management System Integration\"<\/a>. Apraciti<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/apraciti.com\/cybersecurity-quality-management-system-integration\/\" target=\"_blank\">https:\/\/apraciti.com\/cybersecurity-quality-management-system-integration\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cybersecurity+%26+Quality+Management+System+Integration&rft.atitle=&rft.pub=Apraciti&rft_id=https%3A%2F%2Fapraciti.com%2Fcybersecurity-quality-management-system-integration%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WHOLab11-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WHOLab11_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation book\">World Health Organization (2011). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.who.int\/publications\/i\/item\/9789241548274\" target=\"_blank\"><i>Laboratory Quality Management System Handbook<\/i><\/a>. World Health Organization. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/International_Standard_Book_Number\" data-key=\"f64947ba21e884434bd70e8d9e60bae6\">ISBN<\/a> 9789241548274<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.who.int\/publications\/i\/item\/9789241548274\" target=\"_blank\">https:\/\/www.who.int\/publications\/i\/item\/9789241548274<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Laboratory+Quality+Management+System+Handbook&rft.aulast=World+Health+Organization&rft.au=World+Health+Organization&rft.date=2011&rft.pub=World+Health+Organization&rft.isbn=9789241548274&rft_id=https%3A%2F%2Fwww.who.int%2Fpublications%2Fi%2Fitem%2F9789241548274&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-USGSQuality-22\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-USGSQuality_22-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">United States Geological Survey. <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.usgs.gov\/office-of-science-quality-and-integrity\/quality-management-system-usgs-laboratories\" target=\"_blank\">\"Quality Management System for USGS Laboratories\"<\/a>. United States Geological Survey<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.usgs.gov\/office-of-science-quality-and-integrity\/quality-management-system-usgs-laboratories\" target=\"_blank\">https:\/\/www.usgs.gov\/office-of-science-quality-and-integrity\/quality-management-system-usgs-laboratories<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Quality+Management+System+for+USGS+Laboratories&rft.atitle=&rft.aulast=United+States+Geological+Survey&rft.au=United+States+Geological+Survey&rft.pub=United+States+Geological+Survey&rft_id=https%3A%2F%2Fwww.usgs.gov%2Foffice-of-science-quality-and-integrity%2Fquality-management-system-usgs-laboratories&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WorrallWhy20-23\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WorrallWhy20_23-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Worrall, J. (18 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/why-quality-security-both-matter-in-software\" target=\"_blank\">\"Why Quality & Security Both Matter in Software\"<\/a>. <i>DarkReading<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/why-quality-security-both-matter-in-software\" target=\"_blank\">https:\/\/www.darkreading.com\/vulnerabilities-threats\/why-quality-security-both-matter-in-software<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Why+Quality+%26+Security+Both+Matter+in+Software&rft.atitle=DarkReading&rft.aulast=Worrall%2C+J.&rft.au=Worrall%2C+J.&rft.date=18+August+2020&rft_id=https%3A%2F%2Fwww.darkreading.com%2Fvulnerabilities-threats%2Fwhy-quality-security-both-matter-in-software&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TulsiGreater19-24\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TulsiGreater19_24-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Tulsi, B.B. (4 September 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.labmanager.com\/greater-awareness-and-vigilance-in-laboratory-data-security-776\" target=\"_blank\">\"Greater Awareness and Vigilance in Laboratory Data Security\"<\/a>. <i>Lab Manager<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.labmanager.com\/greater-awareness-and-vigilance-in-laboratory-data-security-776\" target=\"_blank\">https:\/\/www.labmanager.com\/greater-awareness-and-vigilance-in-laboratory-data-security-776<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Greater+Awareness+and+Vigilance+in+Laboratory+Data+Security&rft.atitle=Lab+Manager&rft.aulast=Tulsi%2C+B.B.&rft.au=Tulsi%2C+B.B.&rft.date=4+September+2019&rft_id=https%3A%2F%2Fwww.labmanager.com%2Fgreater-awareness-and-vigilance-in-laboratory-data-security-776&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-25\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-25\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Hamidovic, H. (2012). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.isacajournal-digital.org\/isacajournal\/2012vol2?article_id=1078418&pg=45\" target=\"_blank\">\"Fundamental Concepts of IT Security Assurance\"<\/a>. <i>ISACA Journal<\/i> <b>2<\/b>: 45\u20139<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.isacajournal-digital.org\/isacajournal\/2012vol2?article_id=1078418&pg=45\" target=\"_blank\">https:\/\/www.isacajournal-digital.org\/isacajournal\/2012vol2?article_id=1078418&pg=45<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Fundamental+Concepts+of+IT+Security+Assurance&rft.jtitle=ISACA+Journal&rft.aulast=Hamidovic%2C+H.&rft.au=Hamidovic%2C+H.&rft.date=2012&rft.volume=2&rft.pages=45%E2%80%939&rft_id=https%3A%2F%2Fwww.isacajournal-digital.org%2Fisacajournal%2F2012vol2%3Farticle_id%3D1078418%26pg%3D45&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BartramWater20-26\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-BartramWater20_26-0\">26.0<\/a><\/sup> <sup><a href=\"#cite_ref-BartramWater20_26-1\">26.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation book\">Bartram, J.; Ballance, R., ed. (2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/books.google.com\/books?id=5PQCEAAAQBAJ&pg=PA218\" target=\"_blank\"><i>Water Quality Monitoring: A practical guide to the design and implementation of freshwater quality studies and monitoring programmes<\/i><\/a>. CRC Press. p. 218. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/International_Standard_Book_Number\" data-key=\"f64947ba21e884434bd70e8d9e60bae6\">ISBN<\/a> 9780419223207<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/books.google.com\/books?id=5PQCEAAAQBAJ&pg=PA218\" target=\"_blank\">https:\/\/books.google.com\/books?id=5PQCEAAAQBAJ&pg=PA218<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Water+Quality+Monitoring%3A+A+practical+guide+to+the+design+and+implementation+of+freshwater+quality+studies+and+monitoring+programmes&rft.date=2020&rft.pages=p.%26nbsp%3B218&rft.pub=CRC+Press&rft.isbn=9780419223207&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3D5PQCEAAAQBAJ%26pg%3DPA218&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ISO9000-27\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ISO9000_27-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"nofollow\" class=\"external text\" href=\"#iso:std:iso:9000:ed-4:v1:en\">\"ISO 9000:2015(en) Quality management systems \u2014 Fundamentals and vocabulary\"<\/a>. ISO. 2015<span class=\"printonly\">. <a rel=\"nofollow\" class=\"external free\" href=\"#iso:std:iso:9000:ed-4:v1:en\">https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso:9000:ed-4:v1:en<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=ISO+9000%3A2015%28en%29+Quality+management+systems+%E2%80%94+Fundamentals+and+vocabulary&rft.atitle=&rft.date=2015&rft.pub=ISO&rft_id=https%3A%2F%2Fwww.iso.org%2Fobp%2Fui%2F%23iso%3Astd%3Aiso%3A9000%3Aed-4%3Av1%3Aen&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SeekCyber21-28\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-SeekCyber21_28-0\">28.0<\/a><\/sup> <sup><a href=\"#cite_ref-SeekCyber21_28-1\">28.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Genesis IT&T (10 May 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210524220443\/https:\/\/www.seek.com.au\/job\/52226409?type=standard\" target=\"_blank\">\"Cybersecurity Quality and Compliance Officer - 6 Month Contract\"<\/a>. <i>Seek<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.seek.com.au\/job\/52226409?type=standard\" target=\"_blank\">the original<\/a> on 28 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210524220443\/https:\/\/www.seek.com.au\/job\/52226409?type=standard\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210524220443\/https:\/\/www.seek.com.au\/job\/52226409?type=standard<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cybersecurity+Quality+and+Compliance+Officer+-+6+Month+Contract&rft.atitle=Seek&rft.aulast=Genesis+IT%26T&rft.au=Genesis+IT%26T&rft.date=10+May+2021&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210524220443%2Fhttps%3A%2F%2Fwww.seek.com.au%2Fjob%2F52226409%3Ftype%3Dstandard&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ZippiaQuality-29\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ZippiaQuality_29-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.zippia.com\/quality-control-officer-jobs\/what-does-a-quality-control-officer-do\/\" target=\"_blank\">\"Quality Control Officer - What They Do\"<\/a>. Zippia<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.zippia.com\/quality-control-officer-jobs\/what-does-a-quality-control-officer-do\/\" target=\"_blank\">https:\/\/www.zippia.com\/quality-control-officer-jobs\/what-does-a-quality-control-officer-do\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Quality+Control+Officer+-+What+They+Do&rft.atitle=&rft.pub=Zippia&rft_id=https%3A%2F%2Fwww.zippia.com%2Fquality-control-officer-jobs%2Fwhat-does-a-quality-control-officer-do%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LiskouskiLab20-30\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-LiskouskiLab20_30-0\">30.0<\/a><\/sup> <sup><a href=\"#cite_ref-LiskouskiLab20_30-1\">30.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Liscouski, J. (December 2020). \"<a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Laboratory_Technology_Planning_and_Management:_The_Practice_of_Laboratory_Systems_Engineering\" title=\"LII:Laboratory Technology Planning and Management: The Practice of Laboratory Systems Engineering\" class=\"wiki-link\" data-key=\"655f7d48a642e9b45533745af73f0d59\">Laboratory Technology Planning and Management: The Practice of Laboratory Systems Engineering<\/a>\".<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=%5B%5BLII%3ALaboratory+Technology+Planning+and+Management%3A+The+Practice+of+Laboratory+Systems+Engineering%7CLaboratory+Technology+Planning+and+Management%3A+The+Practice+of+Laboratory+Systems+Engineering%5D%5D&rft.atitle=&rft.aulast=Liscouski%2C+J.&rft.au=Liscouski%2C+J.&rft.date=December+2020&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BrevitasCyber19-31\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BrevitasCyber19_31-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/brevitas.us\/cybersecurity-response\/\" target=\"_blank\">\"Cybersecurity Response\"<\/a>. Brevitas. 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/brevitas.us\/cybersecurity-response\/\" target=\"_blank\">https:\/\/brevitas.us\/cybersecurity-response\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cybersecurity+Response&rft.atitle=&rft.date=2019&rft.pub=Brevitas&rft_id=https%3A%2F%2Fbrevitas.us%2Fcybersecurity-response%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LincolnCyber17-32\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LincolnCyber17_32-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lincoln, J.E. (17 April 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210525165934\/https:\/\/www.ivtnetwork.com\/article\/cybersecurity-buzzword-or-serious-safety-concern\" target=\"_blank\">\"Cybersecurity - Buzzword or Serious Safety Concern?\"<\/a>. <i>IVT Network<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ivtnetwork.com\/article\/cybersecurity-buzzword-or-serious-safety-concern\" target=\"_blank\">the original<\/a> on 25 May 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210525165934\/https:\/\/www.ivtnetwork.com\/article\/cybersecurity-buzzword-or-serious-safety-concern\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210525165934\/https:\/\/www.ivtnetwork.com\/article\/cybersecurity-buzzword-or-serious-safety-concern<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cybersecurity+-+Buzzword+or+Serious+Safety+Concern%3F&rft.atitle=IVT+Network&rft.aulast=Lincoln%2C+J.E.&rft.au=Lincoln%2C+J.E.&rft.date=17+April+2017&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210525165934%2Fhttps%3A%2F%2Fwww.ivtnetwork.com%2Farticle%2Fcybersecurity-buzzword-or-serious-safety-concern&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HeylOverview17-33\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HeylOverview17_33-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Heyl, J. (October 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cybersecuritysummit.org\/wp-content\/uploads\/2017\/10\/4.00-Justin-Heyl.pdf\" target=\"_blank\">\"Overview of UL 2900 - Medical Device Cybersecurity Workshop\"<\/a> (PDF). UL<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cybersecuritysummit.org\/wp-content\/uploads\/2017\/10\/4.00-Justin-Heyl.pdf\" target=\"_blank\">https:\/\/www.cybersecuritysummit.org\/wp-content\/uploads\/2017\/10\/4.00-Justin-Heyl.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Overview+of+UL+2900+-+Medical+Device+Cybersecurity+Workshop&rft.atitle=&rft.aulast=Heyl%2C+J.&rft.au=Heyl%2C+J.&rft.date=October+2017&rft.pub=UL&rft_id=https%3A%2F%2Fwww.cybersecuritysummit.org%2Fwp-content%2Fuploads%2F2017%2F10%2F4.00-Justin-Heyl.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-UL2900ACyber19-34\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-UL2900ACyber19_34-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/fda.report\/media\/123068\/UL2900-Cybersecurity-Aid.pdf\" target=\"_blank\">\"UL 2900: A Cybersecurity aid for industry and regulators\"<\/a> (PDF). UL. 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/fda.report\/media\/123068\/UL2900-Cybersecurity-Aid.pdf\" target=\"_blank\">https:\/\/fda.report\/media\/123068\/UL2900-Cybersecurity-Aid.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=UL+2900%3A+A+Cybersecurity+aid+for+industry+and+regulators&rft.atitle=&rft.date=2019&rft.pub=UL&rft_id=https%3A%2F%2Ffda.report%2Fmedia%2F123068%2FUL2900-Cybersecurity-Aid.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ISO13485-35\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ISO13485_35-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.iso.org\/standard\/59752.html\" target=\"_blank\">\"ISO 13485:2016 Medical devices \u2014 Quality management systems \u2014 Requirements for regulatory purposes\"<\/a>. ISO. March 2016<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.iso.org\/standard\/59752.html\" target=\"_blank\">https:\/\/www.iso.org\/standard\/59752.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=ISO+13485%3A2016+Medical+devices+%E2%80%94+Quality+management+systems+%E2%80%94+Requirements+for+regulatory+purposes&rft.atitle=&rft.date=March+2016&rft.pub=ISO&rft_id=https%3A%2F%2Fwww.iso.org%2Fstandard%2F59752.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KonsoluteCyber21-36\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-KonsoluteCyber21_36-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.konsolute.com\/blog\/iso-27001-cybersecurity-quality-management\/\" target=\"_blank\">\"Cybersecurity of the future: Why we include ISO 27001 as standard in our Quality Management System\"<\/a>. Konsolute. 30 April 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.konsolute.com\/blog\/iso-27001-cybersecurity-quality-management\/\" target=\"_blank\">https:\/\/www.konsolute.com\/blog\/iso-27001-cybersecurity-quality-management\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cybersecurity+of+the+future%3A+Why+we+include+ISO+27001+as+standard+in+our+Quality+Management+System&rft.atitle=&rft.date=30+April+2021&rft.pub=Konsolute&rft_id=https%3A%2F%2Fwww.konsolute.com%2Fblog%2Fiso-27001-cybersecurity-quality-management%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CVGInform20-37\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CVGInform20_37-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cvgstrategy.com\/information-security-management-system\/\" target=\"_blank\">\"Information Security Management System (ISMS)\"<\/a>. CVG Strategy. 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cvgstrategy.com\/information-security-management-system\/\" target=\"_blank\">https:\/\/cvgstrategy.com\/information-security-management-system\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Information+Security+Management+System+%28ISMS%29&rft.atitle=&rft.date=2020&rft.pub=CVG+Strategy&rft_id=https%3A%2F%2Fcvgstrategy.com%2Finformation-security-management-system%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PatelISO17-38\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-PatelISO17_38-0\">38.0<\/a><\/sup> <sup><a href=\"#cite_ref-PatelISO17_38-1\">38.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Patel, N. (16 October 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210228030103\/https:\/\/www.schellman.com\/blog\/iso-9001-and-27001-the-relationship\" target=\"_blank\">\"ISO 9001 and 27001 \u2013 The Relationship\"<\/a>. <i>Schellman Blog<\/i>. Schellman & Company. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.schellman.com\/blog\/iso-9001-and-27001-the-relationship\" target=\"_blank\">the original<\/a> on 28 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210228030103\/https:\/\/www.schellman.com\/blog\/iso-9001-and-27001-the-relationship\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210228030103\/https:\/\/www.schellman.com\/blog\/iso-9001-and-27001-the-relationship<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=ISO+9001+and+27001+%E2%80%93+The+Relationship&rft.atitle=Schellman+Blog&rft.aulast=Patel%2C+N.&rft.au=Patel%2C+N.&rft.date=16+October+2017&rft.pub=Schellman+%26+Company&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210228030103%2Fhttps%3A%2F%2Fwww.schellman.com%2Fblog%2Fiso-9001-and-27001-the-relationship&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WangShared20-39\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WangShared20_39-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Wang, K. (14 October 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/blog.cloudticity.com\/shared-responsibility-cloud-managed-service-provider-security\" target=\"_blank\">\"Shared Responsibility in the Cloud: Reduce Your Security Burden With a Managed Security Service Provider (MSSP)\"<\/a>. <i>Cloudticity Blog<\/i>. Cloudticity<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/blog.cloudticity.com\/shared-responsibility-cloud-managed-service-provider-security\" target=\"_blank\">https:\/\/blog.cloudticity.com\/shared-responsibility-cloud-managed-service-provider-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Shared+Responsibility+in+the+Cloud%3A+Reduce+Your+Security+Burden+With+a+Managed+Security+Service+Provider+%28MSSP%29&rft.atitle=Cloudticity+Blog&rft.aulast=Wang%2C+K.&rft.au=Wang%2C+K.&rft.date=14+October+2020&rft.pub=Cloudticity&rft_id=https%3A%2F%2Fblog.cloudticity.com%2Fshared-responsibility-cloud-managed-service-provider-security&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SavirHowAMan-40\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SavirHowAMan_40-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Savir, L. (16 August 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/allcloud.io\/blog\/how-a-managed-service-provider-can-harden-security-across-your-business-and-save-on-costs\/\" target=\"_blank\">\"How a Managed Service Provider Can Harden Security Across Your Business and Save on Costs\"<\/a>. <i>AllCloud Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/allcloud.io\/blog\/how-a-managed-service-provider-can-harden-security-across-your-business-and-save-on-costs\/\" target=\"_blank\">https:\/\/allcloud.io\/blog\/how-a-managed-service-provider-can-harden-security-across-your-business-and-save-on-costs\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+a+Managed+Service+Provider+Can+Harden+Security+Across+Your+Business+and+Save+on+Costs&rft.atitle=AllCloud+Blog&rft.aulast=Savir%2C+L.&rft.au=Savir%2C+L.&rft.date=16+August+2023&rft_id=https%3A%2F%2Fallcloud.io%2Fblog%2Fhow-a-managed-service-provider-can-harden-security-across-your-business-and-save-on-costs%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205956\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.315 seconds\nReal time usage: 0.330 seconds\nPreprocessor visited node count: 27808\/1000000\nPost\u2010expand include size: 232467\/2097152 bytes\nTemplate argument size: 86920\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 68321\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 302.864 1 -total\n 92.98% 281.591 1 Template:Reflist\n 75.63% 229.056 40 Template:Citation\/core\n 69.58% 210.742 35 Template:Cite_web\n 15.13% 45.830 31 Template:Date\n 10.82% 32.760 4 Template:Cite_book\n 6.99% 21.173 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\n 4.65% 14.076 65 Template:Citation\/make_link\n 3.04% 9.213 4 Template:Citation\/identifier\n 3.00% 9.100 1 Template:Cite_journal\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13049-0!canonical and timestamp 20230816205956 and revision id 46398. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","fdbc78a3fed7fade69aa42c5a9b5cc07_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/3\/3d\/Quality_assurance_laboratory_140305-N-OE749-012.jpg"],"fdbc78a3fed7fade69aa42c5a9b5cc07_timestamp":1692220360,"cb1e31bcf056262630548fdf6c7e5c5b_type":"article","cb1e31bcf056262630548fdf6c7e5c5b_title":"5.1 The provision of managed security services","cb1e31bcf056262630548fdf6c7e5c5b_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services","cb1e31bcf056262630548fdf6c7e5c5b_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Managed security services and quality assurance\/The provision of managed security servicesFrom LIMSWikiJump to navigationJump to search-----Return to the beginning of this guide-----\nContents \n\n1 5. Managed security services and quality assurance \n\n1.1 5.1 The provision of managed security services \n\n1.1.1 5.1.1 Managed security services in the cloud \n\n\n\n\n2 References \n\n\n\n5. Managed security services and quality assurance \nSo far in this guide, the assumption has been made that your organization\u2014whether a laboratory or some other business type\u2014will either have the knowledgeable and experienced onsite personnel to assist with a cloud implementation or will acquire such people as new hires or contracted consultants. But as the age of cloud computing has progressed ever onward and more businesses have moved to the cloud, a third option has emerged: have someone else, like an MSSP, manage most of the implementation and security details for you.\n\n5.1 The provision of managed security services \nGartner defines a managed security service provider (MSSP) as an entity that \"provides outsourced monitoring and management of security devices and systems,\" including \"managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services.\"[1] Gartner continues, noting that MSSPs run their security operations through their own or third-party data centers in order to provide an \"always available\" service, with the ultimate intent of reducing \"the number of operational security personnel an enterprise needs to hire, train, and retain to maintain an acceptable security posture.\"[1] In addition to reducing personnel requirements, turning to an MSSP may also improve the overall security competency of and reduce the technological complexity burdens within an organization.[2][3] \nOne perceived downside to this approach may be the added risk of placing access to sensitive data in the hands of a third party, and indeed, there may be a few unique situations where it makes the most sense to keep security operations in-house.[4] However, this perceived downside largely comes down to a question of the trust you place in the MSSP. As was discussed in previous chapters, many cloud service providers (CSPs) recognize the importance of supporting the element of trust associated with its services, as witnessed by their trust centers and associated documentation and certifications, particularly those related to the management of sensitive data. This element of trust is also baked into the service level agreement (SLA) provided by the CSP.[4] In the end, just like a CSP, the level of trust you place with an MSSP will largely be based upon your business' approach to both vetting them and determining the level of accepted risk should the MSSP not be able to meet your every requirement. (These aspects are discussed in further detail in the following chapter.)\n\n5.1.1 Managed security services in the cloud \nJust as turning to a CSP's infrastructure as a service (IaaS) offloads much of the responsibility for supporting IT infrastructure to someone else, you can also offload a significant portion of the responsibility for supporting cloud security to someone else. As such, the vendor of managed security services (MSS)\u2014whether it's the CSP itself or a third-party cloud-friendly MSSP\u2014manages cloud-based security aspects such as vulnerability testing, intrusion detection, firewall management, virtual private network (VPN) management, security reporting, and technical support for your cloud implementation. As such, most of your internal IT staff can be freed to focus on other aspects of the business' IT infrastructure and operational developments.\nBut turning to MSS for your cloud implementation should be about more than just staffing relief. Outsourcing security services may also have other perceived benefits to an organization, such as gaining operational and financial efficiency, increasing service availability, and avoiding technological obsolescence.[5] To be sure, managing cybersecurity in the cloud is both vital to and difficult for the average organization, particularly small organizations like independent laboratories with constrained budgets. Managing the physical and cybersecurity complexities associated with the likes of the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) can be daunting, particularly given a lack of sufficient in-house expertise. Throw hybrid and multicloud deployments into the mix, and you suddenly require even more in-house expertise for development in public cloud environments like AWS and Microsoft Azure. When also considering that traditional on-premises IT security experience is not enough to manage cloud implementations, it's not difficult to imagine a scenario where an inexperienced IT staff could misconfigure a network security setting and compromise sensitive data within a cloud implementation.[4]\nAn optimally run set of managed security services by a knowledgeable and experienced organization able to offer and stick to clear, legally defensible service level agreements and information governance mechanisms[6][7] makes sense for organizations without the necessary technical expertise and with significant liability should something go wrong. The complexities of running secure operations in the cloud only increase the importance of such an MSSP. Such a provider is able to[8]:\n\nmonitor for, identify, assess, and react to vulnerabilities, intrusions, and other threats;\naudit, adjust, and patch native security settings;\nimprove encryption, firewall, and anti-malware mechanisms;\nmanage and secure connected devices;\nmanage and improve identity access management; and\nprovide detailed reports about the state of organizational infrastructure.\nReferences \n\n\n\u2191 1.0 1.1 \"Managed Security Service Provider (MSSP)\". Gartner Glossary. Gartner, Inc. https:\/\/www.gartner.com\/en\/information-technology\/glossary\/mssp-managed-security-service-provider . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Managed security services (MSS)\". IBM. https:\/\/www.ibm.com\/services\/managed-security . Retrieved 28 July 2023 .   \n \n\n\u2191 \"The REAL Benefits of a Managed Security Service Provider (MSSP)\". SecureOPS. 26 August 2020. Archived from the original on 14 May 2021. https:\/\/web.archive.org\/web\/20210514165923\/https:\/\/secureops.com\/2020\/08\/26\/the-real-benefits-of-an-mssp\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 4.0 4.1 4.2 \"How Managed Cloud Security Works, and Why You Might Want It\". Trianz. 29 March 2021. https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works . Retrieved 28 July 2023 .   \n \n\n\u2191 Federal Financial Institutions Examination Council (June 2004). \"Outsourcing Technology Services\" (PDF). FFIEC. Archived from the original on 01 February 2022. https:\/\/web.archive.org\/web\/20220201011601\/https:\/\/ithandbook.ffiec.gov\/media\/274841\/ffiec_itbooklet_outsourcingtechnologyservices.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Smallwood, R.F. (2014). \"Chapter 1: The Onslaught of Big Data and the Information Governance Imperative\". Information Governance: Concepts, Strategies, and Best Practices. Wiley. pp. 3\u201313. ISBN 9781118218303.   \n \n\n\u2191 O'Neill, S. (22 October 2015). \"Information Governance: A Principled Framework\". Daymark Blog. https:\/\/www.daymarksi.com\/information-technology-navigator-blog\/information-governance-a-principled-framework . Retrieved 28 July 2023 .   \n \n\n\u2191 Dotson, C. (2019). \"Chapter 7: Detecting, Responding to, and Recovering from Security Incidents\". Practical Cloud Security: A Guide for Secure Design and Deployment. O'Reilly Media. pp. 139\u201371. ISBN 9781492037514.   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:39.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 287 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","cb1e31bcf056262630548fdf6c7e5c5b_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Managed_security_services_and_quality_assurance_The_provision_of_managed_security_services rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Managed_security_services_and_quality_assurance_The_provision_of_managed_security_services skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Managed security services and quality assurance\/The provision of managed security services<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><div align=\"center\">-----Return to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction\" class=\"wiki-link\" data-key=\"a5122d160da552b7fab8ca62d4bc6155\">the beginning<\/a> of this guide-----<\/div>\n\n\n<h2><span class=\"mw-headline\" id=\"5._Managed_security_services_and_quality_assurance\">5. Managed security services and quality assurance<\/span><\/h2>\n<p>So far in this guide, the assumption has been made that your organization\u2014whether a laboratory or some other business type\u2014will either have the knowledgeable and experienced onsite personnel to assist with a cloud implementation or will acquire such people as new hires or contracted consultants. But as the age of <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> has progressed ever onward and more businesses have moved to the cloud, a third option has emerged: have someone else, like an MSSP, manage most of the implementation and security details for you.\n<\/p>\n<h3><span class=\"mw-headline\" id=\"5.1_The_provision_of_managed_security_services\">5.1 The provision of managed security services<\/span><\/h3>\n<p>Gartner defines a managed security service provider (MSSP) as an entity that \"provides outsourced monitoring and management of security devices and systems,\" including \"managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services.\"<sup id=\"rdp-ebb-cite_ref-GartnerManaged_1-0\" class=\"reference\"><a href=\"#cite_note-GartnerManaged-1\">[1]<\/a><\/sup> Gartner continues, noting that MSSPs run their security operations through their own or third-party data centers in order to provide an \"always available\" service, with the ultimate intent of reducing \"the number of operational security personnel an enterprise needs to hire, train, and retain to maintain an acceptable security posture.\"<sup id=\"rdp-ebb-cite_ref-GartnerManaged_1-1\" class=\"reference\"><a href=\"#cite_note-GartnerManaged-1\">[1]<\/a><\/sup> In addition to reducing personnel requirements, turning to an MSSP may also improve the overall security competency of and reduce the technological complexity burdens within an organization.<sup id=\"rdp-ebb-cite_ref-IBMMSS_2-0\" class=\"reference\"><a href=\"#cite_note-IBMMSS-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-SOTheReal20_3-0\" class=\"reference\"><a href=\"#cite_note-SOTheReal20-3\">[3]<\/a><\/sup> \n<\/p><p>One perceived downside to this approach may be the added risk of placing access to sensitive data in the hands of a third party, and indeed, there may be a few unique situations where it makes the most sense to keep security operations in-house.<sup id=\"rdp-ebb-cite_ref-TrianzHowMana21_4-0\" class=\"reference\"><a href=\"#cite_note-TrianzHowMana21-4\">[4]<\/a><\/sup> However, this perceived downside largely comes down to a question of the trust you place in the MSSP. As was discussed in previous chapters, many cloud service providers (CSPs) recognize the importance of supporting the element of trust associated with its services, as witnessed by their trust centers and associated documentation and certifications, particularly those related to the management of sensitive data. This element of trust is also baked into the service level agreement (SLA) provided by the CSP.<sup id=\"rdp-ebb-cite_ref-TrianzHowMana21_4-1\" class=\"reference\"><a href=\"#cite_note-TrianzHowMana21-4\">[4]<\/a><\/sup> In the end, just like a CSP, the level of trust you place with an MSSP will largely be based upon your business' approach to both vetting them and determining the level of accepted risk should the MSSP not be able to meet your every requirement. (These aspects are discussed in further detail in the following chapter.)\n<\/p>\n<h4><span class=\"mw-headline\" id=\"5.1.1_Managed_security_services_in_the_cloud\">5.1.1 Managed security services in the cloud<\/span><\/h4>\n<div class=\"floatright\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Cloud-Security.png\" class=\"image wiki-link\" data-key=\"9f307215b48ee867e156c9c0fec2f7a0\"><img alt=\"Cloud-Security.png\" src=\"https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/c\/c3\/Cloud-Security.png\" decoding=\"async\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a><\/div><p>Just as turning to a CSP's <a href=\"https:\/\/www.limswiki.org\/index.php\/Infrastructure_as_a_service\" title=\"Infrastructure as a service\" class=\"wiki-link\" data-key=\"70b93c66f23363688d45f0d354e5c032\">infrastructure as a service<\/a> (IaaS) offloads much of the responsibility for supporting IT infrastructure to someone else, you can also offload a significant portion of the responsibility for supporting cloud security to someone else. As such, the vendor of managed security services (MSS)\u2014whether it's the CSP itself or a third-party cloud-friendly MSSP\u2014manages cloud-based security aspects such as vulnerability testing, intrusion detection, firewall management, virtual private network (VPN) management, security reporting, and technical support for your cloud implementation. As such, most of your internal IT staff can be freed to focus on other aspects of the business' IT infrastructure and operational developments.\n<\/p><p>But turning to MSS for your cloud implementation should be about more than just staffing relief. Outsourcing security services may also have other perceived benefits to an organization, such as gaining operational and financial efficiency, increasing service availability, and avoiding technological obsolescence.<sup id=\"rdp-ebb-cite_ref-FFIEC_Out04_5-0\" class=\"reference\"><a href=\"#cite_note-FFIEC_Out04-5\">[5]<\/a><\/sup> To be sure, managing <a href=\"https:\/\/www.limswiki.org\/index.php\/Cybersecurity\" class=\"mw-redirect wiki-link\" title=\"Cybersecurity\" data-key=\"ba653dc2a1384e5f9f6ac9dc1a740109\">cybersecurity<\/a> in the cloud is both vital to and difficult for the average organization, particularly small organizations like independent laboratories with constrained budgets. Managing the physical and cybersecurity complexities associated with the likes of the <a href=\"https:\/\/www.limswiki.org\/index.php\/Health_Insurance_Portability_and_Accountability_Act\" title=\"Health Insurance Portability and Accountability Act\" class=\"wiki-link\" data-key=\"b70673a0117c21576016cb7498867153\">Health Insurance Portability and Accountability Act<\/a> (HIPAA), the <a href=\"https:\/\/www.limswiki.org\/index.php\/General_Data_Protection_Regulation\" title=\"General Data Protection Regulation\" class=\"wiki-link\" data-key=\"3f4bdf6f0dcb360b1e79aad8674c2447\">General Data Protection Regulation<\/a> (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) can be daunting, particularly given a lack of sufficient in-house expertise. Throw hybrid and multicloud deployments into the mix, and you suddenly require even more in-house expertise for development in public cloud environments like AWS and Microsoft Azure. When also considering that traditional on-premises IT security experience is not enough to manage cloud implementations, it's not difficult to imagine a scenario where an inexperienced IT staff could misconfigure a network security setting and compromise sensitive data within a cloud implementation.<sup id=\"rdp-ebb-cite_ref-TrianzHowMana21_4-2\" class=\"reference\"><a href=\"#cite_note-TrianzHowMana21-4\">[4]<\/a><\/sup>\n<\/p><p>An optimally run set of managed security services by a knowledgeable and experienced organization able to offer and stick to clear, legally defensible service level agreements and information governance mechanisms<sup id=\"rdp-ebb-cite_ref-SmallwoodInform14_6-0\" class=\"reference\"><a href=\"#cite_note-SmallwoodInform14-6\">[6]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-O.27NeillInform15_7-0\" class=\"reference\"><a href=\"#cite_note-O.27NeillInform15-7\">[7]<\/a><\/sup> makes sense for organizations without the necessary technical expertise and with significant liability should something go wrong. The complexities of running secure operations in the cloud only increase the importance of such an MSSP. Such a provider is able to<sup id=\"rdp-ebb-cite_ref-DotsonPract19_8-0\" class=\"reference\"><a href=\"#cite_note-DotsonPract19-8\">[8]<\/a><\/sup>:\n<\/p>\n<ul><li>monitor for, identify, assess, and react to vulnerabilities, intrusions, and other threats;<\/li>\n<li>audit, adjust, and patch native security settings;<\/li>\n<li>improve encryption, firewall, and anti-malware mechanisms;<\/li>\n<li>manage and secure connected devices;<\/li>\n<li>manage and improve identity access management; and<\/li>\n<li>provide detailed reports about the state of organizational infrastructure.<\/li><\/ul>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-GartnerManaged-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GartnerManaged_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-GartnerManaged_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gartner.com\/en\/information-technology\/glossary\/mssp-managed-security-service-provider\" target=\"_blank\">\"Managed Security Service Provider (MSSP)\"<\/a>. <i>Gartner Glossary<\/i>. Gartner, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.gartner.com\/en\/information-technology\/glossary\/mssp-managed-security-service-provider\" target=\"_blank\">https:\/\/www.gartner.com\/en\/information-technology\/glossary\/mssp-managed-security-service-provider<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+Security+Service+Provider+%28MSSP%29&rft.atitle=Gartner+Glossary&rft.pub=Gartner%2C+Inc&rft_id=https%3A%2F%2Fwww.gartner.com%2Fen%2Finformation-technology%2Fglossary%2Fmssp-managed-security-service-provider&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMMSS-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMMSS_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/services\/managed-security\" target=\"_blank\">\"Managed security services (MSS)\"<\/a>. IBM<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/services\/managed-security\" target=\"_blank\">https:\/\/www.ibm.com\/services\/managed-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managed+security+services+%28MSS%29&rft.atitle=&rft.pub=IBM&rft_id=https%3A%2F%2Fwww.ibm.com%2Fservices%2Fmanaged-security&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SOTheReal20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SOTheReal20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210514165923\/https:\/\/secureops.com\/2020\/08\/26\/the-real-benefits-of-an-mssp\/\" target=\"_blank\">\"The REAL Benefits of a Managed Security Service Provider (MSSP)\"<\/a>. SecureOPS. 26 August 2020. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/secureops.com\/2020\/08\/26\/the-real-benefits-of-an-mssp\/\" target=\"_blank\">the original<\/a> on 14 May 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210514165923\/https:\/\/secureops.com\/2020\/08\/26\/the-real-benefits-of-an-mssp\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210514165923\/https:\/\/secureops.com\/2020\/08\/26\/the-real-benefits-of-an-mssp\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+REAL+Benefits+of+a+Managed+Security+Service+Provider+%28MSSP%29&rft.atitle=&rft.date=26+August+2020&rft.pub=SecureOPS&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210514165923%2Fhttps%3A%2F%2Fsecureops.com%2F2020%2F08%2F26%2Fthe-real-benefits-of-an-mssp%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TrianzHowMana21-4\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-TrianzHowMana21_4-0\">4.0<\/a><\/sup> <sup><a href=\"#cite_ref-TrianzHowMana21_4-1\">4.1<\/a><\/sup> <sup><a href=\"#cite_ref-TrianzHowMana21_4-2\">4.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works\" target=\"_blank\">\"How Managed Cloud Security Works, and Why You Might Want It\"<\/a>. Trianz. 29 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works\" target=\"_blank\">https:\/\/www.trianz.com\/insights\/managed-cloud-security-services-how-and-why-it-works<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+Managed+Cloud+Security+Works%2C+and+Why+You+Might+Want+It&rft.atitle=&rft.date=29+March+2021&rft.pub=Trianz&rft_id=https%3A%2F%2Fwww.trianz.com%2Finsights%2Fmanaged-cloud-security-services-how-and-why-it-works&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FFIEC_Out04-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FFIEC_Out04_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Federal Financial Institutions Examination Council (June 2004). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20220201011601\/https:\/\/ithandbook.ffiec.gov\/media\/274841\/ffiec_itbooklet_outsourcingtechnologyservices.pdf\" target=\"_blank\">\"Outsourcing Technology Services\"<\/a> (PDF). FFIEC. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/ithandbook.ffiec.gov\/media\/274841\/ffiec_itbooklet_outsourcingtechnologyservices.pdf\" target=\"_blank\">the original<\/a> on 01 February 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20220201011601\/https:\/\/ithandbook.ffiec.gov\/media\/274841\/ffiec_itbooklet_outsourcingtechnologyservices.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20220201011601\/https:\/\/ithandbook.ffiec.gov\/media\/274841\/ffiec_itbooklet_outsourcingtechnologyservices.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Outsourcing+Technology+Services&rft.atitle=&rft.aulast=Federal+Financial+Institutions+Examination+Council&rft.au=Federal+Financial+Institutions+Examination+Council&rft.date=June+2004&rft.pub=FFIEC&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20220201011601%2Fhttps%3A%2F%2Fithandbook.ffiec.gov%2Fmedia%2F274841%2Fffiec_itbooklet_outsourcingtechnologyservices.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SmallwoodInform14-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SmallwoodInform14_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation book\">Smallwood, R.F. (2014). \"Chapter 1: The Onslaught of Big Data and the Information Governance Imperative\". <i>Information Governance: Concepts, Strategies, and Best Practices<\/i>. Wiley. pp. 3\u201313. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/International_Standard_Book_Number\" data-key=\"f64947ba21e884434bd70e8d9e60bae6\">ISBN<\/a> 9781118218303.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Chapter+1%3A+The+Onslaught+of+Big+Data+and+the+Information+Governance+Imperative&rft.atitle=Information+Governance%3A+Concepts%2C+Strategies%2C+and+Best+Practices&rft.aulast=Smallwood%2C+R.F.&rft.au=Smallwood%2C+R.F.&rft.date=2014&rft.pages=pp.%26nbsp%3B3%E2%80%9313&rft.pub=Wiley&rft.isbn=9781118218303&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-O.27NeillInform15-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-O.27NeillInform15_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">O'Neill, S. (22 October 2015). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.daymarksi.com\/information-technology-navigator-blog\/information-governance-a-principled-framework\" target=\"_blank\">\"Information Governance: A Principled Framework\"<\/a>. <i>Daymark Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.daymarksi.com\/information-technology-navigator-blog\/information-governance-a-principled-framework\" target=\"_blank\">https:\/\/www.daymarksi.com\/information-technology-navigator-blog\/information-governance-a-principled-framework<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Information+Governance%3A+A+Principled+Framework&rft.atitle=Daymark+Blog&rft.aulast=O%27Neill%2C+S.&rft.au=O%27Neill%2C+S.&rft.date=22+October+2015&rft_id=https%3A%2F%2Fwww.daymarksi.com%2Finformation-technology-navigator-blog%2Finformation-governance-a-principled-framework&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DotsonPract19-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DotsonPract19_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation book\">Dotson, C. (2019). \"Chapter 7: Detecting, Responding to, and Recovering from Security Incidents\". <i>Practical Cloud Security: A Guide for Secure Design and Deployment<\/i>. O'Reilly Media. pp. 139\u201371. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/International_Standard_Book_Number\" data-key=\"f64947ba21e884434bd70e8d9e60bae6\">ISBN<\/a> 9781492037514.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Chapter+7%3A+Detecting%2C+Responding+to%2C+and+Recovering+from+Security+Incidents&rft.atitle=Practical+Cloud+Security%3A+A+Guide+for+Secure+Design+and+Deployment&rft.aulast=Dotson%2C+C.&rft.au=Dotson%2C+C.&rft.date=2019&rft.pages=pp.%26nbsp%3B139%E2%80%9371&rft.pub=O%27Reilly+Media&rft.isbn=9781492037514&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205955\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.092 seconds\nReal time usage: 0.105 seconds\nPreprocessor visited node count: 5467\/1000000\nPost\u2010expand include size: 46043\/2097152 bytes\nTemplate argument size: 16278\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 13565\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 90.785 1 -total\n 90.05% 81.752 1 Template:Reflist\n 64.46% 58.518 8 Template:Citation\/core\n 52.63% 47.776 6 Template:Cite_web\n 22.79% 20.686 2 Template:Cite_book\n 10.55% 9.581 4 Template:Date\n 9.86% 8.948 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\n 7.55% 6.858 2 Template:Citation\/identifier\n 5.48% 4.978 14 Template:Citation\/make_link\n 2.58% 2.342 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13048-0!canonical and timestamp 20230816205955 and revision id 46397. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","cb1e31bcf056262630548fdf6c7e5c5b_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/c\/c3\/Cloud-Security.png"],"cb1e31bcf056262630548fdf6c7e5c5b_timestamp":1692220359,"3f6cdca956c811a19c1773e32fc70e7c_type":"article","3f6cdca956c811a19c1773e32fc70e7c_title":"4.3 Deployment approaches","3f6cdca956c811a19c1773e32fc70e7c_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches","3f6cdca956c811a19c1773e32fc70e7c_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Cloud computing in the laboratory\/Deployment approachesFrom LIMSWikiJump to navigationJump to searchContents \n\n1 4.3 Deployment approaches \n\n1.1 4.3.1 Hybrid cloud, multicloud, and the vendor lock-in conundrum \n\n\n2 References \n3 Citation information for this chapter \n\n\n\n4.3 Deployment approaches \nChapter 2 also looked at deployment approaches in detail, so this section won't get too in-depth. However, the topic of choosing the right deployment approach for your laboratory is still an important one. As Agilent Technologies noted in its 2019 white paper Cloud Adoption for Lab Informatics, a laboratory's \"deployment approach is a key factor for laboratory leadership since the choice of private, public, or hybrid deployment will impact the viability of solutions in the other layers of informatics\" applied by the lab.[1] In some cases, like most software, the deployment choice will be relatively straightforward, but other aspects of laboratory requirements may complicate that decision further.\nBroadly speaking, any attempt to move you LIS, LIMS, or electronic laboratory notebook (ELN) to the cloud will almost certainly involve a software as a service (SaaS) approach.[1] If the deployment is relatively simple, with well-structured data, this is relatively painless. However, in cases where your LIS, LIMS, or ELN need to interface with additional business systems like an enterprise resource planning (ERP) system or other informatics software such as a picture archiving and communication system (PACS), an argument could be made that a platform as a service (PaaS) approach may be warranted, due to its greater flexibility.[1]\nBut laboratories don't run on software alone; analytical instruments are also involved. Those instruments are usually interfaced to the lab's software systems to better capture raw and modified instrument data directly. However, addressing how your cloud-based informatics systems handle instrument data can be challenging, requiring careful attention to cloud service and deployment models. Infrastructure as a service (IaaS) may be a useful service model to look into due to its versatility in being deployed in private, hybrid, and public cloud models.[1] As Agilent notes: \"This model enables laboratories to minimize the IT footprint in the lab to only the resources needed for instrument control and acquisition. The rest of the data system components can be virtualized in the cloud and thus take advantage of the dynamic scaling and accessibility aspects of the cloud.\"[1] It also has easy scalability, enables remote access, and simplifies disaster recovery.[1] \nNotice that Agilent still allows for the in-house IT resources necessary to handle the control of instruments and the acquisition of their data. This brings up an important point about instruments. When it comes to instruments, realistic decisions must be made concerning whether or not to take instrument data collection and management into the cloud, keep it local, or enact a hybrid workflow where instrument data is created locally but uploaded to the cloud later.[2] In 2017, the Association of Public Health Laboratories (APHL) emphasized latency issues as a real concern when it comes to instrument control computing systems, finding that most shouldn't be in the cloud. The APHL went on to add that those systems can, however, \"be designed to share data in network storage systems and\/or be integrated with cloud-based LIMS through various communication paths.\"[3]\nSo what should a laboratory do with instrument systems? PI Digital's general manager, Kaushal Vyas, recognized the difficulties in deciding what to do with instrument systems in September 2020, breaking the decision down into five key considerations. First, consider the potential futures for your laboratory instruments and how any developing industry trends may affect those instruments. Do you envision your instruments becoming less wired? Will mobile devices be able to interface with them? Are they integrated via a hub? And does a cloud-based solution that manages those integrations across multiple locations make sense at some future point? Second, talk to the people who actually use the instruments and understand the workflows those instruments participate in. Are analysts loading samples directly into the machine and largely getting results from the same location? Or will results need to be accessed from different locations? In the case of the latter, cloud management of instrument data may make more sense. Third, are there additional ways to digitize your workflows in the lab? Perhaps later down the road? Does enabling from-anywhere access to instruments with the help of the cloud make sense for the lab? This leads to the fourth consideration, which actually touches upon the prior three: location, location, location. Where are the instruments located and from where will results, maintenance logs, and error logs be read? If these tasks don't need to be completed in real time, it's possible some hybrid cloud solution would work for you. And finally\u2014as has been emphasized throughout the guide\u2014ask what regulations and security requirements drive instrument deployment and use. In highly regulated environments like pharmaceutical research and production, moving instrument data off-premises may not be an option.[2]\nOne additional consideration that hasn't been fully discussed yet is whether or not to go beyond a hybrid cloud\u2014depending on one single cloud vender to integrate with on-premises systems\u2014to a cloud approach that involves more than one cloud vendor. We examine this consideration, as well as how it related to vendor lock-in, in the following subsection.\n\n 4.3.1 Hybrid cloud, multicloud, and the vendor lock-in conundrum \nIn Chapter 1, we compared and contrasted hybrid cloud, multicloud, and distributed cloud deployments. Remember that hybrid cloud integrates a private cloud or local IT infrastructure with a public cloud, multicloud multiplies public cloud into services from two or more vendors, and distributed cloud takes a public cloud and expands it to multiple edge locations. Hybrid and distributed deployments typically involve one public cloud vendor, and multicloud involves more than one public cloud vendor. But why would any laboratory want to spread its operations across two or more CSPs?\n\"Multicloud has the benefit of reducing vendor lock-in by implementing resource utilization and storage across more than one public cloud provider,\" we said in Chapter 1. The benefits of choosing a multicloud option over other options are a bit contentious however. Writing for the Carnegie Endowment in 2020, Maurer and Hinck address the issues of multicloud in detail[4]:\n\nProponents argue that this approach has benefits such as avoiding vendor lock-in, increasing resilience to outages, and taking advantage of competitive pricing. However, each of these points is contested; for instance, some might argue that ensuring a CSP\u2019s infrastructure architecture is secure is a much better way to enhance resilience than replicating workloads across multiple CSPs ... However, using multiple cloud providers can create greater complexity for organizations in terms of managing their cloud usage and creating more potential points of vulnerability, as the Cloud Security Alliance discussed in a May 2019 report.\nHowever, that very same complexity, found with most any cloud technology, brings with it risks related to vendor lock-in, seemingly forming a vicious circle. Carnegie Endowment's Levite and Kalwany noted in November 2020[5]:\n\n... the complex technology behind cloud services exacerbates risks of vendor lock-in. There are two main factors to consider here: the level of interoperability (how easy it is to make different cloud services work together as well as work with on-site consumer IT systems), and portability (how easy it is to switch data and applications from one cloud service to another, as well as from on-site systems to the cloud and back). Standards enabling both interoperability and portability of cloud services are likely to emerge as [among other things] a means of avoiding vendor lock-in.\nTo be sure, interoperability and portability are important concepts, not only in cloud computing[5][6] but also in laboratory data management, particularly with clinical data.[7][8] The U.S.' current SHIELD initiative speaks to that, aiming \"to improve the quality, interoperability and portability of laboratory data within and between institutions so that diagnostic information can be pulled from different sources or shared between institutions to help illuminate clinical management and understand health outcomes.\"[7] You see this same emphasis taking place in regards to cloud systems and biomedical research data sharing and the associated benefits of having interoperable, portable data using cloud systems.[9][10][11][12]\nAs Levite and Kalwany point out, interoperability and portability is also useful in the discussion on whether or not to use two or more CSPs. Let's again highlight their questions[5] (which will also be important to the next chapter on choosing and implementing your cloud solutions):\n\nHow interoperable or compatible is one public CSP's services with another public CSP's services, as well as with your on-premises IT systems?\nHow portable or transferable are your data and applications when needing to move them from one cloud service to another, as well as to and from your on-premises solutions?\nThese two questions, along with the vendor lock-in conundrum, are illustrated well in the ongoing saga of the Pentagon's JEDI project. The Joint Enterprise Defense Infrastructure (JEDI) project was officially kicked into gear in 2018 with a request for proposal (RFP), seeking to find a singular cloud computing provider to help usher in a new cloud-based era for Defense Department operations. The adamancy towards choosing only one CSP, despite the sheer enormity of the contract, quickly raised the eyebrows or watchdogs and major industry players even before the RFP was released. Claims of one provider having too much influence over government IT, as well an already skewed bidding process in favor of Amazon, complicated matters further.[13] Defending the stance of choosing only one CSP, the Digital Defense Service's deputy director Tim Van Name cited an \"overall complexity\" increase that would come from awarding the RFP to multiple CSPs, given the challenges already inherent to Defense Department data management in and out of the battlefield. Van Name also cited a \"lack of standardization and interoperability\" of complex cloud deployments as another barrier to accessing data when and where they need it.[14] This has inevitably led to a number of lawsuits before and after Microsoft was awarded the contract. With legal battles raging and an overarching \"urgent, unmet requirement\" by the Defense Department still not being realized because of the litigation, the government was rumored to be considering taking a loss on the single-vendor JEDI plan and moving forward with a multicloud plan, particularly with the departure of senior officials who originally backed the single cloud proposal.[15][16][17] The success of the CIA's C2E cloud-based program, which was awarded to five cloud providers, may have proven to be a further catalyst[13], as by July 2021, the JEDI project was finally pulled by the DoD[18] and related lawsuits by Amazon were dismissed.[19] Almost immediately afterwards, the DoD announced a new proposal, the Joint Warfighter Cloud Capability (JWCC) project, with a rough projection of being awarded to multiple vendors by April 2022.[19] The DoD limited bids to four vendors\u2014Amazon, Google, Microsoft, and Oracle\u2014with all four gaining a piece of the indefinite-delivery, indefinite-quantity contract by December 2022.[20][21] An April 2023 report in SIGNAL on the JWCC provided further insight on the unique approach to the contract, highlighting that despite all the stated complexity, some definitive benefits emerge from a multicloud arrangement[22]:\n\nOfficials structured the JWCC vehicle to be a one enterprise contract and set up direct relationships with the cloud service providers (CSPs)\u2014which is unique. [Hosting and Compute Center] works with DoD customers to shape their cloud service requirements and interacts directly with the four private sector cloud companies on the contract, instead via a third-party ... 'No contract in the department has that direct relationship with the CSPs,' McArthur said. 'Having that single point to be able to go to the vendors and be able to [interact with them] when it comes to meeting capabilities, needing to drive cost parity or cybersecurity incidents, those are groundbreaking things for the department at large.'\nWhat does all this mean for the average laboratory? At a minimum, there may be some benefit to having, for example, redundant data backup in the cloud, particularly if your lab feels that sensitive data can be safely moved to the cloud, and that there's overall cost savings long-term (vs. investing in local data storage). But that \"either-or\" view doesn't entirely address potential risks associated with vendor lock-in and the need for data availability and durability. As such, having data stored in multiple locations makes sense, even if that means moving data to two different cloud providers. With a bit of analysis of data access patterns and a solid understanding of your data types and sensitivities, it may be possible to make this sort of multicloud data storage more cost-effective.[23] However, remember that the traceability of your data is also important, and if quality data goes into the cloud service, then it will be easier to find, in theory. As is, it's already a challenge for many laboratories to locate original data\u2014particularly older data\u2014and some labs still don't have clear data storage policies.[24] As such, any transition to the cloud should also be considering the value of reinforcing existing data management strategies or, forbid they don't exist, getting started on developing such strategies. In conjunction with reviewing or creating data management strategies, data cleansing may be required to make the data more meaningful, findable, and actionable.[25][26] This concept holds true even if a multicloud deployment doesn't make sense for you but a hybrid cloud deployment with local backups does. This hybrid approach may especially make sense if the lab uses a scientific data management system (SDMS). As Agilent notes, if you already have an on-premises SDMS, \"extending the data storage capacity by connecting to a cloud storage location is a logical first step. This hybrid approach can use cloud storage in both a passive\/active capacity while also taking advantage of turnkey archival solutions that the cloud offers.\"[1]\nBut what about the concept of vendor lock-in overall? How much should a laboratory worry about this scenario, particularly in regards to, for example, moving from an on-premises LIMS to one hosted in the cloud? Some like tech reporter Kimberley Mok, writing for Protocol, argue that as major CSPs begin to make multicloud-friendly upgrades to their infrastructure, and as users perform more rigorous vetting of CSPs and migrate to more portable, containerized software solutions, the threat of vendor lock-in is gradually diminishing.[27] However, business owners remain fearful. A summer 2020 survey published by business communications company Mitel found that among more than 1,100 European IT decision makers, a top contractual priority with a CSP was avoiding vendor lock-in; \"46 percent of respondents [said they] want the ability to change provider quickly if the service contract is not fulfilled.\"[28] HashiCorp's third annual State of Cloud Strategy Survey in 2023 found that 48 percent of respondents thought single-vendor lock-in was driving multicloud adoption, further highlighting an increasing concern among businesses turning to the cloud.[29]\nIn the end, the laboratory will have to come down to a crucial decision: do we outsource services to several specialists (i.e., disaggregation) or stick to one, risking vendor lock-in? U.K. business software developer Advanced's chief product officer Amanda Grant provides this insight[30]:\n\nFor larger enterprises, disaggregation works best. The vast operations they undertake require a level of scalability and expertise that is best delivered by specialist companies. These specialists can target specific and more complex needs as well as support mission-critical operations directly.\n[For mid-sized organizations,] disaggregation demands a lot of internal investment. They would need in-house expertise to manage multiple suppliers and successfully integrate the services. The alternative would be to use an open ecosystem that brings all their cloud software solutions together in one place. This enables users to consume all of their cloud applications with ease while minimizing risk of vendor lock-in.\nIt's possible that as cloud computing continues to evolve, interoperability and portability of data, as well as tools for better data traceability, will continue to be a priority for the industry overall, potentially through continued standardization efforts.[6] As a result, perhaps the discussions of vendor lock-in will be less commonplace, with multicloud deployments becoming common discussion. The adoption of open-source technologies as part of an organization's cloud migration may also help with interoperability with other cloud platforms in the future.[31] In the meantime, laboratory decision makers will have to weigh the sensitivity of their data, that data's cloud-readiness, the laboratory budget, the potential risks, and the potential rewards of moving its operations to more complex but productive hybrid cloud and multicloud environments. The final decisions will differ, sometimes drastically, from lab to lab, but the risk management processes and considerations from Chapter 3 should be the same: same starting point but different destinations.\nThat leads us to the next chapter of our guide on the managed security service provider (MSSP), an entity that provides monitoring and management of security devices and systems in the cloud, among other things. These providers make make it considerably easier, and more secure, for a laboratory to implement cloud computing in their organization.\n\nReferences \n\n\n\u2191 1.0 1.1 1.2 1.3 1.4 1.5 1.6 Agilent Technologies (21 February 2019). \"Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps\" (PDF). Agilent Technologies. https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 2.0 2.1 Vyas, K. (September 2020). \"Cloud vs. on-premises solutions \u2013 5 factors to consider when planning the connectivity strategy for your healthcare instrument\". Planet Innovation: Perspectives. https:\/\/planetinnovation.com\/perspectives\/cloud-vs-on-premises-solutions\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Association of Public Health Laboratories (2017). \"Breaking Through the Cloud: A Laboratory Guide to Cloud Computing\" (PDF). Association of Public Health Laboratories. https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Maurer, T.; Hinck, G. (31 August 2020). \"Cloud Security: A Primer for Policymakers\". Carnegie Endowment for International Peace. https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597 . Retrieved 28 July 2023 .   \n \n\n\u2191 5.0 5.1 5.2 Levite, A.; Kalwani, G. (9 November 2020). \"Cloud Governance Challenges: A Survey of Policy and Regulatory Issues\". Carnegie Endowment for International Peace. https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124 . Retrieved 28 July 2023 .   \n \n\n\u2191 6.0 6.1 Ramalingam, C.; Mohan, P. (2021). \"Addressing Semantics Standards for Cloud Portability and Interoperability in Multi Cloud Environment\". Symmetry 13: 317. doi:10.3390\/sym13020317.   \n \n\n\u2191 7.0 7.1 Office of the Assistant Secretary for Planning and Evaluation. \"SHIELD - Standardization of Lab Data to Enhance Patient-Centered Outcomes Research and Value-Based Care\". U.S. Department of Health & Human Services. https:\/\/aspe.hhs.gov\/shield-standardization-lab-data-enhance-patient-centered-outcomes-research-and-value-based-care . Retrieved 28 July 2023 .   \n \n\n\u2191 Futrell, K. (22 February 2021). \"COVID-19 highlights need for laboratory data sharing and interoperability\". Medical Laboratory Observer. https:\/\/www.mlo-online.com\/information-technology\/lis\/article\/21210723\/covid19-highlights-need-for-laboratory-data-sharing-and-interoperability . Retrieved 28 July 2023 .   \n \n\n\u2191 Onsong, G.; Erdmann, J.; Spears, M.D. et al. (2014). \"Implementation of Cloud based Next Generation Sequencing data analysis in a clinical laboratory\". BMC Research Notes 7: 314. doi:10.1186\/1756-0500-7-314. PMC PMC4036707. PMID 24885806. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4036707 .   \n \n\n\u2191 Afgan, E.; Sloggett, C.; Goonasekera, N. et al. (2015). \"Genomics Virtual Laboratory: A Practical Bioinformatics Workbench for the Cloud\". PLoS One 10 (10): e0140829. doi:10.1371\/journal.pone.0140829. PMC PMC4621043. PMID 26501966. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4621043 .   \n \n\n\u2191 Navale, V.; Bourne, P.E. (2018). \"Cloud computing applications for biomedical science: A perspective\". PLoS Computational Biology 14 (6): e1006144. doi:10.1371\/journal.pcbi.1006144. PMC PMC6002019. PMID 29902176. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019 .   \n \n\n\u2191 Ogle, C.; Reddick, D.; McKnight, C.; Biggs, T.; Pauly, R.; Ficklin, S.P.; Feltus, F.A.; Shannigrahi, S. (2021). \"Named data networking for genomics data management and integrated workflows\". Frontiers in Big Data 4: 582468. doi:10.3389\/fdata.2021.582468. PMC PMC7968724. PMID 33748749. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC7968724 .   \n \n\n\u2191 13.0 13.1 Gregg, A. (5 August 2018). \"Pentagon doubles down on \u2018single-cloud\u2019 strategy for $10 billion contract\". The Washington Post. Archived from the original on 07 August 2018. https:\/\/web.archive.org\/web\/20180807051800if_\/https:\/\/www.washingtonpost.com\/business\/capitalbusiness\/pentagon-doubles-down-on-single-cloud-strategy-for-10-billion-contract\/2018\/08\/05\/352cfee8-972b-11e8-810c-5fa705927d54_story.html?utm_term=.130ed427f134 . Retrieved 28 July 2023 .   \n \n\n\u2191 Mitchell, B. (8 March 2018). \"DOD defends its decision to move to commercial cloud with a single award\". FedScoop. https:\/\/www.fedscoop.com\/dod-pentagon-jedi-cloud-contract-single-award\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Gregg, A. (10 February 2021). \"With a $10 billion cloud-computing deal snarled in court, the Pentagon may move forward without it\". The Washington Post. Archived from the original on 11 February 2021. https:\/\/web.archive.org\/web\/20210211065108if_\/https:\/\/www.washingtonpost.com\/business\/2021\/02\/10\/jedi-contract-pentagon-biden\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Alspach, K. (5 March 2021). \"Microsoft Could Lose JEDI Contract If AWS Case Isn\u2019t Dismissed: Report\". CRN. https:\/\/www.crn.com\/news\/cloud\/microsoft-could-lose-jedi-contract-if-aws-case-isn-t-dismissed-report . Retrieved 28 July 2023 .   \n \n\n\u2191 Nix, N. (7 March 2021). \"Microsoft\u2019s $10 billion Pentagon deal at risk amid Amazon fight\". The Seattle Times. https:\/\/www.seattletimes.com\/business\/microsofts-10-billion-pentagon-deal-at-risk-amid-amazon-fight\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Miller, R. (6 July 2021). \"Nobody wins as DoD finally pulls the plug on controversial $10B JEDI contract\". TechCrunch. https:\/\/techcrunch.com\/2021\/07\/06\/nobody-wins-as-dod-finally-pulls-the-plug-on-controversial-10b-jedi-contract\/ . Retrieved 15 August 2023 .   \n \n\n\u2191 19.0 19.1 Shepardson, D. (9 July 2021). \"U.S. judge ends Amazon challenge to $10 bln cloud contract after Pentagon cancellation\". Reuters. https:\/\/www.reuters.com\/legal\/government\/us-judge-ends-amazon-challenge-10-bln-cloud-contract-after-pentagon-cancellation-2021-07-09\/ . Retrieved 15 August 2023 .   \n \n\n\u2191 Miller, R. (19 November 2021). \"Pentagon announces new cloud initiative to replace ill-fated JEDI contract\". TechCrunch. https:\/\/techcrunch.com\/2021\/11\/19\/pentagon-announces-new-cloud-initiative-to-replace-ill-fated-jedi-contract\/ . Retrieved 15 August 2023 .   \n \n\n\u2191 Lopez, C.T. (12 December 2022). \"Department Names Vendors to Provide Joint Warfighting Cloud Capability\". DoD News. U.S. Department of Defense. https:\/\/www.defense.gov\/News\/News-Stories\/Article\/Article\/3243483\/department-names-vendors-to-provide-joint-warfighting-cloud-capability\/ . Retrieved 15 August 2023 .   \n \n\n\u2191 Underwood, K. (17 April 2023). \"The Joint Warfighting Cloud Capability Is Breaking Barriers\". SIGNAL. https:\/\/www.afcea.org\/signal-media\/defense-operations\/joint-warfighting-cloud-capability-breaking-barriers . Retrieved 15 August 2023 .   \n \n\n\u2191 Waibel, P.; Matt, J.; Hochreiner, C. et al. (2017). \"Cost-optimized redundant data storage in the cloud\". Service Oriented Computing and Applications 11: 411\u201326. doi:10.1007\/s11761-017-0218-9.   \n \n\n\u2191 Anderson, M.E.; Ray, S.C. (2017). \"It's 10 pm; Do You Know Where Your Data Are? Data Provenance, Curation, and Storage\". Circulation Research 120 (10): 1551-1554. doi:10.1161\/CIRCRESAHA.116.310424. PMC PMC5465863. PMID 28495991. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC5465863 .   \n \n\n\u2191 \"Clean up your server instance before migration\". Atlassian Support. Atlassian. 17 March 2021. https:\/\/support.atlassian.com\/migration\/docs\/clean-up-your-server-instance-before-migration\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 SADA Says (22 August 2019). \"9 STEPS FOR MIGRATING DATABASES TO THE CLOUD\". SADA, Inc. https:\/\/sada.com\/insights\/blog\/9-steps-for-migrating-databases-to-the-cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Mok, K. (1 December 2020). \"Should we really be worried about vendor lock-in in 2020?\". Protocol. https:\/\/www.protocol.com\/manuals\/new-enterprise\/vendor-lockin-cloud-saas . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cloud Communications: European Companies Show Newfound Maturity\". Mitel. 20 July 2020. Archived from the original on 04 December 2021. https:\/\/web.archive.org\/web\/20211204082428\/https:\/\/www.mitel.com\/en-gb\/about\/newsroom\/press-releases\/european-companies-show-newfound-maturity . Retrieved 28 July 2023 .   \n \n\n\u2191 Paul, F. (24 July 2023). \"HashiCorp State of Cloud Strategy Survey 2023: The tech sector perspective\". HashiCorp. https:\/\/www.hashicorp.com\/blog\/hashicorp-state-of-cloud-strategy-survey-2023-the-tech-sector-perspective . Retrieved 15 August 2023 .   \n \n\n\u2191 \"How to avoid cloud vendor lock-in and take advantage of multi-cloud\". InformationAge. 2023. https:\/\/www.information-age.com\/how-to-avoid-cloud-vendor-lock-in-advantage-multi-cloud-16437\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Nangare, S. (13 December 2019). \"An Overview of Cloud Migration and Open Source\". DevOps.com. https:\/\/devops.com\/an-overview-of-cloud-migration-and-open-source\/ . Retrieved 28 July 2023 .   \n \n\n\n\r\n\n\n-----Go to the next chapter of this guide-----\nCitation information for this chapter \nChapter: 4. Cloud computing in the laboratory\nTitle: Choosing and Implementing a Cloud-based Service for Your Laboratory\nEdition: Second edition\nAuthor for citation: Shawn E. Douglas\nLicense for content: Creative Commons Attribution-ShareAlike 4.0 International\nPublication date: August 2023\n\r\n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 16 August 2023, at 21:07.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 407 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","3f6cdca956c811a19c1773e32fc70e7c_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Cloud_computing_in_the_laboratory_Deployment_approaches rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Cloud_computing_in_the_laboratory_Deployment_approaches skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Cloud computing in the laboratory\/Deployment approaches<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n\n<h3><span class=\"mw-headline\" id=\"4.3_Deployment_approaches\">4.3 Deployment approaches<\/span><\/h3>\n<p>Chapter 2 also looked at deployment approaches in detail, so this section won't get too in-depth. However, the topic of choosing the right deployment approach for your laboratory is still an important one. As Agilent Technologies noted in its 2019 white paper <i>Cloud Adoption for Lab Informatics<\/i>, a laboratory's \"deployment approach is a key factor for laboratory leadership since the choice of private, public, or hybrid deployment will impact the viability of solutions in the other layers of informatics\" applied by the lab.<sup id=\"rdp-ebb-cite_ref-AgilentCloud19_1-0\" class=\"reference\"><a href=\"#cite_note-AgilentCloud19-1\">[1]<\/a><\/sup> In some cases, like most software, the deployment choice will be relatively straightforward, but other aspects of laboratory requirements may complicate that decision further.\n<\/p><p>Broadly speaking, any attempt to move you LIS, LIMS, or <a href=\"https:\/\/www.limswiki.org\/index.php\/Electronic_laboratory_notebook\" title=\"Electronic laboratory notebook\" class=\"wiki-link\" data-key=\"a9fbbd5e0807980106763fab31f1e72f\">electronic laboratory notebook<\/a> (ELN) to the cloud will almost certainly involve a <a href=\"https:\/\/www.limswiki.org\/index.php\/Software_as_a_service\" title=\"Software as a service\" class=\"wiki-link\" data-key=\"ae8c8a7cd5ee1a264f4f0bbd4a4caedd\">software as a service<\/a> (SaaS) approach.<sup id=\"rdp-ebb-cite_ref-AgilentCloud19_1-1\" class=\"reference\"><a href=\"#cite_note-AgilentCloud19-1\">[1]<\/a><\/sup> If the deployment is relatively simple, with well-structured data, this is relatively painless. However, in cases where your LIS, LIMS, or ELN need to interface with additional business systems like an <a href=\"https:\/\/www.limswiki.org\/index.php\/Enterprise_resource_planning\" title=\"Enterprise resource planning\" class=\"wiki-link\" data-key=\"07be791b94a208f794e38224f0c0950b\">enterprise resource planning<\/a> (ERP) system or other informatics software such as a <a href=\"https:\/\/www.limswiki.org\/index.php\/Picture_archiving_and_communication_system\" title=\"Picture archiving and communication system\" class=\"wiki-link\" data-key=\"523b73ff51fa83663dc0b1d59e6d0f05\">picture archiving and communication system<\/a> (PACS), an argument could be made that a <a href=\"https:\/\/www.limswiki.org\/index.php\/Platform_as_a_service\" title=\"Platform as a service\" class=\"wiki-link\" data-key=\"abad55890b97c6a6153458ad3d62762f\">platform as a service<\/a> (PaaS) approach may be warranted, due to its greater flexibility.<sup id=\"rdp-ebb-cite_ref-AgilentCloud19_1-2\" class=\"reference\"><a href=\"#cite_note-AgilentCloud19-1\">[1]<\/a><\/sup>\n<\/p><p>But laboratories don't run on software alone; analytical instruments are also involved. Those instruments are usually interfaced to the lab's software systems to better capture raw and modified instrument data directly. However, addressing how your cloud-based informatics systems handle instrument data can be challenging, requiring careful attention to cloud service and deployment models. <a href=\"https:\/\/www.limswiki.org\/index.php\/Infrastructure_as_a_service\" title=\"Infrastructure as a service\" class=\"wiki-link\" data-key=\"70b93c66f23363688d45f0d354e5c032\">Infrastructure as a service<\/a> (IaaS) may be a useful service model to look into due to its versatility in being deployed in private, hybrid, and public cloud models.<sup id=\"rdp-ebb-cite_ref-AgilentCloud19_1-3\" class=\"reference\"><a href=\"#cite_note-AgilentCloud19-1\">[1]<\/a><\/sup> As Agilent notes: \"This model enables laboratories to minimize the IT footprint in the lab to only the resources needed for instrument control and acquisition. The rest of the data system components can be virtualized in the cloud and thus take advantage of the dynamic scaling and accessibility aspects of the cloud.\"<sup id=\"rdp-ebb-cite_ref-AgilentCloud19_1-4\" class=\"reference\"><a href=\"#cite_note-AgilentCloud19-1\">[1]<\/a><\/sup> It also has easy scalability, enables remote access, and simplifies disaster recovery.<sup id=\"rdp-ebb-cite_ref-AgilentCloud19_1-5\" class=\"reference\"><a href=\"#cite_note-AgilentCloud19-1\">[1]<\/a><\/sup> \n<\/p><p>Notice that Agilent still allows for the in-house IT resources necessary to handle the control of instruments and the acquisition of their data. This brings up an important point about instruments. When it comes to instruments, realistic decisions must be made concerning whether or not to take instrument data collection and management into the cloud, keep it local, or enact a hybrid workflow where instrument data is created locally but uploaded to the cloud later.<sup id=\"rdp-ebb-cite_ref-VyasCloud20_2-0\" class=\"reference\"><a href=\"#cite_note-VyasCloud20-2\">[2]<\/a><\/sup> In 2017, the Association of Public Health Laboratories (APHL) emphasized latency issues as a real concern when it comes to instrument control computing systems, finding that most shouldn't be in the cloud. The APHL went on to add that those systems can, however, \"be designed to share data in network storage systems and\/or be integrated with cloud-based LIMS through various communication paths.\"<sup id=\"rdp-ebb-cite_ref-APHLBreaking17_3-0\" class=\"reference\"><a href=\"#cite_note-APHLBreaking17-3\">[3]<\/a><\/sup>\n<\/p><p>So what should a laboratory do with instrument systems? PI Digital's general manager, Kaushal Vyas, recognized the difficulties in deciding what to do with instrument systems in September 2020, breaking the decision down into five key considerations. First, consider the potential futures for your laboratory instruments and how any developing industry trends may affect those instruments. Do you envision your instruments becoming less wired? Will mobile devices be able to interface with them? Are they integrated via a hub? And does a cloud-based solution that manages those integrations across multiple locations make sense at some future point? Second, talk to the people who actually use the instruments and understand the workflows those instruments participate in. Are analysts loading samples directly into the machine and largely getting results from the same location? Or will results need to be accessed from different locations? In the case of the latter, cloud management of instrument data may make more sense. Third, are there additional ways to digitize your workflows in the lab? Perhaps later down the road? Does enabling from-anywhere access to instruments with the help of the cloud make sense for the lab? This leads to the fourth consideration, which actually touches upon the prior three: location, location, location. Where are the instruments located and from where will results, maintenance logs, and error logs be read? If these tasks don't need to be completed in real time, it's possible some hybrid cloud solution would work for you. And finally\u2014as has been emphasized throughout the guide\u2014ask what regulations and security requirements drive instrument deployment and use. In highly regulated environments like pharmaceutical research and production, moving instrument data off-premises may not be an option.<sup id=\"rdp-ebb-cite_ref-VyasCloud20_2-1\" class=\"reference\"><a href=\"#cite_note-VyasCloud20-2\">[2]<\/a><\/sup>\n<\/p><p>One additional consideration that hasn't been fully discussed yet is whether or not to go beyond a hybrid cloud\u2014depending on one single cloud vender to integrate with on-premises systems\u2014to a cloud approach that involves more than one cloud vendor. We examine this consideration, as well as how it related to vendor lock-in, in the following subsection.\n<\/p>\n<h4><span id=\"rdp-ebb-4.3.1_Hybrid_cloud,_multicloud,_and_the_vendor_lock-in_conundrum\"><\/span><span class=\"mw-headline\" id=\"4.3.1_Hybrid_cloud.2C_multicloud.2C_and_the_vendor_lock-in_conundrum\">4.3.1 Hybrid cloud, multicloud, and the vendor lock-in conundrum<\/span><\/h4>\n<div class=\"floatright\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Devuan_GNU-Linux_-_tty_login_as_root_in_an_ownCloud_instance_-_server_rack.jpg\" class=\"image wiki-link\" data-key=\"ef45148f6923744d1074529131a38a0a\"><img alt=\"Devuan GNU-Linux - tty login as root in an ownCloud instance - server rack.jpg\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/a\/a7\/Devuan_GNU-Linux_-_tty_login_as_root_in_an_ownCloud_instance_-_server_rack.jpg\" decoding=\"async\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a><\/div><p>In Chapter 1, we compared and contrasted hybrid cloud, multicloud, and distributed cloud deployments. Remember that hybrid cloud integrates a private cloud or local IT infrastructure with a public cloud, multicloud multiplies public cloud into services from two or more vendors, and distributed cloud takes a public cloud and expands it to multiple edge locations. Hybrid and distributed deployments typically involve one public cloud vendor, and multicloud involves more than one public cloud vendor. But why would any laboratory want to spread its operations across two or more CSPs?\n<\/p><p>\"Multicloud has the benefit of reducing vendor lock-in by implementing resource utilization and storage across more than one public cloud provider,\" we said in Chapter 1. The benefits of choosing a multicloud option over other options are a bit contentious however. Writing for the Carnegie Endowment in 2020, Maurer and Hinck address the issues of multicloud in detail<sup id=\"rdp-ebb-cite_ref-MaurerCloud20_4-0\" class=\"reference\"><a href=\"#cite_note-MaurerCloud20-4\">[4]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Proponents argue that this approach has benefits such as avoiding vendor lock-in, increasing resilience to outages, and taking advantage of competitive pricing. However, each of these points is contested; for instance, some might argue that ensuring a CSP\u2019s infrastructure architecture is secure is a much better way to enhance resilience than replicating workloads across multiple CSPs ... However, using multiple cloud providers can create greater complexity for organizations in terms of managing their cloud usage and creating more potential points of vulnerability, as the Cloud Security Alliance discussed in a May 2019 report.<\/p><\/blockquote>\n<p>However, that very same complexity, found with most any cloud technology, brings with it risks related to vendor lock-in, seemingly forming a vicious circle. Carnegie Endowment's Levite and Kalwany noted in November 2020<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_5-0\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-5\">[5]<\/a><\/sup>:\n<\/p>\n<blockquote><p>... the complex technology behind cloud services exacerbates risks of vendor lock-in. There are two main factors to consider here: the level of interoperability (how easy it is to make different cloud services work together as well as work with on-site consumer IT systems), and portability (how easy it is to switch data and applications from one cloud service to another, as well as from on-site systems to the cloud and back). Standards enabling both interoperability and portability of cloud services are likely to emerge as [among other things] a means of avoiding vendor lock-in.<\/p><\/blockquote>\n<p>To be sure, interoperability and portability are important concepts, not only in cloud computing<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_5-1\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-5\">[5]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-RamalingamAddress21_6-0\" class=\"reference\"><a href=\"#cite_note-RamalingamAddress21-6\">[6]<\/a><\/sup> but also in laboratory <a href=\"https:\/\/www.limswiki.org\/index.php\/Information_management\" title=\"Information management\" class=\"wiki-link\" data-key=\"f8672d270c0750a858ed940158ca0a73\">data management<\/a>, particularly with clinical data.<sup id=\"rdp-ebb-cite_ref-ASPEShield_7-0\" class=\"reference\"><a href=\"#cite_note-ASPEShield-7\">[7]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-FutrellCOVID21_8-0\" class=\"reference\"><a href=\"#cite_note-FutrellCOVID21-8\">[8]<\/a><\/sup> The U.S.' current SHIELD initiative speaks to that, aiming \"to improve the quality, interoperability and portability of laboratory data within and between institutions so that diagnostic information can be pulled from different sources or shared between institutions to help illuminate clinical management and understand health outcomes.\"<sup id=\"rdp-ebb-cite_ref-ASPEShield_7-1\" class=\"reference\"><a href=\"#cite_note-ASPEShield-7\">[7]<\/a><\/sup> You see this same emphasis taking place in regards to cloud systems and biomedical research data sharing and the associated benefits of having interoperable, portable data using cloud systems.<sup id=\"rdp-ebb-cite_ref-OnsongoImplem14_9-0\" class=\"reference\"><a href=\"#cite_note-OnsongoImplem14-9\">[9]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AfganGenomics15_10-0\" class=\"reference\"><a href=\"#cite_note-AfganGenomics15-10\">[10]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-NavaleCloud18_11-0\" class=\"reference\"><a href=\"#cite_note-NavaleCloud18-11\">[11]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-OgleNamed21_12-0\" class=\"reference\"><a href=\"#cite_note-OgleNamed21-12\">[12]<\/a><\/sup>\n<\/p><p>As Levite and Kalwany point out, interoperability and portability is also useful in the discussion on whether or not to use two or more CSPs. Let's again highlight their questions<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_5-2\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-5\">[5]<\/a><\/sup> (which will also be important to the next chapter on choosing and implementing your cloud solutions):\n<\/p>\n<ul><li>How interoperable or compatible is one public CSP's services with another public CSP's services, as well as with your on-premises IT systems?<\/li>\n<li>How portable or transferable are your data and applications when needing to move them from one cloud service to another, as well as to and from your on-premises solutions?<\/li><\/ul>\n<p>These two questions, along with the vendor lock-in conundrum, are illustrated well in the ongoing saga of the Pentagon's JEDI project. The Joint Enterprise Defense Infrastructure (JEDI) project was officially kicked into gear in 2018 with a request for proposal (RFP), seeking to find a singular cloud computing provider to help usher in a new cloud-based era for Defense Department operations. The adamancy towards choosing only one CSP, despite the sheer enormity of the contract, quickly raised the eyebrows or watchdogs and major industry players even before the RFP was released. Claims of one provider having too much influence over government IT, as well an already skewed bidding process in favor of Amazon, complicated matters further.<sup id=\"rdp-ebb-cite_ref-GreggPent18_13-0\" class=\"reference\"><a href=\"#cite_note-GreggPent18-13\">[13]<\/a><\/sup> Defending the stance of choosing only one CSP, the Digital Defense Service's deputy director Tim Van Name cited an \"overall complexity\" increase that would come from awarding the RFP to multiple CSPs, given the challenges already inherent to Defense Department data management in and out of the battlefield. Van Name also cited a \"lack of standardization and interoperability\" of complex cloud deployments as another barrier to accessing data when and where they need it.<sup id=\"rdp-ebb-cite_ref-MitchellDoD18_14-0\" class=\"reference\"><a href=\"#cite_note-MitchellDoD18-14\">[14]<\/a><\/sup> This has inevitably led to a number of lawsuits before and after Microsoft was awarded the contract. With legal battles raging and an overarching \"urgent, unmet requirement\" by the Defense Department still not being realized because of the litigation, the government was rumored to be considering taking a loss on the single-vendor JEDI plan and moving forward with a multicloud plan, particularly with the departure of senior officials who originally backed the single cloud proposal.<sup id=\"rdp-ebb-cite_ref-GreggWithA21_15-0\" class=\"reference\"><a href=\"#cite_note-GreggWithA21-15\">[15]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AlspachMicro21_16-0\" class=\"reference\"><a href=\"#cite_note-AlspachMicro21-16\">[16]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-NixMicro21_17-0\" class=\"reference\"><a href=\"#cite_note-NixMicro21-17\">[17]<\/a><\/sup> The success of the CIA's C2E cloud-based program, which was awarded to five cloud providers, may have proven to be a further catalyst<sup id=\"rdp-ebb-cite_ref-GreggPent18_13-1\" class=\"reference\"><a href=\"#cite_note-GreggPent18-13\">[13]<\/a><\/sup>, as by July 2021, the JEDI project was finally pulled by the DoD<sup id=\"rdp-ebb-cite_ref-MillerNobody21_18-0\" class=\"reference\"><a href=\"#cite_note-MillerNobody21-18\">[18]<\/a><\/sup> and related lawsuits by Amazon were dismissed.<sup id=\"rdp-ebb-cite_ref-ShepardsonUSJudge21_19-0\" class=\"reference\"><a href=\"#cite_note-ShepardsonUSJudge21-19\">[19]<\/a><\/sup> Almost immediately afterwards, the DoD announced a new proposal, the Joint Warfighter Cloud Capability (JWCC) project, with a rough projection of being awarded to multiple vendors by April 2022.<sup id=\"rdp-ebb-cite_ref-ShepardsonUSJudge21_19-1\" class=\"reference\"><a href=\"#cite_note-ShepardsonUSJudge21-19\">[19]<\/a><\/sup> The DoD limited bids to four vendors\u2014Amazon, Google, Microsoft, and Oracle\u2014with all four gaining a piece of the indefinite-delivery, indefinite-quantity contract by December 2022.<sup id=\"rdp-ebb-cite_ref-MillerPent21_20-0\" class=\"reference\"><a href=\"#cite_note-MillerPent21-20\">[20]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-LopezDepart22_21-0\" class=\"reference\"><a href=\"#cite_note-LopezDepart22-21\">[21]<\/a><\/sup> An April 2023 report in <i>SIGNAL<\/i> on the JWCC provided further insight on the unique approach to the contract, highlighting that despite all the stated complexity, some definitive benefits emerge from a multicloud arrangement<sup id=\"rdp-ebb-cite_ref-UnderwoodTheJoint23_22-0\" class=\"reference\"><a href=\"#cite_note-UnderwoodTheJoint23-22\">[22]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Officials structured the JWCC vehicle to be a one enterprise contract and set up direct relationships with the cloud service providers (CSPs)\u2014which is unique. [Hosting and Compute Center] works with DoD customers to shape their cloud service requirements and interacts directly with the four private sector cloud companies on the contract, instead via a third-party ... 'No contract in the department has that direct relationship with the CSPs,' McArthur said. 'Having that single point to be able to go to the vendors and be able to [interact with them] when it comes to meeting capabilities, needing to drive cost parity or cybersecurity incidents, those are groundbreaking things for the department at large.'<\/p><\/blockquote>\n<p>What does all this mean for the average laboratory? At a minimum, there may be some benefit to having, for example, redundant data backup in the cloud, particularly if your lab feels that sensitive data can be safely moved to the cloud, and that there's overall cost savings long-term (vs. investing in local data storage). But that \"either-or\" view doesn't entirely address potential risks associated with vendor lock-in and the need for data availability and durability. As such, having data stored in multiple locations makes sense, even if that means moving data to two different cloud providers. With a bit of analysis of data access patterns and a solid understanding of your data types and sensitivities, it may be possible to make this sort of multicloud data storage more cost-effective.<sup id=\"rdp-ebb-cite_ref-WaibelCost17_23-0\" class=\"reference\"><a href=\"#cite_note-WaibelCost17-23\">[23]<\/a><\/sup> However, remember that the traceability of your data is also important, and if quality data goes into the cloud service, then it will be easier to find, in theory. As is, it's already a challenge for many laboratories to locate original data\u2014particularly older data\u2014and some labs still don't have clear data storage policies.<sup id=\"rdp-ebb-cite_ref-AndersonIts10_17_24-0\" class=\"reference\"><a href=\"#cite_note-AndersonIts10_17-24\">[24]<\/a><\/sup> As such, any transition to the cloud should also be considering the value of reinforcing existing data management strategies or, forbid they don't exist, getting started on developing such strategies. In conjunction with reviewing or creating data management strategies, <a href=\"https:\/\/www.limswiki.org\/index.php\/Data_cleansing\" title=\"Data cleansing\" class=\"wiki-link\" data-key=\"c0cec85355e07dc9cbfe96983a4e27a2\">data cleansing<\/a> may be required to make the data more meaningful, findable, and actionable.<sup id=\"rdp-ebb-cite_ref-AtlassianClean21_25-0\" class=\"reference\"><a href=\"#cite_note-AtlassianClean21-25\">[25]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-SADASaysNine19_26-0\" class=\"reference\"><a href=\"#cite_note-SADASaysNine19-26\">[26]<\/a><\/sup> This concept holds true even if a multicloud deployment doesn't make sense for you but a hybrid cloud deployment with local backups does. This hybrid approach may especially make sense if the lab uses a <a href=\"https:\/\/www.limswiki.org\/index.php\/Scientific_data_management_system\" title=\"Scientific data management system\" class=\"wiki-link\" data-key=\"9f38d322b743f578fef487b6f3d7c253\">scientific data management system<\/a> (SDMS). As Agilent notes, if you already have an on-premises SDMS, \"extending the data storage capacity by connecting to a cloud storage location is a logical first step. This hybrid approach can use cloud storage in both a passive\/active capacity while also taking advantage of turnkey archival solutions that the cloud offers.\"<sup id=\"rdp-ebb-cite_ref-AgilentCloud19_1-6\" class=\"reference\"><a href=\"#cite_note-AgilentCloud19-1\">[1]<\/a><\/sup>\n<\/p><p>But what about the concept of vendor lock-in overall? How much should a laboratory worry about this scenario, particularly in regards to, for example, moving from an on-premises LIMS to one hosted in the cloud? Some like tech reporter Kimberley Mok, writing for <i>Protocol<\/i>, argue that as major CSPs begin to make multicloud-friendly upgrades to their infrastructure, and as users perform more rigorous vetting of CSPs and migrate to more portable, containerized software solutions, the threat of vendor lock-in is gradually diminishing.<sup id=\"rdp-ebb-cite_ref-MokShould20_27-0\" class=\"reference\"><a href=\"#cite_note-MokShould20-27\">[27]<\/a><\/sup> However, business owners remain fearful. A summer 2020 survey published by business communications company Mitel found that among more than 1,100 European IT decision makers, a top contractual priority with a CSP was avoiding vendor lock-in; \"46 percent of respondents [said they] want the ability to change provider quickly if the service contract is not fulfilled.\"<sup id=\"rdp-ebb-cite_ref-MitelCloud20_28-0\" class=\"reference\"><a href=\"#cite_note-MitelCloud20-28\">[28]<\/a><\/sup> HashiCorp's third annual <i>State of Cloud Strategy Survey<\/i> in 2023 found that 48 percent of respondents thought single-vendor lock-in was driving multicloud adoption, further highlighting an increasing concern among businesses turning to the cloud.<sup id=\"rdp-ebb-cite_ref-PaulHashi23_29-0\" class=\"reference\"><a href=\"#cite_note-PaulHashi23-29\">[29]<\/a><\/sup>\n<\/p><p>In the end, the laboratory will have to come down to a crucial decision: do we outsource services to several specialists (i.e., disaggregation) or stick to one, risking vendor lock-in? U.K. business software developer Advanced's chief product officer Amanda Grant provides this insight<sup id=\"rdp-ebb-cite_ref-IsmailHowTo20_30-0\" class=\"reference\"><a href=\"#cite_note-IsmailHowTo20-30\">[30]<\/a><\/sup>:\n<\/p>\n<blockquote><p>For larger enterprises, disaggregation works best. The vast operations they undertake require a level of scalability and expertise that is best delivered by specialist companies. These specialists can target specific and more complex needs as well as support mission-critical operations directly.\n[For mid-sized organizations,] disaggregation demands a lot of internal investment. They would need in-house expertise to manage multiple suppliers and successfully integrate the services. The alternative would be to use an open ecosystem that brings all their cloud software solutions together in one place. This enables users to consume all of their cloud applications with ease while minimizing risk of vendor lock-in.<\/p><\/blockquote>\n<p>It's possible that as cloud computing continues to evolve, interoperability and portability of data, as well as tools for better data traceability, will continue to be a priority for the industry overall, potentially through continued standardization efforts.<sup id=\"rdp-ebb-cite_ref-RamalingamAddress21_6-1\" class=\"reference\"><a href=\"#cite_note-RamalingamAddress21-6\">[6]<\/a><\/sup> As a result, perhaps the discussions of vendor lock-in will be less commonplace, with multicloud deployments becoming common discussion. The adoption of open-source technologies as part of an organization's cloud migration may also help with interoperability with other cloud platforms in the future.<sup id=\"rdp-ebb-cite_ref-NangareAnOver19_31-0\" class=\"reference\"><a href=\"#cite_note-NangareAnOver19-31\">[31]<\/a><\/sup> In the meantime, laboratory decision makers will have to weigh the sensitivity of their data, that data's cloud-readiness, the laboratory budget, the potential risks, and the potential rewards of moving its operations to more complex but productive hybrid cloud and multicloud environments. The final decisions will differ, sometimes drastically, from lab to lab, but the risk management processes and considerations from Chapter 3 should be the same: same starting point but different destinations.\n<\/p><p>That leads us to the next chapter of our guide on the managed security service provider (MSSP), an entity that provides monitoring and management of security devices and systems in the cloud, among other things. These providers make make it considerably easier, and more secure, for a laboratory to implement cloud computing in their organization.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-AgilentCloud19-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AgilentCloud19_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-AgilentCloud19_1-1\">1.1<\/a><\/sup> <sup><a href=\"#cite_ref-AgilentCloud19_1-2\">1.2<\/a><\/sup> <sup><a href=\"#cite_ref-AgilentCloud19_1-3\">1.3<\/a><\/sup> <sup><a href=\"#cite_ref-AgilentCloud19_1-4\">1.4<\/a><\/sup> <sup><a href=\"#cite_ref-AgilentCloud19_1-5\">1.5<\/a><\/sup> <sup><a href=\"#cite_ref-AgilentCloud19_1-6\">1.6<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Agilent Technologies (21 February 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf\" target=\"_blank\">\"Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps\"<\/a> (PDF). Agilent Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf\" target=\"_blank\">https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Adoption+for+Lab+Informatics%3A+Trends%2C+Opportunities%2C+Considerations%2C+Next+Steps&rft.atitle=&rft.aulast=Agilent+Technologies&rft.au=Agilent+Technologies&rft.date=21+February+2019&rft.pub=Agilent+Technologies&rft_id=https%3A%2F%2Fwww.agilent.com%2Fcs%2Flibrary%2Fwhitepaper%2Fpublic%2Fwhitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-VyasCloud20-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-VyasCloud20_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-VyasCloud20_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Vyas, K. (September 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/planetinnovation.com\/perspectives\/cloud-vs-on-premises-solutions\/\" target=\"_blank\">\"Cloud vs. on-premises solutions \u2013 5 factors to consider when planning the connectivity strategy for your healthcare instrument\"<\/a>. <i>Planet Innovation: Perspectives<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/planetinnovation.com\/perspectives\/cloud-vs-on-premises-solutions\/\" target=\"_blank\">https:\/\/planetinnovation.com\/perspectives\/cloud-vs-on-premises-solutions\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+vs.+on-premises+solutions+%E2%80%93+5+factors+to+consider+when+planning+the+connectivity+strategy+for+your+healthcare+instrument&rft.atitle=Planet+Innovation%3A+Perspectives&rft.aulast=Vyas%2C+K.&rft.au=Vyas%2C+K.&rft.date=September+2020&rft_id=https%3A%2F%2Fplanetinnovation.com%2Fperspectives%2Fcloud-vs-on-premises-solutions%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-APHLBreaking17-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-APHLBreaking17_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Association of Public Health Laboratories (2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf\" target=\"_blank\">\"Breaking Through the Cloud: A Laboratory Guide to Cloud Computing\"<\/a> (PDF). Association of Public Health Laboratories<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf\" target=\"_blank\">https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Breaking+Through+the+Cloud%3A+A+Laboratory+Guide+to+Cloud+Computing&rft.atitle=&rft.aulast=Association+of+Public+Health+Laboratories&rft.au=Association+of+Public+Health+Laboratories&rft.date=2017&rft.pub=Association+of+Public+Health+Laboratories&rft_id=https%3A%2F%2Fwww.aphl.org%2FaboutAPHL%2Fpublications%2FDocuments%2FINFO-2017Jun-Cloud-Computing.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MaurerCloud20-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MaurerCloud20_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Maurer, T.; Hinck, G. (31 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">\"Cloud Security: A Primer for Policymakers\"<\/a>. Carnegie Endowment for International Peace<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Security%3A+A+Primer+for+Policymakers&rft.atitle=&rft.aulast=Maurer%2C+T.%3B+Hinck%2C+G.&rft.au=Maurer%2C+T.%3B+Hinck%2C+G.&rft.date=31+August+2020&rft.pub=Carnegie+Endowment+for+International+Peace&rft_id=https%3A%2F%2Fcarnegieendowment.org%2F2020%2F08%2F31%2Fcloud-security-primer-for-policymakers-pub-82597&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LeviteCloud20-5\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-LeviteCloud20_5-0\">5.0<\/a><\/sup> <sup><a href=\"#cite_ref-LeviteCloud20_5-1\">5.1<\/a><\/sup> <sup><a href=\"#cite_ref-LeviteCloud20_5-2\">5.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Levite, A.; Kalwani, G. (9 November 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124\" target=\"_blank\">\"Cloud Governance Challenges: A Survey of Policy and Regulatory Issues\"<\/a>. Carnegie Endowment for International Peace<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124\" target=\"_blank\">https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Governance+Challenges%3A+A+Survey+of+Policy+and+Regulatory+Issues&rft.atitle=&rft.aulast=Levite%2C+A.%3B+Kalwani%2C+G.&rft.au=Levite%2C+A.%3B+Kalwani%2C+G.&rft.date=9+November+2020&rft.pub=Carnegie+Endowment+for+International+Peace&rft_id=https%3A%2F%2Fcarnegieendowment.org%2F2020%2F11%2F09%2Fcloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-RamalingamAddress21-6\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-RamalingamAddress21_6-0\">6.0<\/a><\/sup> <sup><a href=\"#cite_ref-RamalingamAddress21_6-1\">6.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Ramalingam, C.; Mohan, P. (2021). \"Addressing Semantics Standards for Cloud Portability and Interoperability in Multi Cloud Environment\". <i>Symmetry<\/i> <b>13<\/b>: 317. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.3390%2Fsym13020317\" target=\"_blank\">10.3390\/sym13020317<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Addressing+Semantics+Standards+for+Cloud+Portability+and+Interoperability+in+Multi+Cloud+Environment&rft.jtitle=Symmetry&rft.aulast=Ramalingam%2C+C.%3B+Mohan%2C+P.&rft.au=Ramalingam%2C+C.%3B+Mohan%2C+P.&rft.date=2021&rft.volume=13&rft.pages=317&rft_id=info:doi\/10.3390%2Fsym13020317&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ASPEShield-7\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-ASPEShield_7-0\">7.0<\/a><\/sup> <sup><a href=\"#cite_ref-ASPEShield_7-1\">7.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Office of the Assistant Secretary for Planning and Evaluation. <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aspe.hhs.gov\/shield-standardization-lab-data-enhance-patient-centered-outcomes-research-and-value-based-care\" target=\"_blank\">\"SHIELD - Standardization of Lab Data to Enhance Patient-Centered Outcomes Research and Value-Based Care\"<\/a>. U.S. Department of Health & Human Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aspe.hhs.gov\/shield-standardization-lab-data-enhance-patient-centered-outcomes-research-and-value-based-care\" target=\"_blank\">https:\/\/aspe.hhs.gov\/shield-standardization-lab-data-enhance-patient-centered-outcomes-research-and-value-based-care<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SHIELD+-+Standardization+of+Lab+Data+to+Enhance+Patient-Centered+Outcomes+Research+and+Value-Based+Care&rft.atitle=&rft.aulast=Office+of+the+Assistant+Secretary+for+Planning+and+Evaluation&rft.au=Office+of+the+Assistant+Secretary+for+Planning+and+Evaluation&rft.pub=U.S.+Department+of+Health+%26+Human+Services&rft_id=https%3A%2F%2Faspe.hhs.gov%2Fshield-standardization-lab-data-enhance-patient-centered-outcomes-research-and-value-based-care&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FutrellCOVID21-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FutrellCOVID21_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Futrell, K. (22 February 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mlo-online.com\/information-technology\/lis\/article\/21210723\/covid19-highlights-need-for-laboratory-data-sharing-and-interoperability\" target=\"_blank\">\"COVID-19 highlights need for laboratory data sharing and interoperability\"<\/a>. <i>Medical Laboratory Observer<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.mlo-online.com\/information-technology\/lis\/article\/21210723\/covid19-highlights-need-for-laboratory-data-sharing-and-interoperability\" target=\"_blank\">https:\/\/www.mlo-online.com\/information-technology\/lis\/article\/21210723\/covid19-highlights-need-for-laboratory-data-sharing-and-interoperability<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=COVID-19+highlights+need+for+laboratory+data+sharing+and+interoperability&rft.atitle=Medical+Laboratory+Observer&rft.aulast=Futrell%2C+K.&rft.au=Futrell%2C+K.&rft.date=22+February+2021&rft_id=https%3A%2F%2Fwww.mlo-online.com%2Finformation-technology%2Flis%2Farticle%2F21210723%2Fcovid19-highlights-need-for-laboratory-data-sharing-and-interoperability&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OnsongoImplem14-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OnsongoImplem14_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Onsong, G.; Erdmann, J.; Spears, M.D. et al. (2014). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4036707\" target=\"_blank\">\"Implementation of Cloud based Next Generation Sequencing data analysis in a clinical laboratory\"<\/a>. <i>BMC Research Notes<\/i> <b>7<\/b>: 314. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1186%2F1756-0500-7-314\" target=\"_blank\">10.1186\/1756-0500-7-314<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC4036707\/\" target=\"_blank\">PMC4036707<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/24885806\" target=\"_blank\">24885806<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4036707\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4036707<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Implementation+of+Cloud+based+Next+Generation+Sequencing+data+analysis+in+a+clinical+laboratory&rft.jtitle=BMC+Research+Notes&rft.aulast=Onsong%2C+G.%3B+Erdmann%2C+J.%3B+Spears%2C+M.D.+et+al.&rft.au=Onsong%2C+G.%3B+Erdmann%2C+J.%3B+Spears%2C+M.D.+et+al.&rft.date=2014&rft.volume=7&rft.pages=314&rft_id=info:doi\/10.1186%2F1756-0500-7-314&rft_id=info:pmc\/PMC4036707&rft_id=info:pmid\/24885806&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC4036707&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AfganGenomics15-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AfganGenomics15_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Afgan, E.; Sloggett, C.; Goonasekera, N. et al. (2015). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4621043\" target=\"_blank\">\"Genomics Virtual Laboratory: A Practical Bioinformatics Workbench for the Cloud\"<\/a>. <i>PLoS One<\/i> <b>10<\/b> (10): e0140829. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1371%2Fjournal.pone.0140829\" target=\"_blank\">10.1371\/journal.pone.0140829<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC4621043\/\" target=\"_blank\">PMC4621043<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/26501966\" target=\"_blank\">26501966<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4621043\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4621043<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Genomics+Virtual+Laboratory%3A+A+Practical+Bioinformatics+Workbench+for+the+Cloud&rft.jtitle=PLoS+One&rft.aulast=Afgan%2C+E.%3B+Sloggett%2C+C.%3B+Goonasekera%2C+N.+et+al.&rft.au=Afgan%2C+E.%3B+Sloggett%2C+C.%3B+Goonasekera%2C+N.+et+al.&rft.date=2015&rft.volume=10&rft.issue=10&rft.pages=e0140829&rft_id=info:doi\/10.1371%2Fjournal.pone.0140829&rft_id=info:pmc\/PMC4621043&rft_id=info:pmid\/26501966&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC4621043&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NavaleCloud18-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NavaleCloud18_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Navale, V.; Bourne, P.E. (2018). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019\" target=\"_blank\">\"Cloud computing applications for biomedical science: A perspective\"<\/a>. <i>PLoS Computational Biology<\/i> <b>14<\/b> (6): e1006144. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1371%2Fjournal.pcbi.1006144\" target=\"_blank\">10.1371\/journal.pcbi.1006144<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC6002019\/\" target=\"_blank\">PMC6002019<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/29902176\" target=\"_blank\">29902176<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Cloud+computing+applications+for+biomedical+science%3A+A+perspective&rft.jtitle=PLoS+Computational+Biology&rft.aulast=Navale%2C+V.%3B+Bourne%2C+P.E.&rft.au=Navale%2C+V.%3B+Bourne%2C+P.E.&rft.date=2018&rft.volume=14&rft.issue=6&rft.pages=e1006144&rft_id=info:doi\/10.1371%2Fjournal.pcbi.1006144&rft_id=info:pmc\/PMC6002019&rft_id=info:pmid\/29902176&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC6002019&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OgleNamed21-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OgleNamed21_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Ogle, C.; Reddick, D.; McKnight, C.; Biggs, T.; Pauly, R.; Ficklin, S.P.; Feltus, F.A.; Shannigrahi, S. (2021). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC7968724\" target=\"_blank\">\"Named data networking for genomics data management and integrated workflows\"<\/a>. <i>Frontiers in Big Data<\/i> <b>4<\/b>: 582468. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.3389%2Ffdata.2021.582468\" target=\"_blank\">10.3389\/fdata.2021.582468<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC7968724\/\" target=\"_blank\">PMC7968724<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/33748749\" target=\"_blank\">33748749<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC7968724\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC7968724<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Named+data+networking+for+genomics+data+management+and+integrated+workflows&rft.jtitle=Frontiers+in+Big+Data&rft.aulast=Ogle%2C+C.%3B+Reddick%2C+D.%3B+McKnight%2C+C.%3B+Biggs%2C+T.%3B+Pauly%2C+R.%3B+Ficklin%2C+S.P.%3B+Feltus%2C+F.A.%3B+Shannigrahi%2C+S.&rft.au=Ogle%2C+C.%3B+Reddick%2C+D.%3B+McKnight%2C+C.%3B+Biggs%2C+T.%3B+Pauly%2C+R.%3B+Ficklin%2C+S.P.%3B+Feltus%2C+F.A.%3B+Shannigrahi%2C+S.&rft.date=2021&rft.volume=4&rft.pages=582468&rft_id=info:doi\/10.3389%2Ffdata.2021.582468&rft_id=info:pmc\/PMC7968724&rft_id=info:pmid\/33748749&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC7968724&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GreggPent18-13\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GreggPent18_13-0\">13.0<\/a><\/sup> <sup><a href=\"#cite_ref-GreggPent18_13-1\">13.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Gregg, A. (5 August 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20180807051800if_\/https:\/\/www.washingtonpost.com\/business\/capitalbusiness\/pentagon-doubles-down-on-single-cloud-strategy-for-10-billion-contract\/2018\/08\/05\/352cfee8-972b-11e8-810c-5fa705927d54_story.html?utm_term=.130ed427f134\" target=\"_blank\">\"Pentagon doubles down on \u2018single-cloud\u2019 strategy for $10 billion contract\"<\/a>. <i>The Washington Post<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.washingtonpost.com\/business\/capitalbusiness\/pentagon-doubles-down-on-single-cloud-strategy-for-10-billion-contract\/2018\/08\/05\/352cfee8-972b-11e8-810c-5fa705927d54_story.html\" target=\"_blank\">the original<\/a> on 07 August 2018<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20180807051800if_\/https:\/\/www.washingtonpost.com\/business\/capitalbusiness\/pentagon-doubles-down-on-single-cloud-strategy-for-10-billion-contract\/2018\/08\/05\/352cfee8-972b-11e8-810c-5fa705927d54_story.html?utm_term=.130ed427f134\" target=\"_blank\">https:\/\/web.archive.org\/web\/20180807051800if_\/https:\/\/www.washingtonpost.com\/business\/capitalbusiness\/pentagon-doubles-down-on-single-cloud-strategy-for-10-billion-contract\/2018\/08\/05\/352cfee8-972b-11e8-810c-5fa705927d54_story.html?utm_term=.130ed427f134<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Pentagon+doubles+down+on+%E2%80%98single-cloud%E2%80%99+strategy+for+%2410+billion+contract&rft.atitle=The+Washington+Post&rft.aulast=Gregg%2C+A.&rft.au=Gregg%2C+A.&rft.date=5+August+2018&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20180807051800if_%2Fhttps%3A%2F%2Fwww.washingtonpost.com%2Fbusiness%2Fcapitalbusiness%2Fpentagon-doubles-down-on-single-cloud-strategy-for-10-billion-contract%2F2018%2F08%2F05%2F352cfee8-972b-11e8-810c-5fa705927d54_story.html%3Futm_term%3D.130ed427f134&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MitchellDoD18-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MitchellDoD18_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mitchell, B. (8 March 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.fedscoop.com\/dod-pentagon-jedi-cloud-contract-single-award\/\" target=\"_blank\">\"DOD defends its decision to move to commercial cloud with a single award\"<\/a>. <i>FedScoop<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.fedscoop.com\/dod-pentagon-jedi-cloud-contract-single-award\/\" target=\"_blank\">https:\/\/www.fedscoop.com\/dod-pentagon-jedi-cloud-contract-single-award\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=DOD+defends+its+decision+to+move+to+commercial+cloud+with+a+single+award&rft.atitle=FedScoop&rft.aulast=Mitchell%2C+B.&rft.au=Mitchell%2C+B.&rft.date=8+March+2018&rft_id=https%3A%2F%2Fwww.fedscoop.com%2Fdod-pentagon-jedi-cloud-contract-single-award%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GreggWithA21-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GreggWithA21_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Gregg, A. (10 February 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210211065108if_\/https:\/\/www.washingtonpost.com\/business\/2021\/02\/10\/jedi-contract-pentagon-biden\/\" target=\"_blank\">\"With a $10 billion cloud-computing deal snarled in court, the Pentagon may move forward without it\"<\/a>. <i>The Washington Post<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.washingtonpost.com\/business\/2021\/02\/10\/jedi-contract-pentagon-biden\/\" target=\"_blank\">the original<\/a> on 11 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210211065108if_\/https:\/\/www.washingtonpost.com\/business\/2021\/02\/10\/jedi-contract-pentagon-biden\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210211065108if_\/https:\/\/www.washingtonpost.com\/business\/2021\/02\/10\/jedi-contract-pentagon-biden\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=With+a+%2410+billion+cloud-computing+deal+snarled+in+court%2C+the+Pentagon+may+move+forward+without+it&rft.atitle=The+Washington+Post&rft.aulast=Gregg%2C+A.&rft.au=Gregg%2C+A.&rft.date=10+February+2021&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210211065108if_%2Fhttps%3A%2F%2Fwww.washingtonpost.com%2Fbusiness%2F2021%2F02%2F10%2Fjedi-contract-pentagon-biden%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlspachMicro21-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlspachMicro21_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Alspach, K. (5 March 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.crn.com\/news\/cloud\/microsoft-could-lose-jedi-contract-if-aws-case-isn-t-dismissed-report\" target=\"_blank\">\"Microsoft Could Lose JEDI Contract If AWS Case Isn\u2019t Dismissed: Report\"<\/a>. <i>CRN<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.crn.com\/news\/cloud\/microsoft-could-lose-jedi-contract-if-aws-case-isn-t-dismissed-report\" target=\"_blank\">https:\/\/www.crn.com\/news\/cloud\/microsoft-could-lose-jedi-contract-if-aws-case-isn-t-dismissed-report<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Microsoft+Could+Lose+JEDI+Contract+If+AWS+Case+Isn%E2%80%99t+Dismissed%3A+Report&rft.atitle=CRN&rft.aulast=Alspach%2C+K.&rft.au=Alspach%2C+K.&rft.date=5+March+2021&rft_id=https%3A%2F%2Fwww.crn.com%2Fnews%2Fcloud%2Fmicrosoft-could-lose-jedi-contract-if-aws-case-isn-t-dismissed-report&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NixMicro21-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NixMicro21_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Nix, N. (7 March 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.seattletimes.com\/business\/microsofts-10-billion-pentagon-deal-at-risk-amid-amazon-fight\/\" target=\"_blank\">\"Microsoft\u2019s $10 billion Pentagon deal at risk amid Amazon fight\"<\/a>. <i>The Seattle Times<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.seattletimes.com\/business\/microsofts-10-billion-pentagon-deal-at-risk-amid-amazon-fight\/\" target=\"_blank\">https:\/\/www.seattletimes.com\/business\/microsofts-10-billion-pentagon-deal-at-risk-amid-amazon-fight\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Microsoft%E2%80%99s+%2410+billion+Pentagon+deal+at+risk+amid+Amazon+fight&rft.atitle=The+Seattle+Times&rft.aulast=Nix%2C+N.&rft.au=Nix%2C+N.&rft.date=7+March+2021&rft_id=https%3A%2F%2Fwww.seattletimes.com%2Fbusiness%2Fmicrosofts-10-billion-pentagon-deal-at-risk-amid-amazon-fight%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MillerNobody21-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MillerNobody21_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Miller, R. (6 July 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/techcrunch.com\/2021\/07\/06\/nobody-wins-as-dod-finally-pulls-the-plug-on-controversial-10b-jedi-contract\/\" target=\"_blank\">\"Nobody wins as DoD finally pulls the plug on controversial $10B JEDI contract\"<\/a>. <i>TechCrunch<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/techcrunch.com\/2021\/07\/06\/nobody-wins-as-dod-finally-pulls-the-plug-on-controversial-10b-jedi-contract\/\" target=\"_blank\">https:\/\/techcrunch.com\/2021\/07\/06\/nobody-wins-as-dod-finally-pulls-the-plug-on-controversial-10b-jedi-contract\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Nobody+wins+as+DoD+finally+pulls+the+plug+on+controversial+%2410B+JEDI+contract&rft.atitle=TechCrunch&rft.aulast=Miller%2C+R.&rft.au=Miller%2C+R.&rft.date=6+July+2021&rft_id=https%3A%2F%2Ftechcrunch.com%2F2021%2F07%2F06%2Fnobody-wins-as-dod-finally-pulls-the-plug-on-controversial-10b-jedi-contract%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ShepardsonUSJudge21-19\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-ShepardsonUSJudge21_19-0\">19.0<\/a><\/sup> <sup><a href=\"#cite_ref-ShepardsonUSJudge21_19-1\">19.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Shepardson, D. (9 July 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.reuters.com\/legal\/government\/us-judge-ends-amazon-challenge-10-bln-cloud-contract-after-pentagon-cancellation-2021-07-09\/\" target=\"_blank\">\"U.S. judge ends Amazon challenge to $10 bln cloud contract after Pentagon cancellation\"<\/a>. <i>Reuters<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.reuters.com\/legal\/government\/us-judge-ends-amazon-challenge-10-bln-cloud-contract-after-pentagon-cancellation-2021-07-09\/\" target=\"_blank\">https:\/\/www.reuters.com\/legal\/government\/us-judge-ends-amazon-challenge-10-bln-cloud-contract-after-pentagon-cancellation-2021-07-09\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=U.S.+judge+ends+Amazon+challenge+to+%2410+bln+cloud+contract+after+Pentagon+cancellation&rft.atitle=Reuters&rft.aulast=Shepardson%2C+D.&rft.au=Shepardson%2C+D.&rft.date=9+July+2021&rft_id=https%3A%2F%2Fwww.reuters.com%2Flegal%2Fgovernment%2Fus-judge-ends-amazon-challenge-10-bln-cloud-contract-after-pentagon-cancellation-2021-07-09%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MillerPent21-20\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MillerPent21_20-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Miller, R. (19 November 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/techcrunch.com\/2021\/11\/19\/pentagon-announces-new-cloud-initiative-to-replace-ill-fated-jedi-contract\/\" target=\"_blank\">\"Pentagon announces new cloud initiative to replace ill-fated JEDI contract\"<\/a>. <i>TechCrunch<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/techcrunch.com\/2021\/11\/19\/pentagon-announces-new-cloud-initiative-to-replace-ill-fated-jedi-contract\/\" target=\"_blank\">https:\/\/techcrunch.com\/2021\/11\/19\/pentagon-announces-new-cloud-initiative-to-replace-ill-fated-jedi-contract\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Pentagon+announces+new+cloud+initiative+to+replace+ill-fated+JEDI+contract&rft.atitle=TechCrunch&rft.aulast=Miller%2C+R.&rft.au=Miller%2C+R.&rft.date=19+November+2021&rft_id=https%3A%2F%2Ftechcrunch.com%2F2021%2F11%2F19%2Fpentagon-announces-new-cloud-initiative-to-replace-ill-fated-jedi-contract%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LopezDepart22-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LopezDepart22_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lopez, C.T. (12 December 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.defense.gov\/News\/News-Stories\/Article\/Article\/3243483\/department-names-vendors-to-provide-joint-warfighting-cloud-capability\/\" target=\"_blank\">\"Department Names Vendors to Provide Joint Warfighting Cloud Capability\"<\/a>. <i>DoD News<\/i>. U.S. Department of Defense<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.defense.gov\/News\/News-Stories\/Article\/Article\/3243483\/department-names-vendors-to-provide-joint-warfighting-cloud-capability\/\" target=\"_blank\">https:\/\/www.defense.gov\/News\/News-Stories\/Article\/Article\/3243483\/department-names-vendors-to-provide-joint-warfighting-cloud-capability\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Department+Names+Vendors+to+Provide+Joint+Warfighting+Cloud+Capability&rft.atitle=DoD+News&rft.aulast=Lopez%2C+C.T.&rft.au=Lopez%2C+C.T.&rft.date=12+December+2022&rft.pub=U.S.+Department+of+Defense&rft_id=https%3A%2F%2Fwww.defense.gov%2FNews%2FNews-Stories%2FArticle%2FArticle%2F3243483%2Fdepartment-names-vendors-to-provide-joint-warfighting-cloud-capability%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-UnderwoodTheJoint23-22\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-UnderwoodTheJoint23_22-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Underwood, K. (17 April 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.afcea.org\/signal-media\/defense-operations\/joint-warfighting-cloud-capability-breaking-barriers\" target=\"_blank\">\"The Joint Warfighting Cloud Capability Is Breaking Barriers\"<\/a>. <i>SIGNAL<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.afcea.org\/signal-media\/defense-operations\/joint-warfighting-cloud-capability-breaking-barriers\" target=\"_blank\">https:\/\/www.afcea.org\/signal-media\/defense-operations\/joint-warfighting-cloud-capability-breaking-barriers<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+Joint+Warfighting+Cloud+Capability+Is+Breaking+Barriers&rft.atitle=SIGNAL&rft.aulast=Underwood%2C+K.&rft.au=Underwood%2C+K.&rft.date=17+April+2023&rft_id=https%3A%2F%2Fwww.afcea.org%2Fsignal-media%2Fdefense-operations%2Fjoint-warfighting-cloud-capability-breaking-barriers&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WaibelCost17-23\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WaibelCost17_23-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Waibel, P.; Matt, J.; Hochreiner, C. et al. (2017). \"Cost-optimized redundant data storage in the cloud\". <i>Service Oriented Computing and Applications<\/i> <b>11<\/b>: 411\u201326. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1007%2Fs11761-017-0218-9\" target=\"_blank\">10.1007\/s11761-017-0218-9<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Cost-optimized+redundant+data+storage+in+the+cloud&rft.jtitle=Service+Oriented+Computing+and+Applications&rft.aulast=Waibel%2C+P.%3B+Matt%2C+J.%3B+Hochreiner%2C+C.+et+al.&rft.au=Waibel%2C+P.%3B+Matt%2C+J.%3B+Hochreiner%2C+C.+et+al.&rft.date=2017&rft.volume=11&rft.pages=411%E2%80%9326&rft_id=info:doi\/10.1007%2Fs11761-017-0218-9&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AndersonIts10_17-24\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AndersonIts10_17_24-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Anderson, M.E.; Ray, S.C. (2017). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC5465863\" target=\"_blank\">\"It's 10 pm; Do You Know Where Your Data Are? Data Provenance, Curation, and Storage\"<\/a>. <i>Circulation Research<\/i> <b>120<\/b> (10): 1551-1554. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1161%2FCIRCRESAHA.116.310424\" target=\"_blank\">10.1161\/CIRCRESAHA.116.310424<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC5465863\/\" target=\"_blank\">PMC5465863<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/28495991\" target=\"_blank\">28495991<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC5465863\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC5465863<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=It%27s+10+pm%3B+Do+You+Know+Where+Your+Data+Are%3F+Data+Provenance%2C+Curation%2C+and+Storage&rft.jtitle=Circulation+Research&rft.aulast=Anderson%2C+M.E.%3B+Ray%2C+S.C.&rft.au=Anderson%2C+M.E.%3B+Ray%2C+S.C.&rft.date=2017&rft.volume=120&rft.issue=10&rft.pages=1551-1554&rft_id=info:doi\/10.1161%2FCIRCRESAHA.116.310424&rft_id=info:pmc\/PMC5465863&rft_id=info:pmid\/28495991&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC5465863&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AtlassianClean21-25\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AtlassianClean21_25-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/support.atlassian.com\/migration\/docs\/clean-up-your-server-instance-before-migration\/\" target=\"_blank\">\"Clean up your server instance before migration\"<\/a>. <i>Atlassian Support<\/i>. Atlassian. 17 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/support.atlassian.com\/migration\/docs\/clean-up-your-server-instance-before-migration\/\" target=\"_blank\">https:\/\/support.atlassian.com\/migration\/docs\/clean-up-your-server-instance-before-migration\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Clean+up+your+server+instance+before+migration&rft.atitle=Atlassian+Support&rft.date=17+March+2021&rft.pub=Atlassian&rft_id=https%3A%2F%2Fsupport.atlassian.com%2Fmigration%2Fdocs%2Fclean-up-your-server-instance-before-migration%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SADASaysNine19-26\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SADASaysNine19_26-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">SADA Says (22 August 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/sada.com\/insights\/blog\/9-steps-for-migrating-databases-to-the-cloud\/\" target=\"_blank\">\"9 STEPS FOR MIGRATING DATABASES TO THE CLOUD\"<\/a>. SADA, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/sada.com\/insights\/blog\/9-steps-for-migrating-databases-to-the-cloud\/\" target=\"_blank\">https:\/\/sada.com\/insights\/blog\/9-steps-for-migrating-databases-to-the-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=9+STEPS+FOR+MIGRATING+DATABASES+TO+THE+CLOUD&rft.atitle=&rft.aulast=SADA+Says&rft.au=SADA+Says&rft.date=22+August+2019&rft.pub=SADA%2C+Inc&rft_id=https%3A%2F%2Fsada.com%2Finsights%2Fblog%2F9-steps-for-migrating-databases-to-the-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MokShould20-27\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MokShould20_27-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mok, K. (1 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.protocol.com\/manuals\/new-enterprise\/vendor-lockin-cloud-saas\" target=\"_blank\">\"Should we really be worried about vendor lock-in in 2020?\"<\/a>. <i>Protocol<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.protocol.com\/manuals\/new-enterprise\/vendor-lockin-cloud-saas\" target=\"_blank\">https:\/\/www.protocol.com\/manuals\/new-enterprise\/vendor-lockin-cloud-saas<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Should+we+really+be+worried+about+vendor+lock-in+in+2020%3F&rft.atitle=Protocol&rft.aulast=Mok%2C+K.&rft.au=Mok%2C+K.&rft.date=1+December+2020&rft_id=https%3A%2F%2Fwww.protocol.com%2Fmanuals%2Fnew-enterprise%2Fvendor-lockin-cloud-saas&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MitelCloud20-28\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MitelCloud20_28-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20211204082428\/https:\/\/www.mitel.com\/en-gb\/about\/newsroom\/press-releases\/european-companies-show-newfound-maturity\" target=\"_blank\">\"Cloud Communications: European Companies Show Newfound Maturity\"<\/a>. Mitel. 20 July 2020. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mitel.com\/en-gb\/about\/newsroom\/press-releases\/european-companies-show-newfound-maturity\" target=\"_blank\">the original<\/a> on 04 December 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20211204082428\/https:\/\/www.mitel.com\/en-gb\/about\/newsroom\/press-releases\/european-companies-show-newfound-maturity\" target=\"_blank\">https:\/\/web.archive.org\/web\/20211204082428\/https:\/\/www.mitel.com\/en-gb\/about\/newsroom\/press-releases\/european-companies-show-newfound-maturity<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Communications%3A+European+Companies+Show+Newfound+Maturity&rft.atitle=&rft.date=20+July+2020&rft.pub=Mitel&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20211204082428%2Fhttps%3A%2F%2Fwww.mitel.com%2Fen-gb%2Fabout%2Fnewsroom%2Fpress-releases%2Feuropean-companies-show-newfound-maturity&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PaulHashi23-29\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PaulHashi23_29-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Paul, F. (24 July 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hashicorp.com\/blog\/hashicorp-state-of-cloud-strategy-survey-2023-the-tech-sector-perspective\" target=\"_blank\">\"HashiCorp State of Cloud Strategy Survey 2023: The tech sector perspective\"<\/a>. HashiCorp<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.hashicorp.com\/blog\/hashicorp-state-of-cloud-strategy-survey-2023-the-tech-sector-perspective\" target=\"_blank\">https:\/\/www.hashicorp.com\/blog\/hashicorp-state-of-cloud-strategy-survey-2023-the-tech-sector-perspective<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=HashiCorp+State+of+Cloud+Strategy+Survey+2023%3A+The+tech+sector+perspective&rft.atitle=&rft.aulast=Paul%2C+F.&rft.au=Paul%2C+F.&rft.date=24+July+2023&rft.pub=HashiCorp&rft_id=https%3A%2F%2Fwww.hashicorp.com%2Fblog%2Fhashicorp-state-of-cloud-strategy-survey-2023-the-tech-sector-perspective&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IsmailHowTo20-30\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IsmailHowTo20_30-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.information-age.com\/how-to-avoid-cloud-vendor-lock-in-advantage-multi-cloud-16437\/\" target=\"_blank\">\"How to avoid cloud vendor lock-in and take advantage of multi-cloud\"<\/a>. <i>InformationAge<\/i>. 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.information-age.com\/how-to-avoid-cloud-vendor-lock-in-advantage-multi-cloud-16437\/\" target=\"_blank\">https:\/\/www.information-age.com\/how-to-avoid-cloud-vendor-lock-in-advantage-multi-cloud-16437\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+to+avoid+cloud+vendor+lock-in+and+take+advantage+of+multi-cloud&rft.atitle=InformationAge&rft.date=2023&rft_id=https%3A%2F%2Fwww.information-age.com%2Fhow-to-avoid-cloud-vendor-lock-in-advantage-multi-cloud-16437%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NangareAnOver19-31\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NangareAnOver19_31-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Nangare, S. (13 December 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/devops.com\/an-overview-of-cloud-migration-and-open-source\/\" target=\"_blank\">\"An Overview of Cloud Migration and Open Source\"<\/a>. <i>DevOps.com<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/devops.com\/an-overview-of-cloud-migration-and-open-source\/\" target=\"_blank\">https:\/\/devops.com\/an-overview-of-cloud-migration-and-open-source\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=An+Overview+of+Cloud+Migration+and+Open+Source&rft.atitle=DevOps.com&rft.aulast=Nangare%2C+S.&rft.au=Nangare%2C+S.&rft.date=13+December+2019&rft_id=https%3A%2F%2Fdevops.com%2Fan-overview-of-cloud-migration-and-open-source%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<p><br \/>\n<\/p>\n<div align=\"center\">-----Go to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Managed security services and quality assurance\/The provision of managed security services\" class=\"wiki-link\" data-key=\"cb1e31bcf056262630548fdf6c7e5c5b\">the next chapter<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"Citation_information_for_this_chapter\">Citation information for this chapter<\/span><\/h2>\n<p><b>Chapter<\/b>: 4. Cloud computing in the laboratory\n<\/p><p><b>Title<\/b>: <i>Choosing and Implementing a Cloud-based Service for Your Laboratory<\/i>\n<\/p><p><b>Edition<\/b>: Second edition\n<\/p><p><b>Author for citation<\/b>: Shawn E. Douglas\n<\/p><p><b>License for content<\/b>: <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/\" target=\"_blank\">Creative Commons Attribution-ShareAlike 4.0 International<\/a>\n<\/p><p><b>Publication date<\/b>: August 2023\n<\/p><p><br \/>\n<\/p>\n<!-- \nNewPP limit report\nCached time: 20230816210755\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.273 seconds\nReal time usage: 0.287 seconds\nPreprocessor visited node count: 22741\/1000000\nPost\u2010expand include size: 212400\/2097152 bytes\nTemplate argument size: 79803\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 61946\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 258.344 1 -total\n 92.43% 238.779 1 Template:Reflist\n 75.26% 194.425 31 Template:Citation\/core\n 60.79% 157.049 24 Template:Cite_web\n 21.40% 55.278 7 Template:Cite_journal\n 13.94% 36.021 23 Template:Date\n 7.53% 19.465 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\n 6.12% 15.806 17 Template:Citation\/identifier\n 4.87% 12.577 50 Template:Citation\/make_link\n 1.94% 5.002 39 Template:Hide_in_print\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13047-0!canonical and timestamp 20230816210757 and revision id 52907. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","3f6cdca956c811a19c1773e32fc70e7c_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/a\/a7\/Devuan_GNU-Linux_-_tty_login_as_root_in_an_ownCloud_instance_-_server_rack.jpg"],"3f6cdca956c811a19c1773e32fc70e7c_timestamp":1692220359,"b0cb41c5916cbdd7468bdf719942f9e4_type":"article","b0cb41c5916cbdd7468bdf719942f9e4_title":"4.2 Regulatory considerations","b0cb41c5916cbdd7468bdf719942f9e4_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations","b0cb41c5916cbdd7468bdf719942f9e4_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Cloud computing in the laboratory\/Regulatory considerationsFrom LIMSWikiJump to navigationJump to search4.2 Regulatory considerations \nIn Chapter 2, we examined standards and regulations influencing cloud computing. We also noted that there's an \"elephant in the room\" in the guise of data privacy and protection considerations in the cloud. Many of the regulations and data security considerations mentioned there apply not only to financial firms, manufacturers, and software developers, but also laboratories of all shapes and sizes. At the heart of it all is keeping client, customer, and organizational data out of the hands of people who shouldn't have access to it, a significant regulatory hurdle.\nMost regulation of data and information in an enterprise, including laboratories, is based on several aspects of the data and information: its sensitivity, its location or geography, and its ownership.[1][2][3] Not coincidentally, these same aspects are often applied to data classification efforts of an organization, which attempt to determine and assign relative values to the data and information managed and communicated by the organization. This classification in turn allows the organization to better discover the risks associated with those classifications, and allow data owners to realize that all data shouldn't be treated the same way.[1] And well-researched regulatory efforts recognize this as well.\nTake for example the European Union's General Data Protection Regulation (GDPR). The GDPR stipulates how personal data is collected, used, and stored by organizations in the E.U., as well as by organizations providing services to individuals and organizations in the E.U.[4] The GDPR appears to classify \"personal data\" as sensitive \"in relation to fundamental rights and freedoms,\" formally defined as \"any information relating to an identified or identifiable natural person.\"[5] This is the sensitivity aspect of the regulation. GDPR also addresses location at many points, from data transfers outside the E.U. to the location of the \"main establishment\" of a data owner or \"controller.\"[5] As for ownership, GDPR refers to this aspect of data as the \"controller,\" defined as \"the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.\"[5] The word \"controller\" appears more than 500 times in the regulation, emphasizing the importance of ownership or control of data.[5] However, cloud providers using hybrid or multicloud approaches pose a challenge to labs, as verifying GDPR compliance in these deployments gets even more complicated. The lab would likely have to turn to key documents such as the CSP's SOC 2 audit report (discussed later) to get a fuller picture of GDPR compliance.[6]\nWhile data privacy and protection regulations like GDPR, the Personal Data Protection Law (KVKK), and California Consumer Privacy Act (CCPA) take a broad approach, affecting most any organization doing cloud- or non-cloud business while handling sensitive and protected data, some regulations are more focused. The U.S.' Health Insurance Portability and Accountability Act (HIPAA) is huge for any laboratory handling electronic protected health information (ePHI), including in the cloud. The regulation is so significant that the U.S. Department of Health & Human Services (HHS) has released its own guidance on HIPAA and cloud computing.[7] That guidance highlights the sensitivity (ePHI), location (whether inside or outside the U.S.), and ownership (HIPAA covered entities and business associates) of data. That ownership part is important, as it addresses the role a CSP takes in this regard[7]:\n\nWhen a covered entity engages the services of a CSP to create, receive, maintain, or transmit ePHI (such as to process and\/or store ePHI), on its behalf, the CSP is a business associate under HIPAA. Further, when a business associate subcontracts with a CSP to create, receive, maintain, or transmit ePHI on its behalf, the CSP subcontractor itself is a business associate. This is true even if the CSP processes or stores only encrypted ePHI and lacks an encryption key for the data. Lacking an encryption key does not exempt a CSP from business associate status and obligations under the HIPAA Rules. As a result, the covered entity (or business associate) and the CSP must enter into a HIPAA-compliant business associate agreement (BAA), and the CSP is both contractually liable for meeting the terms of the BAA and directly liable for compliance with the applicable requirements of the HIPAA Rules.\nClinical and public health laboratories are already affected by HIPAA, but understanding how moving to the cloud affects those HIPAA requirements is vital and not always clear.[7] In particular, the idea of a CSP as a business associate must be taken seriously, in conjunction with its shared responsibility policy and compliance products. Laboratories that need to be HIPAA-compliant should be prepared to do their research on HIPAA and the cloud by reading the HHS guide and other reference material, as well consulting with experts on the topic when in-house expertise isn't available. \nAnother area of concern for laboratories is GxP or \"good practice\" quality guidelines and regulations. Take for example the pharmaceutical manufacturer and their laboratories, which must take sufficient precautions to ensure that any manufacturing documentation (data, information, etc.) related to good manufacturing practice (GMP) requirements (e.g., via E.U. GMP Annex 11, U.S. 21 CFR Part 211, or Germany's AMWHV) is securely stored yet available for a specific retention period \"in the event of closure of the manufacturing or testing site where the documentation is stored.\"[8] As the ECA Academy notes, in the cloud computing realm, it would be up to the laboratory to get provisions added into the CSP's service-level agreement (SLA) to address the GMP's necessity for data availability, and to decide whether maintaining a local backup of the data would be appropriate (as in, perhaps, a hybrid cloud scenario). \nThat part about the SLA is important. Although a formal contract will address agreed-upon services, it's usually in vague terms; the SLA, on the other hand, defines all the responsibility the cloud provider holds, as well as your laboratory, for the supply and use of the CSP's services.[9] These are your primary protections, along with vetting the CSP you use. This may be difficult, however, particularly in a public cloud, where auditing the security controls and protections of the CSP will be limited at best. To ensure GxP compliance in the cloud, your lab will have to examine the various certifications and compliance offerings of the CSP and hope that the CSP staff handling your GxP data are trained on the requirements of GxP in the cloud.[10] However, public cloud providers like Microsoft[11] and Google[12] provide their own documentation and guidance on using their services in GxP environments. As Microsoft notes, however, \"there is no GxP certification for cloud service providers.\"[11] Instead, the CSPs focus on meeting quality management and information security standards and employing their own best practices that match up with GxP requirements. Finally, they may also have an independent third party conduct GxP qualification reviews, with the resulting qualification guidelines detailing GxP responsibility between the CSP and the laboratory.[11][12]\nUltimately, navigating the challenge of ensuring your laboratory's move to the cloud complies with necessary regulations is a tricky matter. Ensuring the CSP you choose actually meets HIPAA, GxP, and other requirements isn't always a guaranteed proposition by simply auditing the CSPs whitepapers and other associated compliance documents. However, experts such as Linford & Co.'s Nicole Hemmer and IDBS' Damien Tiller emphasize that the most comprehensive CSP documentation to examine towards gaining a more complete picture of the CSP's security is the SOC 2 (SOC for Service Organizations: Trust Services\nCriteria) report.[13][14] A CSP's SOC 2 audit results outline nearly 200 information security, data integrity, data availability, and data retention controls and any non-conformities with those controls (the CSP must show those controls have been effectively in place over a six- to 12-month period). The SOC 2 report has other useful aspects, including a full service description and audit observations, making it the best tool for a laboratory to judge a CSP's ability to assist with regulatory compliance.[14]\n\nReferences \n\n\n\u2191 1.0 1.1 Simorjay, F.; Chainier, K.A.; Dillard, K. et al. (2014). \"Data classification for cloud readiness\" (PDF). Microsoft Corporation. https:\/\/download.microsoft.com\/download\/0\/A\/3\/0A3BE969-85C5-4DD2-83B6-366AA71D1FE3\/Data-Classification-for-Cloud-Readiness.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Tolsma, A. (2018). \"GDPR and the impact on cloud computing: The effect on agreements between enterprises and cloud service providers\". Deloitte. https:\/\/www2.deloitte.com\/nl\/nl\/pages\/risk\/articles\/cyber-security-privacy-gdpr-update-the-impact-on-cloud-computing.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Eustice, J.C. (2018). \"Understand the intersection between data privacy laws and cloud computing\". Legal Technology, Products, and Services. Thomson Reuters. https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Google Cloud & the General Data Protection Regulation (GDPR)\". Google Cloud. https:\/\/cloud.google.com\/privacy\/gdpr . Retrieved 28 July 2023 .   \n \n\n\u2191 5.0 5.1 5.2 5.3 \"Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation) (Text with EEA relevance)\". EUR-Lex. European Union. 27 April 2016. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A32016R0679 . Retrieved 28 July 2023 .   \n \n\n\u2191 Telling, C. (3 June 2019). \"How cloud computing is changing the laboratory ecosystem\". CloudTech. https:\/\/cloudcomputing-news.net\/news\/2019\/jun\/03\/how-cloud-computing-changing-laboratory-ecosystem\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 7.0 7.1 7.2 Office for Civil Rights (23 December 2022). \"Guidance on HIPAA & Cloud Computing\". Health Information Privacy. U.S. Department of Health & Human Services. https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cloud Computing: Regulations for the Return Transmission of Data in the Event of Business Discontinuation\". 16 December 2020. https:\/\/www.gmp-compliance.org\/gmp-news\/cloud-computing-regulations-for-the-return-transmission-of-data-in-the-event-of-business-discontinuation . Retrieved 28 July 2023 .   \n \n\n\u2191 Caldwell, D. (16 February 2019). \"Contracts vs. Service Level Agreements\". ASG Blog. Archived from the original on 30 September 2020. https:\/\/web.archive.org\/web\/20200930063443\/https:\/\/www.asgnational.com\/miscellaneous\/contracts-vs-service-level-agreements\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 McDowall, B. (27 August 2020). \"Clouds or Clods? Software as a Service in GxP Regulated Laboratories\". CSols Blog. CSols, Inc. https:\/\/www.csolsinc.com\/blog\/clouds-or-clods-software-as-a-service-in-gxp-regulated-laboratories\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 11.0 11.1 11.2 Mazzoli, R. (26 January 2023). \"Good Clinical, Laboratory, and Manufacturing Practices (GxP)\". Microsoft Documentation. Microsoft, Inc. https:\/\/learn.microsoft.com\/en-us\/compliance\/regulatory\/offering-gxp . Retrieved 28 July 2023 .   \n \n\n\u2191 12.0 12.1 \"Using Google Cloud in GxP Systems\". Google Cloud. May 2020. https:\/\/cloud.google.com\/security\/compliance\/cloud-gxp-whitepaper . Retrieved 28 July 2023 .   \n \n\n\u2191 Colby, L. (1 February 2023). \"2023 Trust Services Criteria (TSCs) for SOC 2 Reports\". Linford & Company IT Audit & Compliance Blog. Linford and Co. LLP. https:\/\/linfordco.com\/blog\/trust-services-critieria-principles-soc-2\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 14.0 14.1 Tiller, D. (2019). \"Is the Cloud a Safe Place for Your Data?: How Life Science Organizations Can Ensure Integrity and Security in a SaaS Environment\" (PDF). IDBS. Archived from the original on 08 March 2023. https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:36.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 329 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","b0cb41c5916cbdd7468bdf719942f9e4_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Cloud_computing_in_the_laboratory_Regulatory_considerations rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Cloud_computing_in_the_laboratory_Regulatory_considerations skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Cloud computing in the laboratory\/Regulatory considerations<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><h3><span class=\"mw-headline\" id=\"4.2_Regulatory_considerations\">4.2 Regulatory considerations<\/span><\/h3>\n<div class=\"floatright\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Workshop_GDPR_compliance_at_the_2019_Global_Entrepreneurship_Summit.jpg\" class=\"image wiki-link\" data-key=\"e6fe4e2cfd9522202a888805a727254f\"><img alt=\"Workshop GDPR compliance at the 2019 Global Entrepreneurship Summit.jpg\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/9\/94\/Workshop_GDPR_compliance_at_the_2019_Global_Entrepreneurship_Summit.jpg\" decoding=\"async\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a><\/div><p>In Chapter 2, we examined standards and regulations influencing cloud computing. We also noted that there's an \"elephant in the room\" in the guise of data privacy and protection considerations in the cloud. Many of the regulations and data security considerations mentioned there apply not only to financial firms, manufacturers, and software developers, but also laboratories of all shapes and sizes. At the heart of it all is keeping client, customer, and organizational data out of the hands of people who shouldn't have access to it, a significant regulatory hurdle.\n<\/p><p>Most regulation of data and information in an enterprise, including laboratories, is based on several aspects of the data and information: its sensitivity, its location or geography, and its ownership.<sup id=\"rdp-ebb-cite_ref-SimorjayData14_1-0\" class=\"reference\"><a href=\"#cite_note-SimorjayData14-1\">[1]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-TolsmaGDPR18_2-0\" class=\"reference\"><a href=\"#cite_note-TolsmaGDPR18-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-EusticeUnder18_3-0\" class=\"reference\"><a href=\"#cite_note-EusticeUnder18-3\">[3]<\/a><\/sup> Not coincidentally, these same aspects are often applied to data classification efforts of an organization, which attempt to determine and assign relative values to the data and information managed and communicated by the organization. This classification in turn allows the organization to better discover the risks associated with those classifications, and allow data owners to realize that all data shouldn't be treated the same way.<sup id=\"rdp-ebb-cite_ref-SimorjayData14_1-1\" class=\"reference\"><a href=\"#cite_note-SimorjayData14-1\">[1]<\/a><\/sup> And well-researched regulatory efforts recognize this as well.\n<\/p><p>Take for example the European Union's <a href=\"https:\/\/www.limswiki.org\/index.php\/General_Data_Protection_Regulation\" title=\"General Data Protection Regulation\" class=\"wiki-link\" data-key=\"3f4bdf6f0dcb360b1e79aad8674c2447\">General Data Protection Regulation<\/a> (GDPR). The GDPR stipulates how personal data is collected, used, and stored by organizations in the E.U., as well as by organizations providing services to individuals and organizations in the E.U.<sup id=\"rdp-ebb-cite_ref-GoogleGDPR_4-0\" class=\"reference\"><a href=\"#cite_note-GoogleGDPR-4\">[4]<\/a><\/sup> The GDPR appears to classify \"personal data\" as sensitive \"in relation to fundamental rights and freedoms,\" formally defined as \"any information relating to an identified or identifiable natural person.\"<sup id=\"rdp-ebb-cite_ref-EUR-LexGDPR16_5-0\" class=\"reference\"><a href=\"#cite_note-EUR-LexGDPR16-5\">[5]<\/a><\/sup> This is the sensitivity aspect of the regulation. GDPR also addresses location at many points, from data transfers outside the E.U. to the location of the \"main establishment\" of a data owner or \"controller.\"<sup id=\"rdp-ebb-cite_ref-EUR-LexGDPR16_5-1\" class=\"reference\"><a href=\"#cite_note-EUR-LexGDPR16-5\">[5]<\/a><\/sup> As for ownership, GDPR refers to this aspect of data as the \"controller,\" defined as \"the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.\"<sup id=\"rdp-ebb-cite_ref-EUR-LexGDPR16_5-2\" class=\"reference\"><a href=\"#cite_note-EUR-LexGDPR16-5\">[5]<\/a><\/sup> The word \"controller\" appears more than 500 times in the regulation, emphasizing the importance of ownership or control of data.<sup id=\"rdp-ebb-cite_ref-EUR-LexGDPR16_5-3\" class=\"reference\"><a href=\"#cite_note-EUR-LexGDPR16-5\">[5]<\/a><\/sup> However, cloud providers using hybrid or multicloud approaches pose a challenge to labs, as verifying GDPR compliance in these deployments gets even more complicated. The lab would likely have to turn to key documents such as the CSP's SOC 2 audit report (discussed later) to get a fuller picture of GDPR compliance.<sup id=\"rdp-ebb-cite_ref-TellingHowCloud19_6-0\" class=\"reference\"><a href=\"#cite_note-TellingHowCloud19-6\">[6]<\/a><\/sup>\n<\/p><p>While data privacy and protection regulations like GDPR, the Personal Data Protection Law (KVKK), and California Consumer Privacy Act (CCPA) take a broad approach, affecting most any organization doing cloud- or non-cloud business while handling sensitive and protected data, some regulations are more focused. The U.S.' <a href=\"https:\/\/www.limswiki.org\/index.php\/Health_Insurance_Portability_and_Accountability_Act\" title=\"Health Insurance Portability and Accountability Act\" class=\"wiki-link\" data-key=\"b70673a0117c21576016cb7498867153\">Health Insurance Portability and Accountability Act<\/a> (HIPAA) is huge for any laboratory handling electronic protected health information (ePHI), including in the cloud. The regulation is so significant that the U.S. Department of Health & Human Services (HHS) has released its own guidance on HIPAA and cloud computing.<sup id=\"rdp-ebb-cite_ref-HHSGuidance20_7-0\" class=\"reference\"><a href=\"#cite_note-HHSGuidance20-7\">[7]<\/a><\/sup> That guidance highlights the sensitivity (ePHI), location (whether inside or outside the U.S.), and ownership (HIPAA covered entities and business associates) of data. That ownership part is important, as it addresses the role a CSP takes in this regard<sup id=\"rdp-ebb-cite_ref-HHSGuidance20_7-1\" class=\"reference\"><a href=\"#cite_note-HHSGuidance20-7\">[7]<\/a><\/sup>:\n<\/p>\n<blockquote><p>When a covered entity engages the services of a CSP to create, receive, maintain, or transmit ePHI (such as to process and\/or store ePHI), on its behalf, the CSP is a business associate under HIPAA. Further, when a business associate subcontracts with a CSP to create, receive, maintain, or transmit ePHI on its behalf, the CSP subcontractor itself is a business associate. This is true even if the CSP processes or stores only encrypted ePHI and lacks an encryption key for the data. Lacking an encryption key does not exempt a CSP from business associate status and obligations under the HIPAA Rules. As a result, the covered entity (or business associate) and the CSP must enter into a HIPAA-compliant business associate agreement (BAA), and the CSP is both contractually liable for meeting the terms of the BAA and directly liable for compliance with the applicable requirements of the HIPAA Rules.<\/p><\/blockquote>\n<p>Clinical and public health laboratories are already affected by HIPAA, but understanding how moving to the cloud affects those HIPAA requirements is vital and not always clear.<sup id=\"rdp-ebb-cite_ref-HHSGuidance20_7-2\" class=\"reference\"><a href=\"#cite_note-HHSGuidance20-7\">[7]<\/a><\/sup> In particular, the idea of a CSP as a business associate must be taken seriously, in conjunction with its shared responsibility policy and compliance products. Laboratories that need to be HIPAA-compliant should be prepared to do their research on HIPAA and the cloud by reading <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html\" target=\"_blank\">the HHS guide<\/a> and other reference material, as well consulting with experts on the topic when in-house expertise isn't available. \n<\/p><p>Another area of concern for laboratories is GxP or \"good practice\" quality guidelines and regulations. Take for example the pharmaceutical manufacturer and their laboratories, which must take sufficient precautions to ensure that any manufacturing documentation (data, information, etc.) related to <a href=\"https:\/\/www.limswiki.org\/index.php\/Good_manufacturing_practice\" title=\"Good manufacturing practice\" class=\"wiki-link\" data-key=\"50b520c825b1702be310362c66e0343f\">good manufacturing practice<\/a> (GMP) requirements (e.g., via E.U. GMP Annex 11, U.S. 21 CFR Part 211, or Germany's AMWHV) is securely stored yet available for a specific retention period \"in the event of closure of the manufacturing or testing site where the documentation is stored.\"<sup id=\"rdp-ebb-cite_ref-ECACloud20_8-0\" class=\"reference\"><a href=\"#cite_note-ECACloud20-8\">[8]<\/a><\/sup> As the ECA Academy notes, in the cloud computing realm, it would be up to the laboratory to get provisions added into the CSP's service-level agreement (SLA) to address the GMP's necessity for data availability, and to decide whether maintaining a local backup of the data would be appropriate (as in, perhaps, a hybrid cloud scenario). \n<\/p><p>That part about the SLA is important. Although a formal contract will address agreed-upon services, it's usually in vague terms; the SLA, on the other hand, defines all the responsibility the cloud provider holds, as well as your laboratory, for the supply and use of the CSP's services.<sup id=\"rdp-ebb-cite_ref-CaldwellContracts19_9-0\" class=\"reference\"><a href=\"#cite_note-CaldwellContracts19-9\">[9]<\/a><\/sup> These are your primary protections, along with vetting the CSP you use. This may be difficult, however, particularly in a public cloud, where auditing the security controls and protections of the CSP will be limited at best. To ensure GxP compliance in the cloud, your lab will have to examine the various certifications and compliance offerings of the CSP and hope that the CSP staff handling your GxP data are trained on the requirements of GxP in the cloud.<sup id=\"rdp-ebb-cite_ref-McDowallClouds20_10-0\" class=\"reference\"><a href=\"#cite_note-McDowallClouds20-10\">[10]<\/a><\/sup> However, public cloud providers like Microsoft<sup id=\"rdp-ebb-cite_ref-MazzoliGood20_11-0\" class=\"reference\"><a href=\"#cite_note-MazzoliGood20-11\">[11]<\/a><\/sup> and Google<sup id=\"rdp-ebb-cite_ref-GoogleUsing20_12-0\" class=\"reference\"><a href=\"#cite_note-GoogleUsing20-12\">[12]<\/a><\/sup> provide their own documentation and guidance on using their services in GxP environments. As Microsoft notes, however, \"there is no GxP certification for cloud service providers.\"<sup id=\"rdp-ebb-cite_ref-MazzoliGood20_11-1\" class=\"reference\"><a href=\"#cite_note-MazzoliGood20-11\">[11]<\/a><\/sup> Instead, the CSPs focus on meeting <a href=\"https:\/\/www.limswiki.org\/index.php\/Quality_management_system\" title=\"Quality management system\" class=\"wiki-link\" data-key=\"dfecf3cd6f18d4a5e9ac49ca360b447d\">quality management<\/a> and information security standards and employing their own best practices that match up with GxP requirements. Finally, they may also have an independent third party conduct GxP qualification reviews, with the resulting qualification guidelines detailing GxP responsibility between the CSP and the laboratory.<sup id=\"rdp-ebb-cite_ref-MazzoliGood20_11-2\" class=\"reference\"><a href=\"#cite_note-MazzoliGood20-11\">[11]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-GoogleUsing20_12-1\" class=\"reference\"><a href=\"#cite_note-GoogleUsing20-12\">[12]<\/a><\/sup>\n<\/p><p>Ultimately, navigating the challenge of ensuring your laboratory's move to the cloud complies with necessary regulations is a tricky matter. Ensuring the CSP you choose actually meets HIPAA, GxP, and other requirements isn't always a guaranteed proposition by simply auditing the CSPs whitepapers and other associated compliance documents. However, experts such as Linford & Co.'s Nicole Hemmer and IDBS' Damien Tiller emphasize that the most comprehensive CSP documentation to examine towards gaining a more complete picture of the CSP's security is the SOC 2 (SOC for Service Organizations: Trust Services\nCriteria) report.<sup id=\"rdp-ebb-cite_ref-HemmerTrust19_13-0\" class=\"reference\"><a href=\"#cite_note-HemmerTrust19-13\">[13]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-TillerIsThe19_14-0\" class=\"reference\"><a href=\"#cite_note-TillerIsThe19-14\">[14]<\/a><\/sup> A CSP's SOC 2 audit results outline nearly 200 information security, data integrity, data availability, and data retention controls and any non-conformities with those controls (the CSP must show those controls have been effectively in place over a six- to 12-month period). The SOC 2 report has other useful aspects, including a full service description and audit observations, making it the best tool for a laboratory to judge a CSP's ability to assist with regulatory compliance.<sup id=\"rdp-ebb-cite_ref-TillerIsThe19_14-1\" class=\"reference\"><a href=\"#cite_note-TillerIsThe19-14\">[14]<\/a><\/sup>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-SimorjayData14-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-SimorjayData14_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-SimorjayData14_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Simorjay, F.; Chainier, K.A.; Dillard, K. et al. (2014). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/download.microsoft.com\/download\/0\/A\/3\/0A3BE969-85C5-4DD2-83B6-366AA71D1FE3\/Data-Classification-for-Cloud-Readiness.pdf\" target=\"_blank\">\"Data classification for cloud readiness\"<\/a> (PDF). Microsoft Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/download.microsoft.com\/download\/0\/A\/3\/0A3BE969-85C5-4DD2-83B6-366AA71D1FE3\/Data-Classification-for-Cloud-Readiness.pdf\" target=\"_blank\">https:\/\/download.microsoft.com\/download\/0\/A\/3\/0A3BE969-85C5-4DD2-83B6-366AA71D1FE3\/Data-Classification-for-Cloud-Readiness.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+classification+for+cloud+readiness&rft.atitle=&rft.aulast=Simorjay%2C+F.%3B+Chainier%2C+K.A.%3B+Dillard%2C+K.+et+al.&rft.au=Simorjay%2C+F.%3B+Chainier%2C+K.A.%3B+Dillard%2C+K.+et+al.&rft.date=2014&rft.pub=Microsoft+Corporation&rft_id=https%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F0%2FA%2F3%2F0A3BE969-85C5-4DD2-83B6-366AA71D1FE3%2FData-Classification-for-Cloud-Readiness.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TolsmaGDPR18-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TolsmaGDPR18_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Tolsma, A. (2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www2.deloitte.com\/nl\/nl\/pages\/risk\/articles\/cyber-security-privacy-gdpr-update-the-impact-on-cloud-computing.html\" target=\"_blank\">\"GDPR and the impact on cloud computing: The effect on agreements between enterprises and cloud service providers\"<\/a>. Deloitte<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www2.deloitte.com\/nl\/nl\/pages\/risk\/articles\/cyber-security-privacy-gdpr-update-the-impact-on-cloud-computing.html\" target=\"_blank\">https:\/\/www2.deloitte.com\/nl\/nl\/pages\/risk\/articles\/cyber-security-privacy-gdpr-update-the-impact-on-cloud-computing.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=GDPR+and+the+impact+on+cloud+computing%3A+The+effect+on+agreements+between+enterprises+and+cloud+service+providers&rft.atitle=&rft.aulast=Tolsma%2C+A.&rft.au=Tolsma%2C+A.&rft.date=2018&rft.pub=Deloitte&rft_id=https%3A%2F%2Fwww2.deloitte.com%2Fnl%2Fnl%2Fpages%2Frisk%2Farticles%2Fcyber-security-privacy-gdpr-update-the-impact-on-cloud-computing.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EusticeUnder18-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-EusticeUnder18_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Eustice, J.C. (2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">\"Understand the intersection between data privacy laws and cloud computing\"<\/a>. <i>Legal Technology, Products, and Services<\/i>. Thomson Reuters<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Understand+the+intersection+between+data+privacy+laws+and+cloud+computing&rft.atitle=Legal+Technology%2C+Products%2C+and+Services&rft.aulast=Eustice%2C+J.C.&rft.au=Eustice%2C+J.C.&rft.date=2018&rft.pub=Thomson+Reuters&rft_id=https%3A%2F%2Flegal.thomsonreuters.com%2Fen%2Finsights%2Farticles%2Funderstanding-data-privacy-and-cloud-computing&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleGDPR-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleGDPR_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/privacy\/gdpr\" target=\"_blank\">\"Google Cloud & the General Data Protection Regulation (GDPR)\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/privacy\/gdpr\" target=\"_blank\">https:\/\/cloud.google.com\/privacy\/gdpr<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+Cloud+%26+the+General+Data+Protection+Regulation+%28GDPR%29&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fprivacy%2Fgdpr&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EUR-LexGDPR16-5\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-EUR-LexGDPR16_5-0\">5.0<\/a><\/sup> <sup><a href=\"#cite_ref-EUR-LexGDPR16_5-1\">5.1<\/a><\/sup> <sup><a href=\"#cite_ref-EUR-LexGDPR16_5-2\">5.2<\/a><\/sup> <sup><a href=\"#cite_ref-EUR-LexGDPR16_5-3\">5.3<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A32016R0679\" target=\"_blank\">\"Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation) (Text with EEA relevance)\"<\/a>. <i>EUR-Lex<\/i>. European Union. 27 April 2016<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A32016R0679\" target=\"_blank\">https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A32016R0679<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Regulation+%28EU%29+2016%2F679+of+the+European+Parliament+and+of+the+Council+of+27+April+2016+on+the+protection+of+natural+persons+with+regard+to+the+processing+of+personal+data+and+on+the+free+movement+of+such+data%2C+and+repealing+Directive+95%2F46%2FEC+%28General+Data+Protection+Regulation%29+%28Text+with+EEA+relevance%29&rft.atitle=EUR-Lex&rft.date=27+April+2016&rft.pub=European+Union&rft_id=https%3A%2F%2Feur-lex.europa.eu%2Flegal-content%2FEN%2FTXT%2F%3Furi%3DCELEX%253A32016R0679&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TellingHowCloud19-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TellingHowCloud19_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Telling, C. (3 June 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloudcomputing-news.net\/news\/2019\/jun\/03\/how-cloud-computing-changing-laboratory-ecosystem\/\" target=\"_blank\">\"How cloud computing is changing the laboratory ecosystem\"<\/a>. <i>CloudTech<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloudcomputing-news.net\/news\/2019\/jun\/03\/how-cloud-computing-changing-laboratory-ecosystem\/\" target=\"_blank\">https:\/\/cloudcomputing-news.net\/news\/2019\/jun\/03\/how-cloud-computing-changing-laboratory-ecosystem\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+cloud+computing+is+changing+the+laboratory+ecosystem&rft.atitle=CloudTech&rft.aulast=Telling%2C+C.&rft.au=Telling%2C+C.&rft.date=3+June+2019&rft_id=https%3A%2F%2Fcloudcomputing-news.net%2Fnews%2F2019%2Fjun%2F03%2Fhow-cloud-computing-changing-laboratory-ecosystem%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HHSGuidance20-7\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-HHSGuidance20_7-0\">7.0<\/a><\/sup> <sup><a href=\"#cite_ref-HHSGuidance20_7-1\">7.1<\/a><\/sup> <sup><a href=\"#cite_ref-HHSGuidance20_7-2\">7.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Office for Civil Rights (23 December 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html\" target=\"_blank\">\"Guidance on HIPAA & Cloud Computing\"<\/a>. <i>Health Information Privacy<\/i>. U.S. Department of Health & Human Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html\" target=\"_blank\">https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Guidance+on+HIPAA+%26+Cloud+Computing&rft.atitle=Health+Information+Privacy&rft.aulast=Office+for+Civil+Rights&rft.au=Office+for+Civil+Rights&rft.date=23+December+2022&rft.pub=U.S.+Department+of+Health+%26+Human+Services&rft_id=https%3A%2F%2Fwww.hhs.gov%2Fhipaa%2Ffor-professionals%2Fspecial-topics%2Fhealth-information-technology%2Fcloud-computing%2Findex.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ECACloud20-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ECACloud20_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gmp-compliance.org\/gmp-news\/cloud-computing-regulations-for-the-return-transmission-of-data-in-the-event-of-business-discontinuation\" target=\"_blank\">\"Cloud Computing: Regulations for the Return Transmission of Data in the Event of Business Discontinuation\"<\/a>. 16 December 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.gmp-compliance.org\/gmp-news\/cloud-computing-regulations-for-the-return-transmission-of-data-in-the-event-of-business-discontinuation\" target=\"_blank\">https:\/\/www.gmp-compliance.org\/gmp-news\/cloud-computing-regulations-for-the-return-transmission-of-data-in-the-event-of-business-discontinuation<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Computing%3A+Regulations+for+the+Return+Transmission+of+Data+in+the+Event+of+Business+Discontinuation&rft.atitle=&rft.date=16+December+2020&rft_id=https%3A%2F%2Fwww.gmp-compliance.org%2Fgmp-news%2Fcloud-computing-regulations-for-the-return-transmission-of-data-in-the-event-of-business-discontinuation&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CaldwellContracts19-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CaldwellContracts19_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Caldwell, D. (16 February 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20200930063443\/https:\/\/www.asgnational.com\/miscellaneous\/contracts-vs-service-level-agreements\/\" target=\"_blank\">\"Contracts vs. Service Level Agreements\"<\/a>. <i>ASG Blog<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.asgnational.com\/miscellaneous\/contracts-vs-service-level-agreements\/\" target=\"_blank\">the original<\/a> on 30 September 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20200930063443\/https:\/\/www.asgnational.com\/miscellaneous\/contracts-vs-service-level-agreements\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20200930063443\/https:\/\/www.asgnational.com\/miscellaneous\/contracts-vs-service-level-agreements\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Contracts+vs.+Service+Level+Agreements&rft.atitle=ASG+Blog&rft.aulast=Caldwell%2C+D.&rft.au=Caldwell%2C+D.&rft.date=16+February+2019&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20200930063443%2Fhttps%3A%2F%2Fwww.asgnational.com%2Fmiscellaneous%2Fcontracts-vs-service-level-agreements%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-McDowallClouds20-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-McDowallClouds20_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">McDowall, B. (27 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.csolsinc.com\/blog\/clouds-or-clods-software-as-a-service-in-gxp-regulated-laboratories\/\" target=\"_blank\">\"Clouds or Clods? Software as a Service in GxP Regulated Laboratories\"<\/a>. <i>CSols Blog<\/i>. CSols, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.csolsinc.com\/blog\/clouds-or-clods-software-as-a-service-in-gxp-regulated-laboratories\/\" target=\"_blank\">https:\/\/www.csolsinc.com\/blog\/clouds-or-clods-software-as-a-service-in-gxp-regulated-laboratories\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Clouds+or+Clods%3F+Software+as+a+Service+in+GxP+Regulated+Laboratories&rft.atitle=CSols+Blog&rft.aulast=McDowall%2C+B.&rft.au=McDowall%2C+B.&rft.date=27+August+2020&rft.pub=CSols%2C+Inc&rft_id=https%3A%2F%2Fwww.csolsinc.com%2Fblog%2Fclouds-or-clods-software-as-a-service-in-gxp-regulated-laboratories%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MazzoliGood20-11\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-MazzoliGood20_11-0\">11.0<\/a><\/sup> <sup><a href=\"#cite_ref-MazzoliGood20_11-1\">11.1<\/a><\/sup> <sup><a href=\"#cite_ref-MazzoliGood20_11-2\">11.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mazzoli, R. (26 January 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/learn.microsoft.com\/en-us\/compliance\/regulatory\/offering-gxp\" target=\"_blank\">\"Good Clinical, Laboratory, and Manufacturing Practices (GxP)\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/learn.microsoft.com\/en-us\/compliance\/regulatory\/offering-gxp\" target=\"_blank\">https:\/\/learn.microsoft.com\/en-us\/compliance\/regulatory\/offering-gxp<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Good+Clinical%2C+Laboratory%2C+and+Manufacturing+Practices+%28GxP%29&rft.atitle=Microsoft+Documentation&rft.aulast=Mazzoli%2C+R.&rft.au=Mazzoli%2C+R.&rft.date=26+January+2023&rft.pub=Microsoft%2C+Inc&rft_id=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fcompliance%2Fregulatory%2Foffering-gxp&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleUsing20-12\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GoogleUsing20_12-0\">12.0<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleUsing20_12-1\">12.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/cloud-gxp-whitepaper\" target=\"_blank\">\"Using Google Cloud in GxP Systems\"<\/a>. Google Cloud. May 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/security\/compliance\/cloud-gxp-whitepaper\" target=\"_blank\">https:\/\/cloud.google.com\/security\/compliance\/cloud-gxp-whitepaper<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Using+Google+Cloud+in+GxP+Systems&rft.atitle=&rft.date=May+2020&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fsecurity%2Fcompliance%2Fcloud-gxp-whitepaper&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HemmerTrust19-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HemmerTrust19_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Colby, L. (1 February 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/linfordco.com\/blog\/trust-services-critieria-principles-soc-2\/\" target=\"_blank\">\"2023 Trust Services Criteria (TSCs) for SOC 2 Reports\"<\/a>. <i>Linford & Company IT Audit & Compliance Blog<\/i>. Linford and Co. LLP<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/linfordco.com\/blog\/trust-services-critieria-principles-soc-2\/\" target=\"_blank\">https:\/\/linfordco.com\/blog\/trust-services-critieria-principles-soc-2\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=2023+Trust+Services+Criteria+%28TSCs%29+for+SOC+2+Reports&rft.atitle=Linford+%26+Company+IT+Audit+%26+Compliance+Blog&rft.aulast=Colby%2C+L.&rft.au=Colby%2C+L.&rft.date=1+February+2023&rft.pub=Linford+and+Co.+LLP&rft_id=https%3A%2F%2Flinfordco.com%2Fblog%2Ftrust-services-critieria-principles-soc-2%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TillerIsThe19-14\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-TillerIsThe19_14-0\">14.0<\/a><\/sup> <sup><a href=\"#cite_ref-TillerIsThe19_14-1\">14.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Tiller, D. (2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf\" target=\"_blank\">\"Is the Cloud a Safe Place for Your Data?: How Life Science Organizations Can Ensure Integrity and Security in a SaaS Environment\"<\/a> (PDF). IDBS. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf\" target=\"_blank\">the original<\/a> on 08 March 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Is+the+Cloud+a+Safe+Place+for+Your+Data%3F%3A+How+Life+Science+Organizations+Can+Ensure+Integrity+and+Security+in+a+SaaS+Environment&rft.atitle=&rft.aulast=Tiller%2C+D.&rft.au=Tiller%2C+D.&rft.date=2019&rft.pub=IDBS&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210308231558%2Fhttps%3A%2F%2Fstorage.pardot.com%2F468401%2F1614781936jHqdU6H6%2FWhitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205955\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.134 seconds\nReal time usage: 0.144 seconds\nPreprocessor visited node count: 9919\/1000000\nPost\u2010expand include size: 87936\/2097152 bytes\nTemplate argument size: 35452\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 26243\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 127.194 1 -total\n 88.14% 112.109 1 Template:Reflist\n 71.79% 91.312 14 Template:Cite_web\n 66.06% 84.023 14 Template:Citation\/core\n 15.13% 19.247 13 Template:Date\n 11.76% 14.963 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\n 4.99% 6.342 24 Template:Citation\/make_link\n 1.67% 2.126 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13046-0!canonical and timestamp 20230816205955 and revision id 46395. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","b0cb41c5916cbdd7468bdf719942f9e4_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/9\/94\/Workshop_GDPR_compliance_at_the_2019_Global_Entrepreneurship_Summit.jpg"],"b0cb41c5916cbdd7468bdf719942f9e4_timestamp":1692220359,"83c534f3616a80e2abc7e3d28c0c5cdc_type":"article","83c534f3616a80e2abc7e3d28c0c5cdc_title":"4.1 Benefits","83c534f3616a80e2abc7e3d28c0c5cdc_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits","83c534f3616a80e2abc7e3d28c0c5cdc_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Cloud computing in the laboratory\/BenefitsFrom LIMSWikiJump to navigationJump to search-----Return to the beginning of this guide-----\n4. Cloud computing in the laboratory \n Figure 5. This diagram depicts a generic workflow of diagnostic testing for a patient, from the doctor ordering the test, the laboratory running its tests (with its own workflow), and the doctor finally receiving the results and passing them on to the patient.It took three chapters, but now\u2014with all that background in-hand\u2014we can finally address how cloud computing relates to the various type of laboratories spread across multiple sectors. Let's first begin with what an average software-enabled laboratory's data workflow might look. We can then address the benefits of cloud computing within the scope of that workflow and the regulations that affect it. Afterwards, we can examine different deployment approaches and the associated costs and benefits.\nLet's turn to a broad example of laboratory workflow using diagnostic testing of a patient as an example. Figure 5 depicts a generic workflow for this process, with a doctor first ordering a laboratory test for a patient. This may be done through a Computerized physician order entry (CPOE) module found in an electronic health record (EHR) system, or through some other electronic system. In turn, a test order appears in the electronic system of the laboratory. This might occur in the lab's own CPOE module, usually integrated in some way with a laboratory information system (LIS) or a laboratory information management system (LIMS). The patient then provides the necessary specimens, either at a remote location, with the specimens then getting shipped to the main lab, or directly at the lab where the testing it to be performed. Whenever the specimens are received at the laboratory, they must be checked-in or registered in the LIS or LIMS, as part of an overall responsibility of maintaining chain of custody. At this delivery point, the laboratory's own processes and workflows take over, with the LIS or LIMS aiding in the assurance that the specimens are accurately tracked from delivery to final results getting reported (and then some, if specimen retention times are necessary). \nThat internal laboratory workflow will look slightly different for each clinical lab, but a broad set of steps will be realized with each lab. One or more specimens get registered in the system, barcoded labels get generated, tests and any other preparative activities are scheduled for the specimens, laboratory personnel are assigned, the scheduled workloads are completed, the results get analyzed and verified, and if nothing is out-of-specification (OOS) or abnormal, the results get logged and placed in a deliverable report. Barring any mandated specimen retention times, the remaining specimen material is properly disposed. At this point, most of the clinical laboratory's obligations are met; the resulting report is sent to the ordering physician, who in turn shares the results with the original patient.\nWhen we look at these workflows today, a computerized component is usually associated with them. From the CPOE and EHR to the LIS and LIMS, software systems and other laboratory automation have been an increasing area of focus for improving laboratory efficiencies, reducing human error, shortening turnaround times, and improving regulatory compliance.[1][2][3] In the laboratory, the LIS and LIMS are able to electronically maintain an audit trail of sample movement, analyst activities, record alteration, and much more. The modern LIS and LIMS are also able to limit access to data and functions based on assigned role, track versioning of documents, manage scheduling, issue alarms and alerts for OOS results, maintain training records, and much more. \nYet with all the benefits of software use in the laboratory comes additional risks involving the security and protection of the data that software manages, transmits, and receives. Under some circumstances, these risks may become more acute by moving software systems to cloud computing environments. We broadly discussed many of those risks in the previous chapter. Data security and regulatory risk demand that labs moving into the cloud carefully consider the appropriate and necessary use of user access controls, networking across multitenancy or shared infrastructures, and encryption and security controls offered by the cloud service provider (CSP). Technology risk demands that labs embracing cloud have staff with a constant eye on what's changing in the industry and what tools can extend the effective life span of their cloud implementations. Operational risk demands that labs integrating cloud solutions into their workflows have redundancy plans in place for how to mitigate risks from physical disasters and other threats to their data hosted in public and private clouds. Vendor risk demands that labs thoroughly vet their cloud service providers, those providers' long-term stability, and their fall-back plans should they suffer a major business loss. And finally, financial risk demands that labs turning to the cloud should have staff who are well-versed in financial management and can effectively understand the current and future costs of implementing cloud solutions in the lab.\nHowever, this talk of risk shouldn't scare away laboratory staff considering a move to the cloud; the cloud can benefit automated laboratories in many ways. However, it does require a thoughtful, organization-wide approach to managing the risks (as discussed in Chapter 3). Let's take a look at the benefits a laboratory could realize from moving to cloud-based solutions.\n\r\n\n\n4.1 Benefits \nWhether or not you fully buy into the ability of cloud computing to help you laboratory depends on a number of factors, including industry served, current data output, anticipated future data output, the regulations affecting your lab, your organization's budget, and your organization's willingness to adopt and enforce sound risk management policies and controls. A tiny material testing laboratory with relatively simple workflows and little in the way of anticipated growth in the short term may be content with using their in-house systems. A biological research group with several laboratories geographically spread across the continent creating and managing large data sets for developing new medical innovations, all while operating in a competitive environment, may see the cloud as an opportunity to grow the organization and perform more efficient work.\nIn fact, the biomedical sciences in general have been a good fit for cloud computing. \"Omics\" laboratories in particular have shown promise for cloud-based data management, with many researchers over the years demonstrating various methods of managing the \"big data\" networking and sharing of omics data in the cloud.[4][5][6][7] These efforts have focused on managing large data sets more efficiently while being able to securely share those data sets with researchers around the world. This data sharing\u2014particularly while considering FAIR data principles that aim to make data findable, accessible, interoperable, and reusable[8]\u2014is of significant benefit to research laboratories around the world; controlled access to that data via standards-based cloud computing methods certainly lends to those FAIR principles.[9]\nAnother area where laboratory-driven cloud computing makes sense is that of the internet of things (IoT) and networked sensors that collect data. From wearable sensors, monitors, and point-of-care diagnostic systems to wireless sensor networks, Bluetooth-enabled mobile devices, and even IoT-enabled devices and equipment directly in the laboratory, connecting those devices to cloud services and storage provides near-seamless integration of data producing instruments with laboratory workflows.[10][11] Monitoring temperature, humidity, and other ambient temperatures of freezers, fridges, and incubators while maintaining calibration and maintenance data becomes more automated.[11] Usage data on high-use instruments can be uploaded to the cloud and analyzed to enable predictive maintenance down the road.[11] And outdoor pollution monitoring systems that use low-cost, networked sensors can, upon taking a reading (a trigger event), send the result to a cloud service (at times with the help of edge computing), where a bit of uploaded code processes the data upload on-demand.[12] In all these cases, the automated collection and analysis of data using cloud components\u2014which in turn makes that data accessible from anywhere in the world with internet access\u2014allows laboratorians to rapidly gain advantages in how they work.\nPanning outward, we see other benefits of cloud to a broad set of laboratories. Agilent Technologies, an analytical instrument developer and manufacturer, argues that the cloud can transform siloed, disparate data and information in a non-cloud, on-premises informatics solution into more actionable knowledge and wisdom, which by extension adds value to the laboratory. They also argue overall value to the lab is increased by[13]:\n\n\"providing a higher level of connectivity and consistency for lab informatics systems and processes\";\nenabling \"lab managers to integrate functionality and bring context to every phase of the continuum of value, without increasing cost or risk\";\nallowing IT personnel \"to do more with less\";\nenabling \"faster, easier, more mobile access to data and tools\" for lab technicians (globally);\nallowing lab leaders to reduce costs (including capital expenditure costs) and \"increase team morale by enabling streamlined, self-service access to resources\" ; and\nenabling labs to expand their \"digital transformation initiatives,\" with cloud as the catalyst.\nOther benefits provided to labs by cloud computing include:\n\nproviding \"the ability to easily increase or decrease their use [of infrastructure and services] as business objectives change and keep the organization nimble and competitive\" (i.e., added scalability while operating more research tasks with massive data sets)[14];\nlimiting responsibility of physical (in-person) access and protection of stored data to the CSP (though this comes with its own caveats concerning backing up with another provider)[15];\nlimiting responsibility for technical hardware and other assets to the CSP as the organization grows and changes[15];\ninheriting the existing security protocols and compliance procedures of the provider (though again with caveats concerning vetting the CSP's security, and the inability to do so at times)[15]; and\nensuring \"that different teams are not simultaneously replicating workloads \u2013 creating greater efficiencies throughout organizations\" (under the scope of the real-time update capacity of cloud globally).[16]\nTo sum this all up, let's look at what cloud computing is, care of Chapter 1:\n\nan internet-based computing paradigm in which standardized and virtualized resources are used to rapidly, elastically, and cost-effectively provide a variety of globally available, \"always-on\" computing services to users on a continuous or as-needed basis\nFirst, cloud technology is standardized, just like many of the techniques used in laboratories. A standardized approach to cloud computing assists with cloud services remaining compliant, which laboratories also must do. Yes, there's plenty of responsibility in ensuring all data management and use in the cloud is done so in a compliant fashion, but standardized approaches based on sound security principles help limit a laboratory's extended risk. Second, cloud technology is virtualized, meaning compute services and resources are more readily able to be recovered should system failure or disaster strike. Compare this to traditional infrastructures that inherently end up with longer periods of downtime, something which most laboratories cannot afford to have. Third, cloud services are built to be provisioned rapidly, elastically, and cost-effectively. In the case of laboratories and their workflows\u2014especially in high-throughput labs\u2014having scalable compute services that can be ramped up rapidly on a pay-what-you-use basis is certainly appealing to the overall business model. Finally, having those services available from anywhere with internet service, at any time, greatly expands numerous aspects of laboratory operations. Laboratorians can access data from anywhere at any time, facilitating research and discovery. Additionally, this enables remote and wireless data collection and upload from all but the most remote of locations, making environmental or even public health laboratory efforts more flexible and nimble.\n\nReferences \n\n\n\u2191 Weinstein, M.; Smith, G. (2007). \"Automation in the Clinical Pathology Laboratory\". North Carolina Medical Journal (2): 130\u201331. doi:10.18043\/ncm.68.2.130.   \n \n\n\u2191 Prasad, P.J.; Bodhe, G.L. (2012). \"Trends in laboratory information management system\". Chemometrics and Intelligent Laboratory Systems 118: 187\u201392. doi:10.1016\/j.chemolab.2012.07.001.   \n \n\n\u2191 Casey, E.; Souvignet, T.R. (2020). \"Digital transformation risk management in forensic science laboratories\". Forensic Science International 316: 110486. doi:10.1016\/j.forsciint.2020.110486.   \n \n\n\u2191 Onsong, G.; Erdmann, J.; Spears, M.D. et al. (2014). \"Implementation of Cloud based Next Generation Sequencing data analysis in a clinical laboratory\". BMC Research Notes 7: 314. doi:10.1186\/1756-0500-7-314. PMC PMC4036707. PMID 24885806. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4036707 .   \n \n\n\u2191 Afgan, E.; Sloggett, C.; Goonasekera, N. et al. (2015). \"Genomics Virtual Laboratory: A Practical Bioinformatics Workbench for the Cloud\". PLoS One 10 (10): e0140829. doi:10.1371\/journal.pone.0140829. PMC PMC4621043. PMID 26501966. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4621043 .   \n \n\n\u2191 Navale, V.; Bourne, P.E. (2018). \"Cloud computing applications for biomedical science: A perspective\". PLoS Computational Biology 14 (6): e1006144. doi:10.1371\/journal.pcbi.1006144. PMC PMC6002019. PMID 29902176. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019 .   \n \n\n\u2191 Ogle, C.; Reddick, D.; McKnight, C.; Biggs, T.; Pauly, R.; Ficklin, S.P.; Feltus, F.A.; Shannigrahi, S. (2021). \"Named data networking for genomics data management and integrated workflows\". Frontiers in Big Data 4: 582468. doi:10.3389\/fdata.2021.582468. PMC PMC7968724. PMID 33748749. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC7968724 .   \n \n\n\u2191 Wilkinson, M.D.; Dumontier, M.; Aalbersberg, I.J. et al. (2016). \"The FAIR Guiding Principles for scientific data management and stewardship\". Scientific Data 3: 160018. doi:10.1038\/sdata.2016.18. PMC PMC4792175. PMID 26978244. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4792175 .   \n \n\n\u2191 Mons, B.; Neylon, C.; Velterop, J. et al. (2017). \"Cloudy, increasingly FAIR; revisiting the FAIR Data guiding principles for the European Open Science Cloud\". Information Services & Use 37 (1): 49\u201356. doi:10.3233\/ISU-170824.   \n \n\n\u2191 Mayer, M.; Baeumner, A.J. (2019). \"A Megatrend Challenging Analytical Chemistry: Biosensor and Chemosensor Concepts Ready for the Internet of Things\". Chemical Reviews 119 (13): 7996\u20138027. doi:10.1021\/acs.chemrev.8b00719. PMID 31070892.   \n \n\n\u2191 11.0 11.1 11.2 Borfitz, D. (17 April 2020). \"IoT In The Lab Includes Digital Cages And Instrument Sensors\". BioIT World. https:\/\/www.bio-itworld.com\/news\/2020\/04\/17\/iot-in-the-lab-includes-digital-cages-and-instrument-sensors . Retrieved 28 July 2023 .   \n \n\n\u2191 Idrees, Z.; Zou, Z.; Zheng, L. (2018). \"Edge Computing Based IoT Architecture for Low Cost Air Pollution Monitoring Systems: A Comprehensive System Analysis, Design Considerations & Development\". Sensors 18 (9): 3021. doi:10.3390\/s18093021. PMC PMC6163730. PMID 30201864. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6163730 .   \n \n\n\u2191 Agilent Technologies (21 February 2019). \"Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps\" (PDF). Agilent Technologies. https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Ward, S. (9 October 2019). \"Cloud Computing for the Laboratory: Using data in the cloud - What it means for data security\". Lab Manager. https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736 . Retrieved 28 July 2023 .   \n \n\n\u2191 15.0 15.1 15.2 Association of Public Health Laboratories (2017). \"Breaking Through the Cloud: A Laboratory Guide to Cloud Computing\" (PDF). Association of Public Health Laboratories. https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 White, R. (20 June 2023). \"A Helpful Guide to Cloud Computing in a Laboratory\". InterFocus Blog. InterFocus Ltd. https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/ . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:35.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 335 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","83c534f3616a80e2abc7e3d28c0c5cdc_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Cloud_computing_in_the_laboratory_Benefits rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Cloud_computing_in_the_laboratory_Benefits skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Cloud computing in the laboratory\/Benefits<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><div align=\"center\">-----Return to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction\" class=\"wiki-link\" data-key=\"a5122d160da552b7fab8ca62d4bc6155\">the beginning<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"4._Cloud_computing_in_the_laboratory\">4. Cloud computing in the laboratory<\/span><\/h2>\n<div class=\"thumb tright\"><div class=\"thumbinner\" style=\"width:622px;\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:POLWorkflow.png\" class=\"image wiki-link\" data-key=\"2e8f48b2ca3e3eb8cdcee2c3d559bf69\"><img alt=\"\" src=\"https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/3\/3d\/POLWorkflow.png\" decoding=\"async\" class=\"thumbimage\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a> <div class=\"thumbcaption\"><div class=\"magnify\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:POLWorkflow.png\" class=\"internal wiki-link\" title=\"Enlarge\" data-key=\"2e8f48b2ca3e3eb8cdcee2c3d559bf69\"><\/a><\/div><b>Figure 5.<\/b> This diagram depicts a generic workflow of diagnostic testing for a patient, from the doctor ordering the test, the laboratory running its tests (with its own workflow), and the doctor finally receiving the results and passing them on to the patient.<\/div><\/div><\/div><p>It took three chapters, but now\u2014with all that background in-hand\u2014we can finally address how <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> relates to the various type of <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a> spread across multiple sectors. Let's first begin with what an average software-enabled laboratory's data <a href=\"https:\/\/www.limswiki.org\/index.php\/Workflow\" title=\"Workflow\" class=\"wiki-link\" data-key=\"92bd8748272e20d891008dcb8243e8a8\">workflow<\/a> might look. We can then address the benefits of cloud computing within the scope of that workflow and the regulations that affect it. Afterwards, we can examine different deployment approaches and the associated costs and benefits.\n<\/p><p>Let's turn to a broad example of laboratory workflow using diagnostic testing of a patient as an example. Figure 5 depicts a generic workflow for this process, with a doctor first ordering a laboratory test for a patient. This may be done through a <a href=\"https:\/\/www.limswiki.org\/index.php\/Computerized_physician_order_entry\" title=\"Computerized physician order entry\" class=\"wiki-link\" data-key=\"f9e67e685f2b29f79e9b0991330f2b10\">Computerized physician order entry<\/a> (CPOE) module found in an <a href=\"https:\/\/www.limswiki.org\/index.php\/Electronic_health_record\" title=\"Electronic health record\" class=\"wiki-link\" data-key=\"f2e31a73217185bb01389404c1fd5255\">electronic health record<\/a> (EHR) system, or through some other electronic system. In turn, a test order appears in the electronic system of the laboratory. This might occur in the lab's own CPOE module, usually integrated in some way with a <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory_information_system\" title=\"Laboratory information system\" class=\"wiki-link\" data-key=\"37add65b4d1c678b382a7d4817a9cf64\">laboratory information system<\/a> (LIS) or a <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory_information_management_system\" title=\"Laboratory information management system\" class=\"wiki-link\" data-key=\"8ff56a51d34c9b1806fcebdcde634d00\">laboratory information management system<\/a> (LIMS). The patient then provides the necessary specimens, either at a remote location, with the specimens then getting shipped to the main lab, or directly at the lab where the testing it to be performed. Whenever the specimens are received at the laboratory, they must be checked-in or registered in the LIS or LIMS, as part of an overall responsibility of maintaining <a href=\"https:\/\/www.limswiki.org\/index.php\/Chain_of_custody\" title=\"Chain of custody\" class=\"wiki-link\" data-key=\"6ba04fe2bb1c8375e133455821aa3894\">chain of custody<\/a>. At this delivery point, the laboratory's own processes and workflows take over, with the LIS or LIMS aiding in the assurance that the specimens are accurately tracked from delivery to final results getting reported (and then some, if specimen retention times are necessary). \n<\/p><p>That internal laboratory workflow will look slightly different for each clinical lab, but a broad set of steps will be realized with each lab. One or more specimens get registered in the system, barcoded labels get generated, tests and any other preparative activities are scheduled for the specimens, laboratory personnel are assigned, the scheduled workloads are completed, the results get analyzed and verified, and if nothing is out-of-specification (OOS) or abnormal, the results get logged and placed in a deliverable report. Barring any mandated specimen retention times, the remaining specimen material is properly disposed. At this point, most of the clinical laboratory's obligations are met; the resulting report is sent to the ordering physician, who in turn shares the results with the original patient.\n<\/p><p>When we look at these workflows today, a computerized component is usually associated with them. From the CPOE and EHR to the LIS and LIMS, software systems and other <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory_automation\" title=\"Laboratory automation\" class=\"wiki-link\" data-key=\"0061880849aeaca05f8aa27ae171f331\">laboratory automation<\/a> have been an increasing area of focus for improving laboratory efficiencies, reducing human error, shortening turnaround times, and improving regulatory compliance.<sup id=\"rdp-ebb-cite_ref-WeinsteinAutomation07_1-0\" class=\"reference\"><a href=\"#cite_note-WeinsteinAutomation07-1\">[1]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-PrasadTrends12_2-0\" class=\"reference\"><a href=\"#cite_note-PrasadTrends12-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CaseyDigital20_3-0\" class=\"reference\"><a href=\"#cite_note-CaseyDigital20-3\">[3]<\/a><\/sup> In the laboratory, the LIS and LIMS are able to electronically maintain an <a href=\"https:\/\/www.limswiki.org\/index.php\/Audit_trail\" title=\"Audit trail\" class=\"wiki-link\" data-key=\"96a617b543c5b2f26617288ba923c0f0\">audit trail<\/a> of sample movement, analyst activities, record alteration, and much more. The modern LIS and LIMS are also able to limit access to data and functions based on assigned role, track versioning of documents, manage scheduling, issue alarms and alerts for OOS results, maintain training records, and much more. \n<\/p><p>Yet with all the benefits of software use in the laboratory comes additional risks involving the security and protection of the data that software manages, transmits, and receives. Under some circumstances, these risks may become more acute by moving software systems to cloud computing environments. We broadly discussed many of those risks in the previous chapter. Data security and regulatory risk demand that labs moving into the cloud carefully consider the appropriate and necessary use of user access controls, networking across multitenancy or shared infrastructures, and encryption and security controls offered by the cloud service provider (CSP). Technology risk demands that labs embracing cloud have staff with a constant eye on what's changing in the industry and what tools can extend the effective life span of their cloud implementations. Operational risk demands that labs integrating cloud solutions into their workflows have redundancy plans in place for how to mitigate risks from physical disasters and other threats to their data hosted in public and private clouds. Vendor risk demands that labs thoroughly vet their cloud service providers, those providers' long-term stability, and their fall-back plans should they suffer a major business loss. And finally, financial risk demands that labs turning to the cloud should have staff who are well-versed in financial management and can effectively understand the current and future costs of implementing cloud solutions in the lab.\n<\/p><p>However, this talk of risk shouldn't scare away laboratory staff considering a move to the cloud; the cloud can benefit automated laboratories in many ways. However, it does require a thoughtful, organization-wide approach to managing the risks (as discussed in Chapter 3). Let's take a look at the benefits a laboratory could realize from moving to cloud-based solutions.\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"4.1_Benefits\">4.1 Benefits<\/span><\/h3>\n<p>Whether or not you fully buy into the ability of cloud computing to help you laboratory depends on a number of factors, including industry served, current data output, anticipated future data output, the regulations affecting your lab, your organization's budget, and your organization's willingness to adopt and enforce sound risk management policies and controls. A tiny material testing laboratory with relatively simple workflows and little in the way of anticipated growth in the short term may be content with using their in-house systems. A biological research group with several laboratories geographically spread across the continent creating and managing large data sets for developing new medical innovations, all while operating in a competitive environment, may see the cloud as an opportunity to grow the organization and perform more efficient work.\n<\/p><p>In fact, the biomedical sciences in general have been a good fit for cloud computing. \"Omics\" laboratories in particular have shown promise for cloud-based data management, with many researchers over the years demonstrating various methods of managing the \"big data\" networking and sharing of omics data in the cloud.<sup id=\"rdp-ebb-cite_ref-OnsongoImplem14_4-0\" class=\"reference\"><a href=\"#cite_note-OnsongoImplem14-4\">[4]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AfganGenomics15_5-0\" class=\"reference\"><a href=\"#cite_note-AfganGenomics15-5\">[5]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-NavaleCloud18_6-0\" class=\"reference\"><a href=\"#cite_note-NavaleCloud18-6\">[6]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-OgleNamed21_7-0\" class=\"reference\"><a href=\"#cite_note-OgleNamed21-7\">[7]<\/a><\/sup> These efforts have focused on managing large data sets more efficiently while being able to securely share those data sets with researchers around the world. This data sharing\u2014particularly while considering FAIR data principles that aim to make data findable, accessible, interoperable, and reusable<sup id=\"rdp-ebb-cite_ref-WilkinsonTheFAIR16_8-0\" class=\"reference\"><a href=\"#cite_note-WilkinsonTheFAIR16-8\">[8]<\/a><\/sup>\u2014is of significant benefit to research laboratories around the world; controlled access to that data via standards-based cloud computing methods certainly lends to those FAIR principles.<sup id=\"rdp-ebb-cite_ref-MonsCloudy17_9-0\" class=\"reference\"><a href=\"#cite_note-MonsCloudy17-9\">[9]<\/a><\/sup>\n<\/p><p>Another area where laboratory-driven cloud computing makes sense is that of the <a href=\"https:\/\/www.limswiki.org\/index.php\/Internet_of_things\" title=\"Internet of things\" class=\"wiki-link\" data-key=\"13e0b826fa1770fe4bea72e3cb942f0f\">internet of things<\/a> (IoT) and networked sensors that collect data. From wearable sensors, monitors, and point-of-care diagnostic systems to wireless sensor networks, Bluetooth-enabled mobile devices, and even IoT-enabled devices and equipment directly in the laboratory, connecting those devices to cloud services and storage provides near-seamless integration of data producing instruments with laboratory workflows.<sup id=\"rdp-ebb-cite_ref-MayerAMega19_10-0\" class=\"reference\"><a href=\"#cite_note-MayerAMega19-10\">[10]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-BorfitzIoT20_11-0\" class=\"reference\"><a href=\"#cite_note-BorfitzIoT20-11\">[11]<\/a><\/sup> Monitoring temperature, humidity, and other ambient temperatures of freezers, fridges, and incubators while maintaining calibration and maintenance data becomes more automated.<sup id=\"rdp-ebb-cite_ref-BorfitzIoT20_11-1\" class=\"reference\"><a href=\"#cite_note-BorfitzIoT20-11\">[11]<\/a><\/sup> Usage data on high-use instruments can be uploaded to the cloud and analyzed to enable predictive maintenance down the road.<sup id=\"rdp-ebb-cite_ref-BorfitzIoT20_11-2\" class=\"reference\"><a href=\"#cite_note-BorfitzIoT20-11\">[11]<\/a><\/sup> And outdoor pollution monitoring systems that use low-cost, networked sensors can, upon taking a reading (a trigger event), send the result to a cloud service (at times with the help of edge computing), where a bit of uploaded code processes the data upload on-demand.<sup id=\"rdp-ebb-cite_ref-IdreesEdge18_12-0\" class=\"reference\"><a href=\"#cite_note-IdreesEdge18-12\">[12]<\/a><\/sup> In all these cases, the automated collection and analysis of data using cloud components\u2014which in turn makes that data accessible from anywhere in the world with internet access\u2014allows laboratorians to rapidly gain advantages in how they work.\n<\/p><p>Panning outward, we see other benefits of cloud to a broad set of laboratories. Agilent Technologies, an analytical instrument developer and manufacturer, argues that the cloud can transform siloed, disparate data and information in a non-cloud, on-premises <a href=\"https:\/\/www.limswiki.org\/index.php\/Informatics_(academic_field)\" title=\"Informatics (academic field)\" class=\"wiki-link\" data-key=\"0391318826a5d9f9a1a1bcc88394739f\">informatics<\/a> solution into more actionable knowledge and wisdom, which by extension adds value to the laboratory. They also argue overall value to the lab is increased by<sup id=\"rdp-ebb-cite_ref-AgilentCloud19_13-0\" class=\"reference\"><a href=\"#cite_note-AgilentCloud19-13\">[13]<\/a><\/sup>:\n<\/p>\n<ul><li>\"providing a higher level of connectivity and consistency for lab informatics systems and processes\";<\/li>\n<li>enabling \"lab managers to integrate functionality and bring context to every phase of the continuum of value, without increasing cost or risk\";<\/li>\n<li>allowing IT personnel \"to do more with less\";<\/li>\n<li>enabling \"faster, easier, more mobile access to data and tools\" for lab technicians (globally);<\/li>\n<li>allowing lab leaders to reduce costs (including capital expenditure costs) and \"increase team morale by enabling streamlined, self-service access to resources\" ; and<\/li>\n<li>enabling labs to expand their \"digital transformation initiatives,\" with cloud as the catalyst.<\/li><\/ul>\n<p>Other benefits provided to labs by cloud computing include:\n<\/p>\n<ul><li>providing \"the ability to easily increase or decrease their use [of infrastructure and services] as business objectives change and keep the organization nimble and competitive\" (i.e., added scalability while operating more research tasks with massive data sets)<sup id=\"rdp-ebb-cite_ref-WardCloud19_14-0\" class=\"reference\"><a href=\"#cite_note-WardCloud19-14\">[14]<\/a><\/sup>;<\/li>\n<li>limiting responsibility of physical (in-person) access and protection of stored data to the CSP (though this comes with its own caveats concerning backing up with another provider)<sup id=\"rdp-ebb-cite_ref-APHLBreaking17_15-0\" class=\"reference\"><a href=\"#cite_note-APHLBreaking17-15\">[15]<\/a><\/sup>;<\/li>\n<li>limiting responsibility for technical hardware and other assets to the CSP as the organization grows and changes<sup id=\"rdp-ebb-cite_ref-APHLBreaking17_15-1\" class=\"reference\"><a href=\"#cite_note-APHLBreaking17-15\">[15]<\/a><\/sup>;<\/li>\n<li>inheriting the existing security protocols and compliance procedures of the provider (though again with caveats concerning vetting the CSP's security, and the inability to do so at times)<sup id=\"rdp-ebb-cite_ref-APHLBreaking17_15-2\" class=\"reference\"><a href=\"#cite_note-APHLBreaking17-15\">[15]<\/a><\/sup>; and<\/li>\n<li>ensuring \"that different teams are not simultaneously replicating workloads \u2013 creating greater efficiencies throughout organizations\" (under the scope of the real-time update capacity of cloud globally).<sup id=\"rdp-ebb-cite_ref-IFAhelp20_16-0\" class=\"reference\"><a href=\"#cite_note-IFAhelp20-16\">[16]<\/a><\/sup><\/li><\/ul>\n<p>To sum this all up, let's look at what cloud computing is, care of Chapter 1:\n<\/p>\n<blockquote><p>an internet-based computing paradigm in which standardized and <a href=\"https:\/\/www.limswiki.org\/index.php\/Virtualization\" title=\"Virtualization\" class=\"wiki-link\" data-key=\"e6ef1e0497ceb6545c0948d436eba29c\">virtualized<\/a> resources are used to rapidly, elastically, and cost-effectively provide a variety of globally available, \"always-on\" computing services to users on a continuous or as-needed basis<\/p><\/blockquote>\n<p>First, cloud technology is standardized, just like many of the techniques used in laboratories. A standardized approach to cloud computing assists with cloud services remaining compliant, which laboratories also must do. Yes, there's plenty of responsibility in ensuring all data management and use in the cloud is done so in a compliant fashion, but standardized approaches based on sound security principles help limit a laboratory's extended risk. Second, cloud technology is virtualized, meaning compute services and resources are more readily able to be recovered should system failure or disaster strike. Compare this to traditional infrastructures that inherently end up with longer periods of downtime, something which most laboratories cannot afford to have. Third, cloud services are built to be provisioned rapidly, elastically, and cost-effectively. In the case of laboratories and their workflows\u2014especially in high-throughput labs\u2014having scalable compute services that can be ramped up rapidly on a pay-what-you-use basis is certainly appealing to the overall business model. Finally, having those services available from anywhere with internet service, at any time, greatly expands numerous aspects of laboratory operations. Laboratorians can access data from anywhere at any time, facilitating research and discovery. Additionally, this enables remote and wireless data collection and upload from all but the most remote of locations, making environmental or even public health laboratory efforts more flexible and nimble.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-WeinsteinAutomation07-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WeinsteinAutomation07_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Weinstein, M.; Smith, G. (2007). \"Automation in the Clinical Pathology Laboratory\". <i>North Carolina Medical Journal<\/i> (2): 130\u201331. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.18043%2Fncm.68.2.130\" target=\"_blank\">10.18043\/ncm.68.2.130<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Automation+in+the+Clinical+Pathology+Laboratory&rft.jtitle=North+Carolina+Medical+Journal&rft.aulast=Weinstein%2C+M.%3B+Smith%2C+G.&rft.au=Weinstein%2C+M.%3B+Smith%2C+G.&rft.date=2007&rft.issue=2&rft.pages=130%E2%80%9331&rft_id=info:doi\/10.18043%2Fncm.68.2.130&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PrasadTrends12-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PrasadTrends12_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Prasad, P.J.; Bodhe, G.L. (2012). \"Trends in laboratory information management system\". <i>Chemometrics and Intelligent Laboratory Systems<\/i> <b>118<\/b>: 187\u201392. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1016%2Fj.chemolab.2012.07.001\" target=\"_blank\">10.1016\/j.chemolab.2012.07.001<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Trends+in+laboratory+information+management+system&rft.jtitle=Chemometrics+and+Intelligent+Laboratory+Systems&rft.aulast=Prasad%2C+P.J.%3B+Bodhe%2C+G.L.&rft.au=Prasad%2C+P.J.%3B+Bodhe%2C+G.L.&rft.date=2012&rft.volume=118&rft.pages=187%E2%80%9392&rft_id=info:doi\/10.1016%2Fj.chemolab.2012.07.001&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CaseyDigital20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CaseyDigital20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Casey, E.; Souvignet, T.R. (2020). \"Digital transformation risk management in forensic science laboratories\". <i>Forensic Science International<\/i> <b>316<\/b>: 110486. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1016%2Fj.forsciint.2020.110486\" target=\"_blank\">10.1016\/j.forsciint.2020.110486<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Digital+transformation+risk+management+in+forensic+science+laboratories&rft.jtitle=Forensic+Science+International&rft.aulast=Casey%2C+E.%3B+Souvignet%2C+T.R.&rft.au=Casey%2C+E.%3B+Souvignet%2C+T.R.&rft.date=2020&rft.volume=316&rft.pages=110486&rft_id=info:doi\/10.1016%2Fj.forsciint.2020.110486&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OnsongoImplem14-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OnsongoImplem14_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Onsong, G.; Erdmann, J.; Spears, M.D. et al. (2014). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4036707\" target=\"_blank\">\"Implementation of Cloud based Next Generation Sequencing data analysis in a clinical laboratory\"<\/a>. <i>BMC Research Notes<\/i> <b>7<\/b>: 314. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1186%2F1756-0500-7-314\" target=\"_blank\">10.1186\/1756-0500-7-314<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC4036707\/\" target=\"_blank\">PMC4036707<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/24885806\" target=\"_blank\">24885806<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4036707\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4036707<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Implementation+of+Cloud+based+Next+Generation+Sequencing+data+analysis+in+a+clinical+laboratory&rft.jtitle=BMC+Research+Notes&rft.aulast=Onsong%2C+G.%3B+Erdmann%2C+J.%3B+Spears%2C+M.D.+et+al.&rft.au=Onsong%2C+G.%3B+Erdmann%2C+J.%3B+Spears%2C+M.D.+et+al.&rft.date=2014&rft.volume=7&rft.pages=314&rft_id=info:doi\/10.1186%2F1756-0500-7-314&rft_id=info:pmc\/PMC4036707&rft_id=info:pmid\/24885806&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC4036707&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AfganGenomics15-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AfganGenomics15_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Afgan, E.; Sloggett, C.; Goonasekera, N. et al. (2015). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4621043\" target=\"_blank\">\"Genomics Virtual Laboratory: A Practical Bioinformatics Workbench for the Cloud\"<\/a>. <i>PLoS One<\/i> <b>10<\/b> (10): e0140829. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1371%2Fjournal.pone.0140829\" target=\"_blank\">10.1371\/journal.pone.0140829<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC4621043\/\" target=\"_blank\">PMC4621043<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/26501966\" target=\"_blank\">26501966<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4621043\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4621043<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Genomics+Virtual+Laboratory%3A+A+Practical+Bioinformatics+Workbench+for+the+Cloud&rft.jtitle=PLoS+One&rft.aulast=Afgan%2C+E.%3B+Sloggett%2C+C.%3B+Goonasekera%2C+N.+et+al.&rft.au=Afgan%2C+E.%3B+Sloggett%2C+C.%3B+Goonasekera%2C+N.+et+al.&rft.date=2015&rft.volume=10&rft.issue=10&rft.pages=e0140829&rft_id=info:doi\/10.1371%2Fjournal.pone.0140829&rft_id=info:pmc\/PMC4621043&rft_id=info:pmid\/26501966&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC4621043&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NavaleCloud18-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NavaleCloud18_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Navale, V.; Bourne, P.E. (2018). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019\" target=\"_blank\">\"Cloud computing applications for biomedical science: A perspective\"<\/a>. <i>PLoS Computational Biology<\/i> <b>14<\/b> (6): e1006144. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1371%2Fjournal.pcbi.1006144\" target=\"_blank\">10.1371\/journal.pcbi.1006144<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC6002019\/\" target=\"_blank\">PMC6002019<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/29902176\" target=\"_blank\">29902176<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Cloud+computing+applications+for+biomedical+science%3A+A+perspective&rft.jtitle=PLoS+Computational+Biology&rft.aulast=Navale%2C+V.%3B+Bourne%2C+P.E.&rft.au=Navale%2C+V.%3B+Bourne%2C+P.E.&rft.date=2018&rft.volume=14&rft.issue=6&rft.pages=e1006144&rft_id=info:doi\/10.1371%2Fjournal.pcbi.1006144&rft_id=info:pmc\/PMC6002019&rft_id=info:pmid\/29902176&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC6002019&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OgleNamed21-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OgleNamed21_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Ogle, C.; Reddick, D.; McKnight, C.; Biggs, T.; Pauly, R.; Ficklin, S.P.; Feltus, F.A.; Shannigrahi, S. (2021). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC7968724\" target=\"_blank\">\"Named data networking for genomics data management and integrated workflows\"<\/a>. <i>Frontiers in Big Data<\/i> <b>4<\/b>: 582468. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.3389%2Ffdata.2021.582468\" target=\"_blank\">10.3389\/fdata.2021.582468<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC7968724\/\" target=\"_blank\">PMC7968724<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/33748749\" target=\"_blank\">33748749<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC7968724\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC7968724<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Named+data+networking+for+genomics+data+management+and+integrated+workflows&rft.jtitle=Frontiers+in+Big+Data&rft.aulast=Ogle%2C+C.%3B+Reddick%2C+D.%3B+McKnight%2C+C.%3B+Biggs%2C+T.%3B+Pauly%2C+R.%3B+Ficklin%2C+S.P.%3B+Feltus%2C+F.A.%3B+Shannigrahi%2C+S.&rft.au=Ogle%2C+C.%3B+Reddick%2C+D.%3B+McKnight%2C+C.%3B+Biggs%2C+T.%3B+Pauly%2C+R.%3B+Ficklin%2C+S.P.%3B+Feltus%2C+F.A.%3B+Shannigrahi%2C+S.&rft.date=2021&rft.volume=4&rft.pages=582468&rft_id=info:doi\/10.3389%2Ffdata.2021.582468&rft_id=info:pmc\/PMC7968724&rft_id=info:pmid\/33748749&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC7968724&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WilkinsonTheFAIR16-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WilkinsonTheFAIR16_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Wilkinson, M.D.; Dumontier, M.; Aalbersberg, I.J. et al. (2016). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4792175\" target=\"_blank\">\"The FAIR Guiding Principles for scientific data management and stewardship\"<\/a>. <i>Scientific Data<\/i> <b>3<\/b>: 160018. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1038%2Fsdata.2016.18\" target=\"_blank\">10.1038\/sdata.2016.18<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC4792175\/\" target=\"_blank\">PMC4792175<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/26978244\" target=\"_blank\">26978244<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4792175\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC4792175<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=The+FAIR+Guiding+Principles+for+scientific+data+management+and+stewardship&rft.jtitle=Scientific+Data&rft.aulast=Wilkinson%2C+M.D.%3B+Dumontier%2C+M.%3B+Aalbersberg%2C+I.J.+et+al.&rft.au=Wilkinson%2C+M.D.%3B+Dumontier%2C+M.%3B+Aalbersberg%2C+I.J.+et+al.&rft.date=2016&rft.volume=3&rft.pages=160018&rft_id=info:doi\/10.1038%2Fsdata.2016.18&rft_id=info:pmc\/PMC4792175&rft_id=info:pmid\/26978244&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC4792175&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MonsCloudy17-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MonsCloudy17_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Mons, B.; Neylon, C.; Velterop, J. et al. (2017). \"Cloudy, increasingly FAIR; revisiting the FAIR Data guiding principles for the European Open Science Cloud\". <i>Information Services & Use<\/i> <b>37<\/b> (1): 49\u201356. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.3233%2FISU-170824\" target=\"_blank\">10.3233\/ISU-170824<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Cloudy%2C+increasingly+FAIR%3B+revisiting+the+FAIR+Data+guiding+principles+for+the+European+Open+Science+Cloud&rft.jtitle=Information+Services+%26+Use&rft.aulast=Mons%2C+B.%3B+Neylon%2C+C.%3B+Velterop%2C+J.+et+al.&rft.au=Mons%2C+B.%3B+Neylon%2C+C.%3B+Velterop%2C+J.+et+al.&rft.date=2017&rft.volume=37&rft.issue=1&rft.pages=49%E2%80%9356&rft_id=info:doi\/10.3233%2FISU-170824&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MayerAMega19-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MayerAMega19_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Mayer, M.; Baeumner, A.J. (2019). \"A Megatrend Challenging Analytical Chemistry: Biosensor and Chemosensor Concepts Ready for the Internet of Things\". <i>Chemical Reviews<\/i> <b>119<\/b> (13): 7996\u20138027. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1021%2Facs.chemrev.8b00719\" target=\"_blank\">10.1021\/acs.chemrev.8b00719<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/31070892\" target=\"_blank\">31070892<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Megatrend+Challenging+Analytical+Chemistry%3A+Biosensor+and+Chemosensor+Concepts+Ready+for+the+Internet+of+Things&rft.jtitle=Chemical+Reviews&rft.aulast=Mayer%2C+M.%3B+Baeumner%2C+A.J.&rft.au=Mayer%2C+M.%3B+Baeumner%2C+A.J.&rft.date=2019&rft.volume=119&rft.issue=13&rft.pages=7996%E2%80%938027&rft_id=info:doi\/10.1021%2Facs.chemrev.8b00719&rft_id=info:pmid\/31070892&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BorfitzIoT20-11\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-BorfitzIoT20_11-0\">11.0<\/a><\/sup> <sup><a href=\"#cite_ref-BorfitzIoT20_11-1\">11.1<\/a><\/sup> <sup><a href=\"#cite_ref-BorfitzIoT20_11-2\">11.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Borfitz, D. (17 April 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.bio-itworld.com\/news\/2020\/04\/17\/iot-in-the-lab-includes-digital-cages-and-instrument-sensors\" target=\"_blank\">\"IoT In The Lab Includes Digital Cages And Instrument Sensors\"<\/a>. <i>BioIT World<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.bio-itworld.com\/news\/2020\/04\/17\/iot-in-the-lab-includes-digital-cages-and-instrument-sensors\" target=\"_blank\">https:\/\/www.bio-itworld.com\/news\/2020\/04\/17\/iot-in-the-lab-includes-digital-cages-and-instrument-sensors<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IoT+In+The+Lab+Includes+Digital+Cages+And+Instrument+Sensors&rft.atitle=BioIT+World&rft.aulast=Borfitz%2C+D.&rft.au=Borfitz%2C+D.&rft.date=17+April+2020&rft_id=https%3A%2F%2Fwww.bio-itworld.com%2Fnews%2F2020%2F04%2F17%2Fiot-in-the-lab-includes-digital-cages-and-instrument-sensors&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IdreesEdge18-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IdreesEdge18_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Idrees, Z.; Zou, Z.; Zheng, L. (2018). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6163730\" target=\"_blank\">\"Edge Computing Based IoT Architecture for Low Cost Air Pollution Monitoring Systems: A Comprehensive System Analysis, Design Considerations & Development\"<\/a>. <i>Sensors<\/i> <b>18<\/b> (9): 3021. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.3390%2Fs18093021\" target=\"_blank\">10.3390\/s18093021<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC6163730\/\" target=\"_blank\">PMC6163730<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/30201864\" target=\"_blank\">30201864<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6163730\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6163730<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Edge+Computing+Based+IoT+Architecture+for+Low+Cost+Air+Pollution+Monitoring+Systems%3A+A+Comprehensive+System+Analysis%2C+Design+Considerations+%26+Development&rft.jtitle=Sensors&rft.aulast=Idrees%2C+Z.%3B+Zou%2C+Z.%3B+Zheng%2C+L.&rft.au=Idrees%2C+Z.%3B+Zou%2C+Z.%3B+Zheng%2C+L.&rft.date=2018&rft.volume=18&rft.issue=9&rft.pages=3021&rft_id=info:doi\/10.3390%2Fs18093021&rft_id=info:pmc\/PMC6163730&rft_id=info:pmid\/30201864&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC6163730&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AgilentCloud19-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AgilentCloud19_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Agilent Technologies (21 February 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf\" target=\"_blank\">\"Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps\"<\/a> (PDF). Agilent Technologies<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf\" target=\"_blank\">https:\/\/www.agilent.com\/cs\/library\/whitepaper\/public\/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Adoption+for+Lab+Informatics%3A+Trends%2C+Opportunities%2C+Considerations%2C+Next+Steps&rft.atitle=&rft.aulast=Agilent+Technologies&rft.au=Agilent+Technologies&rft.date=21+February+2019&rft.pub=Agilent+Technologies&rft_id=https%3A%2F%2Fwww.agilent.com%2Fcs%2Flibrary%2Fwhitepaper%2Fpublic%2Fwhitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WardCloud19-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WardCloud19_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Ward, S. (9 October 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736\" target=\"_blank\">\"Cloud Computing for the Laboratory: Using data in the cloud - What it means for data security\"<\/a>. <i>Lab Manager<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736\" target=\"_blank\">https:\/\/www.labmanager.com\/cloud-computing-for-the-laboratory-736<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Computing+for+the+Laboratory%3A+Using+data+in+the+cloud+-+What+it+means+for+data+security&rft.atitle=Lab+Manager&rft.aulast=Ward%2C+S.&rft.au=Ward%2C+S.&rft.date=9+October+2019&rft_id=https%3A%2F%2Fwww.labmanager.com%2Fcloud-computing-for-the-laboratory-736&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-APHLBreaking17-15\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-APHLBreaking17_15-0\">15.0<\/a><\/sup> <sup><a href=\"#cite_ref-APHLBreaking17_15-1\">15.1<\/a><\/sup> <sup><a href=\"#cite_ref-APHLBreaking17_15-2\">15.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Association of Public Health Laboratories (2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf\" target=\"_blank\">\"Breaking Through the Cloud: A Laboratory Guide to Cloud Computing\"<\/a> (PDF). Association of Public Health Laboratories<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf\" target=\"_blank\">https:\/\/www.aphl.org\/aboutAPHL\/publications\/Documents\/INFO-2017Jun-Cloud-Computing.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Breaking+Through+the+Cloud%3A+A+Laboratory+Guide+to+Cloud+Computing&rft.atitle=&rft.aulast=Association+of+Public+Health+Laboratories&rft.au=Association+of+Public+Health+Laboratories&rft.date=2017&rft.pub=Association+of+Public+Health+Laboratories&rft_id=https%3A%2F%2Fwww.aphl.org%2FaboutAPHL%2Fpublications%2FDocuments%2FINFO-2017Jun-Cloud-Computing.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IFAhelp20-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IFAhelp20_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">White, R. (20 June 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/\" target=\"_blank\">\"A Helpful Guide to Cloud Computing in a Laboratory\"<\/a>. <i>InterFocus Blog<\/i>. InterFocus Ltd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/\" target=\"_blank\">https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=A+Helpful+Guide+to+Cloud+Computing+in+a+Laboratory&rft.atitle=InterFocus+Blog&rft.aulast=White%2C+R.&rft.au=White%2C+R.&rft.date=20+June+2023&rft.pub=InterFocus+Ltd&rft_id=https%3A%2F%2Fwww.mynewlab.com%2Fblog%2Fa-helpful-guide-to-cloud-computing-in-a-laboratory%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205955\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.162 seconds\nReal time usage: 0.177 seconds\nPreprocessor visited node count: 12060\/1000000\nPost\u2010expand include size: 119814\/2097152 bytes\nTemplate argument size: 35248\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 34267\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 158.175 1 -total\n 92.96% 147.036 1 Template:Reflist\n 74.60% 118.001 16 Template:Citation\/core\n 58.48% 92.508 11 Template:Cite_journal\n 24.23% 38.321 5 Template:Cite_web\n 13.72% 21.694 24 Template:Citation\/identifier\n 6.98% 11.048 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\n 6.65% 10.520 5 Template:Date\n 5.86% 9.268 54 Template:Hide_in_print\n 5.21% 8.246 19 Template:Citation\/make_link\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13045-0!canonical and timestamp 20230816205954 and revision id 46394. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","83c534f3616a80e2abc7e3d28c0c5cdc_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/3\/3d\/POLWorkflow.png"],"83c534f3616a80e2abc7e3d28c0c5cdc_timestamp":1692220359,"fe08331184f2a9ce11d728851a0166d8_type":"article","fe08331184f2a9ce11d728851a0166d8_title":"3.3 A brief note on cloud-inclusive cybersecurity insurance","fe08331184f2a9ce11d728851a0166d8_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance","fe08331184f2a9ce11d728851a0166d8_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Organizational cloud computing risk management\/A brief note on cloud-inclusive cybersecurity insuranceFrom LIMSWikiJump to navigationJump to search3.3 A brief note on cloud-inclusive cybersecurity insurance \nIn January 2020, law firm Woodruf Sawyer indicated that among its business clients, the percentage of those organizations acquiring cybersecurity insurance coverage increased from 22 percent in 2016 to 39 percent in 2019, with that number expected to rise.[1] In 2023, Network Assured found the percentage of organizations with some form of cybersecurity insurance had gone up to 55 percent, with cybersecurity insurance claims increasing 100 percent since 2020.[2] Though the concept of cyber insurance has been around for several decades, it certainly has gained traction as a more popular offering in recent years. Initial adoption has often been hampered by the perception that issuers of such policies will rarely pay. But as companies like Merck, Equifax, and Marriott demonstrate that payment under cyber insurance policies is possible[1], questions remain about the value and availability of cybersecurity insurance, particularly when cloud computing is involved.\nIn their 2020 paper for the Carnegie Endowment, Levite and Kalwani shared their educated opinion on the cybersecurity insurance market as it relates to cloud computing[3]:\n\nAnother important regulatory priority in the category of resilience is insurance as a risk channeling mechanism, to offset physical or financial damages resulting from cloud failures ... At present, little recourse is available to CSPs or the consumer to address such serious and likely scenarios. The nascent cloud insurance market does not currently offer extensive solutions to this predicament, in part because of serious concern for the systemic risk that accumulates as a result of the cloud\u2019s market concentration and the potential for cascading effects. System failures could potentially affect many different parties at once, trickling upward, downward, and sideways, and resulting in a mass of claims that could prove excessive for insurers and reinsurers to cover. Regulators\u2019 concerns over the solvency of (re)insurers that underwrite cloud services in these domains are bound to further slow down expansion of insurance for cloud service business interruptions, especially as they pertain to coverage of damages to third parties.\nLevite and Kalwani touch upon the increasingly concentrated nature of cloud services, as mentioned in Chapter 2. The topic is also tangentially discussed by Woodruff Sawyer's Lauri Floresca, but from the perspective of the multitenant nature of public cloud. \"If an insurer writes 10,000 policies for customers of one cloud vendor, and every single one of them makes a claim because of a breach, that\u2019s an aggregation problem for the insurer,\" they note in a July 2020 Insights post.[4] These and other considerations bring about questions concerning how insurers will tighten policies and what insurers may or may not cover going forward in the 2020s. As such, this topic of what existing cybersecurity insurance policy writers will and will not cover, and how much\u2014if any\u2014of the policy addresses third-party cloud providers, deserves a brief but closer look.\nWhen approaching an insurer about cybersecurity (cyber) insurance, one of the first questions asked should be how cloud computing affects their policies. A quality insurer will make clear in its policy definitions and other documentation what actually constitutes being in the cloud, stating that the \"computer system\" of an insured organization extends to third-party networks. However, it's important to note that not only does the idea of shared responsibility between the organization and the CSP still stand, but also the concept of who the \"data owner\" or originator of any affected data is: your organization. In regulated environments where protected health information (PHI) is created and managed, that ownership may be extended to the CSP via, e.g., the Health Insurance Portability and Accountability Act's (HIPAA's) requirement for business associate agreements. Ultimately your organization is still the primary data owner and holds much of the liability.[4] This is a primary reason to consider the value of cyber insurance that extends to the cloud.\nHowever, as Floresca notes, the onus isn't exclusively placed on the organization to acquire insurance[4]:\n\nEven if you carry your own cyber insurance, however, it\u2019s a good idea to require the cloud service provider to carry cyber coverage as well to help fund a loss. They might be more willing to indemnify you if the costs are not coming out of their pocket, and their contribution can help fund your deductible or pay excess costs if your cyber insurance limits are insufficient.\nBut what does cyber insurance in 2023 actually look like? What does it cover? From our five risk categories described earlier, we find that data security and regulatory risk, as well as operational risk, are where most cyber risks will be found. Those categories of risk are addressed in some fashion by cyber insurance through a number of insuring agreements: network security, privacy liability, network business interruption, media liability, and errors and omissions (E&O). These are explained further below[5]:\n\nNetwork security coverage grant: This covers your organization should a data breach, malware infection, cyber extortion effort, ransomware attack, or email phishing scam compromise your network security or cause it to fail. Coverage can expand to both first- and third-party costs, including legal expenses, digital forensics (also mention in Chapter 2), data restoration, customer notification, public relations consulting, and more.\nPrivacy liability coverage: This covers your organization should government regulatory investigations, law enforcement investigations, legal contract obligations, or other such circumstances surrounding a cyber-incident or regulatory breach incur costs upon the organization. Coverage can expand to both first- and third-party costs, including costs from litigation defense, settlements, fines, and penalties.\nNetwork business interruption coverage: This covers your organization should third-party hacks, failed software patches, human error, or other such circumstances cause security failures. Organizations can recover lost profits, fixed expenses, and other additional costs, depending on the policy.\nMedia liability coverage: This covers you organization should someone infringe upon your intellectual property. Though not directly related to security, this form of legal protection is often a part of cyber insurance, providing coverage for losses associated with non-patent infringement losses from both online and print advertising of your services.\nErrors and omissions (E&O): This covers your organizations from, essentially, breach of contractual obligation. In the case of cloud, this would mean the CSP failed in the performance of their services by, e.g., allowing a breach of the organization's cloud data.[4] Coverage includes legal defense costs or other indemnification as a result of a dispute with not only a CSP but also one of your customers.\nHowever, as the number of claims have risen into 2023, insurers are upping the requirements they place on the insured. Of key importance is noting the close positive correlation between the insured having poor cloud security policies and misconfigured cloud systems, and the fact that cyber insurance claims are increasing. As AgileIT notes, \"businesses seeking cyber insurance will be mandated to strengthen their cloud security postures and particularly show how they will minimize misconfigurations\" before qualifying for insurance.[6] Other additional considerations insurers may make include whether or not your lab has an extended detection and response (XDR) plan, robust vulnerability prioritization strategies, and incident response service provider utilization.[6]\nUltimately, it's up to you, the organization, to decide how to approach cloud-inclusive cyber insurance. Does your organization consider acquiring this type of insurance? Can your organization supply all the information a potential cyber insurance underwriter may ask for as part of the process? Can your lab meet the growing list of requirements from insurers? Do your potential CSP candidates have their own cyber insurance, and what does that insurance address? In the end, despite applying significant effort to your organization's approaches to risk management and security controls, the organization will need to look at costly risks as a matter of \"when,\" not \"if.\" If the potential consequences would be too detrimental to the organization, cyber insurance for your cloud expansion may be due. Just know that acquiring that insurance won't necessarily be straightforward.\n\nReferences \n\n\n\u2191 1.0 1.1 Floresca, L. (23 January 2020). \"Buying Cyber Insurance: It May Be Required, But Is It Worth It?\". Insights. Woodruff Sawyer. https:\/\/woodruffsawyer.com\/cyber-liability\/is-buying-cyber-insurance-worth-it\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Cole, N. (2 May 2023). \"23 Eye-Opening Cybersecurity Insurance Statistics (2023)\". https:\/\/networkassured.com\/security\/cybersecurity-insurance-statistics\/ . Retrieved 15 August 2023 .   \n \n\n\u2191 Levite, A.; Kalwani, G. (9 November 2020). \"Cloud Governance Challenges: A Survey of Policy and Regulatory Issues\". Carnegie Endowment for International Peace. https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124 . Retrieved 28 July 2023 .   \n \n\n\u2191 4.0 4.1 4.2 4.3 Floresca, L. (9 July 2020). \"Cloud Computing Risk and Cyber Liability Insurance\". Insights. Woodruff Sawyer. https:\/\/woodruffsawyer.com\/cyber-liability\/cloud-computing\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Burke, D. (10 October 2022). \"Cyber 101: Understand the Basics of Cyber Liability Insurance\". Insights. Woodruff Sawyer. https:\/\/woodruffsawyer.com\/cyber-liability\/cyber-101-liability-insurance\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 6.0 6.1 \"Changes to Cybersecurity Insurance in 2023\". AgileIT. 24 March 2023. https:\/\/www.agileit.com\/news\/changes-to-cybersecurity-insurance-in-2023\/ . Retrieved 15 August 2023 .   \n \n\n\n\r\n\n\n-----Go to the next chapter of this guide-----\nCitation information for this chapter \nChapter: 3. Organizational cloud computing risk management\nTitle: Choosing and Implementing a Cloud-based Service for Your Laboratory\nEdition: Second edition\nAuthor for citation: Shawn E. Douglas\nLicense for content: Creative Commons Attribution-ShareAlike 4.0 International\nPublication date: August 2023\n\r\n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 16 August 2023, at 21:07.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 345 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","fe08331184f2a9ce11d728851a0166d8_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Organizational_cloud_computing_risk_management_A_brief_note_on_cloud-inclusive_cybersecurity_insurance rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Organizational_cloud_computing_risk_management_A_brief_note_on_cloud-inclusive_cybersecurity_insurance skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Organizational cloud computing risk management\/A brief note on cloud-inclusive cybersecurity insurance<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><h3><span class=\"mw-headline\" id=\"3.3_A_brief_note_on_cloud-inclusive_cybersecurity_insurance\">3.3 A brief note on cloud-inclusive cybersecurity insurance<\/span><\/h3>\n<div class=\"floatright\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Calculator-385506_1280.jpg\" class=\"image wiki-link\" data-key=\"6d33743643f48034c648f56a16f61d4f\"><img alt=\"Calculator-385506 1280.jpg\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/f\/fb\/Calculator-385506_1280.jpg\" decoding=\"async\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a><\/div><p>In January 2020, law firm Woodruf Sawyer indicated that among its business clients, the percentage of those organizations acquiring cybersecurity insurance coverage increased from 22 percent in 2016 to 39 percent in 2019, with that number expected to rise.<sup id=\"rdp-ebb-cite_ref-FlorescaBuying20_1-0\" class=\"reference\"><a href=\"#cite_note-FlorescaBuying20-1\">[1]<\/a><\/sup> In 2023, Network Assured found the percentage of organizations with some form of cybersecurity insurance had gone up to 55 percent, with cybersecurity insurance claims increasing 100 percent since 2020.<sup id=\"rdp-ebb-cite_ref-Cole23_23_2-0\" class=\"reference\"><a href=\"#cite_note-Cole23_23-2\">[2]<\/a><\/sup> Though the concept of cyber insurance has been around for several decades, it certainly has gained traction as a more popular offering in recent years. Initial adoption has often been hampered by the perception that issuers of such policies will rarely pay. But as companies like Merck, Equifax, and Marriott demonstrate that payment under cyber insurance policies is possible<sup id=\"rdp-ebb-cite_ref-FlorescaBuying20_1-1\" class=\"reference\"><a href=\"#cite_note-FlorescaBuying20-1\">[1]<\/a><\/sup>, questions remain about the value and availability of cybersecurity insurance, particularly when cloud computing is involved.\n<\/p><p>In their 2020 paper for the Carnegie Endowment, Levite and Kalwani shared their educated opinion on the cybersecurity insurance market as it relates to cloud computing<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_3-0\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-3\">[3]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Another important regulatory priority in the category of resilience is insurance as a risk channeling mechanism, to offset physical or financial damages resulting from cloud failures ... At present, little recourse is available to CSPs or the consumer to address such serious and likely scenarios. The nascent cloud insurance market does not currently offer extensive solutions to this predicament, in part because of serious concern for the systemic risk that accumulates as a result of the cloud\u2019s market concentration and the potential for cascading effects. System failures could potentially affect many different parties at once, trickling upward, downward, and sideways, and resulting in a mass of claims that could prove excessive for insurers and reinsurers to cover. Regulators\u2019 concerns over the solvency of (re)insurers that underwrite cloud services in these domains are bound to further slow down expansion of insurance for cloud service business interruptions, especially as they pertain to coverage of damages to third parties.<\/p><\/blockquote>\n<p>Levite and Kalwani touch upon the increasingly concentrated nature of cloud services, as mentioned in Chapter 2. The topic is also tangentially discussed by Woodruff Sawyer's Lauri Floresca, but from the perspective of the multitenant nature of public cloud. \"If an insurer writes 10,000 policies for customers of one cloud vendor, and every single one of them makes a claim because of a breach, that\u2019s an aggregation problem for the insurer,\" they note in a July 2020 Insights post.<sup id=\"rdp-ebb-cite_ref-FlorescaCloud20_4-0\" class=\"reference\"><a href=\"#cite_note-FlorescaCloud20-4\">[4]<\/a><\/sup> These and other considerations bring about questions concerning how insurers will tighten policies and what insurers may or may not cover going forward in the 2020s. As such, this topic of what existing cybersecurity insurance policy writers will and will not cover, and how much\u2014if any\u2014of the policy addresses third-party cloud providers, deserves a brief but closer look.\n<\/p><p>When approaching an insurer about cybersecurity (cyber) insurance, one of the first questions asked should be how cloud computing affects their policies. A quality insurer will make clear in its policy definitions and other documentation what actually constitutes being in the cloud, stating that the \"computer system\" of an insured organization extends to third-party networks. However, it's important to note that not only does the idea of shared responsibility between the organization and the CSP still stand, but also the concept of who the \"data owner\" or originator of any affected data is: your organization. In regulated environments where protected health information (PHI) is created and managed, that ownership may be extended to the CSP via, e.g., the <a href=\"https:\/\/www.limswiki.org\/index.php\/Health_Insurance_Portability_and_Accountability_Act\" title=\"Health Insurance Portability and Accountability Act\" class=\"wiki-link\" data-key=\"b70673a0117c21576016cb7498867153\">Health Insurance Portability and Accountability Act<\/a>'s (HIPAA's) requirement for business associate agreements. Ultimately your organization is still the primary data owner and holds much of the liability.<sup id=\"rdp-ebb-cite_ref-FlorescaCloud20_4-1\" class=\"reference\"><a href=\"#cite_note-FlorescaCloud20-4\">[4]<\/a><\/sup> This is a primary reason to consider the value of cyber insurance that extends to the cloud.\n<\/p><p>However, as Floresca notes, the onus isn't exclusively placed on the organization to acquire insurance<sup id=\"rdp-ebb-cite_ref-FlorescaCloud20_4-2\" class=\"reference\"><a href=\"#cite_note-FlorescaCloud20-4\">[4]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Even if you carry your own cyber insurance, however, it\u2019s a good idea to require the cloud service provider to carry cyber coverage as well to help fund a loss. They might be more willing to indemnify you if the costs are not coming out of their pocket, and their contribution can help fund your deductible or pay excess costs if your cyber insurance limits are insufficient.<\/p><\/blockquote>\n<p>But what does cyber insurance in 2023 actually look like? What does it cover? From our five risk categories described earlier, we find that data security and regulatory risk, as well as operational risk, are where most cyber risks will be found. Those categories of risk are addressed in some fashion by cyber insurance through a number of insuring agreements: network security, privacy liability, network business interruption, media liability, and errors and omissions (E&O). These are explained further below<sup id=\"rdp-ebb-cite_ref-BurkeCyber20_5-0\" class=\"reference\"><a href=\"#cite_note-BurkeCyber20-5\">[5]<\/a><\/sup>:\n<\/p>\n<ul><li><i>Network security coverage grant<\/i>: This covers your organization should a data breach, malware infection, cyber extortion effort, ransomware attack, or email phishing scam compromise your network security or cause it to fail. Coverage can expand to both first- and third-party costs, including legal expenses, digital forensics (also mention in Chapter 2), data restoration, customer notification, public relations consulting, and more.<\/li>\n<li><i>Privacy liability coverage<\/i>: This covers your organization should government regulatory investigations, law enforcement investigations, legal contract obligations, or other such circumstances surrounding a cyber-incident or regulatory breach incur costs upon the organization. Coverage can expand to both first- and third-party costs, including costs from litigation defense, settlements, fines, and penalties.<\/li>\n<li><i>Network business interruption coverage<\/i>: This covers your organization should third-party hacks, failed software patches, human error, or other such circumstances cause security failures. Organizations can recover lost profits, fixed expenses, and other additional costs, depending on the policy.<\/li>\n<li><i>Media liability coverage<\/i>: This covers you organization should someone infringe upon your intellectual property. Though not directly related to security, this form of legal protection is often a part of cyber insurance, providing coverage for losses associated with non-patent infringement losses from both online and print advertising of your services.<\/li>\n<li><i>Errors and omissions (E&O)<\/i>: This covers your organizations from, essentially, breach of contractual obligation. In the case of cloud, this would mean the CSP failed in the performance of their services by, e.g., allowing a breach of the organization's cloud data.<sup id=\"rdp-ebb-cite_ref-FlorescaCloud20_4-3\" class=\"reference\"><a href=\"#cite_note-FlorescaCloud20-4\">[4]<\/a><\/sup> Coverage includes legal defense costs or other indemnification as a result of a dispute with not only a CSP but also one of your customers.<\/li><\/ul>\n<p>However, as the number of claims have risen into 2023, insurers are upping the requirements they place on the insured. Of key importance is noting the close positive correlation between the insured having poor cloud security policies and misconfigured cloud systems, and the fact that cyber insurance claims are increasing. As AgileIT notes, \"businesses seeking cyber insurance will be mandated to strengthen their cloud security postures and particularly show how they will minimize misconfigurations\" before qualifying for insurance.<sup id=\"rdp-ebb-cite_ref-AgileITChanges23_6-0\" class=\"reference\"><a href=\"#cite_note-AgileITChanges23-6\">[6]<\/a><\/sup> Other additional considerations insurers may make include whether or not your lab has an extended detection and response (XDR) plan, robust vulnerability prioritization strategies, and incident response service provider utilization.<sup id=\"rdp-ebb-cite_ref-AgileITChanges23_6-1\" class=\"reference\"><a href=\"#cite_note-AgileITChanges23-6\">[6]<\/a><\/sup>\n<\/p><p>Ultimately, it's up to you, the organization, to decide how to approach cloud-inclusive cyber insurance. Does your organization consider acquiring this type of insurance? Can your organization supply all the information a potential cyber insurance underwriter may ask for as part of the process? Can your lab meet the growing list of requirements from insurers? Do your potential CSP candidates have their own cyber insurance, and what does that insurance address? In the end, despite applying significant effort to your organization's approaches to risk management and security controls, the organization will need to look at costly risks as a matter of \"when,\" not \"if.\" If the potential consequences would be too detrimental to the organization, cyber insurance for your cloud expansion may be due. Just know that acquiring that insurance won't necessarily be straightforward.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-FlorescaBuying20-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-FlorescaBuying20_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-FlorescaBuying20_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Floresca, L. (23 January 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/woodruffsawyer.com\/cyber-liability\/is-buying-cyber-insurance-worth-it\/\" target=\"_blank\">\"Buying Cyber Insurance: It May Be Required, But Is It Worth It?\"<\/a>. <i>Insights<\/i>. Woodruff Sawyer<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/woodruffsawyer.com\/cyber-liability\/is-buying-cyber-insurance-worth-it\/\" target=\"_blank\">https:\/\/woodruffsawyer.com\/cyber-liability\/is-buying-cyber-insurance-worth-it\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Buying+Cyber+Insurance%3A+It+May+Be+Required%2C+But+Is+It+Worth+It%3F&rft.atitle=Insights&rft.aulast=Floresca%2C+L.&rft.au=Floresca%2C+L.&rft.date=23+January+2020&rft.pub=Woodruff+Sawyer&rft_id=https%3A%2F%2Fwoodruffsawyer.com%2Fcyber-liability%2Fis-buying-cyber-insurance-worth-it%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Cole23_23-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Cole23_23_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Cole, N. (2 May 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/networkassured.com\/security\/cybersecurity-insurance-statistics\/\" target=\"_blank\">\"23 Eye-Opening Cybersecurity Insurance Statistics (2023)\"<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/networkassured.com\/security\/cybersecurity-insurance-statistics\/\" target=\"_blank\">https:\/\/networkassured.com\/security\/cybersecurity-insurance-statistics\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=23+Eye-Opening+Cybersecurity+Insurance+Statistics+%282023%29&rft.atitle=&rft.aulast=Cole%2C+N.&rft.au=Cole%2C+N.&rft.date=2+May+2023&rft_id=https%3A%2F%2Fnetworkassured.com%2Fsecurity%2Fcybersecurity-insurance-statistics%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LeviteCloud20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LeviteCloud20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Levite, A.; Kalwani, G. (9 November 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124\" target=\"_blank\">\"Cloud Governance Challenges: A Survey of Policy and Regulatory Issues\"<\/a>. Carnegie Endowment for International Peace<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124\" target=\"_blank\">https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Governance+Challenges%3A+A+Survey+of+Policy+and+Regulatory+Issues&rft.atitle=&rft.aulast=Levite%2C+A.%3B+Kalwani%2C+G.&rft.au=Levite%2C+A.%3B+Kalwani%2C+G.&rft.date=9+November+2020&rft.pub=Carnegie+Endowment+for+International+Peace&rft_id=https%3A%2F%2Fcarnegieendowment.org%2F2020%2F11%2F09%2Fcloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FlorescaCloud20-4\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-FlorescaCloud20_4-0\">4.0<\/a><\/sup> <sup><a href=\"#cite_ref-FlorescaCloud20_4-1\">4.1<\/a><\/sup> <sup><a href=\"#cite_ref-FlorescaCloud20_4-2\">4.2<\/a><\/sup> <sup><a href=\"#cite_ref-FlorescaCloud20_4-3\">4.3<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Floresca, L. (9 July 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/woodruffsawyer.com\/cyber-liability\/cloud-computing\/\" target=\"_blank\">\"Cloud Computing Risk and Cyber Liability Insurance\"<\/a>. <i>Insights<\/i>. Woodruff Sawyer<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/woodruffsawyer.com\/cyber-liability\/cloud-computing\/\" target=\"_blank\">https:\/\/woodruffsawyer.com\/cyber-liability\/cloud-computing\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Computing+Risk+and+Cyber+Liability+Insurance&rft.atitle=Insights&rft.aulast=Floresca%2C+L.&rft.au=Floresca%2C+L.&rft.date=9+July+2020&rft.pub=Woodruff+Sawyer&rft_id=https%3A%2F%2Fwoodruffsawyer.com%2Fcyber-liability%2Fcloud-computing%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BurkeCyber20-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BurkeCyber20_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Burke, D. (10 October 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/woodruffsawyer.com\/cyber-liability\/cyber-101-liability-insurance\/\" target=\"_blank\">\"Cyber 101: Understand the Basics of Cyber Liability Insurance\"<\/a>. <i>Insights<\/i>. Woodruff Sawyer<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/woodruffsawyer.com\/cyber-liability\/cyber-101-liability-insurance\/\" target=\"_blank\">https:\/\/woodruffsawyer.com\/cyber-liability\/cyber-101-liability-insurance\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cyber+101%3A+Understand+the+Basics+of+Cyber+Liability+Insurance&rft.atitle=Insights&rft.aulast=Burke%2C+D.&rft.au=Burke%2C+D.&rft.date=10+October+2022&rft.pub=Woodruff+Sawyer&rft_id=https%3A%2F%2Fwoodruffsawyer.com%2Fcyber-liability%2Fcyber-101-liability-insurance%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AgileITChanges23-6\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AgileITChanges23_6-0\">6.0<\/a><\/sup> <sup><a href=\"#cite_ref-AgileITChanges23_6-1\">6.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.agileit.com\/news\/changes-to-cybersecurity-insurance-in-2023\/\" target=\"_blank\">\"Changes to Cybersecurity Insurance in 2023\"<\/a>. AgileIT. 24 March 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.agileit.com\/news\/changes-to-cybersecurity-insurance-in-2023\/\" target=\"_blank\">https:\/\/www.agileit.com\/news\/changes-to-cybersecurity-insurance-in-2023\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Changes+to+Cybersecurity+Insurance+in+2023&rft.atitle=&rft.date=24+March+2023&rft.pub=AgileIT&rft_id=https%3A%2F%2Fwww.agileit.com%2Fnews%2Fchanges-to-cybersecurity-insurance-in-2023%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<p><br \/>\n<\/p>\n<div align=\"center\">-----Go to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Cloud computing in the laboratory\/Benefits\" class=\"wiki-link\" data-key=\"83c534f3616a80e2abc7e3d28c0c5cdc\">the next chapter<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"Citation_information_for_this_chapter\">Citation information for this chapter<\/span><\/h2>\n<p><b>Chapter<\/b>: 3. Organizational cloud computing risk management\n<\/p><p><b>Title<\/b>: <i>Choosing and Implementing a Cloud-based Service for Your Laboratory<\/i>\n<\/p><p><b>Edition<\/b>: Second edition\n<\/p><p><b>Author for citation<\/b>: Shawn E. Douglas\n<\/p><p><b>License for content<\/b>: <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/\" target=\"_blank\">Creative Commons Attribution-ShareAlike 4.0 International<\/a>\n<\/p><p><b>Publication date<\/b>: August 2023\n<\/p><p><br \/>\n<\/p>\n<!-- \nNewPP limit report\nCached time: 20230816210739\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.080 seconds\nReal time usage: 0.088 seconds\nPreprocessor visited node count: 4350\/1000000\nPost\u2010expand include size: 39093\/2097152 bytes\nTemplate argument size: 11033\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 10629\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 71.129 1 -total\n 88.93% 63.254 1 Template:Reflist\n 74.47% 52.968 6 Template:Cite_web\n 67.93% 48.317 6 Template:Citation\/core\n 18.59% 13.222 6 Template:Date\n 10.95% 7.787 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance\n 5.70% 4.054 9 Template:Citation\/make_link\n 2.77% 1.973 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13044-0!canonical and timestamp 20230816210741 and revision id 52906. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","fe08331184f2a9ce11d728851a0166d8_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/f\/fb\/Calculator-385506_1280.jpg"],"fe08331184f2a9ce11d728851a0166d8_timestamp":1692220359,"02aabc07c0d7e2cfb83052a33005079d_type":"article","02aabc07c0d7e2cfb83052a33005079d_title":"3.2 Risk management and cybersecurity frameworks","02aabc07c0d7e2cfb83052a33005079d_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks","02aabc07c0d7e2cfb83052a33005079d_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Organizational cloud computing risk management\/Risk management and cybersecurity frameworksFrom LIMSWikiJump to navigationJump to search3.2 Risk management and cybersecurity frameworks \nSpeaking to the broad business level, well-executed integrated risk management programs help limit risks within an organization, in turn helping the organization realize tangible benefits.[1] But what are the benefits that arise from an organization that employs integrated risk management efforts? First, by discussing the positive and negative aspects of risks, you potentially discover unintended consequences or new opportunities you may not have at first considered. You may also identify how those risks may extend to other parts of the organization you didn't expect. For example, could a security gap on a remote field sensor lead to a potential attacker finding a way into operational data stores? If you discuss these and other potential situations, the organization also has the added benefit of not being caught off guard since the risk has already been acknowledged. Finally, with quality risk management planning, resources are deployed more optimally and performance becomes more consistent.[1][2]\nAn integrated risk management approach will naturally extend to an organization\u2019s information technology and how it's used. From sticky-noted passwords on monitors to unauthorized USB hard drives, local IT systems and their data can be put at risk. Now imagine extending that risk to public cloud services. Remember, with added complexity comes added risk, and cloud computing is no exception. This requires a concerted effort from all levels of the organization (again, see Figure 4) to address the risks of doing business in the cloud. This effort can be expedited through the use of risk management and cybersecurity frameworks that guide the organization towards better security and data integrity.\nCloud computing has existed for well over a decade now, and many experts have arisen from the rapidly changing field. Some of those experts have contributed their experience and knowledge to the development of risk management and cybersecurity frameworks over the years. The most successful have been widely disseminated (though several may not be free), meaning you don't have to reinvent the wheel when it comes to assessing and managing risk in your existing and upcoming IT systems. Table 8 shows some popular examples of risk management and cybersecurity frameworks that can be applied to provider and customer cloud security efforts.\n\n\n\n\nTable 8. Examples of some common risk management and cybersecurity frameworks for cloud security.\n\n\nFramework\n\nDeveloper\n\nType of framework\n\nDetails\n\n\nCIS Controls with Cloud Companion Guide\n\nCenter for Internet Security (CIS)\n\nCybersecurity for cloud\n\nThe CIS Controls are a \"prioritized set of actions to protect your organization and data from cyber-attack vectors.\"[3] The CIS has released a Cloud Companion Guide to accompany their cybersecurity controls, meant to address how to use the CIS Controls in a cloud environment.[4]\n\n\nCloud Controls Matrix (CCM)\n\nCloud Security Alliance (CSA)\n\nCybersecurity for cloud\n\n\"The controls framework is aligned to the CSA Security Guidance for Cloud Computing, and is considered a de-facto standard for cloud security assurance and compliance. Version 4 of the CCM has been updated to ensure coverage of requirements deriving from new cloud technologies, new controls and security responsibility matrix, improved auditability of the controls, and enhanced interoperability and compatibility with other standards.\"[5]\n\n\nCloud Security Risk Management (ITSM.50.062)\n\nCanadian Centre for Cyber Security (CCCS)\n\nCloud risk management\n\n\"To enable the adoption of cloud computing, the Government of Canada (GC) developed an integrated risk management approach to establish cloud-based services. ITSM.50.062 outlines this approach which can be applied to all cloud based services independently of the cloud service and deployment models.\"[6]\n\n\nCloud Security Risk Management Framework (CSRMF)\n\nAhmed E. Youssef\n\nCloud risk management\n\n\"In this paper, we propose a novel Cloud Security Risk Management Framework (CSRMF) that helps organizations adopting [cloud computing] identify, analyze, evaluate, and mitigate security risks in their cloud platforms. Unlike traditional risk management frameworks, CSRMF is driven by the business objectives of the organizations. It allows any organization adopting CC to be aware of cloud security risks and align their low-level management decisions according to high-level business objectives.\"[7]\n\n\nCloud Security Risk Vectors\n\nTim Maurer and Gerrett Hinck\n\nCloud risk management\n\n\"The framework ... applies the well-known cybersecurity triad of confidentiality, integrity, and availability to these risk vectors and includes rough guesstimates of the probabilities that various incidents will occur, ranging from more common incidents to potential black swan events. These probabilities are not intended as predictors but rather as a starting point for a discussion of how different risks could be classified that will hopefully be tested and improved with feedback from other experts over time. The notional probabilities were based on the authors\u2019 assessment of the frequency of past occurrences, with events that have not yet occurred being assigned lower probabilities.\"[8]\n\n\nISO\/IEC 27017:2015\n\nInternational Organization for Standardization\n\nCybersecurity for cloud\n\nISO\/IEC 27017:2015 \"provides guidelines supporting the implementation of information security controls for cloud service customers and cloud service providers. Some guidelines are for cloud service customers who implement the controls, and others are for cloud service providers to support the implementation of those controls. The selection of appropriate information security controls, and the application of the implementation guidance provided, will depend on a risk assessment and any legal, contractual, regulatory or other cloud-sector specific information security requirements.\"[9]\n\n\nNIST Cybersecurity Framework\n\nNational Institute of Standards and Technology (NIST)\n\nCybersecurity framework\n\nThis framework \"consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.\"[10] Note, however, that the framework has a couple of weaknesses in regards to cloud computing, including not addressing long-term retention of log files, security gaps with shared responsibility models, virtual tenant delegation, and too-broad role-based privileges.[11] If this framework is adopted, keep these and other deficiencies in mind when attempting to close any security gaps.\n\n\nNIST Risk Management Framework (RMF)\n\nNational Institute of Standards and Technology (NIST)\n\nCloud and cybersecurity risk management\n\n\"Managing organizational risk is paramount to effective information security and privacy programs; the RMF approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization regardless of size or sector.\"[12] The risk management framework is closely tied to SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations.\n\n\nWhether part of an organization\u2019s broad cybersecurity plan development or as an independent effort, the organization should consider turning to the security controls, program development, and risk management aspects of one or more risk management and cybersecurity frameworks for the identification of, protection from, detection of, response to, and recovery from cybersecurity threats and incidents. These frameworks will not only couch risks in terms of threats to confidentiality, integrity, and availability, but many will also contain security controls recommended for implementation to combat those threats.\nNIST defines a security control as \"a safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.\"[13] Let's use NIST's SP 800-53 Rev. 5 as an example. One of its security controls is \"AC-20(4) Network Accessible Storage Devices - Prohibited Use,\" which states that users shall not use an organization-defined network accessible storage device in external systems, including \"online storage devices in public, hybrid, or community cloud-based systems.\"[14] This control represents a potential safeguard an organization can implement, most likely as part of an enforced organizational security policy. By extension, those stakeholders responsible for configuring security in the cloud may also implement controls in the infrastructure to further discourage such access to those storage devices. \nNote, however, that in contrast to using security controls, some frameworks exist to provide a more program-based or risk-based approach to plan development. Instead of using security controls that mandate an action as a base for building security, risk-based frameworks will typically first help the organization identify the potential threats to its goals and resources and define the strategy that will effectively monitor for and minimize the impact of those risks. Security controls can then be selected as part of that risk discovery process, but the overall framework serves as a guide to identifying and prioritizing the risks most likely to affect the organization. Choosing the best frameworks will likely depend on multiple factors, including the organization's industry type, the amount of technical expertise within the organization, the budget, the organizational goals, the amount of buy-in from key organizational stakeholders, and those stakeholders' preferred approach.\nIn 2020, Deloitte's Center for Regulatory Strategy released a document detailing the Federal Financial Institutions Examination Council's (FFIEC's) Joint Statement on Security in a Cloud Computing Environment. Part of that joint statement addressed how financial services institutions should approach risk management through the application of a risk-based framework. Five layered and hierarchical considerations were given for those institutions towards adopting a risk-based framework: governance, cloud security management, change management, resilience and recovery, and audit and controls assessment (from top to bottom). Those considerations are further discussed here[15]:\n\nGovernance: Similar to NIST SP 800-37 Rev. 2's risk management approach (Figure 4), knowledgeable stakeholders from all levels of the organization work together as a group to provide subject matter expertise towards developing an organizational plan for choosing, implementing, and securing cloud computing infrastructure and services.[15]\nCloud security management: The group's stakeholders complete due diligence research on identified CSPs and how they can prove their level of enacted compliance and security controls, particularly in regards to the needs of the organization. As the organization dives deeper into this process and begins talking about contracts, the stakeholder group may need to develop a responsibility matrix\u2014a tool for clearly delineating responsibilities, roles, milestones, and accountability for a project[16]\u2014to make clear who is responsible for what, particularly if any initial contract or shared responsibility model isn't clear or appears to neglect certain tasks and responsibilities. Additionally, during discussion of contracts and service-level agreements, the topic of quality assurance reports and \"right to audit\" systems should be discussed and finalized in writing.[15][17]\nChange management: When implementing software solutions or standalone code in the cloud, those solutions and code snippets will need to be updated from time to time for security purposes. These sorts of changes may have an impact on other aspects of the overall cloud experience, including security. As such, change management practices that take into consideration the use of cloud-specific testing tools and security knowledge are encouraged. Also consider the use of microservices architecture\u2014which encourages a modular, independently deployable approach to application services[18]\u2014which, when implemented well, will limit exposure to surface area attacks.[15]\nResilience and recovery: Business continuity planning (BCP) is a critical part of any overall risk management planning. A BCP document outlines instructional procedures the organization must follow should a major disruption in provided services occur. Those disruptions can be sourced to risks such as natural disasters, pandemics, fires, and sabotage. The BCP document should address continuity of service at all levels of the organization, including business processes, assets, human resource management, business partner effects, etc.[19] The addition of cloud services to business operations requires renewed examination of the BCP of the organization. Apply \"stress test\" scenarios to business operations under the scope of a CSP having services disrupted. Keep in mind how agile you expect the CSP to be in restoring service or recovering from a catastrophic event, including a pandemic that forces more staff to work remotely. How does this change your BCP, as well as any related disaster recovery planning documentation?[15]\nAudit and controls assessment: If your organization operates in a highly regulated sector, vetting the CSP as a whole may not be enough. Determine if regular background checks are performed on critical staff supporting regulated data storage and transmission on the cloud service. Know the regulations and standards that affect your industry's data and operations, and ask the CSP for further evidence of how they comply and help you support compliance on their service. From there, taking into account all the information gathered prior, a risk management and\/or cybersecurity framework with controls can be selected and adapted to address the specific requirements of cloud service adoption and use within your organization. Be sure to address required data management and security monitoring systems and their own security as part of the control selection process. And after security controls are selected, consider the usefulness of an external review of those controls to ensure you haven't missed anything important to your industry or operating environment.[15]\nWhile these five considerations were originally described in the context of financial services providers, these considerations can be readily applied to organizations in most any sector. However, as Deloitte notes, these considerations are not a complete checklist for adopting a risk-based framework for cloud security. Organizations should also consider where \"additional risk management measures such as ongoing assessments of concentration risk, data privacy and protection, data residency, increased adoption of new cloud services for regulated workloads,\" and more fit into overall risk management planning.[15] Your organization\u2014as part of monitoring risk and quality control\u2014will also likely want to adopt consistent periodic tests of the cloud computing security controls implemented into your organizational processes.[15] Other risk management activities include limiting the effects of employee negligence by providing thorough training and \"blocking non-essential IPs from accessing the cloud,\" as well as having a detailed data loss plan and redundancies in place.[20]\n\nReferences \n\n\n\u2191 1.0 1.1 Hillson, D. (25 September 2003). \"Using risk management for strategic advantage\". Project Management Institute. https:\/\/www.pmi.org\/learning\/library\/risk-management-strategic-advantage-tactics-7727 . Retrieved 28 July 2023 .   \n \n\n\u2191 Amato, N. (12 July 2016). \"5 benefits of an integrated risk management programme\". Financial Management. https:\/\/www.fm-magazine.com\/news\/2016\/jul\/integrated-risk-management-201614781.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"CIS Controls\". Center for Internet Security. https:\/\/www.cisecurity.org\/controls . Retrieved 28 July 2023 .   \n \n\n\u2191 \"CIS Controls Cloud Companion Guide\". Center for Internet Security. March 2022. https:\/\/www.cisecurity.org\/insights\/white-papers\/cis-controls-v8-cloud-companion-guide . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cloud Controls Matrix (CCM)\". Cloud Security Alliance. https:\/\/cloudsecurityalliance.org\/research\/cloud-controls-matrix\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Canadian Centre for Cyber Security (March 2019). \"Cloud Security Risk Management (ITSM.50.062)\". Government of Canada. https:\/\/www.cyber.gc.ca\/en\/guidance\/cloud-security-risk-management-itsm50062 . Retrieved 28 July 2023 .   \n \n\n\u2191 Youssef, A.E. (2019). \"A Framework for Cloud Security Risk Management based on the Business Objectives of Organizations\". International Journal of Advanced Computer Science and Applications 10 (12): 186-194. doi:10.14569\/IJACSA.2019.0101226.   \n \n\n\u2191 Maurer, T.; Hinck, G. (31 August 2020). \"Cloud Security: A Primer for Policymakers\". Carnegie Endowment for International Peace. https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597 . Retrieved 28 July 2023 .   \n \n\n\u2191 \"ISO\/IEC 27017:2015(en) Information technology \u2014 Security techniques \u2014 Code of practice for information security controls based on ISO\/IEC 27002 for cloud services\". International Organization for Standardization. July 2015. https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso-iec:27017:ed-1:v1:en . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cybersecurity Framework - Getting Started\". National Institute of Standards and Technology. 21 April 2023. https:\/\/www.nist.gov\/cyberframework\/getting-started . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What the NIST Framework Misses About Cloud Security\". InfoSecurity. 28 December 2020. https:\/\/www.infosecurity-magazine.com\/opinions\/nist-framework-misses-cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"NIST Risk Management Framework - About the Risk Management Framework (RMF)\". National Institute of Standards and Technology. 6 July 2023. https:\/\/csrc.nist.gov\/projects\/risk-management\/about-rmf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"security control\". Computer Security Resource Center. National Institute of Standards and Technology. 2019. https:\/\/csrc.nist.gov\/glossary\/term\/security_control . Retrieved 28 July 2023 .   \n \n\n\u2191 \"SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations\". National Institute of Standards and Technology. 10 December 2020. https:\/\/csrc.nist.gov\/pubs\/sp\/800\/53\/r5\/upd1\/final . Retrieved 28 July 2023 .   \n \n\n\u2191 15.0 15.1 15.2 15.3 15.4 15.5 15.6 15.7 Bhat, V.; Kapur, S.; Hodgkinson, S. et al. (2020). \"FFIEC statement on risk management for cloud computing services\" (PDF). Deloitte Development, LLC. https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/financial-services\/cloud-security-for-FSI.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Kantor, B. (14 September 2022). \"The RACI matrix: Your blueprint for project success\". CIO. https:\/\/www.cio.com\/article\/287088\/project-management-how-to-design-a-successful-raci-project-plan.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Herold, R. (28 March 2020). \"Why You Should Use a Right to Audit Clause\". Privacy Security Brainiacs. https:\/\/privacysecuritybrainiacs.com\/privacy-professor-blog\/why-you-should-use-a-right-to-audit-clause\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What are Microservices?\". SmartBear. https:\/\/smartbear.com\/learn\/api-design\/microservices\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Lindros, K.; Tittel, E. (18 July 2017). \"How to create an effective business continuity plan\". CIO. https:\/\/www.cio.com\/article\/288554\/best-practices-how-to-create-an-effective-business-continuity-plan.html . Retrieved 28 July 2023 .   \n \n\n\u2191 White, R. (20 June 2023). \"A Helpful Guide to Cloud Computing in a Laboratory\". InterFocus Blog. InterFocus Ltd. https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/ . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:32.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 424 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","02aabc07c0d7e2cfb83052a33005079d_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Organizational_cloud_computing_risk_management_Risk_management_and_cybersecurity_frameworks rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Organizational_cloud_computing_risk_management_Risk_management_and_cybersecurity_frameworks skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Organizational cloud computing risk management\/Risk management and cybersecurity frameworks<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><h3><span class=\"mw-headline\" id=\"3.2_Risk_management_and_cybersecurity_frameworks\">3.2 Risk management and cybersecurity frameworks<\/span><\/h3>\n<p>Speaking to the broad business level, well-executed integrated risk management programs help limit risks within an organization, in turn helping the organization realize tangible benefits.<sup id=\"rdp-ebb-cite_ref-HillsonUsing03_1-0\" class=\"reference\"><a href=\"#cite_note-HillsonUsing03-1\">[1]<\/a><\/sup> But what are the benefits that arise from an organization that employs integrated risk management efforts? First, by discussing the positive and negative aspects of risks, you potentially discover unintended consequences or new opportunities you may not have at first considered. You may also identify how those risks may extend to other parts of the organization you didn't expect. For example, could a security gap on a remote field sensor lead to a potential attacker finding a way into operational data stores? If you discuss these and other potential situations, the organization also has the added benefit of not being caught off guard since the risk has already been acknowledged. Finally, with quality risk management planning, resources are deployed more optimally and performance becomes more consistent.<sup id=\"rdp-ebb-cite_ref-HillsonUsing03_1-1\" class=\"reference\"><a href=\"#cite_note-HillsonUsing03-1\">[1]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AmatoFive16_2-0\" class=\"reference\"><a href=\"#cite_note-AmatoFive16-2\">[2]<\/a><\/sup>\n<\/p><p>An integrated risk management approach will naturally extend to an organization\u2019s information technology and how it's used. From sticky-noted passwords on monitors to unauthorized USB hard drives, local IT systems and their data can be put at risk. Now imagine extending that risk to public cloud services. Remember, with added complexity comes added risk, and cloud computing is no exception. This requires a concerted effort from all levels of the organization (again, see Figure 4) to address the risks of doing business in the cloud. This effort can be expedited through the use of risk management and cybersecurity frameworks that guide the organization towards better security and data integrity.\n<\/p><p>Cloud computing has existed for well over a decade now, and many experts have arisen from the rapidly changing field. Some of those experts have contributed their experience and knowledge to the development of risk management and cybersecurity frameworks over the years. The most successful have been widely disseminated (though several may not be free), meaning you don't have to reinvent the wheel when it comes to assessing and managing risk in your existing and upcoming IT systems. Table 8 shows some popular examples of risk management and cybersecurity frameworks that can be applied to provider and customer cloud security efforts.\n<\/p>\n<table class=\"wikitable\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\" style=\"\">\n\n<tbody><tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\" colspan=\"4\"><b>Table 8.<\/b> Examples of some common risk management and cybersecurity frameworks for cloud security.\n<\/td><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Framework\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Developer\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Type of framework\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Details\n<\/th><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisecurity.org\/insights\/white-papers\/cis-controls-v8-cloud-companion-guide\" target=\"_blank\">CIS Controls with Cloud Companion Guide<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Center for Internet Security (CIS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cybersecurity for cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The CIS Controls are a \"prioritized set of actions to protect your organization and data from cyber-attack vectors.\"<sup id=\"rdp-ebb-cite_ref-CIS_Controls_3-0\" class=\"reference\"><a href=\"#cite_note-CIS_Controls-3\">[3]<\/a><\/sup> The CIS has released a Cloud Companion Guide to accompany their cybersecurity controls, meant to address how to use the CIS Controls in a cloud environment.<sup id=\"rdp-ebb-cite_ref-CIS_ControlsCloud_4-0\" class=\"reference\"><a href=\"#cite_note-CIS_ControlsCloud-4\">[4]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloudsecurityalliance.org\/research\/cloud-controls-matrix\/\" target=\"_blank\">Cloud Controls Matrix (CCM)<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cloud Security Alliance (CSA)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cybersecurity for cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"The controls framework is aligned to the CSA Security Guidance for Cloud Computing, and is considered a de-facto standard for cloud security assurance and compliance. Version 4 of the CCM has been updated to ensure coverage of requirements deriving from new cloud technologies, new controls and security responsibility matrix, improved auditability of the controls, and enhanced interoperability and compatibility with other standards.\"<sup id=\"rdp-ebb-cite_ref-CSA_CCM_5-0\" class=\"reference\"><a href=\"#cite_note-CSA_CCM-5\">[5]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyber.gc.ca\/en\/guidance\/cloud-security-risk-management-itsm50062\" target=\"_blank\">Cloud Security Risk Management (ITSM.50.062)<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Canadian Centre for Cyber Security (CCCS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cloud risk management\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"To enable the adoption of cloud computing, the Government of Canada (GC) developed an integrated risk management approach to establish cloud-based services. ITSM.50.062 outlines this approach which can be applied to all cloud based services independently of the cloud service and deployment models.\"<sup id=\"rdp-ebb-cite_ref-CCCSCloud19_6-0\" class=\"reference\"><a href=\"#cite_note-CCCSCloud19-6\">[6]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/dx.doi.org\/10.14569\/IJACSA.2019.0101226\" target=\"_blank\">Cloud Security Risk Management Framework (CSRMF)<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Ahmed E. Youssef\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cloud risk management\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"In this paper, we propose a novel Cloud Security Risk Management Framework (CSRMF) that helps organizations adopting [cloud computing] identify, analyze, evaluate, and mitigate security risks in their cloud platforms. Unlike traditional risk management frameworks, CSRMF is driven by the business objectives of the organizations. It allows any organization adopting CC to be aware of cloud security risks and align their low-level management decisions according to high-level business objectives.\"<sup id=\"rdp-ebb-cite_ref-YoussefAFrame19_7-0\" class=\"reference\"><a href=\"#cite_note-YoussefAFrame19-7\">[7]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">Cloud Security Risk Vectors<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Tim Maurer and Gerrett Hinck\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cloud risk management\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"The framework ... applies the well-known cybersecurity triad of confidentiality, integrity, and availability to these risk vectors and includes rough guesstimates of the probabilities that various incidents will occur, ranging from more common incidents to potential black swan events. These probabilities are not intended as predictors but rather as a starting point for a discussion of how different risks could be classified that will hopefully be tested and improved with feedback from other experts over time. The notional probabilities were based on the authors\u2019 assessment of the frequency of past occurrences, with events that have not yet occurred being assigned lower probabilities.\"<sup id=\"rdp-ebb-cite_ref-MaurerCloud20_8-0\" class=\"reference\"><a href=\"#cite_note-MaurerCloud20-8\">[8]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.iso.org\/standard\/43757.html\" target=\"_blank\">ISO\/IEC 27017:2015<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">International Organization for Standardization\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cybersecurity for cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">ISO\/IEC 27017:2015 \"provides guidelines supporting the implementation of information security controls for cloud service customers and cloud service providers. Some guidelines are for cloud service customers who implement the controls, and others are for cloud service providers to support the implementation of those controls. The selection of appropriate information security controls, and the application of the implementation guidance provided, will depend on a risk assessment and any legal, contractual, regulatory or other cloud-sector specific information security requirements.\"<sup id=\"rdp-ebb-cite_ref-ISO27017_9-0\" class=\"reference\"><a href=\"#cite_note-ISO27017-9\">[9]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nist.gov\/cyberframework\" target=\"_blank\">NIST Cybersecurity Framework<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">National Institute of Standards and Technology (NIST)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cybersecurity framework\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This framework \"consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.\"<sup id=\"rdp-ebb-cite_ref-NIST_NewTo_10-0\" class=\"reference\"><a href=\"#cite_note-NIST_NewTo-10\">[10]<\/a><\/sup> Note, however, that the framework has a couple of weaknesses in regards to cloud computing, including not addressing long-term retention of log files, security gaps with shared responsibility models, virtual tenant delegation, and too-broad role-based privileges.<sup id=\"rdp-ebb-cite_ref-HazelmanWhatThe20_11-0\" class=\"reference\"><a href=\"#cite_note-HazelmanWhatThe20-11\">[11]<\/a><\/sup> If this framework is adopted, keep these and other deficiencies in mind when attempting to close any security gaps.\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/csrc.nist.gov\/projects\/risk-management\/\" target=\"_blank\">NIST Risk Management Framework (RMF)<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">National Institute of Standards and Technology (NIST)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cloud and cybersecurity risk management\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"Managing organizational risk is paramount to effective information security and privacy programs; the RMF approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization regardless of size or sector.\"<sup id=\"rdp-ebb-cite_ref-NIST_RMF21_12-0\" class=\"reference\"><a href=\"#cite_note-NIST_RMF21-12\">[12]<\/a><\/sup> The risk management framework is closely tied to SP 800-53 Rev. 5 <i>Security and Privacy Controls for Information Systems and Organizations<\/i>.\n<\/td><\/tr>\n<\/tbody><\/table>\n<p>Whether part of an organization\u2019s broad cybersecurity plan development or as an independent effort, the organization should consider turning to the security controls, program development, and risk management aspects of one or more risk management and cybersecurity frameworks for the identification of, protection from, detection of, response to, and recovery from cybersecurity threats and incidents. These frameworks will not only couch risks in terms of threats to confidentiality, integrity, and availability, but many will also contain security controls recommended for implementation to combat those threats.\n<\/p><p>NIST defines a security control as \"a safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.\"<sup id=\"rdp-ebb-cite_ref-NISTSecurity19_13-0\" class=\"reference\"><a href=\"#cite_note-NISTSecurity19-13\">[13]<\/a><\/sup> Let's use NIST's SP 800-53 Rev. 5 as an example. One of its security controls is \"AC-20(4) Network Accessible Storage Devices - Prohibited Use,\" which states that users shall not use an organization-defined network accessible storage device in external systems, including \"online storage devices in public, hybrid, or community cloud-based systems.\"<sup id=\"rdp-ebb-cite_ref-NISTSP800-53Rev5_14-0\" class=\"reference\"><a href=\"#cite_note-NISTSP800-53Rev5-14\">[14]<\/a><\/sup> This control represents a potential safeguard an organization can implement, most likely as part of an enforced organizational security policy. By extension, those stakeholders responsible for configuring security in the cloud may also implement controls in the infrastructure to further discourage such access to those storage devices. \n<\/p><p>Note, however, that in contrast to using security controls, some frameworks exist to provide a more program-based or risk-based approach to plan development. Instead of using security controls that mandate an action as a base for building security, risk-based frameworks will typically first help the organization identify the potential threats to its goals and resources and define the strategy that will effectively monitor for and minimize the impact of those risks. Security controls can then be selected as part of that risk discovery process, but the overall framework serves as a guide to identifying and prioritizing the risks most likely to affect the organization. Choosing the best frameworks will likely depend on multiple factors, including the organization's industry type, the amount of technical expertise within the organization, the budget, the organizational goals, the amount of buy-in from key organizational stakeholders, and those stakeholders' preferred approach.\n<\/p><p>In 2020, Deloitte's Center for Regulatory Strategy released a document detailing the Federal Financial Institutions Examination Council's (FFIEC's) Joint Statement on Security in a Cloud Computing Environment. Part of that joint statement addressed how financial services institutions should approach risk management through the application of a risk-based framework. Five layered and hierarchical considerations were given for those institutions towards adopting a risk-based framework: governance, cloud security management, change management, resilience and recovery, and audit and controls assessment (from top to bottom). Those considerations are further discussed here<sup id=\"rdp-ebb-cite_ref-DeloitteFFIEC20_15-0\" class=\"reference\"><a href=\"#cite_note-DeloitteFFIEC20-15\">[15]<\/a><\/sup>:\n<\/p>\n<ul><li><i>Governance<\/i>: Similar to NIST SP 800-37 Rev. 2's risk management approach (Figure 4), knowledgeable stakeholders from all levels of the organization work together as a group to provide subject matter expertise towards developing an organizational plan for choosing, implementing, and securing cloud computing infrastructure and services.<sup id=\"rdp-ebb-cite_ref-DeloitteFFIEC20_15-1\" class=\"reference\"><a href=\"#cite_note-DeloitteFFIEC20-15\">[15]<\/a><\/sup><\/li>\n<li><i>Cloud security management<\/i>: The group's stakeholders complete due diligence research on identified CSPs and how they can prove their level of enacted compliance and security controls, particularly in regards to the needs of the organization. As the organization dives deeper into this process and begins talking about contracts, the stakeholder group may need to develop a responsibility matrix\u2014a tool for clearly delineating responsibilities, roles, milestones, and accountability for a project<sup id=\"rdp-ebb-cite_ref-KantorTheRACI18_16-0\" class=\"reference\"><a href=\"#cite_note-KantorTheRACI18-16\">[16]<\/a><\/sup>\u2014to make clear who is responsible for what, particularly if any initial contract or shared responsibility model isn't clear or appears to neglect certain tasks and responsibilities. Additionally, during discussion of contracts and service-level agreements, the topic of quality assurance reports and \"right to audit\" systems should be discussed and finalized in writing.<sup id=\"rdp-ebb-cite_ref-DeloitteFFIEC20_15-2\" class=\"reference\"><a href=\"#cite_note-DeloitteFFIEC20-15\">[15]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-HeroldWhyYou20_17-0\" class=\"reference\"><a href=\"#cite_note-HeroldWhyYou20-17\">[17]<\/a><\/sup><\/li>\n<li><i>Change management<\/i>: When implementing software solutions or standalone code in the cloud, those solutions and code snippets will need to be updated from time to time for security purposes. These sorts of changes may have an impact on other aspects of the overall cloud experience, including security. As such, change management practices that take into consideration the use of cloud-specific testing tools and security knowledge are encouraged. Also consider the use of microservices architecture\u2014which encourages a modular, independently deployable approach to application services<sup id=\"rdp-ebb-cite_ref-HustonWhatIs15_18-0\" class=\"reference\"><a href=\"#cite_note-HustonWhatIs15-18\">[18]<\/a><\/sup>\u2014which, when implemented well, will limit exposure to surface area attacks.<sup id=\"rdp-ebb-cite_ref-DeloitteFFIEC20_15-3\" class=\"reference\"><a href=\"#cite_note-DeloitteFFIEC20-15\">[15]<\/a><\/sup><\/li>\n<li><i>Resilience and recovery<\/i>: Business continuity planning (BCP) is a critical part of any overall risk management planning. A BCP document outlines instructional procedures the organization must follow should a major disruption in provided services occur. Those disruptions can be sourced to risks such as natural disasters, <a href=\"https:\/\/www.limswiki.org\/index.php\/Pandemic\" title=\"Pandemic\" class=\"wiki-link\" data-key=\"bd9a48e6c6e41b6d603ee703836b01f1\">pandemics<\/a>, fires, and sabotage. The BCP document should address continuity of service at all levels of the organization, including business processes, assets, human resource management, business partner effects, etc.<sup id=\"rdp-ebb-cite_ref-LindrosHowTo17_19-0\" class=\"reference\"><a href=\"#cite_note-LindrosHowTo17-19\">[19]<\/a><\/sup> The addition of cloud services to business operations requires renewed examination of the BCP of the organization. Apply \"stress test\" scenarios to business operations under the scope of a CSP having services disrupted. Keep in mind how agile you expect the CSP to be in restoring service or recovering from a catastrophic event, including a pandemic that forces more staff to work remotely. How does this change your BCP, as well as any related disaster recovery planning documentation?<sup id=\"rdp-ebb-cite_ref-DeloitteFFIEC20_15-4\" class=\"reference\"><a href=\"#cite_note-DeloitteFFIEC20-15\">[15]<\/a><\/sup><\/li>\n<li><i>Audit and controls assessment<\/i>: If your organization operates in a highly regulated sector, vetting the CSP as a whole may not be enough. Determine if regular background checks are performed on critical staff supporting regulated data storage and transmission on the cloud service. Know the regulations and standards that affect your industry's data and operations, and ask the CSP for further evidence of how they comply and help you support compliance on their service. From there, taking into account all the information gathered prior, a risk management and\/or cybersecurity framework with controls can be selected and adapted to address the specific requirements of cloud service adoption and use within your organization. Be sure to address required <a href=\"https:\/\/www.limswiki.org\/index.php\/Information_management\" title=\"Information management\" class=\"wiki-link\" data-key=\"f8672d270c0750a858ed940158ca0a73\">data management<\/a> and security monitoring systems and their own security as part of the control selection process. And after security controls are selected, consider the usefulness of an external review of those controls to ensure you haven't missed anything important to your industry or operating environment.<sup id=\"rdp-ebb-cite_ref-DeloitteFFIEC20_15-5\" class=\"reference\"><a href=\"#cite_note-DeloitteFFIEC20-15\">[15]<\/a><\/sup><\/li><\/ul>\n<p>While these five considerations were originally described in the context of financial services providers, these considerations can be readily applied to organizations in most any sector. However, as Deloitte notes, these considerations are not a complete checklist for adopting a risk-based framework for cloud security. Organizations should also consider where \"additional risk management measures such as ongoing assessments of concentration risk, data privacy and protection, data residency, increased adoption of new cloud services for regulated workloads,\" and more fit into overall risk management planning.<sup id=\"rdp-ebb-cite_ref-DeloitteFFIEC20_15-6\" class=\"reference\"><a href=\"#cite_note-DeloitteFFIEC20-15\">[15]<\/a><\/sup> Your organization\u2014as part of monitoring risk and quality control\u2014will also likely want to adopt consistent periodic tests of the cloud computing security controls implemented into your organizational processes.<sup id=\"rdp-ebb-cite_ref-DeloitteFFIEC20_15-7\" class=\"reference\"><a href=\"#cite_note-DeloitteFFIEC20-15\">[15]<\/a><\/sup> Other risk management activities include limiting the effects of employee negligence by providing thorough training and \"blocking non-essential IPs from accessing the cloud,\" as well as having a detailed data loss plan and redundancies in place.<sup id=\"rdp-ebb-cite_ref-IFAhelp20_20-0\" class=\"reference\"><a href=\"#cite_note-IFAhelp20-20\">[20]<\/a><\/sup>\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-HillsonUsing03-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-HillsonUsing03_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-HillsonUsing03_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Hillson, D. (25 September 2003). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.pmi.org\/learning\/library\/risk-management-strategic-advantage-tactics-7727\" target=\"_blank\">\"Using risk management for strategic advantage\"<\/a>. Project Management Institute<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.pmi.org\/learning\/library\/risk-management-strategic-advantage-tactics-7727\" target=\"_blank\">https:\/\/www.pmi.org\/learning\/library\/risk-management-strategic-advantage-tactics-7727<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Using+risk+management+for+strategic+advantage&rft.atitle=&rft.aulast=Hillson%2C+D.&rft.au=Hillson%2C+D.&rft.date=25+September+2003&rft.pub=Project+Management+Institute&rft_id=https%3A%2F%2Fwww.pmi.org%2Flearning%2Flibrary%2Frisk-management-strategic-advantage-tactics-7727&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AmatoFive16-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AmatoFive16_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Amato, N. (12 July 2016). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.fm-magazine.com\/news\/2016\/jul\/integrated-risk-management-201614781.html\" target=\"_blank\">\"5 benefits of an integrated risk management programme\"<\/a>. <i>Financial Management<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.fm-magazine.com\/news\/2016\/jul\/integrated-risk-management-201614781.html\" target=\"_blank\">https:\/\/www.fm-magazine.com\/news\/2016\/jul\/integrated-risk-management-201614781.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=5+benefits+of+an+integrated+risk+management+programme&rft.atitle=Financial+Management&rft.aulast=Amato%2C+N.&rft.au=Amato%2C+N.&rft.date=12+July+2016&rft_id=https%3A%2F%2Fwww.fm-magazine.com%2Fnews%2F2016%2Fjul%2Fintegrated-risk-management-201614781.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CIS_Controls-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CIS_Controls_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisecurity.org\/controls\" target=\"_blank\">\"CIS Controls\"<\/a>. Center for Internet Security<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cisecurity.org\/controls\" target=\"_blank\">https:\/\/www.cisecurity.org\/controls<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=CIS+Controls&rft.atitle=&rft.pub=Center+for+Internet+Security&rft_id=https%3A%2F%2Fwww.cisecurity.org%2Fcontrols&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CIS_ControlsCloud-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CIS_ControlsCloud_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisecurity.org\/insights\/white-papers\/cis-controls-v8-cloud-companion-guide\" target=\"_blank\">\"CIS Controls Cloud Companion Guide\"<\/a>. Center for Internet Security. March 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cisecurity.org\/insights\/white-papers\/cis-controls-v8-cloud-companion-guide\" target=\"_blank\">https:\/\/www.cisecurity.org\/insights\/white-papers\/cis-controls-v8-cloud-companion-guide<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=CIS+Controls+Cloud+Companion+Guide&rft.atitle=&rft.date=March+2022&rft.pub=Center+for+Internet+Security&rft_id=https%3A%2F%2Fwww.cisecurity.org%2Finsights%2Fwhite-papers%2Fcis-controls-v8-cloud-companion-guide&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CSA_CCM-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CSA_CCM_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloudsecurityalliance.org\/research\/cloud-controls-matrix\/\" target=\"_blank\">\"Cloud Controls Matrix (CCM)\"<\/a>. Cloud Security Alliance<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloudsecurityalliance.org\/research\/cloud-controls-matrix\/\" target=\"_blank\">https:\/\/cloudsecurityalliance.org\/research\/cloud-controls-matrix\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Controls+Matrix+%28CCM%29&rft.atitle=&rft.pub=Cloud+Security+Alliance&rft_id=https%3A%2F%2Fcloudsecurityalliance.org%2Fresearch%2Fcloud-controls-matrix%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CCCSCloud19-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CCCSCloud19_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Canadian Centre for Cyber Security (March 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cyber.gc.ca\/en\/guidance\/cloud-security-risk-management-itsm50062\" target=\"_blank\">\"Cloud Security Risk Management (ITSM.50.062)\"<\/a>. Government of Canada<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cyber.gc.ca\/en\/guidance\/cloud-security-risk-management-itsm50062\" target=\"_blank\">https:\/\/www.cyber.gc.ca\/en\/guidance\/cloud-security-risk-management-itsm50062<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Security+Risk+Management+%28ITSM.50.062%29&rft.atitle=&rft.aulast=Canadian+Centre+for+Cyber+Security&rft.au=Canadian+Centre+for+Cyber+Security&rft.date=March+2019&rft.pub=Government+of+Canada&rft_id=https%3A%2F%2Fwww.cyber.gc.ca%2Fen%2Fguidance%2Fcloud-security-risk-management-itsm50062&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-YoussefAFrame19-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-YoussefAFrame19_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Youssef, A.E. (2019). \"A Framework for Cloud Security Risk Management based on the Business Objectives of Organizations\". <i>International Journal of Advanced Computer Science and Applications<\/i> <b>10<\/b> (12): 186-194. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.14569%2FIJACSA.2019.0101226\" target=\"_blank\">10.14569\/IJACSA.2019.0101226<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Framework+for+Cloud+Security+Risk+Management+based+on+the+Business+Objectives+of+Organizations&rft.jtitle=International+Journal+of+Advanced+Computer+Science+and+Applications&rft.aulast=Youssef%2C+A.E.&rft.au=Youssef%2C+A.E.&rft.date=2019&rft.volume=10&rft.issue=12&rft.pages=186-194&rft_id=info:doi\/10.14569%2FIJACSA.2019.0101226&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MaurerCloud20-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MaurerCloud20_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Maurer, T.; Hinck, G. (31 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">\"Cloud Security: A Primer for Policymakers\"<\/a>. Carnegie Endowment for International Peace<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Security%3A+A+Primer+for+Policymakers&rft.atitle=&rft.aulast=Maurer%2C+T.%3B+Hinck%2C+G.&rft.au=Maurer%2C+T.%3B+Hinck%2C+G.&rft.date=31+August+2020&rft.pub=Carnegie+Endowment+for+International+Peace&rft_id=https%3A%2F%2Fcarnegieendowment.org%2F2020%2F08%2F31%2Fcloud-security-primer-for-policymakers-pub-82597&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ISO27017-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ISO27017_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"nofollow\" class=\"external text\" href=\"#iso:std:iso-iec:27017:ed-1:v1:en\">\"ISO\/IEC 27017:2015(en) Information technology \u2014 Security techniques \u2014 Code of practice for information security controls based on ISO\/IEC 27002 for cloud services\"<\/a>. International Organization for Standardization. July 2015<span class=\"printonly\">. <a rel=\"nofollow\" class=\"external free\" href=\"#iso:std:iso-iec:27017:ed-1:v1:en\">https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso-iec:27017:ed-1:v1:en<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=ISO%2FIEC+27017%3A2015%28en%29+Information+technology+%E2%80%94+Security+techniques+%E2%80%94+Code+of+practice+for+information+security+controls+based+on+ISO%2FIEC+27002+for+cloud+services&rft.atitle=&rft.date=July+2015&rft.pub=International+Organization+for+Standardization&rft_id=https%3A%2F%2Fwww.iso.org%2Fobp%2Fui%2F%23iso%3Astd%3Aiso-iec%3A27017%3Aed-1%3Av1%3Aen&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NIST_NewTo-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NIST_NewTo_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nist.gov\/cyberframework\/getting-started\" target=\"_blank\">\"Cybersecurity Framework - Getting Started\"<\/a>. National Institute of Standards and Technology. 21 April 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.nist.gov\/cyberframework\/getting-started\" target=\"_blank\">https:\/\/www.nist.gov\/cyberframework\/getting-started<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cybersecurity+Framework+-+Getting+Started&rft.atitle=&rft.date=21+April+2023&rft.pub=National+Institute+of+Standards+and+Technology&rft_id=https%3A%2F%2Fwww.nist.gov%2Fcyberframework%2Fgetting-started&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HazelmanWhatThe20-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HazelmanWhatThe20_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.infosecurity-magazine.com\/opinions\/nist-framework-misses-cloud\/\" target=\"_blank\">\"What the NIST Framework Misses About Cloud Security\"<\/a>. <i>InfoSecurity<\/i>. 28 December 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.infosecurity-magazine.com\/opinions\/nist-framework-misses-cloud\/\" target=\"_blank\">https:\/\/www.infosecurity-magazine.com\/opinions\/nist-framework-misses-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+the+NIST+Framework+Misses+About+Cloud+Security&rft.atitle=InfoSecurity&rft.date=28+December+2020&rft_id=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fopinions%2Fnist-framework-misses-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NIST_RMF21-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NIST_RMF21_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/csrc.nist.gov\/projects\/risk-management\/about-rmf\" target=\"_blank\">\"NIST Risk Management Framework - About the Risk Management Framework (RMF)\"<\/a>. National Institute of Standards and Technology. 6 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/csrc.nist.gov\/projects\/risk-management\/about-rmf\" target=\"_blank\">https:\/\/csrc.nist.gov\/projects\/risk-management\/about-rmf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=NIST+Risk+Management+Framework+-+About+the+Risk+Management+Framework+%28RMF%29&rft.atitle=&rft.date=6+July+2023&rft.pub=National+Institute+of+Standards+and+Technology&rft_id=https%3A%2F%2Fcsrc.nist.gov%2Fprojects%2Frisk-management%2Fabout-rmf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NISTSecurity19-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NISTSecurity19_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/csrc.nist.gov\/glossary\/term\/security_control\" target=\"_blank\">\"security control\"<\/a>. <i>Computer Security Resource Center<\/i>. National Institute of Standards and Technology. 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/csrc.nist.gov\/glossary\/term\/security_control\" target=\"_blank\">https:\/\/csrc.nist.gov\/glossary\/term\/security_control<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=security+control&rft.atitle=Computer+Security+Resource+Center&rft.date=2019&rft.pub=National+Institute+of+Standards+and+Technology&rft_id=https%3A%2F%2Fcsrc.nist.gov%2Fglossary%2Fterm%2Fsecurity_control&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NISTSP800-53Rev5-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NISTSP800-53Rev5_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/53\/r5\/upd1\/final\" target=\"_blank\">\"SP 800-53 Rev. 5 <i>Security and Privacy Controls for Information Systems and Organizations<\/i>\"<\/a>. National Institute of Standards and Technology. 10 December 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/53\/r5\/upd1\/final\" target=\"_blank\">https:\/\/csrc.nist.gov\/pubs\/sp\/800\/53\/r5\/upd1\/final<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SP+800-53+Rev.+5+%27%27Security+and+Privacy+Controls+for+Information+Systems+and+Organizations%27%27&rft.atitle=&rft.date=10+December+2020&rft.pub=National+Institute+of+Standards+and+Technology&rft_id=https%3A%2F%2Fcsrc.nist.gov%2Fpubs%2Fsp%2F800%2F53%2Fr5%2Fupd1%2Ffinal&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DeloitteFFIEC20-15\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-DeloitteFFIEC20_15-0\">15.0<\/a><\/sup> <sup><a href=\"#cite_ref-DeloitteFFIEC20_15-1\">15.1<\/a><\/sup> <sup><a href=\"#cite_ref-DeloitteFFIEC20_15-2\">15.2<\/a><\/sup> <sup><a href=\"#cite_ref-DeloitteFFIEC20_15-3\">15.3<\/a><\/sup> <sup><a href=\"#cite_ref-DeloitteFFIEC20_15-4\">15.4<\/a><\/sup> <sup><a href=\"#cite_ref-DeloitteFFIEC20_15-5\">15.5<\/a><\/sup> <sup><a href=\"#cite_ref-DeloitteFFIEC20_15-6\">15.6<\/a><\/sup> <sup><a href=\"#cite_ref-DeloitteFFIEC20_15-7\">15.7<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Bhat, V.; Kapur, S.; Hodgkinson, S. et al. (2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/financial-services\/cloud-security-for-FSI.pdf\" target=\"_blank\">\"FFIEC statement on risk management for cloud computing services\"<\/a> (PDF). Deloitte Development, LLC<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/financial-services\/cloud-security-for-FSI.pdf\" target=\"_blank\">https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/financial-services\/cloud-security-for-FSI.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=FFIEC+statement+on+risk+management+for+cloud+computing+services&rft.atitle=&rft.aulast=Bhat%2C+V.%3B+Kapur%2C+S.%3B+Hodgkinson%2C+S.+et+al.&rft.au=Bhat%2C+V.%3B+Kapur%2C+S.%3B+Hodgkinson%2C+S.+et+al.&rft.date=2020&rft.pub=Deloitte+Development%2C+LLC&rft_id=https%3A%2F%2Fwww2.deloitte.com%2Fcontent%2Fdam%2FDeloitte%2Fus%2FDocuments%2Ffinancial-services%2Fcloud-security-for-FSI.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KantorTheRACI18-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-KantorTheRACI18_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Kantor, B. (14 September 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cio.com\/article\/287088\/project-management-how-to-design-a-successful-raci-project-plan.html\" target=\"_blank\">\"The RACI matrix: Your blueprint for project success\"<\/a>. <i>CIO<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cio.com\/article\/287088\/project-management-how-to-design-a-successful-raci-project-plan.html\" target=\"_blank\">https:\/\/www.cio.com\/article\/287088\/project-management-how-to-design-a-successful-raci-project-plan.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+RACI+matrix%3A+Your+blueprint+for+project+success&rft.atitle=CIO&rft.aulast=Kantor%2C+B.&rft.au=Kantor%2C+B.&rft.date=14+September+2022&rft_id=https%3A%2F%2Fwww.cio.com%2Farticle%2F287088%2Fproject-management-how-to-design-a-successful-raci-project-plan.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HeroldWhyYou20-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HeroldWhyYou20_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Herold, R. (28 March 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/privacysecuritybrainiacs.com\/privacy-professor-blog\/why-you-should-use-a-right-to-audit-clause\/\" target=\"_blank\">\"Why You Should Use a Right to Audit Clause\"<\/a>. <i>Privacy Security Brainiacs<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/privacysecuritybrainiacs.com\/privacy-professor-blog\/why-you-should-use-a-right-to-audit-clause\/\" target=\"_blank\">https:\/\/privacysecuritybrainiacs.com\/privacy-professor-blog\/why-you-should-use-a-right-to-audit-clause\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Why+You+Should+Use+a+Right+to+Audit+Clause&rft.atitle=Privacy+Security+Brainiacs&rft.aulast=Herold%2C+R.&rft.au=Herold%2C+R.&rft.date=28+March+2020&rft_id=https%3A%2F%2Fprivacysecuritybrainiacs.com%2Fprivacy-professor-blog%2Fwhy-you-should-use-a-right-to-audit-clause%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HustonWhatIs15-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HustonWhatIs15_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/smartbear.com\/learn\/api-design\/microservices\/\" target=\"_blank\">\"What are Microservices?\"<\/a>. <i>SmartBear<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/smartbear.com\/learn\/api-design\/microservices\/\" target=\"_blank\">https:\/\/smartbear.com\/learn\/api-design\/microservices\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+are+Microservices%3F&rft.atitle=SmartBear&rft_id=https%3A%2F%2Fsmartbear.com%2Flearn%2Fapi-design%2Fmicroservices%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LindrosHowTo17-19\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LindrosHowTo17_19-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lindros, K.; Tittel, E. (18 July 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cio.com\/article\/288554\/best-practices-how-to-create-an-effective-business-continuity-plan.html\" target=\"_blank\">\"How to create an effective business continuity plan\"<\/a>. <i>CIO<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cio.com\/article\/288554\/best-practices-how-to-create-an-effective-business-continuity-plan.html\" target=\"_blank\">https:\/\/www.cio.com\/article\/288554\/best-practices-how-to-create-an-effective-business-continuity-plan.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+to+create+an+effective+business+continuity+plan&rft.atitle=CIO&rft.aulast=Lindros%2C+K.%3B+Tittel%2C+E.&rft.au=Lindros%2C+K.%3B+Tittel%2C+E.&rft.date=18+July+2017&rft_id=https%3A%2F%2Fwww.cio.com%2Farticle%2F288554%2Fbest-practices-how-to-create-an-effective-business-continuity-plan.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IFAhelp20-20\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IFAhelp20_20-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">White, R. (20 June 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/\" target=\"_blank\">\"A Helpful Guide to Cloud Computing in a Laboratory\"<\/a>. <i>InterFocus Blog<\/i>. InterFocus Ltd<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/\" target=\"_blank\">https:\/\/www.mynewlab.com\/blog\/a-helpful-guide-to-cloud-computing-in-a-laboratory\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=A+Helpful+Guide+to+Cloud+Computing+in+a+Laboratory&rft.atitle=InterFocus+Blog&rft.aulast=White%2C+R.&rft.au=White%2C+R.&rft.date=20+June+2023&rft.pub=InterFocus+Ltd&rft_id=https%3A%2F%2Fwww.mynewlab.com%2Fblog%2Fa-helpful-guide-to-cloud-computing-in-a-laboratory%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205954\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.171 seconds\nReal time usage: 0.187 seconds\nPreprocessor visited node count: 13630\/1000000\nPost\u2010expand include size: 112781\/2097152 bytes\nTemplate argument size: 34180\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 32784\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 171.545 1 -total\n 90.80% 155.757 1 Template:Reflist\n 72.51% 124.395 20 Template:Citation\/core\n 70.16% 120.351 19 Template:Cite_web\n 14.37% 24.656 16 Template:Date\n 9.88% 16.954 1 Template:Cite_journal\n 9.15% 15.688 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\n 4.30% 7.381 28 Template:Citation\/make_link\n 4.13% 7.081 1 Template:Citation\/identifier\n 1.23% 2.111 2 Template:Hide_in_print\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13043-0!canonical and timestamp 20230816205954 and revision id 46392. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","02aabc07c0d7e2cfb83052a33005079d_images":[],"02aabc07c0d7e2cfb83052a33005079d_timestamp":1692220359,"d18f1a3ad802fb40b2cefc9e7d83bf91_type":"article","d18f1a3ad802fb40b2cefc9e7d83bf91_title":"3.1 Five risk categories to consider","d18f1a3ad802fb40b2cefc9e7d83bf91_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider","d18f1a3ad802fb40b2cefc9e7d83bf91_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Organizational cloud computing risk management\/Five risk categories to considerFrom LIMSWikiJump to navigationJump to search-----Return to the beginning of this guide-----\n3. Organizational cloud computing risk management \n Figure 4. A diagram of an organization-wide risk management approach, as published in NIST SP 800-37 Rev. 2. NIST says this diagram \"addresses security and privacy risk at the organization level, the mission\/business process level, and the information system level. Communication and reporting are bi-directional information flows across the three levels to ensure that risk is addressed throughout the organization.\"[1]After discussing cloud standards, regulations, and security, it makes sense to next address the topic of cloud computing risk management. Risks beget risk management, which in turn begets security. Whether the risks are near the home, on an airplane, or with an online bank account, risk management practices limit the risks, usually through some mechanism of \"security.\" \"The five-year crime numbers in my neighborhood are going up,\" one might assess. \"I shall manage the risk with a home security system,\" is the risk management action performed. In the same way, engineers add multiple layers of redundancy to an airplane's components to mitigate the assessed risk of instrument failure, and banks require access controls like strong passwords on online accounts to protect customer data and limit their liability. As such, it shouldn't be surprising to talk about employing security and process control measures as part of managing risks in the cloud.\nWe learned in the last chapter that the National Institute of Standards and Technology (NIST) represents a strong example of a standards and recommendations body in the U.S. In their 2018 SP 800-37 Rev. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, NIST says the following about risk management for information systems[1]:\n\nManaging information system-related security and privacy risk is a complex undertaking that requires the involvement of the entire organization\u2014from senior leaders providing the strategic vision and top-level goals and objectives for the organization, to mid-level leaders planning, executing, and managing projects, to individuals developing, implementing, operating, and maintaining the systems supporting the organization\u2019s missions and business functions. Risk management is a holistic activity that affects every aspect of the organization, including the mission and business planning activities, the enterprise architecture, the SDLC processes, and the systems engineering activities that are integral to those system life cycle processes.\nAs Figure 4\u2014from the same NIST guide\u2014notes, there are three main levels at which an organization must approach risk management activities for their information systems: the organization level, the mission\/business process level, and the information system level. The arrow on the left highlights the criticality of proper communication across all three levels in order for the organization to make the most of their risk management activities. Just as IT forms the base of any software-driven business efforts, critical stakeholders in IT form the base of communication about IT risk and security requirements. Without those stakeholders' knowledge and feedback, business processes and company policy would be ill-informed. Now let's start from the top of the pyramid and head downward. Note that without strong leadership, well-crafted business goals, and management buy-in on quality, budget, and security, business processes would be a mess and IT-related efforts would be sub-par and at-risk.\nThe implication with Figure 4 and NIST's guide is that effective planning and communication is critical to ensuring information systems are implemented securely during their entire life cycle. Many organizations approach this task by developing, implementing, and enforcing a cybersecurity plan, in which identifying cybersecurity requirements and objectives\u2014i.e., risk assessment and management\u2014is a vital component. (See the Comprehensive Guide to Developing and Implementing a Cybersecurity Plan for much more on this topic.) \n\r\n\n\n3.1 Five risk categories to consider \nIn January 2021, Business Tech Weekly highlighted the biggest security challenges to organizations adopting cloud. Among them were[2]:\n\ninadequate access control\ninsufficient contract regulation\nunsecure software interfaces\nlow data visibility\ndelays in deleting data\ninability to maintain regulatory compliance\nThese and other related challenges are a product of the various risks of doing business in the cloud. Those risks\u2014in the scope of business, essentially aspects of business and the environment it operates in that endanger objectives\u2014in turn must be managed to better ensure an organization meets its goals. This requires risk management.\nRisk management is the process of identifying, evaluating, and prioritizing risks, and then developing an economical and efficient strategy for monitoring, controlling, and mitigating those risks. Whether risk management is part of an overall cybersecurity plan (as it should be) or an independent process (perhaps more common in really small organizations), it always makes sense to have strategies for managing threats and responding to opportunities, not only for the organization as a whole but also specifically for IT and software implementations.\nBut what are the major risks associated with cloud computing initiatives that drive the need for risk management? And what are the potential consequences if those risks are left unchecked? Business consultancy KPMG released a 2018 report about managing risk in the cloud. In that report, author Sai Gadia identified five critical categories of risk to organizations venturing into the cloud: data security and regulatory risk, technology risk, operational risk, vendor risk, and financial risk.[3]\nThese five categories neatly sum up the areas of risk to apply and cloud risk assessment, but let's look at them a bit more closely.\nData security and regulatory risk: This category examines the concerns of data integrity and availability. \n\nThe potential risks: data is leaked, lost, or becomes unavailable.\nThe potential consequences: reputation loss, regulatory non-compliance, business interruptions, and loss of revenue.\nThe challenges associated with limiting those potential risks and consequences when embracing a cloud computing initiative: maintaining enforcement of existing corporate security policies, maintaining regulatory compliance, managing user access effectively, managing networking across multitenancy or shared infrastructures, and gaining greater flexibility with encryption and security controls offered by the cloud service provider (CSP).\nGetting around these challenges: Organizations should \"have mature data protection and regulatory compliance programs staffed with talented individuals who have sufficient authority and clear responsibilities. Such organizations also leverage leading third-party or homegrown automated tools and continuously improve their capabilities.\"[3]\nTechnology risk: This category examines the concerns of rapid shifts in underlying technologies.\n\nThe potential risks: cloud-specific technologies rapidly evolve, and standardization of those technologies doesn't keep up.\nThe potential consequences: added costs associated with rearchitecting cloud systems, shifting data to new platforms, developing new integrations, and requiring additional training.\nThe challenges associated with limiting those potential risks and consequences when embracing a cloud computing initiative: maintaining room in the budget for rearchitecting cloud applications and systems periodically, maintaining the personnel to stay engaged and focused on changes happening in the industry, and identifying tools (e.g., dashboards) that can extend the life cycle of your cloud implementation.\nGetting around these challenges: Organizations should \"recognize that cloud will require the role and responsibilities of in-house IT professionals to evolve and are making the necessary investment to train individuals and encourage the adoption of innovative technology. In the process, they are also increasing alignment with the vision and business of the organization.\"[3] IT professionals should also be considering aspects of cloud such as compatibility with other CSPs as new services are added.\nOperational risk: This category examines the concerns of how IT services and tasks get effectively performed.\n\nThe potential risks: suboptimal service reliability; suboptimal service features; insufficient control over the underlying service; and theft, fires, and other natural disasters.\nThe potential consequences: costly downtime, slower workflows, slower disaster recoveries, and permanent losses of vital assets.\nThe challenges associated with limiting those potential risks and consequences when embracing a cloud computing initiative: maintaining room in the budget for leading technologies, maintaining room in the budget for a service that meets most if not all workflow and regulatory requirements, having the budget and knowledge to implement redundant systems (e.g., via hybrid cloud), and being able to rapidly bounce back from asset losses.\nGetting around these challenges: Organizations should \"adopt the agile development methodology as well as the DevOps model for cloud deployments. Such organizations are now using the learning from pilot projects to shape the enterprise development methodologies of the future.\"[3] Additionally, they should investigate how to best cost-optimize redundant cloud storage based on access patterns, geography, etc.[4] Additionally, if the organization is responsible for localized (i.e., private cloud) assets housing critical operational data and equipment, the organization should have sufficient plans in place on how to mitigate risks from physical disasters and other threats to that data and equipment.\nVendor risk: This category examines the concerns of doing business with a CSP.\n\nThe potential risks: vendor files for bankruptcy, is named in a lawsuit, is scrutinized by a regulatory body, or otherwise has an underlying lack of sustainability or compliance.\nThe potential consequences: loss of data, loss of service, reduced service, and lack of compliance (which has its own costs to an organization).\nThe challenges associated with limiting those potential risks and consequences when embracing a cloud computing initiative: knowing the deep inner workings of the CSP, knowing the financial stability of the CSP, knowing the CSP's true reputation among a wide number of other customers, and putting faith in the CSP's trust center materials.\nGetting around these challenges: Organizations should \"take a long-term strategic view to manage their relationships with cloud service providers. Such companies are actively engaged and are shaping the road map of CSPs' service offerings to help accelerate their move to cloud while being offered better tools by the CSP to efficiently manage risks.\"[3] This long-term strategic view should include significant due diligence about the vendor's underlying operations, stability, and fall-back plans should they suffer a major business loss.\nFinancial risk: This category examines the concerns of the organization\u2019s long-term revenues and ability to budget for cloud services.\n\nThe potential risks: underestimating initial implementation costs, long-term service costs, long-term capital expenditure carry-over (if any), and long-term business revenues.\nThe potential consequences: cost overruns, layoffs, budget cut-backs, and detrimental scaling back of necessary services.\nThe challenges associated with limiting those potential risks and consequences when embracing a cloud computing initiative: finding and retaining experienced and knowledgeable staff capable of budgeting future (and changing) cloud costs, as well as managing the financial activities of the organization.\nGetting around these challenges: Organizations should \u201cassign individuals with the responsibility for budgeting, tracking, and managing cloud costs. Such organizations are also making use of advanced third-party analytical tools available to manage cloud costs.\u201d[3] Estimating those costs can be challenging, particularly in industries where high-throughput data is being created and managed. As such, negotiating a special agreement with the CSP may be of value.[5] Also, ensure the organization is considering costs associated with contract modifications and cancellation fees.\nWhen identifying risks associated with doing business in the cloud, most likely you'll be able to fit them into one of these five categories. As indicated above, potential consequences come with potential risks, and you'll want to identify those consequences. Of course, it's not a simple matter of addressing those risks and consequences; they come with their own challenges. Identifying risks and consequences, and the challenges surrounding and limiting them, are all part of risk management. Finally, after identifying risks, consider the usefulness of an external review of those risks to ensure your organization hasn't missed anything significant.[6]\nBut how does an organization successfully go through the risk management process? That's best accomplished with the aid of one or more risk management and cybersecurity frameworks.\n\nReferences \n\n\n\u2191 1.0 1.1 National Institute of Standards and Technology (December 2018). \"SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy\". https:\/\/csrc.nist.gov\/pubs\/sp\/800\/37\/r2\/final . Retrieved 28 July 2023 .   \n \n\n\u2191 Antonenko, D. (4 January 2021). \"Cloud computing security issues and challenges\". Business Tech Weekly. https:\/\/www.businesstechweekly.com\/cybersecurity\/data-security\/cloud-computing-security-issues-and-challenges\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 3.0 3.1 3.2 3.3 3.4 3.5 Gadia, S. (March 2018). \"How to manage five key cloud computing risks\" (PDF). KPMG LLP. https:\/\/assets.kpmg.com\/content\/dam\/kpmg\/ca\/pdf\/2018\/03\/cloud-computing-risks-canada.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cost-optimized redundant data storage in the cloud\". Service Oriented Computing and Applications 11: 411\u201326. 2017. doi:10.1007\/s11761-017-0218-9.   \n \n\n\u2191 Navale, V.; Bourne, P.E. (2018). \"Cloud computing applications for biomedical science: A perspective\". PLoS Computational Biology 14 (6): e1006144. doi:10.1371\/journal.pcbi.1006144. PMC PMC6002019. PMID 29902176. http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019 .   \n \n\n\u2191 Bhat, V.; Kapur, S.; Hodgkinson, S. et al. (2020). \"FFIEC statement on risk management for cloud computing services\" (PDF). Deloitte Development, LLC. https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/financial-services\/cloud-security-for-FSI.pdf . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:31.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 380 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","d18f1a3ad802fb40b2cefc9e7d83bf91_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Organizational_cloud_computing_risk_management_Five_risk_categories_to_consider rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Organizational_cloud_computing_risk_management_Five_risk_categories_to_consider skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Organizational cloud computing risk management\/Five risk categories to consider<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><div align=\"center\">-----Return to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction\" class=\"wiki-link\" data-key=\"a5122d160da552b7fab8ca62d4bc6155\">the beginning<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"3._Organizational_cloud_computing_risk_management\">3. Organizational cloud computing risk management<\/span><\/h2>\n<div class=\"thumb tright\"><div class=\"thumbinner\" style=\"width:552px;\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:NISTRiskManApproach.png\" class=\"image wiki-link\" data-key=\"9478b08a57e10a5d775f85dcbbfc0223\"><img alt=\"\" src=\"https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/9\/9d\/NISTRiskManApproach.png\" decoding=\"async\" class=\"thumbimage\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a> <div class=\"thumbcaption\"><div class=\"magnify\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:NISTRiskManApproach.png\" class=\"internal wiki-link\" title=\"Enlarge\" data-key=\"9478b08a57e10a5d775f85dcbbfc0223\"><\/a><\/div><b>Figure 4.<\/b> A diagram of an organization-wide risk management approach, as published in NIST SP 800-37 Rev. 2. NIST says this diagram \"addresses security and privacy risk at the organization level, the mission\/business process level, and the information system level. Communication and reporting are bi-directional information flows across the three levels to ensure that risk is addressed throughout the organization.\"<sup id=\"rdp-ebb-cite_ref-NISTSP800-37v2_18_1-0\" class=\"reference\"><a href=\"#cite_note-NISTSP800-37v2_18-1\">[1]<\/a><\/sup><\/div><\/div><\/div><p>After discussing cloud standards, regulations, and security, it makes sense to next address the topic of <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> <a href=\"https:\/\/www.limswiki.org\/index.php\/Risk_management\" title=\"Risk management\" class=\"wiki-link\" data-key=\"ecfbfb2550c23f053bd1aa0d9ea63e4e\">risk management<\/a>. Risks beget risk management, which in turn begets security. Whether the risks are near the home, on an airplane, or with an online bank account, risk management practices limit the risks, usually through some mechanism of \"security.\" \"The five-year crime numbers in my neighborhood are going up,\" one might assess. \"I shall manage the risk with a home security system,\" is the risk management action performed. In the same way, engineers add multiple layers of redundancy to an airplane's components to mitigate the assessed risk of instrument failure, and banks require access controls like strong passwords on online accounts to protect customer data and limit their liability. As such, it shouldn't be surprising to talk about employing security and process control measures as part of managing risks in the cloud.\n<\/p><p>We learned in the last chapter that the National Institute of Standards and Technology (NIST) represents a strong example of a standards and recommendations body in the U.S. In their 2018 SP 800-37 Rev. 2 <i>Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy<\/i>, NIST says the following about risk management for information systems<sup id=\"rdp-ebb-cite_ref-NISTSP800-37v2_18_1-1\" class=\"reference\"><a href=\"#cite_note-NISTSP800-37v2_18-1\">[1]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Managing information system-related security and privacy risk is a complex undertaking that requires the involvement of the entire organization\u2014from senior leaders providing the strategic vision and top-level goals and objectives for the organization, to mid-level leaders planning, executing, and managing projects, to individuals developing, implementing, operating, and maintaining the systems supporting the organization\u2019s missions and business functions. Risk management is a holistic activity that affects every aspect of the organization, including the mission and business planning activities, the enterprise architecture, the SDLC processes, and the systems engineering activities that are integral to those system life cycle processes.<\/p><\/blockquote>\n<p>As Figure 4\u2014from the same NIST guide\u2014notes, there are three main levels at which an organization must approach risk management activities for their information systems: the organization level, the mission\/business process level, and the information system level. The arrow on the left highlights the criticality of proper communication across all three levels in order for the organization to make the most of their risk management activities. Just as IT forms the base of any software-driven business efforts, critical stakeholders in IT form the base of communication about IT risk and security requirements. Without those stakeholders' knowledge and feedback, business processes and company policy would be ill-informed. Now let's start from the top of the pyramid and head downward. Note that without strong leadership, well-crafted business goals, and management buy-in on quality, budget, and security, business processes would be a mess and IT-related efforts would be sub-par and at-risk.\n<\/p><p>The implication with Figure 4 and NIST's guide is that effective planning and communication is critical to ensuring information systems are implemented securely during their entire life cycle. Many organizations approach this task by developing, implementing, and enforcing a <a href=\"https:\/\/www.limswiki.org\/index.php\/Cybersecurity\" class=\"mw-redirect wiki-link\" title=\"Cybersecurity\" data-key=\"ba653dc2a1384e5f9f6ac9dc1a740109\">cybersecurity<\/a> plan, in which identifying cybersecurity requirements and objectives\u2014i.e., <a href=\"https:\/\/www.limswiki.org\/index.php\/Risk_assessment\" title=\"Risk assessment\" class=\"wiki-link\" data-key=\"e06196a3e3b70b62af61a54e93579f37\">risk assessment<\/a> and management\u2014is a vital component. (See the <i><a href=\"https:\/\/www.limswiki.org\/index.php\/LII:Comprehensive_Guide_to_Developing_and_Implementing_a_Cybersecurity_Plan\" title=\"LII:Comprehensive Guide to Developing and Implementing a Cybersecurity Plan\" class=\"wiki-link\" data-key=\"fce1737a2e9697fc03e956327817f8ea\">Comprehensive Guide to Developing and Implementing a Cybersecurity Plan<\/a><\/i> for much more on this topic.) \n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"3.1_Five_risk_categories_to_consider\">3.1 Five risk categories to consider<\/span><\/h3>\n<p>In January 2021, <i>Business Tech Weekly<\/i> highlighted the biggest security challenges to organizations adopting cloud. Among them were<sup id=\"rdp-ebb-cite_ref-AntonenkoCloud21_2-0\" class=\"reference\"><a href=\"#cite_note-AntonenkoCloud21-2\">[2]<\/a><\/sup>:\n<\/p>\n<ul><li>inadequate access control<\/li>\n<li>insufficient contract regulation<\/li>\n<li>unsecure software interfaces<\/li>\n<li>low data visibility<\/li>\n<li>delays in deleting data<\/li>\n<li>inability to maintain regulatory compliance<\/li><\/ul>\n<p>These and other related challenges are a product of the various risks of doing business in the cloud. Those risks\u2014in the scope of business, essentially aspects of business and the environment it operates in that endanger objectives\u2014in turn must be managed to better ensure an organization meets its goals. This requires risk management.\n<\/p><p>Risk management is the process of identifying, evaluating, and prioritizing risks, and then developing an economical and efficient strategy for monitoring, controlling, and mitigating those risks. Whether risk management is part of an overall cybersecurity plan (as it should be) or an independent process (perhaps more common in really small organizations), it always makes sense to have strategies for managing threats and responding to opportunities, not only for the organization as a whole but also specifically for IT and software implementations.\n<\/p><p>But what are the major risks associated with cloud computing initiatives that drive the need for risk management? And what are the potential consequences if those risks are left unchecked? Business consultancy KPMG released a 2018 report about managing risk in the cloud. In that report, author Sai Gadia identified five critical categories of risk to organizations venturing into the cloud: data security and regulatory risk, technology risk, operational risk, vendor risk, and financial risk.<sup id=\"rdp-ebb-cite_ref-GadiaHowTo18_3-0\" class=\"reference\"><a href=\"#cite_note-GadiaHowTo18-3\">[3]<\/a><\/sup>\n<\/p><p>These five categories neatly sum up the areas of risk to apply and cloud risk assessment, but let's look at them a bit more closely.\n<\/p><p><b>Data security and regulatory risk<\/b>: This category examines the concerns of <a href=\"https:\/\/www.limswiki.org\/index.php\/Data_integrity\" title=\"Data integrity\" class=\"wiki-link\" data-key=\"382a9bb77ee3e36bb3b37c79ed813167\">data integrity<\/a> and availability. \n<\/p>\n<ul><li><i>The potential risks<\/i>: data is leaked, lost, or becomes unavailable.<\/li>\n<li><i>The potential consequences<\/i>: reputation loss, regulatory non-compliance, business interruptions, and loss of revenue.<\/li>\n<li><i>The challenges associated with limiting those potential risks and consequences when embracing a cloud computing initiative<\/i>: maintaining enforcement of existing corporate security policies, maintaining regulatory compliance, managing user access effectively, managing networking across multitenancy or shared infrastructures, and gaining greater flexibility with encryption and security controls offered by the cloud service provider (CSP).<\/li>\n<li><i>Getting around these challenges<\/i>: Organizations should \"have mature data protection and regulatory compliance programs staffed with talented individuals who have sufficient authority and clear responsibilities. Such organizations also leverage leading third-party or homegrown automated tools and continuously improve their capabilities.\"<sup id=\"rdp-ebb-cite_ref-GadiaHowTo18_3-1\" class=\"reference\"><a href=\"#cite_note-GadiaHowTo18-3\">[3]<\/a><\/sup><\/li><\/ul>\n<p><b>Technology risk<\/b>: This category examines the concerns of rapid shifts in underlying technologies.\n<\/p>\n<ul><li><i>The potential risks<\/i>: cloud-specific technologies rapidly evolve, and standardization of those technologies doesn't keep up.<\/li>\n<li><i>The potential consequences<\/i>: added costs associated with rearchitecting cloud systems, shifting data to new platforms, developing new integrations, and requiring additional training.<\/li>\n<li><i>The challenges associated with limiting those potential risks and consequences when embracing a cloud computing initiative<\/i>: maintaining room in the budget for rearchitecting cloud applications and systems periodically, maintaining the personnel to stay engaged and focused on changes happening in the industry, and identifying tools (e.g., dashboards) that can extend the life cycle of your cloud implementation.<\/li>\n<li><i>Getting around these challenges<\/i>: Organizations should \"recognize that cloud will require the role and responsibilities of in-house IT professionals to evolve and are making the necessary investment to train individuals and encourage the adoption of innovative technology. In the process, they are also increasing alignment with the vision and business of the organization.\"<sup id=\"rdp-ebb-cite_ref-GadiaHowTo18_3-2\" class=\"reference\"><a href=\"#cite_note-GadiaHowTo18-3\">[3]<\/a><\/sup> IT professionals should also be considering aspects of cloud such as compatibility with other CSPs as new services are added.<\/li><\/ul>\n<p><b>Operational risk<\/b>: This category examines the concerns of how IT services and tasks get effectively performed.\n<\/p>\n<ul><li><i>The potential risks<\/i>: suboptimal service reliability; suboptimal service features; insufficient control over the underlying service; and theft, fires, and other natural disasters.<\/li>\n<li><i>The potential consequences<\/i>: costly downtime, slower workflows, slower disaster recoveries, and permanent losses of vital assets.<\/li>\n<li><i>The challenges associated with limiting those potential risks and consequences when embracing a cloud computing initiative<\/i>: maintaining room in the budget for leading technologies, maintaining room in the budget for a service that meets most if not all workflow and regulatory requirements, having the budget and knowledge to implement redundant systems (e.g., via hybrid cloud), and being able to rapidly bounce back from asset losses.<\/li>\n<li><i>Getting around these challenges<\/i>: Organizations should \"adopt the agile development methodology as well as the DevOps model for cloud deployments. Such organizations are now using the learning from pilot projects to shape the enterprise development methodologies of the future.\"<sup id=\"rdp-ebb-cite_ref-GadiaHowTo18_3-3\" class=\"reference\"><a href=\"#cite_note-GadiaHowTo18-3\">[3]<\/a><\/sup> Additionally, they should investigate how to best cost-optimize redundant cloud storage based on access patterns, geography, etc.<sup id=\"rdp-ebb-cite_ref-WaibelCost17_4-0\" class=\"reference\"><a href=\"#cite_note-WaibelCost17-4\">[4]<\/a><\/sup> Additionally, if the organization is responsible for localized (i.e., private cloud) assets housing critical operational data and equipment, the organization should have sufficient plans in place on how to mitigate risks from physical disasters and other threats to that data and equipment.<\/li><\/ul>\n<p><b>Vendor risk<\/b>: This category examines the concerns of doing business with a CSP.\n<\/p>\n<ul><li><i>The potential risks<\/i>: vendor files for bankruptcy, is named in a lawsuit, is scrutinized by a regulatory body, or otherwise has an underlying lack of sustainability or compliance.<\/li>\n<li><i>The potential consequences<\/i>: loss of data, loss of service, reduced service, and lack of compliance (which has its own costs to an organization).<\/li>\n<li><i>The challenges associated with limiting those potential risks and consequences when embracing a cloud computing initiative<\/i>: knowing the deep inner workings of the CSP, knowing the financial stability of the CSP, knowing the CSP's true reputation among a wide number of other customers, and putting faith in the CSP's trust center materials.<\/li>\n<li><i>Getting around these challenges<\/i>: Organizations should \"take a long-term strategic view to manage their relationships with cloud service providers. Such companies are actively engaged and are shaping the road map of CSPs' service offerings to help accelerate their move to cloud while being offered better tools by the CSP to efficiently manage risks.\"<sup id=\"rdp-ebb-cite_ref-GadiaHowTo18_3-4\" class=\"reference\"><a href=\"#cite_note-GadiaHowTo18-3\">[3]<\/a><\/sup> This long-term strategic view should include significant due diligence about the vendor's underlying operations, stability, and fall-back plans should they suffer a major business loss.<\/li><\/ul>\n<p><b>Financial risk<\/b>: This category examines the concerns of the organization\u2019s long-term revenues and ability to budget for cloud services.\n<\/p>\n<ul><li><i>The potential risks<\/i>: underestimating initial implementation costs, long-term service costs, long-term capital expenditure carry-over (if any), and long-term business revenues.<\/li>\n<li><i>The potential consequences<\/i>: cost overruns, layoffs, budget cut-backs, and detrimental scaling back of necessary services.<\/li>\n<li><i>The challenges associated with limiting those potential risks and consequences when embracing a cloud computing initiative<\/i>: finding and retaining experienced and knowledgeable staff capable of budgeting future (and changing) cloud costs, as well as managing the financial activities of the organization.<\/li>\n<li><i>Getting around these challenges<\/i>: Organizations should \u201cassign individuals with the responsibility for budgeting, tracking, and managing cloud costs. Such organizations are also making use of advanced third-party analytical tools available to manage cloud costs.\u201d<sup id=\"rdp-ebb-cite_ref-GadiaHowTo18_3-5\" class=\"reference\"><a href=\"#cite_note-GadiaHowTo18-3\">[3]<\/a><\/sup> Estimating those costs can be challenging, particularly in industries where high-throughput data is being created and managed. As such, negotiating a special agreement with the CSP may be of value.<sup id=\"rdp-ebb-cite_ref-NavaleCloud18_5-0\" class=\"reference\"><a href=\"#cite_note-NavaleCloud18-5\">[5]<\/a><\/sup> Also, ensure the organization is considering costs associated with contract modifications and cancellation fees.<\/li><\/ul>\n<p>When identifying risks associated with doing business in the cloud, most likely you'll be able to fit them into one of these five categories. As indicated above, potential consequences come with potential risks, and you'll want to identify those consequences. Of course, it's not a simple matter of addressing those risks and consequences; they come with their own challenges. Identifying risks and consequences, and the challenges surrounding and limiting them, are all part of risk management. Finally, after identifying risks, consider the usefulness of an external review of those risks to ensure your organization hasn't missed anything significant.<sup id=\"rdp-ebb-cite_ref-DeloitteFFIEC20_6-0\" class=\"reference\"><a href=\"#cite_note-DeloitteFFIEC20-6\">[6]<\/a><\/sup>\n<\/p><p>But how does an organization successfully go through the risk management process? That's best accomplished with the aid of one or more risk management and cybersecurity frameworks.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap\"><ol class=\"references\">\n<li id=\"cite_note-NISTSP800-37v2_18-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-NISTSP800-37v2_18_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-NISTSP800-37v2_18_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">National Institute of Standards and Technology (December 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/37\/r2\/final\" target=\"_blank\">\"SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy\"<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/37\/r2\/final\" target=\"_blank\">https:\/\/csrc.nist.gov\/pubs\/sp\/800\/37\/r2\/final<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SP+800-37+Rev.+2%3A+Risk+Management+Framework+for+Information+Systems+and+Organizations%3A+A+System+Life+Cycle+Approach+for+Security+and+Privacy&rft.atitle=&rft.aulast=National+Institute+of+Standards+and+Technology&rft.au=National+Institute+of+Standards+and+Technology&rft.date=December+2018&rft_id=https%3A%2F%2Fcsrc.nist.gov%2Fpubs%2Fsp%2F800%2F37%2Fr2%2Ffinal&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AntonenkoCloud21-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AntonenkoCloud21_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Antonenko, D. (4 January 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.businesstechweekly.com\/cybersecurity\/data-security\/cloud-computing-security-issues-and-challenges\/\" target=\"_blank\">\"Cloud computing security issues and challenges\"<\/a>. <i>Business Tech Weekly<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.businesstechweekly.com\/cybersecurity\/data-security\/cloud-computing-security-issues-and-challenges\/\" target=\"_blank\">https:\/\/www.businesstechweekly.com\/cybersecurity\/data-security\/cloud-computing-security-issues-and-challenges\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+computing+security+issues+and+challenges&rft.atitle=Business+Tech+Weekly&rft.aulast=Antonenko%2C+D.&rft.au=Antonenko%2C+D.&rft.date=4+January+2021&rft_id=https%3A%2F%2Fwww.businesstechweekly.com%2Fcybersecurity%2Fdata-security%2Fcloud-computing-security-issues-and-challenges%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GadiaHowTo18-3\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GadiaHowTo18_3-0\">3.0<\/a><\/sup> <sup><a href=\"#cite_ref-GadiaHowTo18_3-1\">3.1<\/a><\/sup> <sup><a href=\"#cite_ref-GadiaHowTo18_3-2\">3.2<\/a><\/sup> <sup><a href=\"#cite_ref-GadiaHowTo18_3-3\">3.3<\/a><\/sup> <sup><a href=\"#cite_ref-GadiaHowTo18_3-4\">3.4<\/a><\/sup> <sup><a href=\"#cite_ref-GadiaHowTo18_3-5\">3.5<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Gadia, S. (March 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/assets.kpmg.com\/content\/dam\/kpmg\/ca\/pdf\/2018\/03\/cloud-computing-risks-canada.pdf\" target=\"_blank\">\"How to manage five key cloud computing risks\"<\/a> (PDF). KPMG LLP<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/assets.kpmg.com\/content\/dam\/kpmg\/ca\/pdf\/2018\/03\/cloud-computing-risks-canada.pdf\" target=\"_blank\">https:\/\/assets.kpmg.com\/content\/dam\/kpmg\/ca\/pdf\/2018\/03\/cloud-computing-risks-canada.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+to+manage+five+key+cloud+computing+risks&rft.atitle=&rft.aulast=Gadia%2C+S.&rft.au=Gadia%2C+S.&rft.date=March+2018&rft.pub=KPMG+LLP&rft_id=https%3A%2F%2Fassets.kpmg.com%2Fcontent%2Fdam%2Fkpmg%2Fca%2Fpdf%2F2018%2F03%2Fcloud-computing-risks-canada.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WaibelCost17-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WaibelCost17_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">\"Cost-optimized redundant data storage in the cloud\". <i>Service Oriented Computing and Applications<\/i> <b>11<\/b>: 411\u201326. 2017. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1007%2Fs11761-017-0218-9\" target=\"_blank\">10.1007\/s11761-017-0218-9<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Cost-optimized+redundant+data+storage+in+the+cloud&rft.jtitle=Service+Oriented+Computing+and+Applications&rft.date=2017&rft.volume=11&rft.pages=411%E2%80%9326&rft_id=info:doi\/10.1007%2Fs11761-017-0218-9&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NavaleCloud18-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NavaleCloud18_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Navale, V.; Bourne, P.E. (2018). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019\" target=\"_blank\">\"Cloud computing applications for biomedical science: A perspective\"<\/a>. <i>PLoS Computational Biology<\/i> <b>14<\/b> (6): e1006144. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1371%2Fjournal.pcbi.1006144\" target=\"_blank\">10.1371\/journal.pcbi.1006144<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Central\" data-key=\"c85bdffd69dd30e02024b9cc3d7679e2\">PMC<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC6002019\/\" target=\"_blank\">PMC6002019<\/a>. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/PubMed_Identifier\" data-key=\"1d34e999f13d8801964a6b3e9d7b4e30\">PMID<\/a> <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.ncbi.nlm.nih.gov\/pubmed\/29902176\" target=\"_blank\">29902176<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019\" target=\"_blank\">http:\/\/www.pubmedcentral.nih.gov\/articlerender.fcgi?tool=pmcentrez&artid=PMC6002019<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Cloud+computing+applications+for+biomedical+science%3A+A+perspective&rft.jtitle=PLoS+Computational+Biology&rft.aulast=Navale%2C+V.%3B+Bourne%2C+P.E.&rft.au=Navale%2C+V.%3B+Bourne%2C+P.E.&rft.date=2018&rft.volume=14&rft.issue=6&rft.pages=e1006144&rft_id=info:doi\/10.1371%2Fjournal.pcbi.1006144&rft_id=info:pmc\/PMC6002019&rft_id=info:pmid\/29902176&rft_id=http%3A%2F%2Fwww.pubmedcentral.nih.gov%2Farticlerender.fcgi%3Ftool%3Dpmcentrez%26artid%3DPMC6002019&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DeloitteFFIEC20-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DeloitteFFIEC20_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Bhat, V.; Kapur, S.; Hodgkinson, S. et al. (2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/financial-services\/cloud-security-for-FSI.pdf\" target=\"_blank\">\"FFIEC statement on risk management for cloud computing services\"<\/a> (PDF). Deloitte Development, LLC<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/financial-services\/cloud-security-for-FSI.pdf\" target=\"_blank\">https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/financial-services\/cloud-security-for-FSI.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=FFIEC+statement+on+risk+management+for+cloud+computing+services&rft.atitle=&rft.aulast=Bhat%2C+V.%3B+Kapur%2C+S.%3B+Hodgkinson%2C+S.+et+al.&rft.au=Bhat%2C+V.%3B+Kapur%2C+S.%3B+Hodgkinson%2C+S.+et+al.&rft.date=2020&rft.pub=Deloitte+Development%2C+LLC&rft_id=https%3A%2F%2Fwww2.deloitte.com%2Fcontent%2Fdam%2FDeloitte%2Fus%2FDocuments%2Ffinancial-services%2Fcloud-security-for-FSI.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205954\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.170 seconds\nReal time usage: 0.224 seconds\nPreprocessor visited node count: 4359\/1000000\nPost\u2010expand include size: 48378\/2097152 bytes\nTemplate argument size: 12032\/2097152 bytes\nHighest expansion depth: 20\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 12058\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 85.416 1 -total\n 89.86% 76.753 1 Template:Reflist\n 63.15% 53.937 6 Template:Citation\/core\n 46.95% 40.100 4 Template:Cite_web\n 28.33% 24.195 2 Template:Cite_journal\n 11.26% 9.616 4 Template:Date\n 10.70% 9.142 4 Template:Citation\/identifier\n 10.02% 8.562 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\n 4.80% 4.102 7 Template:Citation\/make_link\n 3.45% 2.944 9 Template:Hide_in_print\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13042-0!canonical and timestamp 20230816205954 and revision id 46391. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","d18f1a3ad802fb40b2cefc9e7d83bf91_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/9\/9d\/NISTRiskManApproach.png"],"d18f1a3ad802fb40b2cefc9e7d83bf91_timestamp":1692220359,"3323880907987943705cdfbc653c393d_type":"article","3323880907987943705cdfbc653c393d_title":"2.2 Security in the cloud","3323880907987943705cdfbc653c393d_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud","3323880907987943705cdfbc653c393d_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Standards and security in the cloud\/Security in the cloudFrom LIMSWikiJump to navigationJump to searchContents \n\n1 2.2 Security in the cloud \n\n1.1 2.2.1 The shared responsibility model \n1.2 2.2.2 Public cloud \n1.3 2.2.3 Hybrid cloud and multicloud \n1.4 2.2.4 Container security and other concerns \n1.5 2.2.5 Software as a service \n\n\n2 References \n3 Citation information for this chapter \n\n\n\n2.2 Security in the cloud \nFor any organization, managing security is a challenging yet necessary part of operations. This includes deciding on and implementing physical controls like locks, alarms, and security staff, as well as IT controls like passwords, role-based access control, and firewalls. Much of this security is governed by standards, regulations, and common business practices. Yet while those standards, regulations, and practices also play a pivotal role in how cloud services should be rendered and managed, it would be foolish to forget the human element of cloud security. Employees, contractors, and other users who misconfigure cloud resources, fail to implement robust cloud security architecture, fail to practice proper identity and access management, fall for phishing and other account exploitation attacks, poorly design application programming interfaces (APIs), or maliciously access and sabotage resources all pose potential risk to the security of cloud-based system.[1] \nWhile these and other security concerns of CSPs are valid, concerns are beginning to shift more towards how the decisions of an organization\u2019s senior management affect the human element within the organization using and managing cloud services.[1] Fortunately, the traditional management-driven business approaches towards on-premises computing projects\u2014getting management buy-in; developing goals, scope, and responsibility documentation; identifying computing requirements and objectives; identifying risk; documenting and training on processes and procedures; monitoring performance; and employing corrective action[2]\u2014still largely apply to cloud implementation and migration projects.[3][4]\nYet cloud security should be viewed more holistically, as a combination of standards, technologies, policies, and people influencing the end results. This sentiment is reflected in Kaspersky Lab's definition of cloud security, as \"the whole bundle of technology, protocols, and best practices that protect cloud computing environments, applications running in the cloud, and data held in the cloud.\"[5] And as was suggested prior, addressing cloud security requires more than a narrow local networking-based cybersecurity approach. Maurer and Hinck noted in 2020 that \"cloud security risks are different from other types of cybersecurity risks because cloud security is networked, concentrated, and shared.\"[6] The networking is often spread across multiple locations and services; those services are concentrated with only a few major CSPs, with security disruptions having a much broader effect for many customers; and security is a shared responsibility for those services, spread across at least two parties, requiring clear delineation of responsibility for security.[6] With the increased popularity of hybrid and multicloud, these networking challenges also increase complexity, which means more attention to security is required by not only the CSP but also the customer. Adopting security strategies such as the \"zero trust\" model, which assumes an attempted connection is untrustworthy until proven as trusted, increasingly make sense in these complex cloud environments. Requiring every user and device to verify first \"helps security teams protect the enterprise against both sanctioned cloud deployments and shadow IT as well as cloud providers whose own embedded security isn\u2019t as robust as the organization requires.\"[7]\nAdditionally, through its recent work on the challenges of conducting digital forensics in the cloud, NIST also highlights data replication, location transparency, and multi-tenancy as \"somewhat unique\" challenges to cloud computing, and by extension digital forensics in the cloud. Though digital forensics isn't the primary topic of this guide, it's useful to mention because the process of cloud computing forensic science includes determinations of chain of custody, data integrity, and confidentiality status of cloud computing data[8], all critical considerations of using, storing, and transferring regulated, protected data in the cloud, especially for laboratories.\nThis all leads to the questions of responsibility: who is ultimately responsible for the security of any given cloud service? From a shallow point of view, it may be easy, as a customer, to consider a CSP and say \"their service, their responsibility.\" However, it's more complicated than that. This brings us to the topic of the shared responsibility model.\n\n2.2.1 The shared responsibility model \nIn December 2019, software as a service (SaaS) cannabis software firm THSuite was discovered to have inadvertently left an Amazon Web Services (AWS) S3 bucket unsecured and unencrypted, exposing the fine details of tens of thousands of medical and recreational cannabis users associated with three dispensary clients in the U.S. Given that protected health information (PHI) was included in the exposed data, serious privacy concerns and legal repercussions were raised in the aftermath of this security failure.[9][10] Today, this inadvertent security failure highlights the shared responsibility model (occasionally referred to as the \"shared security model\"), a security model that clarifies elements of responsibility between the customer and the CSP.\nWith its August 2010 update to AWS' Amazon Web Services: Overview of Security Processes documentation, the concept of a \"shared responsibility environment\" was added. To be sure, the concept of \"shared responsibility\" appeared before AWS began including it in its cloud security processes, as can be evidenced by 2004 New York State cybersecurity guidance[11] and 2004 Northwestern University IT protocol for data sharing.[12] However, among cloud providers, Amazon arguably brought the concept fully into the world of cloud computing. In their 2010 documentation, they described AWS's shared responsibility environment as such[13]:\n\nAn example of this shared responsibility would be that a customer utilizing Amazon EC2 should expect AWS to operate, manage and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. In this case the customer should assume responsibility and management of, but not limited to, the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. Customers should carefully consider the services they choose as their responsibilities vary depending on the services and their integration. It is possible for customers to enhance security and\/or meet more stringent compliance requirements with the addition of items such as host based firewalls, host based intrusion detection\/prevention, encryption and key management.\nThis statement has since evolved into a full-blown shared responsibility model that not only AWS includes today as an integral component of security-related agreements with clients, but also a model other public cloud service providers have adopted (see the next subsection for examples). Continuing to use AWS as an example, a clear shared security responsibility model differentiates \"security of the cloud\" and \"security in the cloud.\"[14] According to AWS, security of the cloud states that AWS is responsible for the \"hardware, software, networking, and facilities that run AWS Cloud services.\" Security in the cloud addresses the customer responsibility, based upon the services selected, including client-side data encryption and data integrity authentication, firewall configurations, and platform and application identity and access management. In this way, operating the IT environment is shared in a clearly delineated fashion. Similarly, management, operation, and verification of IT controls are also shared, where the physical and environmental controls are the responsibility of AWS, customer-specific security controls are the responsibility of the customer, and some controls have shared responsibility between both AWS and the customer.[14]\nThe concept of shared responsibility between a provider and a customer has woven its way into the fabric of most cloud-based services, from SaaS to multicloud. A trusted CSP will make this responsibility clear at every step of the way, from early contract discussions to late-stage changes to customer services. However, pressure also remains solidly on the organization seeking cloud services\u2014including the organization\u2019s legal counsel\u2014when making decisions about contracting for cloud computing services. This includes understanding aspects of consent, security requirements, reporting requirements, and enforcement mechanisms of any laws and regulations in the organization\u2019s operating governing entity (e.g., state, country, political and economic union), as well as in other external governing entities where related data may inevitably be transferred, stored, and managed.[15] And, by extension, the organization will need to verify the provider is able to comply with\u2014and provide mechanisms to help the organization comply with\u2014those laws and regulations. This is typically done by examining the CSP's documented compliance certifications, attestations, alignments, and frameworks (see the next subsection for examples). This includes System and Organization Controls (SOC) 1, 2, and 3 reports (which provide independent third-party assurances about the effectiveness of a CSP's security controls)[16], Federal Risk and Authorization Management Plan (FedRAMP) compliance[17], Coalition of Cloud Infrastructure Services Providers in Europe (CISPE) Code of Conduct compliance[18], and more.\nThe next subsections examine public cloud, hybrid cloud, multicloud, SaaS, and other cloud services in relation to cloud security, providing examples of major CSPs in those arenas.\n\n2.2.2 Public cloud \n\"The public cloud services market has more than doubled since 2016,\" found International Data Corporation (IDC) in 2020, noting that \"the worldwide public cloud services market, including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), grew 26.0% year over year in 2019, with revenues totaling $233.4 billion.\"[19] In November 2020, Gartner predicted global public cloud computing spend would increase more than 18 percent in 2021, with PaaS growth leading the way due to remote workers needing more powerful, scalable infrastructure to complete their work.[20] Gartner added that \"survey data indicates that almost 70% of organizations using cloud services today plan to increase their cloud spending in the wake of the disruption caused by COVID-19.\"[20] By 2023, Gartner was predicting $600 billion in end-user spend on public cloud.[21]\nThese statistics highlight the continued transition and investment into the public cloud for organizations, and recent surveys of IT professionals appear to find a matching level of increased confidence in the public cloud.[22][23] But as reliance on the public cloud continues to grow, organizations inevitably discover new security and networking challenges, including difficulties keeping services seamlessly available and scalable, and network costs more affordable while limiting complexity upticks[22], which makes security more difficult.[24]\nAs of August 2023, the bulk of public cloud market share is represented by 10 companies: Alibaba, Amazon, DigitalOcean, Google, IBM, Linode, Microsoft, Oracle, OVH, and Tencent. From a security perspective, we have to ask at a minimum four questions about these companies:\n\nWhat are their compliance offerings?\nWhere is their SOC 2 audit report?\nWhat is their shared responsibility model?\nWhat is their architecture framework based upon?\nIn this context, compliance offerings are the documented compliance certifications, attestations, alignments, and frameworks a public CSP boasts as part of an effort maintain security and compliance for their cloud services. Each of the seven public CSPs has a landing page introducing customers to those compliance offerings (Table 5), though some vendors' pages are more clearly organized than others. Each offering then links off to another page, document, or related certificate explaining compliance. In particular, the SOC 2 audit report should be viewed, though most providers require you to be a customer or inquire with their sales department to obtain it. The SOC 2 audit results outline nearly 200 aspects of a CSP's security, as audited by an independent third party, providing the closest look one can get to a CSP's ability to assist with regulatory compliance (more on this in Chapter 4).[25][26] As previously discussed, a shared responsibility (or shared security) model is the common approach to clarifying who's responsible for what portions of security, and each CSP has indicated somewhere what that model is. (In the case of Tencent, it's unfortunately buried in a 2019 white paper.) Public CSPs also provide some sort of \"architecture framework,\" though this varies from provider to provider. For example, AWS and Google Cloud provide a framework that allows customers to stably and efficiently deploy in the cloud based on both best practices and the organization's unique requirements. Linode, Oracle, and Tencent don't seem to offer this type of framework for customers but still discuss their overall cloud architecture in a broad manner. See Table 5 for links to these four security research aspects for each public CSP.\n\n\n\n\n\n\n\nTable 5. Public cloud providers and their compliance offerings, SOC 2 report, shared responsibility model, and architecture framework\n\n\nCompany and offering\n\nCompliance offerings\n\nSOC 2 report\n\nShared responsibility model\n\nArchitecture framework\n\n\nAkamai (formerly Linode)\n\nLink\n\nUnknown (Presumably must be customer\/contact sales to access)\n\nLink\n\nLink\n\n\nAlibaba Cloud\n\nLink\n\nLink (Must be customer\/contact sales to access)\n\nLink\n\nLink\n\n\nAmazon Web Services\n\nLink\n\nLink (Must be customer\/contact sales to access)\n\nLink\n\nLink\n\n\nDigitalOcean\n\nLink\n\nLink (Must email company to access)\n\nLink\n\nLink\n\n\nGoogle Cloud\n\nLink\n\nLink\n\nLink\n\nLink\n\n\nIBM Cloud\n\nLink\n\nLink (Must be customer\/contact sales to access)\n\nLink\n\nLink\n\n\nMicrosoft Azure\n\nLink\n\nLink (Must be customer\/contact sales to access)\n\nLink\n\nLink\n\n\nOracle Cloud Infrastructure\n\nLink\n\nUnknown (Presumably must be customer\/contact sales to access)\n\nLink\n\nLink\n\n\nOVHcloud\n\nLink\n\nLink (Must be customer\/contact sales or legal to access)\n\nLink\n\nLink\n\n\nTencent Cloud\n\nLink\n\nUnknown (Presumably must be customer\/contact sales to access)\n\nLink\n\nLink\n\n\n\nChapter 1 noted that for public cloud services, organizations tied to strong regulatory or security standards \"... must thoroughly vet the cloud vendor and its approach to security and compliance, as the provider may not be able to meet regulatory needs.\" For example, public CSPs will allow you to enter into a Health Insurance Portability and Accountability Act (HIPAA)-compliant business associate agreement (BAA) with them, as required by the U.S. Department of Health & Human Services[27], but that does not mean you'd be running in a HIPAA-compliant fashion. If your organization is handling PHI protected by HIPAA, that organization is still responsible for having internal compliance programs and documented processes that support HIPAA, while also using the CSP's services in ways that align with HIPAA.[28][29] That includes ensuring that the services your organization will utilize are indeed in-scope with HIPAA and other such regulations; not all services offered by a CSP are in-scope to a specific regulation. The BAA should make clear which services are covered for handling PHI and other sensitive or critical information. Additionally, your organization will still need to ensure the correct technical security controls are implemented to ensure compliance.[29] Remember, you're working under the shared responsibility model.\n\n2.2.3 Hybrid cloud and multicloud \nThe Flexera 2020 State of the Cloud Report and its associated survey found that 87 percent of respondents had already taken a hybrid cloud stance for their organization and 93 percent of respondents had already implemented a multicloud strategy within their organization.[30] A 2020 report by IDC predicted 90 percent of enterprises around the world will be relying on some combination of hybrid or multicloud with existing legacy platforms by 2022, though they may not necessarily have a sufficient investment in in-house skills to navigate the complexities of rolling out those strategies.[31] These complexities were discussed in Chapter 1; hybrid cloud reveals a greater attack surface, complicates security protocols, and raises integration costs,[32][33] while multicloud brings with it differences in technologies between vendors, latency complexities between the services, increased points of attack with more integrations, and load balancing issues between the services.[34] Broadly speaking, these complexities and security challenges arise out of the fact more systems must be integrated. Given these complexities, it's interesting to note that Flexera's survey numbers concerning hybrid\/multicloud adoption have been going down since the 2020 report: in 2022 hybrid\/multicloud adoption went down to 80\/89 percent respectively[35], and in 2023 those numbers were down to 72\/87 percent respectively.[36] Comparing the survey results, single public cloud and multiple public cloud adoption has seen increases, taking away from hybrid cloud adoption significantly and multicloud adoption slightly (Table 6). This noticeable slowdown in more complex hybrid adoption for relatively \"simpler\" single and multiple public cloud options may be the result of a mix of hyper-expansion of complex cloud adoption coming to a close and cost-cutting and optimization efforts by cloud customers due to emerging \"economic realities.\"[37][38]\n\n\n\n\n\n\n\nTable 6. Flexera State of the Cloud Report results for 2020, 2022, and 2023, comparing types of cloud adoption[30][35][36]\n\n\nYear\n\nSingle public\n\nSingle private\n\nMulticloud \u2192\n\nMultiple public\n\nMultiple private\n\nHybrid\n\n\n2020\n\n6%\n\n1%\n\n93%\n\n6%\n\n0%\n\n87%\n\n\n2022\n\n9%\n\n2%\n\n89%\n\n7%\n\n2%\n\n80%\n\n\n2023\n\n11%\n\n2%\n\n87%\n\n13%\n\n2%\n\n72%\n\n\n\nAs of August 2023, four providers of hybrid and multicloud technology and services stand out: Cisco, Dell, HPE, and VMware. These providers don't provide public cloud services but rather take a service-based approach to supplying hardware, software, and managed services to assist customers adopt a hybrid or multicloud approach for their business. From a security perspective, we have to ask at a minimum three questions about these companies:\n\nHow do they manage your data and security in a trustworthy way?\nHow are cloud technologies and services developed and audited for security?\nWhat public CSPs do they publicly state their technologies and services support or integrate with?\nIn this context of trust, these companies should have a \"trust center\" that helps consumers and enterprises find answers to security questions about their cloud technologies and services. A trust center was found for three of the four CSPs; HPE's trust center could not be located. Whether through internal secure development processes or external auditing practices, the security of the technology and services offered by these providers remains vital, and they should be able to demonstrate by explaining their development and auditing processes. Additionally, hybrid and multicloud providers should make clear which public CSPs are supported for or integrated ideally with the provider's hybrid and multicloud services. Not all public clouds are fully supported by these providers. See Table 7 for links to these three security and interoperability aspects for each hybrid\/multicloud CSP. \n\n\n\n\n\n\n\nTable 7. Providers of hybrid and multicloud technology and services, their trust center, their development and auditing practices, and supported public clouds\n\n\nCompany and offering\n\nTrust center\n\nDevelopment and auditing practices\n\nPublic clouds supported (U.S.)\n\n\nCisco CloudCenter and UCS Director (Note: CloudCenter becomes obsolete May 31, 2024.)\n\nLink\n\nCisco was \"evaluating SOC 2 as a potential roadmap item\" for CloudCenter in 2019.\n\nAlibaba, Amazon, Google, IBM, Microsoft\n\n\nDell Technologies APEX\n\nLink\n\nLink\n\nAlibaba, Amazon, Google, IBM, Microsoft\n\n\nHPE GreenLake\n\nUnknown\n\nUnknown\n\nAmazon, Google, Microsoft\n\n\nVMware Cloud\n\nLink\n\nLink (Must be customer\/contact sales to access)\n\nAmazon, Google, IBM, Microsoft, Oracle\n\n\n\nManaging your share of security in the hybrid cloud has several challenges. Most of those challenges involve attempting to manage and control multiple distributed systems. Giving administrators the ability to see into this complex network of components, at all levels, is critical. This is typically accomplished with a centralized management tool or platform based on open standards, providing automated management and control features that limit human error. Automation is also useful when scanning for and remediating problems detected with security controls, which in turn allows for documented changes and more reproducible processes. Disk encryption and network encryption tools may also need to be more robustly employed to protect data at rest and data in motion between private and public clouds. And of course, segmentation of services based on data sensitivity may be necessary.[5][39]\nMulticloud has its issues as well. \"The challenge that multicloud presents to security teams continues to grow,\" said Protiviti cloud consultant Rand Armknecht in December 2020. \"The number of services that are being released, the new ways of interacting, the interconnecting of services and systems, all of that continues to advance and all of these add new complexities into the enterprise security model.\"[7] Given the differences in tools and security approaches between cloud providers, stitching together services cohesively requires strong skills, knowledge, and attentiveness. It also requires a security strategy that is well-defined and unified in its approach to data management, minimization, anonymization, and encryption when considering multiple CSPs. Middleware placed between the enterprise and the CSP\u2014in some cases referred to as a cloud access security broker (CASB)\u2014that can \"consolidate and enforce security measures such as authentication, credential mapping, device profiling, encryption and malware detection\" adds an additional layer of semi-automated security for multicloud.[7]\n\n2.2.4 Container security and other concerns \nBefore we move on to discussing SaaS solutions, let's take a quick moment to recognize a few additional security peculiarities particular to using cloud services and developing in the cloud. These peculiarities may not apply to you and your organization, but it's useful to recognize them, if nothing else because they highlight how deeply woven security must be into the thinking of CSPs and their clients. \nFirst, let's look at container security. In Chapter 1, a container was referred to as \"a complete runtime environment,\" but little else was said. In cloud computing, a container\u2014as defined by IBM\u2014is \"an executable unit of software in which application code is packaged, along with its libraries and dependencies, in common ways so that it can be run anywhere, whether it be on desktop, traditional IT, or the cloud.\"[40] These prove beneficial in cloud computing because containers act as a lightweight, portable way of replicating an isolated application across different environments, independent of operating system and underlying hardware. This essentially makes deployment into a cloud environment\u2014or multiple clouds\u2014a much more approachable task.[41] \nBut with convenience also comes responsibility towards ensuring the security of the container. Unfortunately, the necessary precautions don't always get taken. According to GitLab's 2020 Global DevSecOps Survey, \"56% of developers simply don\u2019t run container scans, and a majority of DevOps teams don\u2019t have a security plan in place for containers or many other cutting edge software technologies, including cloud native\/serverless, APIs, and microservices.\"[42] While GitLab reported that container scans were fortunately becoming more common in 2022[43], it would still appear more implementation teams should be updating and implementing revised security plans to address the complexities of container security, including the use of container orchestration, image validation, role-based access management, security testing, and runtime security monitoring. NIST's SP 800-190 Application Container Security Guide, while slightly dated, provides a useful reference for more on the topic of container security.[42][44]\nSome concerns also exist within the virtualization environment, which drives cloud computing. The virtualized environment allows containers to be implemented, but their smooth use depends on a virtualization component called a virtual machine monitor (VMM) or hypervisor, which acts as the \"management layer between the physical hardware and the virtual machines running above\" it, managing system resource allocation to virtual machines\u2014and by extension, containers\u2014in the virtual environment.[45] Since hypervisors are shared in a virtualized environment, a compromised hypervisor (say through a malware attack or a means of gaining root privileges) puts the virtual machines running off the hypervisor at risk, and by extension any data running on those virtual machines.[45] Limiting the risks to a hypervisor and its associated virtualized machines means ensuring de facto encryption is in place to protect copied images and other files, migrated virtual machines are protected at all points along the migration route, and proper encryption and key management mechanisms are in place for effective access management.[45] While the concerns of hypervisor security are largely the responsibility of the public CSPs (Microsoft, for example, touts a multi-layer approach to securing its hypervisors in Azure[46]), those running private clouds will have to be sure their attention given to hypervisor security is similarly strong.\nOther areas of security concern are found in the overall networking of a cloud. There, attention to the various layers of firewalls, network traffic controls, transport-level encryption mechanisms, and encapsulation protocols is also recommended.[47]\n\n2.2.5 Software as a service \nFinally, we address security when using SaaS. Though not the laboratory space, let's take a look at the financial sector to start. Like laboratories, banks are regulated not only to protect their own assets but also the assets of their customers, including customer data. Given the concerns about security in the cloud early in its history, it has taken some time for the financial sector to warm up to moving some of its functions into the cloud.[48] However, since approximately 2016, banks and financial services firms have begun shifting to the cloud in droves.[49] Writing for the World Economic Forum in December 2020, the CEO of Tenemos, Max Chuard, noted[50]:\n\nCloud and SaaS present an alternative way of running a bank\u2019s IT infrastructure. Core banking and\/or the digital front office operates on a public or private cloud rather than on physical infrastructure in the bank\u2019s premises. Banks pay a subscription to access the solutions.\nBoth cloud and SaaS carries lower infrastructure costs, they allow products to be created, delivered and changed faster, and they offer immense resilience, scalability, and security. Cloud-based SaaS platforms are also continuously updated, meaning banks benefit from the latest innovations.\nHowever, the improved security of cloud and SaaS does not preclude challenges. In the case of financial services firms, finding a balance between client-side encryption to protect financial data and its tendency to constrain overall performance and functionality is a real challenge.[51] And that same challenge exists for other regulated (and less regulated) organizations turning to SaaS cloud solutions.\nWhen moving to a SaaS-based approach to running critical systems, the shared responsibility paradigm says that both CSP and customer should be managing SaaS security. Are access and audit rights in the SaaS implementation as strong as they should be? How is data managed and processed in relation to location requirements? How are risks mitigated if the vendor goes out of business or changes its operational focus? What contingency plans are in place should the organization need to migrate to a new vendor or bring applications back in-house? What assessments and audits have been made of the CSP's security?[48] (These and other questions are addressed further in Chapter 5.)\nIn 2018, Moody's Analytics pointed out \"seven pillars of SaaS security wisdom.\" While they were looking at these pillars from the perspective of banks and financing, they are equally applicable to any regulated organization moving to SaaS cloud solutions, including laboratories. Those SaaS security pillars are[48]:\n\n1. Access management: Carefully control user access uniformly across the SaaS platform, using strong, vetted business rules (addressing user roles, data requirements, allowed system, allowed workflows, etc.) that have been documented, disseminated, and learned.\n2. Network control: Decide what network mechanisms to employ in order to meet security goals, including jump servers, network access control lists, etc. if more granular access control is required.\n3. Perimeter network control: Decide whether a simple firewall or set of firewalls is sufficient. Additional perimeter protections include intrusion detection and prevention systems.\n4. Virtual machine management: Recognize that while costly, keeping virtual machines up-to-date is vital. Whether this is your responsibility or the CSP's, staying on top of patches and updates better ensures protection from the latest threats.\n5. Data protection: Determine if the data encryption is sufficient for your regulatory needs to protect personally identifiable information. Best practices and standards should be guiding the endeavor to protect both data in transit and data at rest.\n6. Data governance and incident management: Decide how data governance policies dictate your SaaS services. Data governance determines who has the authority to manage and control data assets and how authorized individuals are able to use those data assets.[52] Not only does this also guide the first pillar, access management, but it also clarifies responsibilities for data management and security. This includes stating who's responsible for incident management and how the organization will go about monitoring, tracking, reporting, and learning from security incidents.\n7. Scalability and reliability: Determine how scalable the underlying cloud infrastructure will be to run your SaaS applications. Is it horizontal or vertical scaling? Are proxy servers geographically distributed for a more robust service? And what assurances are in place should disaster strike (i.e., recovery plan)?\nLike public, hybrid, and multicloud cloud services, SaaS vendors should make clear the security aspects of their solutions. Most major vendors like SAP[53], Adobe[54], and Atlassian[55] will have a trust center for customers to gauge how the vendor's SaaS products are managed in reference to security and compliance. Some SaaS software vendors, however, will host and manage their solutions in a public cloud. Those SaaS vendors should have at a minimum one or more web pages explaining where their solution is hosted, what security controls are in place with that public cloud provider, and what additional security controls, if any, the vendor applies. Of course, access management and other security controls are still very much the responsibility of the customer.\n\nReferences \n\n\n\u2191 1.0 1.1 Cloud Security Alliance (6 August 2019). \"Top Threats to Cloud Computing: The Egregious 11\" (PDF). https:\/\/cloudsecurityalliance.org\/artifacts\/top-threats-to-cloud-computing-egregious-eleven\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Douglas, S. (March 2023). \"Comprehensive Guide to Developing and Implementing a Cybersecurity Plan, Second Edition\". LIMSwiki. https:\/\/www.limswiki.org\/index.php\/LII:Comprehensive_Guide_to_Developing_and_Implementing_a_Cybersecurity_Plan . Retrieved 28 July 2023 .   \n \n\n\u2191 Kearns, D.K. (December 2017). \"Planning & Management Methods for Migration to a Cloud Environment\". The MITRE Corporation. https:\/\/www.mitre.org\/news-insights\/publication\/planning-management-methods-migration-cloud-environment . Retrieved 28 July 2023 .   \n \n\n\u2191 Sheppard, D. (28 May 2015). \"Managing a cloud computing project\". IT World Canada. https:\/\/www.itworldcanada.com\/blog\/managing-a-cloud-computing-project\/374832 . Retrieved 28 July 2023 .   \n \n\n\u2191 5.0 5.1 \"What is Cloud Security?\". Resource Center. AO Kaspersky Lab. 2021. https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security . Retrieved 28 July 2023 .   \n \n\n\u2191 6.0 6.1 Maurer, T.; Hinck, G. (31 August 2020). \"Cloud Security: A Primer for Policymakers\". Carnegie Endowment for International Peace. https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597 . Retrieved 28 July 2023 .   \n \n\n\u2191 7.0 7.1 7.2 Pratt, M.K. (14 December 2020). \"Building stronger multicloud security: 3 key elements\". CSO. https:\/\/www.csoonline.com\/article\/569951\/building-stronger-multicloud-security-3-key-elements.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Herman, M.; Iorga, M.; Salim, A.M. et al. (August 2020). \"NISTIR 8006 NIST Cloud Computing Forensic Science Challenges\". NIST. https:\/\/csrc.nist.gov\/pubs\/ir\/8006\/final . Retrieved 28 July 2023 .   \n \n\n\u2191 Muncaster, P. (23 January 2020). \"Data on 30,000 Cannabis Users Exposed in Cloud Leak\". Infosecurity. https:\/\/www.infosecurity-magazine.com\/news\/data-30000-cannabis-users-exposed\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Unsecured AWS S3 Bucket Found Leaking Data of Over 30K Cannabis Dispensary Customers\". Trend Micro, Inc. 27 January 2020. https:\/\/www.trendmicro.com\/vinfo\/dk\/security\/news\/virtualization-and-cloud\/unsecured-aws-s3-bucket-found-leaking-data-of-over-30k-cannabis-dispensary-customers . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cyber Security Dos and Don'ts\" (PDF). New York State Office of Information Technology and Services. 12 December 2004. Archived from the original on 23 January 2022. https:\/\/web.archive.org\/web\/20220123175134\/https:\/\/gc.cuny.edu\/CUNY_GC\/media\/CUNY-Graduate-Center\/PDF\/Policies\/IT\/Cyber-Security-Dos-and-Don%E2%80%99ts.pdf?ext=.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Protocol for Exchange and Shared Responsibility for Institutional Data\" (PDF). Northwestern University. 15 August 2004. https:\/\/www.it.northwestern.edu\/docs\/ExchangeSharedResponsibilityData.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Amazon Web Services (August 2010). \"Amazon Web Services: Overview of Security Processes\" (PDF). Amazon Web Services. Archived from the original on 23 August 2010. https:\/\/web.archive.org\/web\/20100823123605\/http:\/\/media.amazonwebservices.com\/pdf\/AWS_Security_Whitepaper.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 14.0 14.1 Amazon Web Services (2021). \"Shared Responsibility Model\". Amazon Web Services. https:\/\/aws.amazon.com\/compliance\/shared-responsibility-model\/?ref=wellarchitected . Retrieved 28 July 2023 .   \n \n\n\u2191 Eustice, J.C. (2018). \"Understand the intersection between data privacy laws and cloud computing\". Legal Technology, Products, and Services. Thomson Reuters. https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing . Retrieved 28 July 2023 .   \n \n\n\u2191 Mealus, P. (19 December 2018). \"The SOC 2 Report Explained for Normal People\". Medium. https:\/\/medium.com\/@paulmealus\/the-soc-2-report-explained-for-normal-people-50b4626d6c96 . Retrieved 28 July 2023 .   \n \n\n\u2191 \"About ETSI\". European Telecommunications Standards Institute. https:\/\/www.etsi.org\/about . Retrieved 28 July 2023 .   \n \n\n\u2191 \"CISPE\". Amazon Web Services. https:\/\/aws.amazon.com\/compliance\/cispe\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 International Data Corporation (18 August 2020). \"Worldwide Public Cloud Services Market Totaled $233.4 Billion in 2019 with the Top 5 Providers Capturing More Than One Third of the Total, According to IDC\". International Data Corporation. Archived from the original on 31 January 2022. https:\/\/web.archive.org\/web\/20220131120937\/https:\/\/www.idc.com\/getdoc.jsp?containerId=prUS46780320 . Retrieved 28 July 2023 .   \n \n\n\u2191 20.0 20.1 \"Gartner Forecasts Worldwide Public Cloud End-User Spending to Grow 18% in 2021\". Gartner, Inc. 17 November 2020. https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2020-11-17-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-grow-18-percent-in-2021 . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Gartner Forecasts Worldwide Public Cloud End-User Spending to Reach Nearly $600 Billion in 2023\". Gartner. 19 April 2023. https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023 . Retrieved 14 August 2023 .   \n \n\n\u2191 22.0 22.1 Barracuda Networks, Inc (14 January 2021). \"New research reveals IT professionals' growing confidence in public cloud despite security concerns\". PR Newswire. Cision. https:\/\/www.prnewswire.com\/news-releases\/new-research-reveals-it-professionals-growing-confidence-in-public-cloud-despite-security-concerns-301208046.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"33% of company executives \u201cvery confident\u201d to operate in public cloud: Report\". The Times of India. 8 June 2023. https:\/\/timesofindia.indiatimes.com\/gadgets-news\/33-of-company-executives-very-confident-to-operate-in-public-cloud-report\/articleshow\/100855040.cms . Retrieved 14 August 2023 .   \n \n\n\u2191 Bocetta, S. (9 July 2019). \"Problem: Complex Networks Getting Harder to Secure\". Network Computing. https:\/\/www.networkcomputing.com\/network-security\/problem-complex-networks-getting-harder-secure . Retrieved 28 July 2023 .   \n \n\n\u2191 Hemer, N. (18 December 2019). \"Trust Services Criteria (formerly Principles) for SOC 2 in 2019\". Linford & Company IT Audit & Compliance Blog. Linford and Co. LLP. https:\/\/linfordco.com\/blog\/trust-services-critieria-principles-soc-2\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Tiller, D. (2019). \"Is the Cloud a Safe Place for Your Data?: How Life Science Organizations Can Ensure Integrity and Security in a SaaS Environment\" (PDF). IDBS. Archived from the original on 08 March 2021. https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Office for Civil Rights (23 December 2022). \"Guidance on HIPAA & Cloud Computing\". Health Information Privacy. U.S. Department of Health & Human Services. https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic and Clinical Health (HITECH) Act\". Microsoft Documentation. Microsoft. 25 April 2023. https:\/\/learn.microsoft.com\/en-us\/compliance\/regulatory\/offering-hipaa-hitech . Retrieved 28 July 2023 .   \n \n\n\u2191 29.0 29.1 \"Navigating HIPAA Compliant Cloud Solutions\". Dash. 2020. https:\/\/www.dashsdk.com\/hipaa-compliant-cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 30.0 30.1 Weins, K. (21 May 2020). \"Cloud Computing Trends: 2020 State of the Cloud Report\". Flexera Blog. Archived from the original on 22 August 2020. https:\/\/web.archive.org\/web\/20200822043605\/https:\/\/www.flexera.com\/blog\/industry-trends\/trend-of-cloud-computing-2020\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 International Data Corporation (31 March 2020). \"IDC Expects 2021 to Be the Year of Multi-Cloud as Global COVID-19 Pandemic Reaffirms Critical Need for Business Agility\". International Data Corporation. Archived from the original on 03 June 2021. https:\/\/web.archive.org\/web\/20210603182500\/https:\/\/www.idc.com\/getdoc.jsp?containerId=prMETA46165020 . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What Is Hybrid Cloud? Hybrid Cloud Definition\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-hybrid-cloud\/ . Retrieved 04 March 2021 .   \n \n\n\u2191 Hurwitz, J.S.; Kaufman, M.; Halper, F. et al. (2021). \"What is Hybrid Cloud Computing?\". Dummies.com. John Wiley & Sons, Inc. https:\/\/www.dummies.com\/article\/technology\/information-technology\/networking\/cloud-computing\/what-is-hybrid-cloud-computing-174473\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What Is Multicloud? Multicloud Definition\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-multicloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 35.0 35.1 \"The 2023 Cloud Strategy Workbook\" (PDF). Rackspace technology. February 2023. https:\/\/www.rackspace.com\/sites\/default\/files\/2023-02\/Rackspace-Cloud-Strategy-Workbook-2023.pdf . Retrieved 15 August 2023 .   \n \n\n\u2191 36.0 36.1 Luxner, T. (5 April 2023). \"Cloud computing trends and statistics: Flexera 2023 State of the Cloud Report\". Flexera Blog. Archived from the original on 13 August 2023. https:\/\/web.archive.org\/web\/20230813135147\/https:\/\/www.flexera.com\/blog\/cloud\/cloud-computing-trends-flexera-2023-state-of-the-cloud-report\/ . Retrieved 15 August 2023 .   \n \n\n\u2191 Clark, L. (19 January 2023). \"Oh dear, AWS. Cloud growth slowing as customers get a dose of cost reality\". The Register. https:\/\/www.theregister.com\/2023\/01\/19\/cloud_growth_slowdown_as_customers\/ . Retrieved 15 August 2023 .   \n \n\n\u2191 Donnelly, C. (18 January 2023). \"Uptime Institute predicts slower pace of public cloud migrations in 2023\". ComputerWeekly.com. https:\/\/www.computerweekly.com\/news\/252529297\/Uptime-Institute-predicts-slower-pace-of-public-cloud-migrations-in-2023 . Retrieved 15 August 2023 .   \n \n\n\u2191 Kerner, L. (2018). \"4 hybrid-cloud security challenges and how to overcome them\". TechNeacon. https:\/\/techbeacon.com\/security\/4-hybrid-cloud-security-challenges-how-overcome-them . Retrieved 28 July 2023 .   \n \n\n\u2191 IBM Cloud Education. \"What are containers?\". IBM. https:\/\/www.ibm.com\/topics\/containers . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Containers at Google\". Google Cloud. https:\/\/cloud.google.com\/containers . Retrieved 28 July 2023 .   \n \n\n\u2191 42.0 42.1 \"A beginner\u2019s guide to container security\". GitLab. https:\/\/about.gitlab.com\/topics\/devsecops\/beginners-guide-to-container-security\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Silverthorne, V. (23 August 2022). \"GitLab's 2022 Global DevSecOps Survey: Security is the top concern, investment\". GitLab Blog. https:\/\/about.gitlab.com\/blog\/2022\/08\/23\/gitlabs-2022-global-devsecops-survey-security-is-the-top-concern-investment\/ . Retrieved 15 August 2023 .   \n \n\n\u2191 Souppaya, M.; Morello, J.; Scarfone, K. (September 2017). \"SP 800-190 Application Container Security Guide\". NIST. doi:10.6028\/NIST.SP.800-190. https:\/\/csrc.nist.gov\/pubs\/sp\/800\/190\/final . Retrieved 28 July 2023 .   \n \n\n\u2191 45.0 45.1 45.2 Barrowclough, J.P.; Asif, R. (2018). \"Securing Cloud Hypervisors: A Survey of the Threats, Vulnerabilities, and Countermeasures\". Security and Communication Networks 2018: 1681908. doi:10.1155\/2018\/1681908.   \n \n\n\u2191 Sharma, Y.; Lyon, R.; Lanfear, T. et al. (11 November 2022). \"Hypervisor security on the Azure fleet\". Microsoft Documentation. Microsoft. https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/hypervisor . Retrieved 28 July 2023 .   \n \n\n\u2191 Boyd, N. (20 July 2018). \"Achieving Network Security in Cloud Computing\". Cloud HQ. SDxCentral, LLC. Archived from the original on 05 November 2020. https:\/\/web.archive.org\/web\/20201105140448\/https:\/\/www.sdxcentral.com\/cloud\/definitions\/achieving-network-security-in-cloud-computing\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 48.0 48.1 48.2 \"Best Practices for SaaS Security\". Moody's Analytics. Moody's Analytics, Inc. April 2018. https:\/\/www.moodysanalytics.com\/articles\/2018\/best-practices-for-saas-security . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cloud banking: More than just a CIO conversation\". Deloitte. 1 July 2019. https:\/\/www.deloitte.com\/global\/en\/Industries\/financial-services\/perspectives\/bank-2030-financial-services-cloud.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Chuard, M. (10 December 2020). \"Cloud and SaaS technology can drive inclusive banking. Here are 3 reasons how\". World Economic Forum. https:\/\/www.weforum.org\/agenda\/2020\/12\/cloud-and-saas-technology-can-drive-inclusive-banking\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Getting cloud right: How can banks stay ahead of the curve?\" (PDF). Deloitte. 2019. https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/ch\/Documents\/financial-services\/deloitte-ch-fs-Cloud-for-Swiss-Banks-report-digital.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Olavsrud, T. (24 March 2023). \"What is data governance? A best practices framework for managing data assets\". CIO. https:\/\/www.cio.com\/article\/202183\/what-is-data-governance-a-best-practices-framework-for-managing-data-assets.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"SAP Trust Center\". SAP America, Inc. https:\/\/www.sap.com\/about\/trust-center\/certification-compliance.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Adobe Trust Center\". Adobe, Inc. https:\/\/www.adobe.com\/trust.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Atlassian Trust Center\". Atlassian, Inc. https:\/\/www.atlassian.com\/trust . Retrieved 28 July 2023 .   \n \n\n\n\r\n\n\n-----Go to the next chapter of this guide-----\nCitation information for this chapter \nChapter: 2. Standards and security in the cloud\nTitle: Choosing and Implementing a Cloud-based Service for Your Laboratory\nEdition: Second edition\nAuthor for citation: Shawn E. Douglas\nLicense for content: Creative Commons Attribution-ShareAlike 4.0 International\nPublication date: August 2023\n\r\n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 16 August 2023, at 21:07.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 431 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","3323880907987943705cdfbc653c393d_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Standards_and_security_in_the_cloud_Security_in_the_cloud rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Standards_and_security_in_the_cloud_Security_in_the_cloud skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Standards and security in the cloud\/Security in the cloud<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n\n<h3><span class=\"mw-headline\" id=\"2.2_Security_in_the_cloud\">2.2 Security in the cloud<\/span><\/h3>\n<div class=\"floatright\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Virtual_data_room.png\" class=\"image wiki-link\" data-key=\"61fb91e173f65efa2fade3fa45a14cd8\"><img alt=\"Virtual data room.png\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/4\/45\/Virtual_data_room.png\" decoding=\"async\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a><\/div><p>For any organization, managing security is a challenging yet necessary part of operations. This includes deciding on and implementing physical controls like locks, alarms, and security staff, as well as IT controls like passwords, role-based access control, and firewalls. Much of this security is governed by standards, regulations, and common business practices. Yet while those standards, regulations, and practices also play a pivotal role in how cloud services should be rendered and managed, it would be foolish to forget the human element of cloud security. Employees, contractors, and other users who misconfigure cloud resources, fail to implement robust cloud security architecture, fail to practice proper identity and access management, fall for phishing and other account exploitation attacks, poorly design <a href=\"https:\/\/www.limswiki.org\/index.php\/Application_programming_interface\" title=\"Application programming interface\" class=\"wiki-link\" data-key=\"36fc319869eba4613cb0854b421b0934\">application programming interfaces<\/a> (APIs), or maliciously access and sabotage resources all pose potential risk to the security of cloud-based system.<sup id=\"rdp-ebb-cite_ref-CSATop20_1-0\" class=\"reference\"><a href=\"#cite_note-CSATop20-1\">[1]<\/a><\/sup> \n<\/p><p>While these and other security concerns of CSPs are valid, concerns are beginning to shift more towards how the decisions of an organization\u2019s senior management affect the human element within the organization using and managing cloud services.<sup id=\"rdp-ebb-cite_ref-CSATop20_1-1\" class=\"reference\"><a href=\"#cite_note-CSATop20-1\">[1]<\/a><\/sup> Fortunately, the traditional management-driven business approaches towards on-premises computing projects\u2014getting management buy-in; developing goals, scope, and responsibility documentation; identifying computing requirements and objectives; identifying risk; documenting and training on processes and procedures; monitoring performance; and employing corrective action<sup id=\"rdp-ebb-cite_ref-DouglasComp20_2-0\" class=\"reference\"><a href=\"#cite_note-DouglasComp20-2\">[2]<\/a><\/sup>\u2014still largely apply to cloud implementation and migration projects.<sup id=\"rdp-ebb-cite_ref-KearnsPlanning17_3-0\" class=\"reference\"><a href=\"#cite_note-KearnsPlanning17-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-SheppardManaging15_4-0\" class=\"reference\"><a href=\"#cite_note-SheppardManaging15-4\">[4]<\/a><\/sup>\n<\/p><p>Yet cloud security should be viewed more holistically, as a combination of standards, technologies, policies, and people influencing the end results. This sentiment is reflected in Kaspersky Lab's definition of cloud security, as \"the whole bundle of technology, protocols, and best practices that protect cloud computing environments, applications running in the cloud, and data held in the cloud.\"<sup id=\"rdp-ebb-cite_ref-KasperskyWhatIs_5-0\" class=\"reference\"><a href=\"#cite_note-KasperskyWhatIs-5\">[5]<\/a><\/sup> And as was suggested prior, addressing cloud security requires more than a narrow local networking-based cybersecurity approach. Maurer and Hinck noted in 2020 that \"cloud security risks are different from other types of cybersecurity risks because cloud security is networked, concentrated, and shared.\"<sup id=\"rdp-ebb-cite_ref-MaurerCloud20_6-0\" class=\"reference\"><a href=\"#cite_note-MaurerCloud20-6\">[6]<\/a><\/sup> The networking is often spread across multiple locations and services; those services are concentrated with only a few major CSPs, with security disruptions having a much broader effect for many customers; and security is a shared responsibility for those services, spread across at least two parties, requiring clear delineation of responsibility for security.<sup id=\"rdp-ebb-cite_ref-MaurerCloud20_6-1\" class=\"reference\"><a href=\"#cite_note-MaurerCloud20-6\">[6]<\/a><\/sup> With the increased popularity of hybrid and multicloud, these networking challenges also increase complexity, which means more attention to security is required by not only the CSP but also the customer. Adopting security strategies such as the \"zero trust\" model, which assumes an attempted connection is untrustworthy until proven as trusted, increasingly make sense in these complex cloud environments. Requiring every user and device to verify first \"helps security teams protect the enterprise against both sanctioned cloud deployments and shadow IT as well as cloud providers whose own embedded security isn\u2019t as robust as the organization requires.\"<sup id=\"rdp-ebb-cite_ref-PrattBuilding20_7-0\" class=\"reference\"><a href=\"#cite_note-PrattBuilding20-7\">[7]<\/a><\/sup>\n<\/p><p>Additionally, through its recent work on the challenges of conducting digital forensics in the cloud, NIST also highlights data replication, location transparency, and multi-tenancy as \"somewhat unique\" challenges to cloud computing, and by extension digital forensics in the cloud. Though digital forensics isn't the primary topic of this guide, it's useful to mention because the process of cloud computing forensic science includes determinations of chain of custody, data integrity, and confidentiality status of cloud computing data<sup id=\"rdp-ebb-cite_ref-HermanNISTCloud20_8-0\" class=\"reference\"><a href=\"#cite_note-HermanNISTCloud20-8\">[8]<\/a><\/sup>, all critical considerations of using, storing, and transferring regulated, protected data in the cloud, especially for laboratories.\n<\/p><p>This all leads to the questions of responsibility: who is ultimately responsible for the security of any given cloud service? From a shallow point of view, it may be easy, as a customer, to consider a CSP and say \"their service, their responsibility.\" However, it's more complicated than that. This brings us to the topic of the shared responsibility model.\n<\/p>\n<h4><span class=\"mw-headline\" id=\"2.2.1_The_shared_responsibility_model\">2.2.1 The shared responsibility model<\/span><\/h4>\n<p>In December 2019, <a href=\"https:\/\/www.limswiki.org\/index.php\/Software_as_a_service\" title=\"Software as a service\" class=\"wiki-link\" data-key=\"ae8c8a7cd5ee1a264f4f0bbd4a4caedd\">software as a service<\/a> (SaaS) cannabis software firm THSuite was discovered to have inadvertently left an Amazon Web Services (AWS) S3 bucket unsecured and unencrypted, exposing the fine details of tens of thousands of medical and recreational cannabis users associated with three dispensary clients in the U.S. Given that protected health information (PHI) was included in the exposed data, serious privacy concerns and legal repercussions were raised in the aftermath of this security failure.<sup id=\"rdp-ebb-cite_ref-MuncasterData20_9-0\" class=\"reference\"><a href=\"#cite_note-MuncasterData20-9\">[9]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-TrendmicroUnsec20_10-0\" class=\"reference\"><a href=\"#cite_note-TrendmicroUnsec20-10\">[10]<\/a><\/sup> Today, this inadvertent security failure highlights the shared responsibility model (occasionally referred to as the \"shared security model\"), a security model that clarifies elements of responsibility between the customer and the CSP.\n<\/p><p>With its August 2010 update to AWS' <i>Amazon Web Services: Overview of Security Processes<\/i> documentation, the concept of a \"shared responsibility environment\" was added. To be sure, the concept of \"shared responsibility\" appeared before AWS began including it in its cloud security processes, as can be evidenced by 2004 New York State cybersecurity guidance<sup id=\"rdp-ebb-cite_ref-NYSCyber04_11-0\" class=\"reference\"><a href=\"#cite_note-NYSCyber04-11\">[11]<\/a><\/sup> and 2004 Northwestern University IT protocol for data sharing.<sup id=\"rdp-ebb-cite_ref-NUProtocol04_12-0\" class=\"reference\"><a href=\"#cite_note-NUProtocol04-12\">[12]<\/a><\/sup> However, among cloud providers, Amazon arguably brought the concept fully into the world of cloud computing. In their 2010 documentation, they described AWS's shared responsibility environment as such<sup id=\"rdp-ebb-cite_ref-AWSAmazonWeb10_13-0\" class=\"reference\"><a href=\"#cite_note-AWSAmazonWeb10-13\">[13]<\/a><\/sup>:\n<\/p>\n<blockquote><p>An example of this shared responsibility would be that a customer utilizing Amazon EC2 should expect AWS to operate, manage and control the components from the host operating system and <a href=\"https:\/\/www.limswiki.org\/index.php\/Virtualization\" title=\"Virtualization\" class=\"wiki-link\" data-key=\"e6ef1e0497ceb6545c0948d436eba29c\">virtualization<\/a> layer down to the physical security of the facilities in which the service operates. In this case the customer should assume responsibility and management of, but not limited to, the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. Customers should carefully consider the services they choose as their responsibilities vary depending on the services and their integration. It is possible for customers to enhance security and\/or meet more stringent compliance requirements with the addition of items such as host based firewalls, host based intrusion detection\/prevention, <a href=\"https:\/\/www.limswiki.org\/index.php\/Encryption\" title=\"Encryption\" class=\"wiki-link\" data-key=\"86a503652ed5cc9d8e2b0252a480b5e1\">encryption<\/a> and key management.<\/p><\/blockquote>\n<p>This statement has since evolved into a full-blown shared responsibility model that not only AWS includes today as an integral component of security-related agreements with clients, but also a model other public cloud service providers have adopted (see the next subsection for examples). Continuing to use AWS as an example, a clear shared security responsibility model differentiates \"security <i>of<\/i> the cloud\" and \"security <i>in<\/i> the cloud.\"<sup id=\"rdp-ebb-cite_ref-AWSSharedRespon21_14-0\" class=\"reference\"><a href=\"#cite_note-AWSSharedRespon21-14\">[14]<\/a><\/sup> According to AWS, security of the cloud states that AWS is responsible for the \"hardware, software, networking, and facilities that run AWS Cloud services.\" Security in the cloud addresses the customer responsibility, based upon the services selected, including client-side data encryption and data integrity authentication, firewall configurations, and platform and application identity and access management. In this way, operating the IT environment is shared in a clearly delineated fashion. Similarly, management, operation, and verification of IT controls are also shared, where the physical and environmental controls are the responsibility of AWS, customer-specific security controls are the responsibility of the customer, and some controls have shared responsibility between both AWS and the customer.<sup id=\"rdp-ebb-cite_ref-AWSSharedRespon21_14-1\" class=\"reference\"><a href=\"#cite_note-AWSSharedRespon21-14\">[14]<\/a><\/sup>\n<\/p><p>The concept of shared responsibility between a provider and a customer has woven its way into the fabric of most cloud-based services, from SaaS to multicloud. A trusted CSP will make this responsibility clear at every step of the way, from early contract discussions to late-stage changes to customer services. However, pressure also remains solidly on the organization seeking cloud services\u2014including the organization\u2019s legal counsel\u2014when making decisions about contracting for cloud computing services. This includes understanding aspects of consent, security requirements, reporting requirements, and enforcement mechanisms of any laws and regulations in the organization\u2019s operating governing entity (e.g., state, country, political and economic union), as well as in other external governing entities where related data may inevitably be transferred, stored, and managed.<sup id=\"rdp-ebb-cite_ref-EusticeUnder18_15-0\" class=\"reference\"><a href=\"#cite_note-EusticeUnder18-15\">[15]<\/a><\/sup> And, by extension, the organization will need to verify the provider is able to comply with\u2014and provide mechanisms to help the organization comply with\u2014those laws and regulations. This is typically done by examining the CSP's documented compliance certifications, attestations, alignments, and frameworks (see the next subsection for examples). This includes System and Organization Controls (SOC) 1, 2, and 3 reports (which provide independent third-party assurances about the effectiveness of a CSP's security controls)<sup id=\"rdp-ebb-cite_ref-MealusTheSOC18_16-0\" class=\"reference\"><a href=\"#cite_note-MealusTheSOC18-16\">[16]<\/a><\/sup>, Federal Risk and Authorization Management Plan (FedRAMP) compliance<sup id=\"rdp-ebb-cite_ref-ETSIAbout_17-0\" class=\"reference\"><a href=\"#cite_note-ETSIAbout-17\">[17]<\/a><\/sup>, Coalition of Cloud Infrastructure Services Providers in Europe (CISPE) Code of Conduct compliance<sup id=\"rdp-ebb-cite_ref-AWSCISPE.22_18-0\" class=\"reference\"><a href=\"#cite_note-AWSCISPE.22-18\">[18]<\/a><\/sup>, and more.\n<\/p><p>The next subsections examine public cloud, hybrid cloud, multicloud, SaaS, and other cloud services in relation to cloud security, providing examples of major CSPs in those arenas.\n<\/p>\n<h4><span class=\"mw-headline\" id=\"2.2.2_Public_cloud\">2.2.2 Public cloud<\/span><\/h4>\n<p>\"The public cloud services market has more than doubled since 2016,\" found International Data Corporation (IDC) in 2020, noting that \"the worldwide public cloud services market, including <a href=\"https:\/\/www.limswiki.org\/index.php\/Infrastructure_as_a_service\" title=\"Infrastructure as a service\" class=\"wiki-link\" data-key=\"70b93c66f23363688d45f0d354e5c032\">infrastructure as a service<\/a> (IaaS), <a href=\"https:\/\/www.limswiki.org\/index.php\/Platform_as_a_service\" title=\"Platform as a service\" class=\"wiki-link\" data-key=\"abad55890b97c6a6153458ad3d62762f\">platform as a service<\/a> (PaaS), and software as a service (SaaS), grew 26.0% year over year in 2019, with revenues totaling $233.4 billion.\"<sup id=\"rdp-ebb-cite_ref-IDCWorldwide20_19-0\" class=\"reference\"><a href=\"#cite_note-IDCWorldwide20-19\">[19]<\/a><\/sup> In November 2020, Gartner predicted global public cloud computing spend would increase more than 18 percent in 2021, with PaaS growth leading the way due to remote workers needing more powerful, scalable infrastructure to complete their work.<sup id=\"rdp-ebb-cite_ref-GartnerForecast20_20-0\" class=\"reference\"><a href=\"#cite_note-GartnerForecast20-20\">[20]<\/a><\/sup> Gartner added that \"survey data indicates that almost 70% of organizations using cloud services today plan to increase their cloud spending in the wake of the disruption caused by <a href=\"https:\/\/www.limswiki.org\/index.php\/COVID-19\" class=\"mw-redirect wiki-link\" title=\"COVID-19\" data-key=\"da9bd20c492b2a17074ad66c2fe25652\">COVID-19<\/a>.\"<sup id=\"rdp-ebb-cite_ref-GartnerForecast20_20-1\" class=\"reference\"><a href=\"#cite_note-GartnerForecast20-20\">[20]<\/a><\/sup> By 2023, Gartner was predicting $600 billion in end-user spend on public cloud.<sup id=\"rdp-ebb-cite_ref-GartnerFore23_21-0\" class=\"reference\"><a href=\"#cite_note-GartnerFore23-21\">[21]<\/a><\/sup>\n<\/p><p>These statistics highlight the continued transition and investment into the public cloud for organizations, and recent surveys of IT professionals appear to find a matching level of increased confidence in the public cloud.<sup id=\"rdp-ebb-cite_ref-PRNNewRes21_22-0\" class=\"reference\"><a href=\"#cite_note-PRNNewRes21-22\">[22]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-ToI33_23_23-0\" class=\"reference\"><a href=\"#cite_note-ToI33_23-23\">[23]<\/a><\/sup> But as reliance on the public cloud continues to grow, organizations inevitably discover new security and networking challenges, including difficulties keeping services seamlessly available and scalable, and network costs more affordable while limiting complexity upticks<sup id=\"rdp-ebb-cite_ref-PRNNewRes21_22-1\" class=\"reference\"><a href=\"#cite_note-PRNNewRes21-22\">[22]<\/a><\/sup>, which makes security more difficult.<sup id=\"rdp-ebb-cite_ref-BocettaProblem19_24-0\" class=\"reference\"><a href=\"#cite_note-BocettaProblem19-24\">[24]<\/a><\/sup>\n<\/p><p>As of August 2023, the bulk of public cloud market share is represented by 10 companies: Alibaba, Amazon, DigitalOcean, Google, IBM, Linode, Microsoft, Oracle, OVH, and Tencent. From a security perspective, we have to ask at a minimum four questions about these companies:\n<\/p>\n<ul><li>What are their compliance offerings?<\/li>\n<li>Where is their SOC 2 audit report?<\/li>\n<li>What is their shared responsibility model?<\/li>\n<li>What is their architecture framework based upon?<\/li><\/ul>\n<p>In this context, compliance offerings are the documented compliance certifications, attestations, alignments, and frameworks a public CSP boasts as part of an effort maintain security and compliance for their cloud services. Each of the seven public CSPs has a landing page introducing customers to those compliance offerings (Table 5), though some vendors' pages are more clearly organized than others. Each offering then links off to another page, document, or related certificate explaining compliance. In particular, the SOC 2 audit report should be viewed, though most providers require you to be a customer or inquire with their sales department to obtain it. The SOC 2 audit results outline nearly 200 aspects of a CSP's security, as audited by an independent third party, providing the closest look one can get to a CSP's ability to assist with regulatory compliance (more on this in Chapter 4).<sup id=\"rdp-ebb-cite_ref-HemmerTrust19_25-0\" class=\"reference\"><a href=\"#cite_note-HemmerTrust19-25\">[25]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-TillerIsThe19_26-0\" class=\"reference\"><a href=\"#cite_note-TillerIsThe19-26\">[26]<\/a><\/sup> As previously discussed, a shared responsibility (or shared security) model is the common approach to clarifying who's responsible for what portions of security, and each CSP has indicated somewhere what that model is. (In the case of Tencent, it's unfortunately buried in a 2019 white paper.) Public CSPs also provide some sort of \"architecture framework,\" though this varies from provider to provider. For example, AWS and Google Cloud provide a framework that allows customers to stably and efficiently deploy in the cloud based on both best practices and the organization's unique requirements. Linode, Oracle, and Tencent don't seem to offer this type of framework for customers but still discuss their overall cloud architecture in a broad manner. See Table 5 for links to these four security research aspects for each public CSP.\n<\/p>\n<table style=\"\">\n<tbody><tr>\n<td style=\"vertical-align:top;\">\n<table class=\"wikitable\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\" style=\"\">\n\n<tbody><tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\" colspan=\"5\"><b>Table 5.<\/b> Public cloud providers and their compliance offerings, SOC 2 report, shared responsibility model, and architecture framework\n<\/td><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Company and offering\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Compliance offerings\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">SOC 2 report\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Shared responsibility model\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Architecture framework\n<\/th><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Akamai (formerly Linode)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-security\/\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Unknown (Presumably must be customer\/contact sales to access)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/legal-security\/\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.linode.com\/global-infrastructure\/\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Alibaba Cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/trust-center\/resources\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/trust-center\/compliance-repository\" target=\"_blank\">Link<\/a> (Must be customer\/contact sales to access)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/solutions\/security\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.alibabacloud.com\/architecture\/index\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Amazon Web Services\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/programs\/\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/soc-faqs\/\" target=\"_blank\">Link<\/a> (Must be customer\/contact sales to access)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/shared-responsibility-model\/\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/blogs\/apn\/the-5-pillars-of-the-aws-well-architected-framework\/\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">DigitalOcean\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/trust\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/trust\/certification-reports\" target=\"_blank\">Link<\/a> (Must email company to access)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.digitalocean.com\/trust\/faq\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.digitalocean.com\/products\/platform\/availability-matrix\/\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Google Cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/offerings\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/compliance-reports-manager\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/anthos\/docs\/concepts\/gke-shared-responsibility\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/architecture\/framework\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">IBM Cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/compliance\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/compliance\" target=\"_blank\">Link<\/a> (Must be customer\/contact sales to access)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.ibm.com\/docs\/overview?topic=overview-shared-responsibilities\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/cloud\/architecture\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Microsoft Azure\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/learn.microsoft.com\/en-us\/compliance\/regulatory\/offering-home\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/servicetrust.microsoft.com\/viewpage\/SOC\" target=\"_blank\">Link<\/a> (Must be customer\/contact sales to access)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/security\/fundamentals\/shared-responsibility\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/well-architected\/\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Oracle Cloud Infrastructure\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/corporate\/cloud-compliance\/\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Unknown (Presumably must be customer\/contact sales to access)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Security\/Concepts\/security_overview.htm#Shared_Security_Model\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oracle.com\/cloud\/public-cloud-regions\/\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">OVHcloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/enterprise\/certification-conformity\/\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/enterprise\/certification-conformity\/soc-1-2-3\/\" target=\"_blank\">Link<\/a> (Must be customer\/contact sales or legal to access)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/legal\/service-specific-terms\/\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/us.ovhcloud.com\/about\/data-centers\/\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Tencent Cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/services\/compliance\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Unknown (Presumably must be customer\/contact sales to access)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/main.qcloudimg.com\/raw\/ea77661307adc3825990e159d851d406.pdf\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tencentcloud.com\/global-infrastructure\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<\/tbody><\/table>\n<\/td><\/tr><\/tbody><\/table>\n<p>Chapter 1 noted that for public cloud services, organizations tied to strong regulatory or security standards \"... must thoroughly vet the cloud vendor and its approach to security and compliance, as the provider may not be able to meet regulatory needs.\" For example, public CSPs will allow you to enter into a <a href=\"https:\/\/www.limswiki.org\/index.php\/Health_Insurance_Portability_and_Accountability_Act\" title=\"Health Insurance Portability and Accountability Act\" class=\"wiki-link\" data-key=\"b70673a0117c21576016cb7498867153\">Health Insurance Portability and Accountability Act<\/a> (HIPAA)-compliant business associate agreement (BAA) with them, as required by the U.S. Department of Health & Human Services<sup id=\"rdp-ebb-cite_ref-HHSGuidance20_27-0\" class=\"reference\"><a href=\"#cite_note-HHSGuidance20-27\">[27]<\/a><\/sup>, but that does not mean you'd be running in a HIPAA-compliant fashion. If your organization is handling PHI protected by HIPAA, that organization is still responsible for having internal compliance programs and documented processes that support HIPAA, while also using the CSP's services in ways that align with HIPAA.<sup id=\"rdp-ebb-cite_ref-MSHealthHIPAA21_28-0\" class=\"reference\"><a href=\"#cite_note-MSHealthHIPAA21-28\">[28]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-DashNav20_29-0\" class=\"reference\"><a href=\"#cite_note-DashNav20-29\">[29]<\/a><\/sup> That includes ensuring that the services your organization will utilize are indeed in-scope with HIPAA and other such regulations; not all services offered by a CSP are in-scope to a specific regulation. The BAA should make clear which services are covered for handling PHI and other sensitive or critical information. Additionally, your organization will still need to ensure the correct technical security controls are implemented to ensure compliance.<sup id=\"rdp-ebb-cite_ref-DashNav20_29-1\" class=\"reference\"><a href=\"#cite_note-DashNav20-29\">[29]<\/a><\/sup> Remember, you're working under the shared responsibility model.\n<\/p>\n<h4><span class=\"mw-headline\" id=\"2.2.3_Hybrid_cloud_and_multicloud\">2.2.3 Hybrid cloud and multicloud<\/span><\/h4>\n<p>The <i>Flexera 2020 State of the Cloud Report<\/i> and its associated survey found that 87 percent of respondents had already taken a hybrid cloud stance for their organization and 93 percent of respondents had already implemented a multicloud strategy within their organization.<sup id=\"rdp-ebb-cite_ref-WeinsCloud20.22_30-0\" class=\"reference\"><a href=\"#cite_note-WeinsCloud20.22-30\">[30]<\/a><\/sup> A 2020 report by IDC predicted 90 percent of enterprises around the world will be relying on some combination of hybrid or multicloud with existing legacy platforms by 2022, though they may not necessarily have a sufficient investment in in-house skills to navigate the complexities of rolling out those strategies.<sup id=\"rdp-ebb-cite_ref-IDCExpects2021_20_31-0\" class=\"reference\"><a href=\"#cite_note-IDCExpects2021_20-31\">[31]<\/a><\/sup> These complexities were discussed in Chapter 1; hybrid cloud reveals a greater attack surface, complicates security protocols, and raises integration costs,<sup id=\"rdp-ebb-cite_ref-CFWhatIsHybrid_32-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsHybrid-32\">[32]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-HurwitzWhat21_33-0\" class=\"reference\"><a href=\"#cite_note-HurwitzWhat21-33\">[33]<\/a><\/sup> while multicloud brings with it differences in technologies between vendors, latency complexities between the services, increased points of attack with more integrations, and load balancing issues between the services.<sup id=\"rdp-ebb-cite_ref-CFWhatIsMulti_34-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsMulti-34\">[34]<\/a><\/sup> Broadly speaking, these complexities and security challenges arise out of the fact more systems must be integrated. Given these complexities, it's interesting to note that Flexera's survey numbers concerning hybrid\/multicloud adoption have been going down since the 2020 report: in 2022 hybrid\/multicloud adoption went down to 80\/89 percent respectively<sup id=\"rdp-ebb-cite_ref-RSThe2023_23_35-0\" class=\"reference\"><a href=\"#cite_note-RSThe2023_23-35\">[35]<\/a><\/sup>, and in 2023 those numbers were down to 72\/87 percent respectively.<sup id=\"rdp-ebb-cite_ref-LuxnerCloud23.22_36-0\" class=\"reference\"><a href=\"#cite_note-LuxnerCloud23.22-36\">[36]<\/a><\/sup> Comparing the survey results, single public cloud and multiple public cloud adoption has seen increases, taking away from hybrid cloud adoption significantly and multicloud adoption slightly (Table 6). This noticeable slowdown in more complex hybrid adoption for relatively \"simpler\" single and multiple public cloud options may be the result of a mix of hyper-expansion of complex cloud adoption coming to a close and cost-cutting and optimization efforts by cloud customers due to emerging \"economic realities.\"<sup id=\"rdp-ebb-cite_ref-ClarkOhDear23_37-0\" class=\"reference\"><a href=\"#cite_note-ClarkOhDear23-37\">[37]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-DonnellyUptime23_38-0\" class=\"reference\"><a href=\"#cite_note-DonnellyUptime23-38\">[38]<\/a><\/sup>\n<\/p>\n<table style=\"\">\n<tbody><tr>\n<td style=\"vertical-align:top;\">\n<table class=\"wikitable\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\" style=\"\">\n\n<tbody><tr>\n<td colspan=\"7\" style=\"background-color:white; padding-left:10px; padding-right:10px;\"><b>Table 6.<\/b> Flexera <i>State of the Cloud Report<\/i> results for 2020, 2022, and 2023, comparing types of cloud adoption<sup id=\"rdp-ebb-cite_ref-WeinsCloud20.22_30-1\" class=\"reference\"><a href=\"#cite_note-WeinsCloud20.22-30\">[30]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-RSThe2023_23_35-1\" class=\"reference\"><a href=\"#cite_note-RSThe2023_23-35\">[35]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-LuxnerCloud23.22_36-1\" class=\"reference\"><a href=\"#cite_note-LuxnerCloud23.22-36\">[36]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Year\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Single public\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Single private\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Multicloud \u2192\n<\/th>\n<th style=\"background-color:#f2f2f2; padding-left:10px; padding-right:10px;\"><i>Multiple public<\/i>\n<\/th>\n<th style=\"background-color:#f2f2f2; padding-left:10px; padding-right:10px;\"><i>Multiple private<\/i>\n<\/th>\n<th style=\"background-color:#f2f2f2; padding-left:10px; padding-right:10px;\"><i>Hybrid<\/i>\n<\/th><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">2020\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">6%\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">1%\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">93%\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><i>6%<\/i>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><i>0%<\/i>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><i>87%<\/i>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">2022\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">9%\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">2%\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">89%\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><i>7%<\/i>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><i>2%<\/i>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><i>80%<\/i>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">2023\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">11%\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">2%\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">87%\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><i>13%<\/i>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><i>2%<\/i>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><i>72%<\/i>\n<\/td><\/tr>\n<\/tbody><\/table>\n<\/td><\/tr><\/tbody><\/table>\n<p>As of August 2023, four providers of hybrid and multicloud technology and services stand out: Cisco, Dell, HPE, and VMware. These providers don't provide public cloud services but rather take a service-based approach to supplying hardware, software, and managed services to assist customers adopt a hybrid or multicloud approach for their business. From a security perspective, we have to ask at a minimum three questions about these companies:\n<\/p>\n<ul><li>How do they manage your data and security in a trustworthy way?<\/li>\n<li>How are cloud technologies and services developed and audited for security?<\/li>\n<li>What public CSPs do they publicly state their technologies and services support or integrate with?<\/li><\/ul>\n<p>In this context of trust, these companies should have a \"trust center\" that helps consumers and enterprises find answers to security questions about their cloud technologies and services. A trust center was found for three of the four CSPs; HPE's trust center could not be located. Whether through internal secure development processes or external auditing practices, the security of the technology and services offered by these providers remains vital, and they should be able to demonstrate by explaining their development and auditing processes. Additionally, hybrid and multicloud providers should make clear which public CSPs are supported for or integrated ideally with the provider's hybrid and multicloud services. Not all public clouds are fully supported by these providers. See Table 7 for links to these three security and interoperability aspects for each hybrid\/multicloud CSP. \n<\/p>\n<table style=\"\">\n<tbody><tr>\n<td style=\"vertical-align:top;\">\n<table class=\"wikitable\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\" style=\"\">\n\n<tbody><tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\" colspan=\"4\"><b>Table 7.<\/b> Providers of hybrid and multicloud technology and services, their trust center, their development and auditing practices, and supported public clouds\n<\/td><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Company and offering\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Trust center\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Development and auditing practices\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Public clouds supported (U.S.)\n<\/th><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/servers-unified-computing\/ucs-director\/index.html\" target=\"_blank\">Cisco CloudCenter and UCS Director<\/a> (Note: CloudCenter <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter\/eos-eol-notice-c51-744447.html\" target=\"_blank\">becomes obsolete<\/a> May 31, 2024.)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/about\/trust-center.html\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cisco was \"evaluating SOC 2 as a potential roadmap item\" for CloudCenter <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/cc-suite-saas-trust-center.pdf\" target=\"_blank\">in 2019<\/a>.\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201030181821\/https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/cloud-systems-management\/cloudcenter-suite\/at-a-glance-c45-741883.pdf\" target=\"_blank\">Alibaba, Amazon, Google, IBM, Microsoft<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/dt\/apex\/index.htm#tab0=0&tab1=0\" target=\"_blank\">Dell Technologies APEX<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/dt\/corporate\/about-us\/security-and-trust-center\/index.htm#tab0=1\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/shop\/secure-development\/cp\/secure-development\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dell.com\/en-us\/dt\/data-protection\/powerprotect-dd-series\/cloud-tier.htm\" target=\"_blank\">Alibaba, Amazon, Google, IBM, Microsoft<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/greenlake.html\" target=\"_blank\">HPE GreenLake<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Unknown\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Unknown\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/solutions\/cloud.html\" target=\"_blank\">Amazon, Google, Microsoft<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/cloud-solutions.html\" target=\"_blank\">VMware Cloud<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/products\/trust-center.html\" target=\"_blank\">Link<\/a>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/products\/trust-center\/certificate.html?family=%27SOC%27\" target=\"_blank\">Link<\/a> (Must be customer\/contact sales to access)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.vmware.com\/cloud-solutions\/hybrid-cloud.html\" target=\"_blank\">Amazon, Google, IBM, Microsoft, Oracle<\/a>\n<\/td><\/tr>\n<\/tbody><\/table>\n<\/td><\/tr><\/tbody><\/table>\n<p>Managing your share of security in the hybrid cloud has several challenges. Most of those challenges involve attempting to manage and control multiple distributed systems. Giving administrators the ability to see into this complex network of components, at all levels, is critical. This is typically accomplished with a centralized management tool or platform based on open standards, providing automated management and control features that limit human error. Automation is also useful when scanning for and remediating problems detected with security controls, which in turn allows for documented changes and more reproducible processes. Disk encryption and network encryption tools may also need to be more robustly employed to protect data at rest and data in motion between private and public clouds. And of course, segmentation of services based on data sensitivity may be necessary.<sup id=\"rdp-ebb-cite_ref-KasperskyWhatIs_5-1\" class=\"reference\"><a href=\"#cite_note-KasperskyWhatIs-5\">[5]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-KernerFour18_39-0\" class=\"reference\"><a href=\"#cite_note-KernerFour18-39\">[39]<\/a><\/sup>\n<\/p><p>Multicloud has its issues as well. \"The challenge that multicloud presents to security teams continues to grow,\" said Protiviti cloud consultant Rand Armknecht in December 2020. \"The number of services that are being released, the new ways of interacting, the interconnecting of services and systems, all of that continues to advance and all of these add new complexities into the enterprise security model.\"<sup id=\"rdp-ebb-cite_ref-PrattBuilding20_7-1\" class=\"reference\"><a href=\"#cite_note-PrattBuilding20-7\">[7]<\/a><\/sup> Given the differences in tools and security approaches between cloud providers, stitching together services cohesively requires strong skills, knowledge, and attentiveness. It also requires a security strategy that is well-defined and unified in its approach to data management, minimization, anonymization, and encryption when considering multiple CSPs. Middleware placed between the enterprise and the CSP\u2014in some cases referred to as a cloud access security broker (CASB)\u2014that can \"consolidate and enforce security measures such as authentication, credential mapping, device profiling, encryption and malware detection\" adds an additional layer of semi-automated security for multicloud.<sup id=\"rdp-ebb-cite_ref-PrattBuilding20_7-2\" class=\"reference\"><a href=\"#cite_note-PrattBuilding20-7\">[7]<\/a><\/sup>\n<\/p>\n<h4><span class=\"mw-headline\" id=\"2.2.4_Container_security_and_other_concerns\">2.2.4 Container security and other concerns<\/span><\/h4>\n<p>Before we move on to discussing SaaS solutions, let's take a quick moment to recognize a few additional security peculiarities particular to using cloud services and developing in the cloud. These peculiarities may not apply to you and your organization, but it's useful to recognize them, if nothing else because they highlight how deeply woven security must be into the thinking of CSPs and their clients. \n<\/p><p>First, let's look at container security. In Chapter 1, a container was referred to as \"a complete runtime environment,\" but little else was said. In cloud computing, a container\u2014as defined by IBM\u2014is \"an executable unit of software in which application code is packaged, along with its libraries and dependencies, in common ways so that it can be run anywhere, whether it be on desktop, traditional IT, or the cloud.\"<sup id=\"rdp-ebb-cite_ref-IBMContainers19_40-0\" class=\"reference\"><a href=\"#cite_note-IBMContainers19-40\">[40]<\/a><\/sup> These prove beneficial in cloud computing because containers act as a lightweight, portable way of replicating an isolated application across different environments, independent of operating system and underlying hardware. This essentially makes deployment into a cloud environment\u2014or multiple clouds\u2014a much more approachable task.<sup id=\"rdp-ebb-cite_ref-GoogleContainers_41-0\" class=\"reference\"><a href=\"#cite_note-GoogleContainers-41\">[41]<\/a><\/sup> \n<\/p><p>But with convenience also comes responsibility towards ensuring the security of the container. Unfortunately, the necessary precautions don't always get taken. According to GitLab's 2020 Global DevSecOps Survey, \"56% of developers simply don\u2019t run container scans, and a majority of DevOps teams don\u2019t have a security plan in place for containers or many other cutting edge software technologies, including cloud native\/serverless, APIs, and microservices.\"<sup id=\"rdp-ebb-cite_ref-GLABegin_42-0\" class=\"reference\"><a href=\"#cite_note-GLABegin-42\">[42]<\/a><\/sup> While GitLab reported that container scans were fortunately becoming more common in 2022<sup id=\"rdp-ebb-cite_ref-SilverthorneGit22_43-0\" class=\"reference\"><a href=\"#cite_note-SilverthorneGit22-43\">[43]<\/a><\/sup>, it would still appear more implementation teams should be updating and implementing revised security plans to address the complexities of container security, including the use of container orchestration, image validation, role-based access management, security testing, and runtime security monitoring. NIST's SP 800-190 <i>Application Container Security Guide<\/i>, while slightly dated, provides a useful reference for more on the topic of container security.<sup id=\"rdp-ebb-cite_ref-GLABegin_42-1\" class=\"reference\"><a href=\"#cite_note-GLABegin-42\">[42]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-NIST800-190_17_44-0\" class=\"reference\"><a href=\"#cite_note-NIST800-190_17-44\">[44]<\/a><\/sup>\n<\/p><p>Some concerns also exist within the virtualization environment, which drives cloud computing. The virtualized environment allows containers to be implemented, but their smooth use depends on a virtualization component called a virtual machine monitor (VMM) or <a href=\"https:\/\/www.limswiki.org\/index.php\/Hypervisor\" title=\"Hypervisor\" class=\"wiki-link\" data-key=\"005ea69938e7d4a809b64a61c0497209\">hypervisor<\/a>, which acts as the \"management layer between the physical hardware and the virtual machines running above\" it, managing system resource allocation to virtual machines\u2014and by extension, containers\u2014in the virtual environment.<sup id=\"rdp-ebb-cite_ref-BarrowcloughSecuring18_45-0\" class=\"reference\"><a href=\"#cite_note-BarrowcloughSecuring18-45\">[45]<\/a><\/sup> Since hypervisors are shared in a virtualized environment, a compromised hypervisor (say through a malware attack or a means of gaining root privileges) puts the virtual machines running off the hypervisor at risk, and by extension any data running on those virtual machines.<sup id=\"rdp-ebb-cite_ref-BarrowcloughSecuring18_45-1\" class=\"reference\"><a href=\"#cite_note-BarrowcloughSecuring18-45\">[45]<\/a><\/sup> Limiting the risks to a hypervisor and its associated virtualized machines means ensuring de facto encryption is in place to protect copied images and other files, migrated virtual machines are protected at all points along the migration route, and proper encryption and key management mechanisms are in place for effective access management.<sup id=\"rdp-ebb-cite_ref-BarrowcloughSecuring18_45-2\" class=\"reference\"><a href=\"#cite_note-BarrowcloughSecuring18-45\">[45]<\/a><\/sup> While the concerns of hypervisor security are largely the responsibility of the public CSPs (Microsoft, for example, touts a multi-layer approach to securing its hypervisors in Azure<sup id=\"rdp-ebb-cite_ref-SharmaHypervisor20_46-0\" class=\"reference\"><a href=\"#cite_note-SharmaHypervisor20-46\">[46]<\/a><\/sup>), those running private clouds will have to be sure their attention given to hypervisor security is similarly strong.\n<\/p><p>Other areas of security concern are found in the overall networking of a cloud. There, attention to the various layers of firewalls, network traffic controls, transport-level encryption mechanisms, and encapsulation protocols is also recommended.<sup id=\"rdp-ebb-cite_ref-BoydAchieving18_47-0\" class=\"reference\"><a href=\"#cite_note-BoydAchieving18-47\">[47]<\/a><\/sup>\n<\/p>\n<h4><span class=\"mw-headline\" id=\"2.2.5_Software_as_a_service\">2.2.5 Software as a service<\/span><\/h4>\n<p>Finally, we address security when using SaaS. Though not the laboratory space, let's take a look at the financial sector to start. Like laboratories, banks are regulated not only to protect their own assets but also the assets of their customers, including customer data. Given the concerns about security in the cloud early in its history, it has taken some time for the financial sector to warm up to moving some of its functions into the cloud.<sup id=\"rdp-ebb-cite_ref-MoodysBest18_48-0\" class=\"reference\"><a href=\"#cite_note-MoodysBest18-48\">[48]<\/a><\/sup> However, since approximately 2016, banks and financial services firms have begun shifting to the cloud in droves.<sup id=\"rdp-ebb-cite_ref-DeloitteCloud19_49-0\" class=\"reference\"><a href=\"#cite_note-DeloitteCloud19-49\">[49]<\/a><\/sup> Writing for the World Economic Forum in December 2020, the CEO of Tenemos, Max Chuard, noted<sup id=\"rdp-ebb-cite_ref-ChuardCloud20_50-0\" class=\"reference\"><a href=\"#cite_note-ChuardCloud20-50\">[50]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Cloud and SaaS present an alternative way of running a bank\u2019s IT infrastructure. Core banking and\/or the digital front office operates on a public or private cloud rather than on physical infrastructure in the bank\u2019s premises. Banks pay a subscription to access the solutions.\nBoth cloud and SaaS carries lower infrastructure costs, they allow products to be created, delivered and changed faster, and they offer immense resilience, scalability, and security. Cloud-based SaaS platforms are also continuously updated, meaning banks benefit from the latest innovations.<\/p><\/blockquote>\n<p>However, the improved security of cloud and SaaS does not preclude challenges. In the case of financial services firms, finding a balance between client-side encryption to protect financial data and its tendency to constrain overall performance and functionality is a real challenge.<sup id=\"rdp-ebb-cite_ref-DeloitteGetting19_51-0\" class=\"reference\"><a href=\"#cite_note-DeloitteGetting19-51\">[51]<\/a><\/sup> And that same challenge exists for other regulated (and less regulated) organizations turning to SaaS cloud solutions.\n<\/p><p>When moving to a SaaS-based approach to running critical systems, the shared responsibility paradigm says that both CSP and customer should be managing SaaS security. Are access and audit rights in the SaaS implementation as strong as they should be? How is data managed and processed in relation to location requirements? How are risks mitigated if the vendor goes out of business or changes its operational focus? What contingency plans are in place should the organization need to migrate to a new vendor or bring applications back in-house? What assessments and audits have been made of the CSP's security?<sup id=\"rdp-ebb-cite_ref-MoodysBest18_48-1\" class=\"reference\"><a href=\"#cite_note-MoodysBest18-48\">[48]<\/a><\/sup> (These and other questions are addressed further in Chapter 5.)\n<\/p><p>In 2018, Moody's Analytics pointed out \"seven pillars of SaaS security wisdom.\" While they were looking at these pillars from the perspective of banks and financing, they are equally applicable to any regulated organization moving to SaaS cloud solutions, including laboratories. Those SaaS security pillars are<sup id=\"rdp-ebb-cite_ref-MoodysBest18_48-2\" class=\"reference\"><a href=\"#cite_note-MoodysBest18-48\">[48]<\/a><\/sup>:\n<\/p>\n<dl><dd>1. <i>Access management<\/i>: Carefully control user access uniformly across the SaaS platform, using strong, vetted business rules (addressing user roles, data requirements, allowed system, allowed workflows, etc.) that have been documented, disseminated, and learned.<\/dd>\n<dd>2.<i> Network control<\/i>: Decide what network mechanisms to employ in order to meet security goals, including jump servers, network access control lists, etc. if more granular access control is required.<\/dd>\n<dd>3. <i>Perimeter network control<\/i>: Decide whether a simple firewall or set of firewalls is sufficient. Additional perimeter protections include intrusion detection and prevention systems.<\/dd>\n<dd>4. <i>Virtual machine management<\/i>: Recognize that while costly, keeping virtual machines up-to-date is vital. Whether this is your responsibility or the CSP's, staying on top of patches and updates better ensures protection from the latest threats.<\/dd>\n<dd>5. <i>Data protection<\/i>: Determine if the data encryption is sufficient for your regulatory needs to protect personally identifiable information. Best practices and standards should be guiding the endeavor to protect both data in transit and data at rest.<\/dd>\n<dd>6. <i>Data governance and incident management<\/i>: Decide how data governance policies dictate your SaaS services. Data governance determines who has the authority to manage and control data assets and how authorized individuals are able to use those data assets.<sup id=\"rdp-ebb-cite_ref-OlavsrudWhatIs21_52-0\" class=\"reference\"><a href=\"#cite_note-OlavsrudWhatIs21-52\">[52]<\/a><\/sup> Not only does this also guide the first pillar, access management, but it also clarifies responsibilities for data management and security. This includes stating who's responsible for incident management and how the organization will go about monitoring, tracking, reporting, and learning from security incidents.<\/dd>\n<dd>7. <i>Scalability and reliability<\/i>: Determine how scalable the underlying cloud infrastructure will be to run your SaaS applications. Is it horizontal or vertical scaling? Are proxy servers geographically distributed for a more robust service? And what assurances are in place should disaster strike (i.e., recovery plan)?<\/dd><\/dl>\n<p>Like public, hybrid, and multicloud cloud services, SaaS vendors should make clear the security aspects of their solutions. Most major vendors like SAP<sup id=\"rdp-ebb-cite_ref-SAPTrustCenter.22_53-0\" class=\"reference\"><a href=\"#cite_note-SAPTrustCenter.22-53\">[53]<\/a><\/sup>, Adobe<sup id=\"rdp-ebb-cite_ref-AdobeTrustCenter_54-0\" class=\"reference\"><a href=\"#cite_note-AdobeTrustCenter-54\">[54]<\/a><\/sup>, and Atlassian<sup id=\"rdp-ebb-cite_ref-AtlassianTrustCenter_55-0\" class=\"reference\"><a href=\"#cite_note-AtlassianTrustCenter-55\">[55]<\/a><\/sup> will have a trust center for customers to gauge how the vendor's SaaS products are managed in reference to security and compliance. Some SaaS software vendors, however, will host and manage their solutions in a public cloud. Those SaaS vendors should have at a minimum one or more web pages explaining where their solution is hosted, what security controls are in place with that public cloud provider, and what additional security controls, if any, the vendor applies. Of course, access management and other security controls are still very much the responsibility of the customer.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-CSATop20-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CSATop20_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-CSATop20_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Cloud Security Alliance (6 August 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/top-threats-to-cloud-computing-egregious-eleven\/\" target=\"_blank\">\"Top Threats to Cloud Computing: The Egregious 11\"<\/a> (PDF)<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/top-threats-to-cloud-computing-egregious-eleven\/\" target=\"_blank\">https:\/\/cloudsecurityalliance.org\/artifacts\/top-threats-to-cloud-computing-egregious-eleven\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+Threats+to+Cloud+Computing%3A+The+Egregious+11&rft.atitle=&rft.aulast=Cloud+Security+Alliance&rft.au=Cloud+Security+Alliance&rft.date=6+August+2019&rft_id=https%3A%2F%2Fcloudsecurityalliance.org%2Fartifacts%2Ftop-threats-to-cloud-computing-egregious-eleven%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DouglasComp20-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DouglasComp20_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Douglas, S. (March 2023). <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"https:\/\/www.limswiki.org\/index.php\/LII:Comprehensive_Guide_to_Developing_and_Implementing_a_Cybersecurity_Plan\" data-key=\"fce1737a2e9697fc03e956327817f8ea\">\"Comprehensive Guide to Developing and Implementing a Cybersecurity Plan, Second Edition\"<\/a>. <i>LIMSwiki<\/i><span class=\"printonly\">. <a rel=\"nofollow\" class=\"external free wiki-link\" href=\"https:\/\/www.limswiki.org\/index.php\/LII:Comprehensive_Guide_to_Developing_and_Implementing_a_Cybersecurity_Plan\" data-key=\"fce1737a2e9697fc03e956327817f8ea\">https:\/\/www.limswiki.org\/index.php\/LII:Comprehensive_Guide_to_Developing_and_Implementing_a_Cybersecurity_Plan<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Comprehensive+Guide+to+Developing+and+Implementing+a+Cybersecurity+Plan%2C+Second+Edition&rft.atitle=LIMSwiki&rft.aulast=Douglas%2C+S.&rft.au=Douglas%2C+S.&rft.date=March+2023&rft_id=https%3A%2F%2Fwww.limswiki.org%2Findex.php%2FLII%3AComprehensive_Guide_to_Developing_and_Implementing_a_Cybersecurity_Plan&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KearnsPlanning17-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-KearnsPlanning17_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Kearns, D.K. (December 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.mitre.org\/news-insights\/publication\/planning-management-methods-migration-cloud-environment\" target=\"_blank\">\"Planning & Management Methods for Migration to a Cloud Environment\"<\/a>. The MITRE Corporation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.mitre.org\/news-insights\/publication\/planning-management-methods-migration-cloud-environment\" target=\"_blank\">https:\/\/www.mitre.org\/news-insights\/publication\/planning-management-methods-migration-cloud-environment<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Planning+%26+Management+Methods+for+Migration+to+a+Cloud+Environment&rft.atitle=&rft.aulast=Kearns%2C+D.K.&rft.au=Kearns%2C+D.K.&rft.date=December+2017&rft.pub=The+MITRE+Corporation&rft_id=https%3A%2F%2Fwww.mitre.org%2Fnews-insights%2Fpublication%2Fplanning-management-methods-migration-cloud-environment&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SheppardManaging15-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SheppardManaging15_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Sheppard, D. (28 May 2015). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.itworldcanada.com\/blog\/managing-a-cloud-computing-project\/374832\" target=\"_blank\">\"Managing a cloud computing project\"<\/a>. <i>IT World Canada<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.itworldcanada.com\/blog\/managing-a-cloud-computing-project\/374832\" target=\"_blank\">https:\/\/www.itworldcanada.com\/blog\/managing-a-cloud-computing-project\/374832<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Managing+a+cloud+computing+project&rft.atitle=IT+World+Canada&rft.aulast=Sheppard%2C+D.&rft.au=Sheppard%2C+D.&rft.date=28+May+2015&rft_id=https%3A%2F%2Fwww.itworldcanada.com%2Fblog%2Fmanaging-a-cloud-computing-project%2F374832&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KasperskyWhatIs-5\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-KasperskyWhatIs_5-0\">5.0<\/a><\/sup> <sup><a href=\"#cite_ref-KasperskyWhatIs_5-1\">5.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security\" target=\"_blank\">\"What is Cloud Security?\"<\/a>. <i>Resource Center<\/i>. AO Kaspersky Lab. 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security\" target=\"_blank\">https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Cloud+Security%3F&rft.atitle=Resource+Center&rft.date=2021&rft.pub=AO+Kaspersky+Lab&rft_id=https%3A%2F%2Fusa.kaspersky.com%2Fresource-center%2Fdefinitions%2Fwhat-is-cloud-security&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MaurerCloud20-6\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-MaurerCloud20_6-0\">6.0<\/a><\/sup> <sup><a href=\"#cite_ref-MaurerCloud20_6-1\">6.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Maurer, T.; Hinck, G. (31 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">\"Cloud Security: A Primer for Policymakers\"<\/a>. Carnegie Endowment for International Peace<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Security%3A+A+Primer+for+Policymakers&rft.atitle=&rft.aulast=Maurer%2C+T.%3B+Hinck%2C+G.&rft.au=Maurer%2C+T.%3B+Hinck%2C+G.&rft.date=31+August+2020&rft.pub=Carnegie+Endowment+for+International+Peace&rft_id=https%3A%2F%2Fcarnegieendowment.org%2F2020%2F08%2F31%2Fcloud-security-primer-for-policymakers-pub-82597&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PrattBuilding20-7\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-PrattBuilding20_7-0\">7.0<\/a><\/sup> <sup><a href=\"#cite_ref-PrattBuilding20_7-1\">7.1<\/a><\/sup> <sup><a href=\"#cite_ref-PrattBuilding20_7-2\">7.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Pratt, M.K. (14 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.csoonline.com\/article\/569951\/building-stronger-multicloud-security-3-key-elements.html\" target=\"_blank\">\"Building stronger multicloud security: 3 key elements\"<\/a>. <i>CSO<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.csoonline.com\/article\/569951\/building-stronger-multicloud-security-3-key-elements.html\" target=\"_blank\">https:\/\/www.csoonline.com\/article\/569951\/building-stronger-multicloud-security-3-key-elements.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Building+stronger+multicloud+security%3A+3+key+elements&rft.atitle=CSO&rft.aulast=Pratt%2C+M.K.&rft.au=Pratt%2C+M.K.&rft.date=14+December+2020&rft_id=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F569951%2Fbuilding-stronger-multicloud-security-3-key-elements.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HermanNISTCloud20-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HermanNISTCloud20_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Herman, M.; Iorga, M.; Salim, A.M. et al. (August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/csrc.nist.gov\/pubs\/ir\/8006\/final\" target=\"_blank\">\"NISTIR 8006 NIST Cloud Computing Forensic Science Challenges\"<\/a>. NIST<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/csrc.nist.gov\/pubs\/ir\/8006\/final\" target=\"_blank\">https:\/\/csrc.nist.gov\/pubs\/ir\/8006\/final<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=NISTIR+8006+NIST+Cloud+Computing+Forensic+Science+Challenges&rft.atitle=&rft.aulast=Herman%2C+M.%3B+Iorga%2C+M.%3B+Salim%2C+A.M.+et+al.&rft.au=Herman%2C+M.%3B+Iorga%2C+M.%3B+Salim%2C+A.M.+et+al.&rft.date=August+2020&rft.pub=NIST&rft_id=https%3A%2F%2Fcsrc.nist.gov%2Fpubs%2Fir%2F8006%2Ffinal&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MuncasterData20-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MuncasterData20_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Muncaster, P. (23 January 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.infosecurity-magazine.com\/news\/data-30000-cannabis-users-exposed\/\" target=\"_blank\">\"Data on 30,000 Cannabis Users Exposed in Cloud Leak\"<\/a>. <i>Infosecurity<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.infosecurity-magazine.com\/news\/data-30000-cannabis-users-exposed\/\" target=\"_blank\">https:\/\/www.infosecurity-magazine.com\/news\/data-30000-cannabis-users-exposed\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+on+30%2C000+Cannabis+Users+Exposed+in+Cloud+Leak&rft.atitle=Infosecurity&rft.aulast=Muncaster%2C+P.&rft.au=Muncaster%2C+P.&rft.date=23+January+2020&rft_id=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fdata-30000-cannabis-users-exposed%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TrendmicroUnsec20-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TrendmicroUnsec20_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.trendmicro.com\/vinfo\/dk\/security\/news\/virtualization-and-cloud\/unsecured-aws-s3-bucket-found-leaking-data-of-over-30k-cannabis-dispensary-customers\" target=\"_blank\">\"Unsecured AWS S3 Bucket Found Leaking Data of Over 30K Cannabis Dispensary Customers\"<\/a>. Trend Micro, Inc. 27 January 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.trendmicro.com\/vinfo\/dk\/security\/news\/virtualization-and-cloud\/unsecured-aws-s3-bucket-found-leaking-data-of-over-30k-cannabis-dispensary-customers\" target=\"_blank\">https:\/\/www.trendmicro.com\/vinfo\/dk\/security\/news\/virtualization-and-cloud\/unsecured-aws-s3-bucket-found-leaking-data-of-over-30k-cannabis-dispensary-customers<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Unsecured+AWS+S3+Bucket+Found+Leaking+Data+of+Over+30K+Cannabis+Dispensary+Customers&rft.atitle=&rft.date=27+January+2020&rft.pub=Trend+Micro%2C+Inc&rft_id=https%3A%2F%2Fwww.trendmicro.com%2Fvinfo%2Fdk%2Fsecurity%2Fnews%2Fvirtualization-and-cloud%2Funsecured-aws-s3-bucket-found-leaking-data-of-over-30k-cannabis-dispensary-customers&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NYSCyber04-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NYSCyber04_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20220123175134\/https:\/\/gc.cuny.edu\/CUNY_GC\/media\/CUNY-Graduate-Center\/PDF\/Policies\/IT\/Cyber-Security-Dos-and-Don%E2%80%99ts.pdf?ext=.pdf\" target=\"_blank\">\"Cyber Security Dos and Don'ts\"<\/a> (PDF). New York State Office of Information Technology and Services. 12 December 2004. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gc.cuny.edu\/CUNY_GC\/media\/CUNY-Graduate-Center\/PDF\/Policies\/IT\/Cyber-Security-Dos-and-Don%E2%80%99ts.pdf?ext=.pdf\" target=\"_blank\">the original<\/a> on 23 January 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20220123175134\/https:\/\/gc.cuny.edu\/CUNY_GC\/media\/CUNY-Graduate-Center\/PDF\/Policies\/IT\/Cyber-Security-Dos-and-Don%E2%80%99ts.pdf?ext=.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20220123175134\/https:\/\/gc.cuny.edu\/CUNY_GC\/media\/CUNY-Graduate-Center\/PDF\/Policies\/IT\/Cyber-Security-Dos-and-Don%E2%80%99ts.pdf?ext=.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cyber+Security+Dos+and+Don%27ts&rft.atitle=&rft.date=12+December+2004&rft.pub=New+York+State+Office+of+Information+Technology+and+Services&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20220123175134%2Fhttps%3A%2F%2Fgc.cuny.edu%2FCUNY_GC%2Fmedia%2FCUNY-Graduate-Center%2FPDF%2FPolicies%2FIT%2FCyber-Security-Dos-and-Don%25E2%2580%2599ts.pdf%3Fext%3D.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NUProtocol04-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NUProtocol04_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.it.northwestern.edu\/docs\/ExchangeSharedResponsibilityData.pdf\" target=\"_blank\">\"Protocol for Exchange and Shared Responsibility for Institutional Data\"<\/a> (PDF). Northwestern University. 15 August 2004<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.it.northwestern.edu\/docs\/ExchangeSharedResponsibilityData.pdf\" target=\"_blank\">https:\/\/www.it.northwestern.edu\/docs\/ExchangeSharedResponsibilityData.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Protocol+for+Exchange+and+Shared+Responsibility+for+Institutional+Data&rft.atitle=&rft.date=15+August+2004&rft.pub=Northwestern+University&rft_id=https%3A%2F%2Fwww.it.northwestern.edu%2Fdocs%2FExchangeSharedResponsibilityData.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSAmazonWeb10-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSAmazonWeb10_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Amazon Web Services (August 2010). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20100823123605\/http:\/\/media.amazonwebservices.com\/pdf\/AWS_Security_Whitepaper.pdf\" target=\"_blank\">\"Amazon Web Services: Overview of Security Processes\"<\/a> (PDF). Amazon Web Services. Archived from <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/media.amazonwebservices.com\/pdf\/AWS_Security_Whitepaper.pdf\" target=\"_blank\">the original<\/a> on 23 August 2010<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20100823123605\/http:\/\/media.amazonwebservices.com\/pdf\/AWS_Security_Whitepaper.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20100823123605\/http:\/\/media.amazonwebservices.com\/pdf\/AWS_Security_Whitepaper.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Amazon+Web+Services%3A+Overview+of+Security+Processes&rft.atitle=&rft.aulast=Amazon+Web+Services&rft.au=Amazon+Web+Services&rft.date=August+2010&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20100823123605%2Fhttp%3A%2F%2Fmedia.amazonwebservices.com%2Fpdf%2FAWS_Security_Whitepaper.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSSharedRespon21-14\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AWSSharedRespon21_14-0\">14.0<\/a><\/sup> <sup><a href=\"#cite_ref-AWSSharedRespon21_14-1\">14.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Amazon Web Services (2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/shared-responsibility-model\/?ref=wellarchitected\" target=\"_blank\">\"Shared Responsibility Model\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/compliance\/shared-responsibility-model\/?ref=wellarchitected\" target=\"_blank\">https:\/\/aws.amazon.com\/compliance\/shared-responsibility-model\/?ref=wellarchitected<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Shared+Responsibility+Model&rft.atitle=&rft.aulast=Amazon+Web+Services&rft.au=Amazon+Web+Services&rft.date=2021&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fcompliance%2Fshared-responsibility-model%2F%3Fref%3Dwellarchitected&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EusticeUnder18-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-EusticeUnder18_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Eustice, J.C. (2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">\"Understand the intersection between data privacy laws and cloud computing\"<\/a>. <i>Legal Technology, Products, and Services<\/i>. Thomson Reuters<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Understand+the+intersection+between+data+privacy+laws+and+cloud+computing&rft.atitle=Legal+Technology%2C+Products%2C+and+Services&rft.aulast=Eustice%2C+J.C.&rft.au=Eustice%2C+J.C.&rft.date=2018&rft.pub=Thomson+Reuters&rft_id=https%3A%2F%2Flegal.thomsonreuters.com%2Fen%2Finsights%2Farticles%2Funderstanding-data-privacy-and-cloud-computing&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MealusTheSOC18-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MealusTheSOC18_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mealus, P. (19 December 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/medium.com\/@paulmealus\/the-soc-2-report-explained-for-normal-people-50b4626d6c96\" target=\"_blank\">\"The SOC 2 Report Explained for Normal People\"<\/a>. <i>Medium<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/medium.com\/@paulmealus\/the-soc-2-report-explained-for-normal-people-50b4626d6c96\" target=\"_blank\">https:\/\/medium.com\/@paulmealus\/the-soc-2-report-explained-for-normal-people-50b4626d6c96<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+SOC+2+Report+Explained+for+Normal+People&rft.atitle=Medium&rft.aulast=Mealus%2C+P.&rft.au=Mealus%2C+P.&rft.date=19+December+2018&rft_id=https%3A%2F%2Fmedium.com%2F%40paulmealus%2Fthe-soc-2-report-explained-for-normal-people-50b4626d6c96&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ETSIAbout-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ETSIAbout_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.etsi.org\/about\" target=\"_blank\">\"About ETSI\"<\/a>. European Telecommunications Standards Institute<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.etsi.org\/about\" target=\"_blank\">https:\/\/www.etsi.org\/about<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=About+ETSI&rft.atitle=&rft.pub=European+Telecommunications+Standards+Institute&rft_id=https%3A%2F%2Fwww.etsi.org%2Fabout&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSCISPE.22-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSCISPE.22_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/compliance\/cispe\/\" target=\"_blank\">\"CISPE\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/compliance\/cispe\/\" target=\"_blank\">https:\/\/aws.amazon.com\/compliance\/cispe\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=CISPE&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fcompliance%2Fcispe%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IDCWorldwide20-19\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IDCWorldwide20_19-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">International Data Corporation (18 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20220131120937\/https:\/\/www.idc.com\/getdoc.jsp?containerId=prUS46780320\" target=\"_blank\">\"Worldwide Public Cloud Services Market Totaled $233.4 Billion in 2019 with the Top 5 Providers Capturing More Than One Third of the Total, According to IDC\"<\/a>. International Data Corporation. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.idc.com\/getdoc.jsp?containerId=prUS46780320\" target=\"_blank\">the original<\/a> on 31 January 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20220131120937\/https:\/\/www.idc.com\/getdoc.jsp?containerId=prUS46780320\" target=\"_blank\">https:\/\/web.archive.org\/web\/20220131120937\/https:\/\/www.idc.com\/getdoc.jsp?containerId=prUS46780320<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Worldwide+Public+Cloud+Services+Market+Totaled+%24233.4+Billion+in+2019+with+the+Top+5+Providers+Capturing+More+Than+One+Third+of+the+Total%2C+According+to+IDC&rft.atitle=&rft.aulast=International+Data+Corporation&rft.au=International+Data+Corporation&rft.date=18+August+2020&rft.pub=International+Data+Corporation&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20220131120937%2Fhttps%3A%2F%2Fwww.idc.com%2Fgetdoc.jsp%3FcontainerId%3DprUS46780320&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GartnerForecast20-20\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GartnerForecast20_20-0\">20.0<\/a><\/sup> <sup><a href=\"#cite_ref-GartnerForecast20_20-1\">20.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2020-11-17-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-grow-18-percent-in-2021\" target=\"_blank\">\"Gartner Forecasts Worldwide Public Cloud End-User Spending to Grow 18% in 2021\"<\/a>. Gartner, Inc. 17 November 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2020-11-17-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-grow-18-percent-in-2021\" target=\"_blank\">https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2020-11-17-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-grow-18-percent-in-2021<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Gartner+Forecasts+Worldwide+Public+Cloud+End-User+Spending+to+Grow+18%25+in+2021&rft.atitle=&rft.date=17+November+2020&rft.pub=Gartner%2C+Inc&rft_id=https%3A%2F%2Fwww.gartner.com%2Fen%2Fnewsroom%2Fpress-releases%2F2020-11-17-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-grow-18-percent-in-2021&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GartnerFore23-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GartnerFore23_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023\" target=\"_blank\">\"Gartner Forecasts Worldwide Public Cloud End-User Spending to Reach Nearly $600 Billion in 2023\"<\/a>. Gartner. 19 April 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023\" target=\"_blank\">https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Gartner+Forecasts+Worldwide+Public+Cloud+End-User+Spending+to+Reach+Nearly+%24600+Billion+in+2023&rft.atitle=&rft.date=19+April+2023&rft.pub=Gartner&rft_id=https%3A%2F%2Fwww.gartner.com%2Fen%2Fnewsroom%2Fpress-releases%2F2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PRNNewRes21-22\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-PRNNewRes21_22-0\">22.0<\/a><\/sup> <sup><a href=\"#cite_ref-PRNNewRes21_22-1\">22.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Barracuda Networks, Inc (14 January 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.prnewswire.com\/news-releases\/new-research-reveals-it-professionals-growing-confidence-in-public-cloud-despite-security-concerns-301208046.html\" target=\"_blank\">\"New research reveals IT professionals' growing confidence in public cloud despite security concerns\"<\/a>. <i>PR Newswire<\/i>. Cision<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.prnewswire.com\/news-releases\/new-research-reveals-it-professionals-growing-confidence-in-public-cloud-despite-security-concerns-301208046.html\" target=\"_blank\">https:\/\/www.prnewswire.com\/news-releases\/new-research-reveals-it-professionals-growing-confidence-in-public-cloud-despite-security-concerns-301208046.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=New+research+reveals+IT+professionals%27+growing+confidence+in+public+cloud+despite+security+concerns&rft.atitle=PR+Newswire&rft.aulast=Barracuda+Networks%2C+Inc&rft.au=Barracuda+Networks%2C+Inc&rft.date=14+January+2021&rft.pub=Cision&rft_id=https%3A%2F%2Fwww.prnewswire.com%2Fnews-releases%2Fnew-research-reveals-it-professionals-growing-confidence-in-public-cloud-despite-security-concerns-301208046.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ToI33_23-23\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ToI33_23_23-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/timesofindia.indiatimes.com\/gadgets-news\/33-of-company-executives-very-confident-to-operate-in-public-cloud-report\/articleshow\/100855040.cms\" target=\"_blank\">\"33% of company executives \u201cvery confident\u201d to operate in public cloud: Report\"<\/a>. <i>The Times of India<\/i>. 8 June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/timesofindia.indiatimes.com\/gadgets-news\/33-of-company-executives-very-confident-to-operate-in-public-cloud-report\/articleshow\/100855040.cms\" target=\"_blank\">https:\/\/timesofindia.indiatimes.com\/gadgets-news\/33-of-company-executives-very-confident-to-operate-in-public-cloud-report\/articleshow\/100855040.cms<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=33%25+of+company+executives+%E2%80%9Cvery+confident%E2%80%9D+to+operate+in+public+cloud%3A+Report&rft.atitle=The+Times+of+India&rft.date=8+June+2023&rft_id=https%3A%2F%2Ftimesofindia.indiatimes.com%2Fgadgets-news%2F33-of-company-executives-very-confident-to-operate-in-public-cloud-report%2Farticleshow%2F100855040.cms&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BocettaProblem19-24\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BocettaProblem19_24-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Bocetta, S. (9 July 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.networkcomputing.com\/network-security\/problem-complex-networks-getting-harder-secure\" target=\"_blank\">\"Problem: Complex Networks Getting Harder to Secure\"<\/a>. <i>Network Computing<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.networkcomputing.com\/network-security\/problem-complex-networks-getting-harder-secure\" target=\"_blank\">https:\/\/www.networkcomputing.com\/network-security\/problem-complex-networks-getting-harder-secure<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Problem%3A+Complex+Networks+Getting+Harder+to+Secure&rft.atitle=Network+Computing&rft.aulast=Bocetta%2C+S.&rft.au=Bocetta%2C+S.&rft.date=9+July+2019&rft_id=https%3A%2F%2Fwww.networkcomputing.com%2Fnetwork-security%2Fproblem-complex-networks-getting-harder-secure&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HemmerTrust19-25\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HemmerTrust19_25-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Hemer, N. (18 December 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/linfordco.com\/blog\/trust-services-critieria-principles-soc-2\/\" target=\"_blank\">\"Trust Services Criteria (formerly Principles) for SOC 2 in 2019\"<\/a>. <i>Linford & Company IT Audit & Compliance Blog<\/i>. Linford and Co. LLP<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/linfordco.com\/blog\/trust-services-critieria-principles-soc-2\/\" target=\"_blank\">https:\/\/linfordco.com\/blog\/trust-services-critieria-principles-soc-2\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Trust+Services+Criteria+%28formerly+Principles%29+for+SOC+2+in+2019&rft.atitle=Linford+%26+Company+IT+Audit+%26+Compliance+Blog&rft.aulast=Hemer%2C+N.&rft.au=Hemer%2C+N.&rft.date=18+December+2019&rft.pub=Linford+and+Co.+LLP&rft_id=https%3A%2F%2Flinfordco.com%2Fblog%2Ftrust-services-critieria-principles-soc-2%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TillerIsThe19-26\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TillerIsThe19_26-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Tiller, D. (2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf\" target=\"_blank\">\"Is the Cloud a Safe Place for Your Data?: How Life Science Organizations Can Ensure Integrity and Security in a SaaS Environment\"<\/a> (PDF). IDBS. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf\" target=\"_blank\">the original<\/a> on 08 March 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210308231558\/https:\/\/storage.pardot.com\/468401\/1614781936jHqdU6H6\/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Is+the+Cloud+a+Safe+Place+for+Your+Data%3F%3A+How+Life+Science+Organizations+Can+Ensure+Integrity+and+Security+in+a+SaaS+Environment&rft.atitle=&rft.aulast=Tiller%2C+D.&rft.au=Tiller%2C+D.&rft.date=2019&rft.pub=IDBS&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210308231558%2Fhttps%3A%2F%2Fstorage.pardot.com%2F468401%2F1614781936jHqdU6H6%2FWhitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HHSGuidance20-27\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HHSGuidance20_27-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Office for Civil Rights (23 December 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html\" target=\"_blank\">\"Guidance on HIPAA & Cloud Computing\"<\/a>. <i>Health Information Privacy<\/i>. U.S. Department of Health & Human Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html\" target=\"_blank\">https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Guidance+on+HIPAA+%26+Cloud+Computing&rft.atitle=Health+Information+Privacy&rft.aulast=Office+for+Civil+Rights&rft.au=Office+for+Civil+Rights&rft.date=23+December+2022&rft.pub=U.S.+Department+of+Health+%26+Human+Services&rft_id=https%3A%2F%2Fwww.hhs.gov%2Fhipaa%2Ffor-professionals%2Fspecial-topics%2Fhealth-information-technology%2Fcloud-computing%2Findex.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MSHealthHIPAA21-28\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MSHealthHIPAA21_28-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/learn.microsoft.com\/en-us\/compliance\/regulatory\/offering-hipaa-hitech\" target=\"_blank\">\"Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic and Clinical Health (HITECH) Act\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft. 25 April 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/learn.microsoft.com\/en-us\/compliance\/regulatory\/offering-hipaa-hitech\" target=\"_blank\">https:\/\/learn.microsoft.com\/en-us\/compliance\/regulatory\/offering-hipaa-hitech<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Health+Insurance+Portability+and+Accountability+Act+%28HIPAA%29+%26+Health+Information+Technology+for+Economic+and+Clinical+Health+%28HITECH%29+Act&rft.atitle=Microsoft+Documentation&rft.date=25+April+2023&rft.pub=Microsoft&rft_id=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fcompliance%2Fregulatory%2Foffering-hipaa-hitech&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DashNav20-29\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-DashNav20_29-0\">29.0<\/a><\/sup> <sup><a href=\"#cite_ref-DashNav20_29-1\">29.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dashsdk.com\/hipaa-compliant-cloud\/\" target=\"_blank\">\"Navigating HIPAA Compliant Cloud Solutions\"<\/a>. Dash. 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dashsdk.com\/hipaa-compliant-cloud\/\" target=\"_blank\">https:\/\/www.dashsdk.com\/hipaa-compliant-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Navigating+HIPAA+Compliant+Cloud+Solutions&rft.atitle=&rft.date=2020&rft.pub=Dash&rft_id=https%3A%2F%2Fwww.dashsdk.com%2Fhipaa-compliant-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WeinsCloud20.22-30\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-WeinsCloud20.22_30-0\">30.0<\/a><\/sup> <sup><a href=\"#cite_ref-WeinsCloud20.22_30-1\">30.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Weins, K. (21 May 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20200822043605\/https:\/\/www.flexera.com\/blog\/industry-trends\/trend-of-cloud-computing-2020\/\" target=\"_blank\">\"Cloud Computing Trends: 2020 State of the Cloud Report\"<\/a>. <i>Flexera Blog<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.flexera.com\/blog\/industry-trends\/trend-of-cloud-computing-2020\/\" target=\"_blank\">the original<\/a> on 22 August 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20200822043605\/https:\/\/www.flexera.com\/blog\/industry-trends\/trend-of-cloud-computing-2020\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20200822043605\/https:\/\/www.flexera.com\/blog\/industry-trends\/trend-of-cloud-computing-2020\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Computing+Trends%3A+2020+State+of+the+Cloud+Report&rft.atitle=Flexera+Blog&rft.aulast=Weins%2C+K.&rft.au=Weins%2C+K.&rft.date=21+May+2020&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20200822043605%2Fhttps%3A%2F%2Fwww.flexera.com%2Fblog%2Findustry-trends%2Ftrend-of-cloud-computing-2020%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IDCExpects2021_20-31\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IDCExpects2021_20_31-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">International Data Corporation (31 March 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210603182500\/https:\/\/www.idc.com\/getdoc.jsp?containerId=prMETA46165020\" target=\"_blank\">\"IDC Expects 2021 to Be the Year of Multi-Cloud as Global COVID-19 Pandemic Reaffirms Critical Need for Business Agility\"<\/a>. International Data Corporation. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.idc.com\/getdoc.jsp?containerId=prMETA46165020\" target=\"_blank\">the original<\/a> on 03 June 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210603182500\/https:\/\/www.idc.com\/getdoc.jsp?containerId=prMETA46165020\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210603182500\/https:\/\/www.idc.com\/getdoc.jsp?containerId=prMETA46165020<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IDC+Expects+2021+to+Be+the+Year+of+Multi-Cloud+as+Global+COVID-19+Pandemic+Reaffirms+Critical+Need+for+Business+Agility&rft.atitle=&rft.aulast=International+Data+Corporation&rft.au=International+Data+Corporation&rft.date=31+March+2020&rft.pub=International+Data+Corporation&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210603182500%2Fhttps%3A%2F%2Fwww.idc.com%2Fgetdoc.jsp%3FcontainerId%3DprMETA46165020&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsHybrid-32\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CFWhatIsHybrid_32-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-hybrid-cloud\/\" target=\"_blank\">\"What Is Hybrid Cloud? Hybrid Cloud Definition\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-hybrid-cloud\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-hybrid-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 04 March 2021<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+Is+Hybrid+Cloud%3F+Hybrid+Cloud+Definition&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fcloud%2Fwhat-is-hybrid-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HurwitzWhat21-33\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HurwitzWhat21_33-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Hurwitz, J.S.; Kaufman, M.; Halper, F. et al. (2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dummies.com\/article\/technology\/information-technology\/networking\/cloud-computing\/what-is-hybrid-cloud-computing-174473\/\" target=\"_blank\">\"What is Hybrid Cloud Computing?\"<\/a>. <i>Dummies.com<\/i>. John Wiley & Sons, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dummies.com\/article\/technology\/information-technology\/networking\/cloud-computing\/what-is-hybrid-cloud-computing-174473\/\" target=\"_blank\">https:\/\/www.dummies.com\/article\/technology\/information-technology\/networking\/cloud-computing\/what-is-hybrid-cloud-computing-174473\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Hybrid+Cloud+Computing%3F&rft.atitle=Dummies.com&rft.aulast=Hurwitz%2C+J.S.%3B+Kaufman%2C+M.%3B+Halper%2C+F.+et+al.&rft.au=Hurwitz%2C+J.S.%3B+Kaufman%2C+M.%3B+Halper%2C+F.+et+al.&rft.date=2021&rft.pub=John+Wiley+%26+Sons%2C+Inc&rft_id=https%3A%2F%2Fwww.dummies.com%2Farticle%2Ftechnology%2Finformation-technology%2Fnetworking%2Fcloud-computing%2Fwhat-is-hybrid-cloud-computing-174473%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsMulti-34\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CFWhatIsMulti_34-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-multicloud\/\" target=\"_blank\">\"What Is Multicloud? Multicloud Definition\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-multicloud\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-multicloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+Is+Multicloud%3F+Multicloud+Definition&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fcloud%2Fwhat-is-multicloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-RSThe2023_23-35\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-RSThe2023_23_35-0\">35.0<\/a><\/sup> <sup><a href=\"#cite_ref-RSThe2023_23_35-1\">35.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.rackspace.com\/sites\/default\/files\/2023-02\/Rackspace-Cloud-Strategy-Workbook-2023.pdf\" target=\"_blank\">\"The 2023 Cloud Strategy Workbook\"<\/a> (PDF). Rackspace technology. February 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.rackspace.com\/sites\/default\/files\/2023-02\/Rackspace-Cloud-Strategy-Workbook-2023.pdf\" target=\"_blank\">https:\/\/www.rackspace.com\/sites\/default\/files\/2023-02\/Rackspace-Cloud-Strategy-Workbook-2023.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+2023+Cloud+Strategy+Workbook&rft.atitle=&rft.date=February+2023&rft.pub=Rackspace+technology&rft_id=https%3A%2F%2Fwww.rackspace.com%2Fsites%2Fdefault%2Ffiles%2F2023-02%2FRackspace-Cloud-Strategy-Workbook-2023.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LuxnerCloud23.22-36\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-LuxnerCloud23.22_36-0\">36.0<\/a><\/sup> <sup><a href=\"#cite_ref-LuxnerCloud23.22_36-1\">36.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Luxner, T. (5 April 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20230813135147\/https:\/\/www.flexera.com\/blog\/cloud\/cloud-computing-trends-flexera-2023-state-of-the-cloud-report\/\" target=\"_blank\">\"Cloud computing trends and statistics: Flexera 2023 State of the Cloud Report\"<\/a>. <i>Flexera Blog<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.flexera.com\/blog\/cloud\/cloud-computing-trends-flexera-2023-state-of-the-cloud-report\/\" target=\"_blank\">the original<\/a> on 13 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20230813135147\/https:\/\/www.flexera.com\/blog\/cloud\/cloud-computing-trends-flexera-2023-state-of-the-cloud-report\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20230813135147\/https:\/\/www.flexera.com\/blog\/cloud\/cloud-computing-trends-flexera-2023-state-of-the-cloud-report\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+computing+trends+and+statistics%3A+Flexera+2023+State+of+the+Cloud+Report&rft.atitle=Flexera+Blog&rft.aulast=Luxner%2C+T.&rft.au=Luxner%2C+T.&rft.date=5+April+2023&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20230813135147%2Fhttps%3A%2F%2Fwww.flexera.com%2Fblog%2Fcloud%2Fcloud-computing-trends-flexera-2023-state-of-the-cloud-report%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ClarkOhDear23-37\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ClarkOhDear23_37-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Clark, L. (19 January 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.theregister.com\/2023\/01\/19\/cloud_growth_slowdown_as_customers\/\" target=\"_blank\">\"Oh dear, AWS. Cloud growth slowing as customers get a dose of cost reality\"<\/a>. <i>The Register<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.theregister.com\/2023\/01\/19\/cloud_growth_slowdown_as_customers\/\" target=\"_blank\">https:\/\/www.theregister.com\/2023\/01\/19\/cloud_growth_slowdown_as_customers\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Oh+dear%2C+AWS.+Cloud+growth+slowing+as+customers+get+a+dose+of+cost+reality&rft.atitle=The+Register&rft.aulast=Clark%2C+L.&rft.au=Clark%2C+L.&rft.date=19+January+2023&rft_id=https%3A%2F%2Fwww.theregister.com%2F2023%2F01%2F19%2Fcloud_growth_slowdown_as_customers%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DonnellyUptime23-38\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DonnellyUptime23_38-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Donnelly, C. (18 January 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.computerweekly.com\/news\/252529297\/Uptime-Institute-predicts-slower-pace-of-public-cloud-migrations-in-2023\" target=\"_blank\">\"Uptime Institute predicts slower pace of public cloud migrations in 2023\"<\/a>. <i>ComputerWeekly.com<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.computerweekly.com\/news\/252529297\/Uptime-Institute-predicts-slower-pace-of-public-cloud-migrations-in-2023\" target=\"_blank\">https:\/\/www.computerweekly.com\/news\/252529297\/Uptime-Institute-predicts-slower-pace-of-public-cloud-migrations-in-2023<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Uptime+Institute+predicts+slower+pace+of+public+cloud+migrations+in+2023&rft.atitle=ComputerWeekly.com&rft.aulast=Donnelly%2C+C.&rft.au=Donnelly%2C+C.&rft.date=18+January+2023&rft_id=https%3A%2F%2Fwww.computerweekly.com%2Fnews%2F252529297%2FUptime-Institute-predicts-slower-pace-of-public-cloud-migrations-in-2023&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KernerFour18-39\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-KernerFour18_39-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Kerner, L. (2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/techbeacon.com\/security\/4-hybrid-cloud-security-challenges-how-overcome-them\" target=\"_blank\">\"4 hybrid-cloud security challenges and how to overcome them\"<\/a>. <i>TechNeacon<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/techbeacon.com\/security\/4-hybrid-cloud-security-challenges-how-overcome-them\" target=\"_blank\">https:\/\/techbeacon.com\/security\/4-hybrid-cloud-security-challenges-how-overcome-them<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=4+hybrid-cloud+security+challenges+and+how+to+overcome+them&rft.atitle=TechNeacon&rft.aulast=Kerner%2C+L.&rft.au=Kerner%2C+L.&rft.date=2018&rft_id=https%3A%2F%2Ftechbeacon.com%2Fsecurity%2F4-hybrid-cloud-security-challenges-how-overcome-them&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMContainers19-40\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMContainers19_40-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">IBM Cloud Education. <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/topics\/containers\" target=\"_blank\">\"What are containers?\"<\/a>. IBM<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/topics\/containers\" target=\"_blank\">https:\/\/www.ibm.com\/topics\/containers<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+are+containers%3F&rft.atitle=&rft.aulast=IBM+Cloud+Education&rft.au=IBM+Cloud+Education&rft.pub=IBM&rft_id=https%3A%2F%2Fwww.ibm.com%2Ftopics%2Fcontainers&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleContainers-41\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleContainers_41-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/containers\" target=\"_blank\">\"Containers at Google\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/containers\" target=\"_blank\">https:\/\/cloud.google.com\/containers<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Containers+at+Google&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fcontainers&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GLABegin-42\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GLABegin_42-0\">42.0<\/a><\/sup> <sup><a href=\"#cite_ref-GLABegin_42-1\">42.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/about.gitlab.com\/topics\/devsecops\/beginners-guide-to-container-security\/\" target=\"_blank\">\"A beginner\u2019s guide to container security\"<\/a>. <i>GitLab<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/about.gitlab.com\/topics\/devsecops\/beginners-guide-to-container-security\/\" target=\"_blank\">https:\/\/about.gitlab.com\/topics\/devsecops\/beginners-guide-to-container-security\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=A+beginner%E2%80%99s+guide+to+container+security&rft.atitle=GitLab&rft_id=https%3A%2F%2Fabout.gitlab.com%2Ftopics%2Fdevsecops%2Fbeginners-guide-to-container-security%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SilverthorneGit22-43\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SilverthorneGit22_43-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Silverthorne, V. (23 August 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/about.gitlab.com\/blog\/2022\/08\/23\/gitlabs-2022-global-devsecops-survey-security-is-the-top-concern-investment\/\" target=\"_blank\">\"GitLab's 2022 Global DevSecOps Survey: Security is the top concern, investment\"<\/a>. <i>GitLab Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/about.gitlab.com\/blog\/2022\/08\/23\/gitlabs-2022-global-devsecops-survey-security-is-the-top-concern-investment\/\" target=\"_blank\">https:\/\/about.gitlab.com\/blog\/2022\/08\/23\/gitlabs-2022-global-devsecops-survey-security-is-the-top-concern-investment\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 15 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=GitLab%27s+2022+Global+DevSecOps+Survey%3A+Security+is+the+top+concern%2C+investment&rft.atitle=GitLab+Blog&rft.aulast=Silverthorne%2C+V.&rft.au=Silverthorne%2C+V.&rft.date=23+August+2022&rft_id=https%3A%2F%2Fabout.gitlab.com%2Fblog%2F2022%2F08%2F23%2Fgitlabs-2022-global-devsecops-survey-security-is-the-top-concern-investment%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NIST800-190_17-44\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NIST800-190_17_44-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Souppaya, M.; Morello, J.; Scarfone, K. (September 2017). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/190\/final\" target=\"_blank\">\"SP 800-190 <i>Application Container Security Guide<\/i>\"<\/a>. NIST. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.6028%2FNIST.SP.800-190\" target=\"_blank\">10.6028\/NIST.SP.800-190<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/190\/final\" target=\"_blank\">https:\/\/csrc.nist.gov\/pubs\/sp\/800\/190\/final<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SP+800-190+%27%27Application+Container+Security+Guide%27%27&rft.atitle=&rft.aulast=Souppaya%2C+M.%3B+Morello%2C+J.%3B+Scarfone%2C+K.&rft.au=Souppaya%2C+M.%3B+Morello%2C+J.%3B+Scarfone%2C+K.&rft.date=September+2017&rft.pub=NIST&rft_id=info:doi\/10.6028%2FNIST.SP.800-190&rft_id=https%3A%2F%2Fcsrc.nist.gov%2Fpubs%2Fsp%2F800%2F190%2Ffinal&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BarrowcloughSecuring18-45\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-BarrowcloughSecuring18_45-0\">45.0<\/a><\/sup> <sup><a href=\"#cite_ref-BarrowcloughSecuring18_45-1\">45.1<\/a><\/sup> <sup><a href=\"#cite_ref-BarrowcloughSecuring18_45-2\">45.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Barrowclough, J.P.; Asif, R. (2018). \"Securing Cloud Hypervisors: A Survey of the Threats, Vulnerabilities, and Countermeasures\". <i>Security and Communication Networks<\/i> <b>2018<\/b>: 1681908. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1155%2F2018%2F1681908\" target=\"_blank\">10.1155\/2018\/1681908<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Securing+Cloud+Hypervisors%3A+A+Survey+of+the+Threats%2C+Vulnerabilities%2C+and+Countermeasures&rft.jtitle=Security+and+Communication+Networks&rft.aulast=Barrowclough%2C+J.P.%3B+Asif%2C+R.&rft.au=Barrowclough%2C+J.P.%3B+Asif%2C+R.&rft.date=2018&rft.volume=2018&rft.pages=1681908&rft_id=info:doi\/10.1155%2F2018%2F1681908&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SharmaHypervisor20-46\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SharmaHypervisor20_46-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Sharma, Y.; Lyon, R.; Lanfear, T. et al. (11 November 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/hypervisor\" target=\"_blank\">\"Hypervisor security on the Azure fleet\"<\/a>. <i>Microsoft Documentation<\/i>. Microsoft<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/hypervisor\" target=\"_blank\">https:\/\/docs.microsoft.com\/en-us\/azure\/security\/fundamentals\/hypervisor<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Hypervisor+security+on+the+Azure+fleet&rft.atitle=Microsoft+Documentation&rft.aulast=Sharma%2C+Y.%3B+Lyon%2C+R.%3B+Lanfear%2C+T.+et+al.&rft.au=Sharma%2C+Y.%3B+Lyon%2C+R.%3B+Lanfear%2C+T.+et+al.&rft.date=11+November+2022&rft.pub=Microsoft&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity%2Ffundamentals%2Fhypervisor&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BoydAchieving18-47\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BoydAchieving18_47-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Boyd, N. (20 July 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201105140448\/https:\/\/www.sdxcentral.com\/cloud\/definitions\/achieving-network-security-in-cloud-computing\/\" target=\"_blank\">\"Achieving Network Security in Cloud Computing\"<\/a>. <i>Cloud HQ<\/i>. SDxCentral, LLC. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.sdxcentral.com\/cloud\/definitions\/achieving-network-security-in-cloud-computing\/\" target=\"_blank\">the original<\/a> on 05 November 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20201105140448\/https:\/\/www.sdxcentral.com\/cloud\/definitions\/achieving-network-security-in-cloud-computing\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20201105140448\/https:\/\/www.sdxcentral.com\/cloud\/definitions\/achieving-network-security-in-cloud-computing\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Achieving+Network+Security+in+Cloud+Computing&rft.atitle=Cloud+HQ&rft.aulast=Boyd%2C+N.&rft.au=Boyd%2C+N.&rft.date=20+July+2018&rft.pub=SDxCentral%2C+LLC&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20201105140448%2Fhttps%3A%2F%2Fwww.sdxcentral.com%2Fcloud%2Fdefinitions%2Fachieving-network-security-in-cloud-computing%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MoodysBest18-48\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-MoodysBest18_48-0\">48.0<\/a><\/sup> <sup><a href=\"#cite_ref-MoodysBest18_48-1\">48.1<\/a><\/sup> <sup><a href=\"#cite_ref-MoodysBest18_48-2\">48.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.moodysanalytics.com\/articles\/2018\/best-practices-for-saas-security\" target=\"_blank\">\"Best Practices for SaaS Security\"<\/a>. <i>Moody's Analytics<\/i>. Moody's Analytics, Inc. April 2018<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.moodysanalytics.com\/articles\/2018\/best-practices-for-saas-security\" target=\"_blank\">https:\/\/www.moodysanalytics.com\/articles\/2018\/best-practices-for-saas-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Best+Practices+for+SaaS+Security&rft.atitle=Moody%27s+Analytics&rft.date=April+2018&rft.pub=Moody%27s+Analytics%2C+Inc&rft_id=https%3A%2F%2Fwww.moodysanalytics.com%2Farticles%2F2018%2Fbest-practices-for-saas-security&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DeloitteCloud19-49\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DeloitteCloud19_49-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.deloitte.com\/global\/en\/Industries\/financial-services\/perspectives\/bank-2030-financial-services-cloud.html\" target=\"_blank\">\"Cloud banking: More than just a CIO conversation\"<\/a>. Deloitte. 1 July 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.deloitte.com\/global\/en\/Industries\/financial-services\/perspectives\/bank-2030-financial-services-cloud.html\" target=\"_blank\">https:\/\/www.deloitte.com\/global\/en\/Industries\/financial-services\/perspectives\/bank-2030-financial-services-cloud.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+banking%3A+More+than+just+a+CIO+conversation&rft.atitle=&rft.date=1+July+2019&rft.pub=Deloitte&rft_id=https%3A%2F%2Fwww.deloitte.com%2Fglobal%2Fen%2FIndustries%2Ffinancial-services%2Fperspectives%2Fbank-2030-financial-services-cloud.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ChuardCloud20-50\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ChuardCloud20_50-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Chuard, M. (10 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.weforum.org\/agenda\/2020\/12\/cloud-and-saas-technology-can-drive-inclusive-banking\/\" target=\"_blank\">\"Cloud and SaaS technology can drive inclusive banking. Here are 3 reasons how\"<\/a>. <i>World Economic Forum<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.weforum.org\/agenda\/2020\/12\/cloud-and-saas-technology-can-drive-inclusive-banking\/\" target=\"_blank\">https:\/\/www.weforum.org\/agenda\/2020\/12\/cloud-and-saas-technology-can-drive-inclusive-banking\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+and+SaaS+technology+can+drive+inclusive+banking.+Here+are+3+reasons+how&rft.atitle=World+Economic+Forum&rft.aulast=Chuard%2C+M.&rft.au=Chuard%2C+M.&rft.date=10+December+2020&rft_id=https%3A%2F%2Fwww.weforum.org%2Fagenda%2F2020%2F12%2Fcloud-and-saas-technology-can-drive-inclusive-banking%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DeloitteGetting19-51\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DeloitteGetting19_51-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/ch\/Documents\/financial-services\/deloitte-ch-fs-Cloud-for-Swiss-Banks-report-digital.pdf\" target=\"_blank\">\"Getting cloud right: How can banks stay ahead of the curve?\"<\/a> (PDF). Deloitte. 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/ch\/Documents\/financial-services\/deloitte-ch-fs-Cloud-for-Swiss-Banks-report-digital.pdf\" target=\"_blank\">https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/ch\/Documents\/financial-services\/deloitte-ch-fs-Cloud-for-Swiss-Banks-report-digital.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Getting+cloud+right%3A+How+can+banks+stay+ahead+of+the+curve%3F&rft.atitle=&rft.date=2019&rft.pub=Deloitte&rft_id=https%3A%2F%2Fwww2.deloitte.com%2Fcontent%2Fdam%2FDeloitte%2Fch%2FDocuments%2Ffinancial-services%2Fdeloitte-ch-fs-Cloud-for-Swiss-Banks-report-digital.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OlavsrudWhatIs21-52\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OlavsrudWhatIs21_52-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Olavsrud, T. (24 March 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cio.com\/article\/202183\/what-is-data-governance-a-best-practices-framework-for-managing-data-assets.html\" target=\"_blank\">\"What is data governance? A best practices framework for managing data assets\"<\/a>. <i>CIO<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cio.com\/article\/202183\/what-is-data-governance-a-best-practices-framework-for-managing-data-assets.html\" target=\"_blank\">https:\/\/www.cio.com\/article\/202183\/what-is-data-governance-a-best-practices-framework-for-managing-data-assets.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+data+governance%3F+A+best+practices+framework+for+managing+data+assets&rft.atitle=CIO&rft.aulast=Olavsrud%2C+T.&rft.au=Olavsrud%2C+T.&rft.date=24+March+2023&rft_id=https%3A%2F%2Fwww.cio.com%2Farticle%2F202183%2Fwhat-is-data-governance-a-best-practices-framework-for-managing-data-assets.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SAPTrustCenter.22-53\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SAPTrustCenter.22_53-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.sap.com\/about\/trust-center\/certification-compliance.html\" target=\"_blank\">\"SAP Trust Center\"<\/a>. SAP America, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.sap.com\/about\/trust-center\/certification-compliance.html\" target=\"_blank\">https:\/\/www.sap.com\/about\/trust-center\/certification-compliance.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=SAP+Trust+Center&rft.atitle=&rft.pub=SAP+America%2C+Inc&rft_id=https%3A%2F%2Fwww.sap.com%2Fabout%2Ftrust-center%2Fcertification-compliance.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AdobeTrustCenter-54\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AdobeTrustCenter_54-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.adobe.com\/trust.html\" target=\"_blank\">\"Adobe Trust Center\"<\/a>. Adobe, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.adobe.com\/trust.html\" target=\"_blank\">https:\/\/www.adobe.com\/trust.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Adobe+Trust+Center&rft.atitle=&rft.pub=Adobe%2C+Inc&rft_id=https%3A%2F%2Fwww.adobe.com%2Ftrust.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AtlassianTrustCenter-55\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AtlassianTrustCenter_55-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.atlassian.com\/trust\" target=\"_blank\">\"Atlassian Trust Center\"<\/a>. Atlassian, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.atlassian.com\/trust\" target=\"_blank\">https:\/\/www.atlassian.com\/trust<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Atlassian+Trust+Center&rft.atitle=&rft.pub=Atlassian%2C+Inc&rft_id=https%3A%2F%2Fwww.atlassian.com%2Ftrust&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<p><br \/>\n<\/p>\n<div align=\"center\">-----Go to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Organizational cloud computing risk management\/Five risk categories to consider\" class=\"wiki-link\" data-key=\"d18f1a3ad802fb40b2cefc9e7d83bf91\">the next chapter<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"Citation_information_for_this_chapter\">Citation information for this chapter<\/span><\/h2>\n<p><b>Chapter<\/b>: 2. Standards and security in the cloud\n<\/p><p><b>Title<\/b>: <i>Choosing and Implementing a Cloud-based Service for Your Laboratory<\/i>\n<\/p><p><b>Edition<\/b>: Second edition\n<\/p><p><b>Author for citation<\/b>: Shawn E. Douglas\n<\/p><p><b>License for content<\/b>: <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/\" target=\"_blank\">Creative Commons Attribution-ShareAlike 4.0 International<\/a>\n<\/p><p><b>Publication date<\/b>: August 2023\n<\/p><p><br \/>\n<\/p>\n<!-- \nNewPP limit report\nCached time: 20230816210723\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.444 seconds\nReal time usage: 0.457 seconds\nPreprocessor visited node count: 37906\/1000000\nPost\u2010expand include size: 322610\/2097152 bytes\nTemplate argument size: 118513\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 93541\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 409.984 1 -total\n 91.75% 376.177 1 Template:Reflist\n 80.01% 328.025 54 Template:Cite_web\n 76.83% 314.975 55 Template:Citation\/core\n 15.90% 65.202 44 Template:Date\n 8.21% 33.668 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\n 4.55% 18.663 89 Template:Citation\/make_link\n 2.36% 9.659 1 Template:Cite_journal\n 2.14% 8.791 2 Template:Citation\/identifier\n 0.59% 2.433 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13041-0!canonical and timestamp 20230816210724 and revision id 52905. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","3323880907987943705cdfbc653c393d_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/4\/45\/Virtual_data_room.png"],"3323880907987943705cdfbc653c393d_timestamp":1692220359,"02f10c1b263da2845885019939f8c31c_type":"article","02f10c1b263da2845885019939f8c31c_title":"2.1 Standards and regulations influencing cloud computing","02f10c1b263da2845885019939f8c31c_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing","02f10c1b263da2845885019939f8c31c_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Standards and security in the cloud\/Standards and regulations influencing cloud computingFrom LIMSWikiJump to navigationJump to search-----Return to the beginning of this guide-----\n2. Standards and security in the cloud \n Figure 3. The NIST Cloud Computing Security Reference Architecture provides a security overlay to the NIST Cloud Computing Reference Architecture, published in 2011.In a 2010 Cloud Computing Adoption Survey by Mimecast, the leading response (46 percent of surveyed IT managers) to the question \"Why did you decide against moving to the cloud?\" was \"security concerns.\"[1] In a separate survey published around the same time by the IEEE and Cloud Security Alliance, \"93 percent of respondents said the need for cloud computing security standards is important; 82 percent said the need is urgent.\"[2] Fast-forward to today and it's easy to see worries about cloud security have eased somewhat in comparison. A Cloud Threat Report by Oracle and KPMG in 2020 found that \"40% of cybersecurity and IT professionals from private and public businesses perceive public clouds as more secure than on-premise environments ... 12% believe public clouds are no more secure or insecure than what they can deliver with on-premises environments, and 2% think public clouds are less secure.\"[3] A survey less than a year before found similar numbers, also noting, however, that while confidence in cloud security was strong, a strong majority of respondents (71 percent) still believe there are at least moderate concerns about \"malicious activity in cloud systems.\"[4]\nTo be sure, there are undoubtedly opportunities for malicious activity within the cloud, which has its own share of complexities. A 2023 collaborative report by Check Point Software Technologies and Cybersecurity Insiders points to annual increases in attack attempts on cloud-based networks, needlessly complex and inadequate security policies, and insufficient and unsecure cloud configurations and interfaces as being drivers of security mishaps in the cloud.[5] Additionally, given that cloud computing is internet-based (i.e., networked), a networking approach based on normal internet and network standards is not sufficient to address the complexities inherent to many cloud computing implementations.[6] From integrating public and private clouds to meeting regulations mandating localized data storage, additional considerations must be made as to how best ensure standardized cloud services remain driven on solid security principles. With the transition to cloud, on-site data storage has moved online, with its own set of security nuances. Additionally, increased scalability, interfacing, and proximity to other networked data and systems adds more complexity to security.[7] As complexity is added, a more standardized approach is called for. Just as the Cloud Native Computing Foundation's (CNCF's) Certified Kubernetes Conformance Program attempts to ensure a standardized conformance of all Kubernetes instances to the Kubernetes application programming interfaces (APIs) for consistency and interoperability across cloud platforms[8], standards organizations like the Institute of Electrical and Electronics Engineers (IEEE), International Organization for Standardization (ISO), and National Institute of Standards and Technology (NIST) develop standards and guidelines to ensure quality and security across all cloud computing platforms.[9][10]\nThe next few sections examine the various organizations, agencies, and industries developing and promoting standards, guidelines, and recommendations that shape the proper use of cloud computing platforms. Note that you won't see much about laboratories and cloud computing in this chapter, as we pan outward and look at cloud standards and security from up high. We'll focus on how all this information relates to laboratories in the coming chapters.\n\r\n\n\n2.1 Standards and regulations influencing cloud computing \nNumerous organizations have taken up the mantle in developing and disseminating cloud compliance standards, guidelines, and recommendations since the late 2000s, some independently (e.g., the Storage Networking Industry Association) and others by government mandate (e.g., National Institute of Standards and Technology). Some organizations have tailored their content to a specific industry (e.g., PCI Security Standards Council and the financial industry), while others have focused on a sector of business (e.g., FedRAMP and the U.S. Federal government). As the development of these standards, guidelines, and recommendations has continued, the groundwork has been created for future updates. NIST's early work with its SP 500-293 NIST Cloud Computing Technology Roadmap, Volume I and II and SP 500-299 NIST Cloud Computing Security Reference Architecture (Figure 3) have gone on to further define a modern approach to categorizing, evaluating, comparing, and selecting cloud services.[11] And those documents were influenced by even earlier work by the Cloud Security Alliance's Enterprise Architecture efforts.[12]\nThe work to improve and expand upon existing standards continues today, even as new service models for cloud computing emerge. Examples of the prior mentioned and other organizations contributing to these efforts are shown in Table 3.\n\n\n\n\nTable 3. Organizations that have developed and are developing cloud compliance standards, guidelines, recommendations, and frameworks\n\n\nOrganization\n\nDescription\n\nLink to standards, etc.\n\n\nCrown Commercial Services and G-Cloud\n\nThough not a standards organization, the U.K. Crown Commercial Service's (CSS's) G-Cloud program and framework allows companies considering selling cloud-based services to the U.K. government to make their services available \"through a front-end catalogue called the Digital Marketplace.\" The framework agreements place specific requirements on the various services being offered by the provider, and in return, the provider can bid on government opportunities without going through the full procurement process.[13]\n\nG-Cloud standards, etc.\n\n\nDMTF\n\nFormerly known as the Distributed Management Task Force, DMTF \"creates open manageability standards spanning diverse emerging and traditional IT infrastructures.\"[14] This includes cloud standards, virtualization standards, networking standards, and more.\n\nDMTF standards, etc.\n\n\nEuropean Telecommunications Standards Institute\n\nETSI \"supports the timely development, ratification and testing of globally applicable standards\" for information and communications technology (ICT) hardware, software, and services.[15]\n\nETSI standards, etc.\n\n\nGeneral Services Administration and FedRAMP\n\nThough not a standards organization, the U.S. General Services Administration's (GSA's) FedRAMP program \"provides a standardized approach to security authorizations for cloud service offerings\" for the U.S. Federal government.[16] FedRAMP \"standardizes security requirements for the authorization and ongoing cybersecurity of cloud services\" as authorized by a number of regulations and policies.[17]\n\nFedRAMP standards, etc.\n\n\nIEEE Computer Society and IEEE Standards Association\n\nThe IEEE Cloud Computing Standards Committee, which is chartered \"to promote the development of standards in all aspects of the cloud computing ecosystem,\" has four working groups that help develop cloud computing standards for the IEEE Standards Association.[18]\n\nIEEE SA standards, etc.\n\n\nInternational Organization for Standardization (ISO)\n\nThe ISO is a primary global standards organization that has been developing a wide variety of standards for decades. Numerous cloud-computing standards have been published under International Classification for Standards (ICS) code 35.210.[19]\n\nISO standards, etc.\n\n\nInternational Telecommunication Union (ITU)\n\nThe ITU is the United Nation's specialized agency for information communication technologies (ICTs). Among their activities, the agency develops technical standards and facilitates international connectivity in communication networks.[20] Many recommendation documents have been developed through its Telecommunication Standardization Sector (ITU-T), SG13 Study Group, including cloud computing recommendations (Y Series).\n\nITU-T standards, etc.\n\n\nNational Institute of Standards and Technology (NIST)\n\nNIST is a U.S. Department of Commerce institute which focuses on scientific measurement and standardization. They have developed a numbers roadmaps, guidelines, and definitions through its SAJACC[21] and NCCP[22] initiatives.\n\nNIST standards, etc.\n\n\nOMG Cloud Working Group\n\nPreviously known as the Cloud Standards Customer Council (CSCC), OMG's Cloud Working Group (CWG) \"publishes vendor-neutral guidance on important considerations for cloud computing adoption, highlighting standards, opportunities for standardization, cloud customer requirements, and best practices to foster an ecosystem of open, standards-based cloud computing technologies.\"[23]\n\nCWG standards, etc.\n\n\nOpen Grid Forum (OGF)\n\nThe OGF is \"an open global community committed to driving the rapid evolution and adoption of modern advanced applied distributed computing, including cloud, grid and associated storage, networking and workflow methods.\"[24]\n\nOGF standards, etc.\n\n\nOrganization for the Advancement of Structured Information Standards (OASIS)\n\nOASIS Open is a standards body that \"offers projects\u2014including open source projects\u2014a path to standardization and de jure approval for reference in international policy and procurement.\"[25]\n\nOASIS Open standards, etc.\n\n\nPCI Security Standards Council (PCI SSC)\n\nPCI SSC \"is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.\"[26]\n\nPCI SSC Open standards, etc.\n\n\nStorage Networking Industry Association (SNIA)\n\nSNIA develops and promotes \"vendor-neutral architectures, standards, and educational services that facilitate the efficient management, movement, and security of information,\"[27] including the Cloud Data Management Interface (CDMI) standard.[28]\n\nSNIA standards, etc.\n\n\nThe Open Group\n\nThis organization attempts \"to capture, clarify, and integrate current and emerging requirements, establish standards and policies, and share best practices.\"[29]\n\nOpen Group standards, etc.\n\n\nTM Forum\n\nThis global alliance attempts \"to collaboratively solve complex industry-wide challenges, deploy new services and create technology breakthroughs to accelerate change.\"[30] As a result of this collaboration, several technical documents and guides related to cloud computing have been developed.\n\nTM Forum standards, etc.\n\n\nHowever, organizational standards, guidelines, and recommendations alone do not influence how cloud computing services can and should be implemented and operated. Regulatory bodies, legislative bodies, and government agencies also directly or indirectly have an impact on cloud service operations. In some cases, the law, regulation, or guidance coming from such bodies may not even mention \"cloud computing,\" yet because they mandate how specific data and information can be managed, used, and distributed, they ultimately influence what a cloud service provider (CSP) does and how they do it. This can be observed by more than a few of the examples in Table 4. The California Consumer Privacy Act, for example, makes no mention of the word \"cloud,\" but CSPs and cloud users alike must consider aspects of the regulation, e.g., what can and cannot be done with a consumer's information based on location of the stored information.[31]\n\n\n\n\nTable 4. Examples of some common regulations, recommendations, and guidance that shape the proper use of cloud-computing platforms\n\n\nRegulation, recommendation, or guidance\n\nCreator\n\nDescription\n\nLink\n\n\nCalifornia Consumer Privacy Act (CCPA)\n\nThe State of California\n\nThe CCPA \"provides California consumers with a number of privacy protections, including right to access, delete, and opt-out of the 'sale' of their personal information.\"[32] Cloud solutions such as Google Cloud attempt to help users meet CCPA obligations, as well as meet their own commitments.[32]\n\nLink\n\n\nCloud Computing Regulatory Framework (CCRF)\n\nKingdom of Saudi Arabia\n\nThe KSA's CCRF \"is based on international best practices and governs the rights and obligations of cloud service providers (CSPs), individual customers, government entities and businesses.\"[33] It is one of only a few existing cloud-specific regulatory frameworks created by a government.[33]\n\nLink\n\n\nCloud Security Principles\n\nGovernment of the United Kingdom\n\nThe U.K. developed a collection of 14 Cloud Security Principles that \"include important considerations such as protection of data in transit, supply chain security, identity and authentication, and secure use of cloud services.\"[34] This is an example of a national government developing a cloud-specific set of guidance for its public sector.\n\nLink\n\n\nFederal Information Security Modernization Act of 2014 (FISMA)\n\nUnited States Government\n\nAmending the prior FISMA 2002, FISMA 2014 achieves several things, chief among them giving Federal government the ability to better respond to cybersecurity attacks on its departments and agencies. Compliance with FISMA means implementing \"recommended information security controls for federal information systems as identified in the NIST SP 800-53.\"[35]\n\nLink\n\n\nGeneral Data Protection Regulation (GDPR)\n\nEuropean Union\n\nThe GDPR is a non-trivial regulatory hurdle with positive intentions, with the goal of strengthening personal data protection in Europe. The regulation \"lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe.\"[36] Cloud vendors like Google may stipulate in their contracts with European clients how they meet that guidance, as well as offer tools, documentation, and other resources to assist with assessment of the vendor's services.[36]\n\nLink\n\n\nGuidance on Outsourcing to Cloud Service Providers\n\nGermany's Bundesanstalt f\u00fcr Finanzdienstleistungsaufsicht (BaFin)\n\nBaFin's Guidance document on cloud service outsourcing \"provides specific outsourcing guidance for financial institutions on contractual terms, including information and audit rights, the right to issue instructions, data security \/ protection, termination and chain outsourcing.\"[37] Cloud vendors like Google may stipulate in their contracts with German clients how they meet that guidance.[37]\n\nLink\n\n\nHealth Insurance Portability and Accountability Act (HIPAA)\n\nUnited States Government\n\nThe HIPAA Rules \"establish important protections for individually identifiable health information ..., including limitations on uses and disclosures of such information, safeguards against inappropriate uses and disclosures, and individuals\u2019 rights with respect to their health information.\"[38] HIPAA compliance is so vital for some organizations that U.S. government entities like the U.S. Department of Health & Human Services (HHS) have published their own guidance towards how HIPAA covered entities can best comply when using cloud services.[38]\n\nLink\n\n\nJoint Statement: Security in a Cloud Computing Environment\n\nFederal Financial Institutions Examination Council (FFIEC)\n\nIn this document, the FFIEC\u2014an interagency group of federal and state banking regulators\u2014addresses \"the use of cloud computing services and security risk management principles in the financial services sector\" and \"highlights examples of risk management practices for a financial institution\u2019s safe and sound use of cloud computing services and safeguards to protect customers\u2019 sensitive information from risks that pose potential consumer harm.\"[39][40]\n\nLink\n\n\nOMB Circular A-130, Managing Information as a Strategic Resource\n\nUnited States Government\n\nThis (revised) Obama-era circular \"establishes general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources, and supporting infrastructure and services,\" including cloud services.[41] In addition to FISMA, this circular supports the FedRAMP program and its standardized security requirements.[16]\n\nLink\n\n\nPersonal Data Protection Law (KVKK)\n\nGovernment of Turkey\n\nTurkey's KVKK (Ki\u015fisel Verileri Koruma Kanunu) \"regulates the protection of personal data and outlines the obligations that entities and individuals dealing with personal data must comply with.\"[42] It has significant relevancy to cloud computing efforts in the country.[43]\n\nLink\n\n\nProtective Security Policy Framework\n\nAustralian Government\n\nThe PSPF \"assists Australian Government entities to protect their people, information, and assets, both at home and overseas.\" It contains multiple statements about how cloud computing should be handled.[44]\n\nLink\n\n\nWhile Big Tech was as early as 2010 asking the U.S. government to take a more proactive regulatory approach to cloud computing[45], actual direct regulation of cloud computing by the world's governments has been limited.[46][47] This leads to complicated viewpoints about the value of regulation vs. its drawbacks. Yes, careful regulation can help ensure consistent, affordable, and secure access to cloud services and may even encourage organizations to adopt the technology.[46] However, a headstrong approach to regulations for CSPs, without sector- and industry-specific considerations, may have unintended consequences, e.g., unduly raising compliance costs or forcing insufficient levels of access control on an entity.[46]\nAt least in the U.S., lawmakers and regulators may soon be pressured to increase regulatory approaches to cloud computing. This may be driven by the increasingly concentrated nature of cloud services in a handful of tech giants, though at the same time hampered by the widely varying approaches to addressing cloud-related issues via policy and regulation at the national and international levels. First, the very nature of these cloud services\u2014and the ever increasing criticality they attain\u2014as centralized services ensures the regulatory eye will increasingly be placed upon those cloud vendors. In fact, discussion about and designation of cloud services as critical infrastructure is already occurring in earnest, as they have \"become essential to the performance of a growing swath of other sectors that have not heretofore been massively dependent on centralized cloud functionalities, and hence vulnerable to their disruption.\"[46][6] A 2023 Digital Forensic Research Lab report by Zuo et al. highlights this further by nodding to the U.S. government's designation of \"critical infrastructure\" sectors and how their loss would result in a \"debilitating effect on security, national economic security, national public health or safety, or any combination of those matters.\" Their report argues that \"the maturation of current [regulatory] policy tools, and creation of others,\" is vital going forward.[48] These and other such spotlights may lead to policymakers, regulatory bodies, and legislators being left with little choice but to move forward with more policy and regulation. \nSecond, and consequently, the development of such policy and regulation may not occur in a manner more unified with global perceptions but rather largely based upon localized values, interests, and priorities. The failure here is the lack of recognition of CSPs as being integral to individual, retail, corporate, organizational, and government operations around the globe[48], i.e. their centralized and concentrated position within a changing computing paradigm. As such, greater effort must be made by policymakers, regulators, and legislatures to find at least a minimum level of \"compatibility and reconciliation\" with other existing governance mechanisms, while carefully addressing both security of operation and operational robustness in tandem, such that there is greater harmonization globally.[46][48] And through government-level support of harmonized controls\u2014as well as a vested interest in promoting the responsible \"development, dissemination, and operation of cloud infrastructure\"\u2014cloud users will stand a greater chance of reaping the economic benefits of adopting cloud computing.[46]\nCurrent and future regulatory action applies to several areas of cloud computing. How a CSP responds to and notifies affected users of a security breach is one concern. Up until 2022, the U.S. government didn't fully address in a unified fashion aspects of cloud security breaches such as protection obligations, reporting time, and required notification parties, nor any compensation mechanism for those affected.[49] (All U.S. states and most territories did already have their own flavor of breach notification legislation[50], but like cannabis law, this was problematic in the face of a strong divergence with federal law or lack thereof.) In March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which requires covered entities to report substantial cybersecurity incidents and any paid ransom for ransomware attacks, with more scope and definition to come.[51] While this addresses some of the prior-mentioned aspects, its thoroughness towards protection obligations and compensation remains lacking. A year later, however, cybersecurity thought leaders like Viakoo's CEO Bud Broomhead positively acknowledge CIRCIA as \"not the destination ... but an important waypoint toward it,\" with other activities like the creation of the Joint Ransomware Task Forces and Ransomware Vulnerability Warning Pilot Program further promoting stronger federal efforts towards cloud security.[52]\nOther areas of cloud security also face regulatory action. For example, the applications and algorithms that drive and collect data from users of cloud-enabled applications may also face regulatory scrutiny or control by a national government, as was seen with both China's and the U.S.'s scrutiny of the TikTok application, its algorithms, and its security.[46][53][54] Data localization also remains a significant area of cloud computing regulation, not just for security concerns but also industrial policy, economic policy, privacy concerns, and human rights concerns.[46] Other areas of concern that may see regulation include interoperability and portability, digital preservation (retention) obligations, and cross-border data transfer.\nAnd then there's the proverbial \"elephant in the room\": overall data privacy and protection considerations in the cloud. This is a major concern typically because of statutes\u2014like the California Consumer Privacy Act[32]\u2014that broadly protect a collective of affected individuals and how their cloud data is collected, preserved, organized, stored, and used not only within the governing entity (e.g., state, country, political and economic union) but also as its transferred to and from the governing entity. The previously mentioned data localization and cross-border data transfer issues fall under this heading.[55] These often prove to be some of the most challenging regulations to develop, as lawmakers and regulators don't always anticipate the rate of change of technology. They're also difficult for CSPs and organizations to comply with, particularly due to the variance in requirements among all governing entities' laws.[55]\nOther approaches to regulation also affect how cloud computing services are implemented and managed. For example, rather than taking a broad approach towards regulation, addressing everyone providing and\/or using cloud services, it's possible that regulators and legislators may take a more focused, sector-based approach. But that comes with its own set of problems, as Maurer and Hinck noted in their 2020 Carnegie Endowment paper[6]:\n\n[T]he impact of a cloud security incident usually depends on what type of data or service is affected. Thus, the most suitable potential regulatory requirements with respect to security may differ across sectors that deal with different types of data\u2014from the highly sensitive, fast-moving data common in the financial sector to the more privacy-sensitive personal data used by medical service providers. However, crafting regulation on a sector-by-sector basis would likely create conflicting requirements and incomplete standards.\nFinally, as a third option, rather than direct regulation of the broad market or even specific sectors, some governments may simply use their considerable weight to influence how CSPs provide their services, influencing future regulation, as Levite and Kalwani note in their 2020 paper for the Carnegie Endowment[46]:\n\nFinally, some of the efforts to influence CSP behavior may not come through explicit regulation, but rather through exercise of the government\u2019s market power. Cloud adoption strategies and trends in e-governance have made governments some of the largest and most important clients of CSPs. Governments will likely use their market clout and status as a large and powerful consumer as a source of leverage over industry to set standards of contracting fairness and other provisions that transcend the immediate cloud service contracts they enter. While formally these provisions will only apply to government contracts, they could over time cross over to public clouds as well, or at least help set precedents that drive regulatory attention and inform industry standards. Yet over the longer run, government privatization of many services might actually weaken their leverage, given lock-in issues. How the balance between the two parties ultimately will play out remains to be seen.\nWhatever direction regulators and legislators continue take, it ideally will be done with thorough consideration of how to implement regulation, as well as the potential effects regulation will have on various markets.\n\nReferences \n\n\n\u2191 Mimecast (2010). \"Cloud Computing Adoption Survey\" (PDF). https:\/\/system.netsuite.com\/core\/media\/media.nl?id=181214&c=601905&h=2ef3796f7c4d9c8a585e&_xt=.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 IEEE; Cloud Security Alliance (1 March 2010). \"Survey by IEEE and Cloud Security Alliance Details Importance and Urgency of Cloud Computing Security Standards\". Cloud Security Alliance. https:\/\/cloudsecurityalliance.org\/press-releases\/2010\/03\/01\/survey-by-ieee-and-cloud-security-alliance-details-importance-and-urgency-of-cloud-computing-security-standards\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Bizga, A. (19 May 2020). \"40% of IT professionals believe that public clouds are more secure than on-premise environments\". Security Boulevard. https:\/\/securityboulevard.com\/2020\/05\/40-of-it-professionals-believe-that-public-clouds-are-more-secure-than-on-premise-environments\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cloud is safer than on-premise say that majority of security leaders\". Continuity Central. 4 September 2019. https:\/\/www.continuitycentral.com\/index.php\/news\/technology\/4384-cloud-is-safer-than-on-premise-say-that-majority-of-security-leaders . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cloud Security Threats Remain Rampant: Check Point Survey Reveals Heightened Concerns for 76% of Organizations Amid 48% Increase in Cloud-Based Network Attacks\". Check Point Software Technologies Ltd. 26 June 2023. https:\/\/www.checkpoint.com\/press-releases\/cloud-security-threats-remain-rampant-check-point-survey-reveals-heightened-concerns-for-76-of-organizations-amid-48-increase-in-cloud-based-network-attacks\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 6.0 6.1 6.2 Maurer, T.; Hinck, G. (31 August 2020). \"Cloud Security: A Primer for Policymakers\". Carnegie Endowment for International Peace. https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597 . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What is Cloud Security?\". Resource Center. AO Kaspersky Lab. 2021. https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security . Retrieved 28 July 2023 .   \n \n\n\u2191 Sarrel, M. (4 February 2020). \"Why cloud-native open source Kubernetes matters\". enterprise.nxt. Hewlett Packard Enterprise. Archived from the original on 18 December 2022. https:\/\/web.archive.org\/web\/20221218143215\/https:\/\/www.hpe.com\/us\/en\/insights\/articles\/why-cloud-native-open-source-kubernetes-matters-2002.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"IEEE 2301-2020 - IEEE Guide for Cloud Portability and Interoperability Profiles (CPIP)\". IEEE Standards Association. 13 August 2020. https:\/\/standards.ieee.org\/ieee\/2301\/5077\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Kirvan, P. (17 December 2020). \"Top cloud compliance standards and how to use them\". TechTarget SearchCompliance. Archived from the original on 21 December 2020. https:\/\/web.archive.org\/web\/20201221150028\/https:\/\/searchcompliance.techtarget.com\/tip\/Top-cloud-compliance-standards-and-how-to-use-them . Retrieved 28 July 2023 .   \n \n\n\u2191 Simmon, E.D. (23 February 2018). \"Evaluation of Cloud Computing Services Based on NIST SP 800-145\". NIST. https:\/\/www.nist.gov\/publications\/evaluation-cloud-computing-services-based-nist-sp-800-145 . Retrieved 28 July 2023 .   \n \n\n\u2191 \"CSA Enterprise Architecture Reference Guide v2\". Cloud Security Alliance. 2020. https:\/\/cloudsecurityalliance.org\/artifacts\/enterprise-architecture-reference-guide-v2\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Ultimate Guide to G-Cloud\". AdviceCloud. https:\/\/advice-cloud.co.uk\/knowledge-hub\/ultimate-guide-to-g-cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"About DMTF\". DMTF. https:\/\/www.dmtf.org\/about . Retrieved 28 July 2023 .   \n \n\n\u2191 \"About ETSI\". European Telecommunications Standards Institute. https:\/\/www.etsi.org\/about . Retrieved 28 July 2023 .   \n \n\n\u2191 16.0 16.1 \"FedRAMP\". General Services Administration. https:\/\/www.fedramp.gov\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Program Basics\". General Services Administration. https:\/\/www.fedramp.gov\/program-basics\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"IEEE Cloud Computing Standards Committee\". IEEE Computer Society. https:\/\/www.computer.org\/volunteering\/boards-and-committees\/standards-activities\/committees\/cloud . Retrieved 28 July 2023 .   \n \n\n\u2191 \"ICS > 35: 35.210 Cloud Computing\". International Organization for Standardization. https:\/\/www.iso.org\/ics\/35.210\/x\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"About International Telecommunication Union (ITU)\". International Telecommunication Union. https:\/\/www.itu.int\/en\/about\/Pages\/default.aspx . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC)\". National Institute of Standards and Technology. 3 June 2018. https:\/\/www.nist.gov\/itl\/standards-acceleration-jumpstart-adoption-cloud-computing-sajacc . Retrieved 28 July 2023 .   \n \n\n\u2191 \"NIST Cloud Computing Program - NCCP\". National Institute of Standards and Technology. 9 July 2019. https:\/\/www.nist.gov\/programs-projects\/nist-cloud-computing-program-nccp . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Cloud Working Group\". Object Management Group. https:\/\/www.omg.org\/cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Open Grid Forum\". Open Grid Forum. https:\/\/ogf.org\/ogf\/doku.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"About Us\". OASIS Open. https:\/\/www.oasis-open.org\/org\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"About Us\". PCI Security Standards Council. https:\/\/www.pcisecuritystandards.org\/about_us\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Vision and Mission\". Storage Networking Industry Association. https:\/\/www.snia.org\/about\/vision-mission . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Standards Portfolio\". Storage Networking Industry Association. https:\/\/www.snia.org\/tech_activities\/standards\/curr_standards . Retrieved 28 July 2023 .   \n \n\n\u2191 \"The Open Group\". The Open Group. https:\/\/www.opengroup.org\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"About Us\". TM Forum. https:\/\/www.tmforum.org\/about-tm-forum\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"TITLE 1.81.5. California Consumer Privacy Act of 2018 [1798.100 - 1798.199.100\"]. California Legislative Information. Legislative Counsel Bureau. https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5 . Retrieved 28 July 2023 .   \n \n\n\u2191 32.0 32.1 32.2 \"California Consumer Privacy Act (CCPA)\". Google Cloud. https:\/\/cloud.google.com\/security\/compliance\/ccpa . Retrieved 28 July 2023 .   \n \n\n\u2191 33.0 33.1 Guseyva, V. (18 September 2020). \"Data residency laws by country: An overview\". InCountry. https:\/\/incountry.com\/blog\/data-residency-laws-by-country-overview\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"NCSC - Cloud Security (UK)\". Google Cloud. https:\/\/cloud.google.com\/security\/compliance\/ncsc-uk . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What is the Difference between FISMA and FedRAMP?\". PaloAlto Networks. 2021. https:\/\/www.paloaltonetworks.com\/cyberpedia\/difference-between-fisma-and-fedramp . Retrieved 28 July 2023 .   \n \n\n\u2191 36.0 36.1 \"Google Cloud & the General Data Protection Regulation (GDPR)\". Google Cloud. https:\/\/cloud.google.com\/privacy\/gdpr . Retrieved 28 July 2023 .   \n \n\n\u2191 37.0 37.1 \"BaFin Cloud Outsourcing Guidance\". Google Cloud. https:\/\/cloud.google.com\/security\/compliance\/bafin . Retrieved 28 July 2023 .   \n \n\n\u2191 38.0 38.1 Office for Civil Rights (23 December 2022). \"Guidance on HIPAA & Cloud Computing\". Health Information Privacy. U.S. Department of Health & Human Services. https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Joint Statement: Security in a Cloud Computing Environment\" (PDF). 30 April 2020. https:\/\/www.ffiec.gov\/press\/PDF\/FFIEC_Cloud_Computing_Statement.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Ross, S.; Scott, K. (6 May 2020). \"US bank regulators issue cloud computing security guidance\". Financial Services: Regulation Tomorrow. Norton Rose Fulbright. https:\/\/www.regulationtomorrow.com\/us\/us-bank-regulators-issue-cloud-computing-security-guidance\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"OMB Circular A-130, Managing Information as a Strategic Resource\" (PDF). The White House. 28 July 2016. https:\/\/obamawhitehouse.archives.gov\/sites\/default\/files\/omb\/assets\/OMB\/circulars\/a130\/a130revised.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Coos, A. (30 April 2020). \"All You Need to Know About Turkey\u2019s Personal Data Protection Law (KVKK)\". Endpoint Protector Blog. https:\/\/www.endpointprotector.com\/blog\/everything-you-need-to-know-about-turkeys-personal-data-protection-law\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Ersoy, E.C.; Karaka\u015f, M. (19 June 2020). \"Cloud Computing Technologies and Its Legal Dimension\". K\u0131l\u0131n\u00e7 Law and Consulting. https:\/\/www.kilinclaw.com.tr\/en\/cloud-computing-technologies-and-its-legal-dimension\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"The Protective Security Policy Framework\". Australian Government. https:\/\/www.protectivesecurity.gov.au\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Alpern, P. (10 February 2010). \"Microsoft to Congress: Time For New Cloud Computing Laws\". IndustryWeek. https:\/\/www.industryweek.com\/innovation\/article\/21932894\/microsoft-to-congress-time-for-new-cloud-computing-laws . Retrieved 28 July 2023 .   \n \n\n\u2191 46.0 46.1 46.2 46.3 46.4 46.5 46.6 46.7 46.8 Levite, A.; Kalwani, G. (9 November 2020). \"Cloud Governance Challenges: A Survey of Policy and Regulatory Issues\". Carnegie Endowment for International Peace. https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124 . Retrieved 28 July 2023 .   \n \n\n\u2191 Ali, O.; Osmanaj, V. (2020). \"The role of government regulations in the adoption of cloud computing: A case study of local government\". Computer Law & Security Review 36: 105396. doi:10.1016\/j.clsr.2020.105396.   \n \n\n\u2191 48.0 48.1 48.2 Zuo, T.; Sherman, J.; Hamin, M. et al. (10 July 2023). \"Critical Infrastructure and the Cloud: Policy for Emerging Risk\". DFRLab. https:\/\/dfrlab.org\/2023\/07\/10\/critical-infrastructure-and-the-cloud-policy-for-emerging-risk\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 Mitnick, D. (10 April 2018). \"No more waiting: It\u2019s time for a federal data breach law in the U.S.\". Access Now Blog. Access Now. https:\/\/www.accessnow.org\/no-more-waiting-its-time-for-a-federal-data-breach-law-in-the-u-s\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Security Breach Notification Laws\". National Conference of State Legislatures. 17 January 2022. https:\/\/www.ncsl.org\/technology-and-communication\/security-breach-notification-laws . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Expansive Federal Breach Reporting Requirement Becomes Law\". Ropes & Gray. 22 March 2022. https:\/\/www.ropesgray.com\/en\/newsroom\/alerts\/2022\/march\/expansive-federal-breach-reporting-requirement-becomes-law . Retrieved 14 August 2023 .   \n \n\n\u2191 Blair-Frasier, R. (31 March 2023). \"Experts weigh in on CIRCIA one year later\". Security Magazine. Archived from the original on 31 March 2023. https:\/\/web.archive.org\/web\/20230331233533\/https:\/\/www.securitymagazine.com\/articles\/99138-experts-weigh-in-on-circia-one-year-later . Retrieved 14 August 2023 .   \n \n\n\u2191 Brandom, R. (2 September 2020). \"Trump\u2019s TikTok deal has hit a serious roadblock\". The Verge. https:\/\/www.theverge.com\/2020\/9\/2\/21418496\/tiktok-for-you-page-algorithm-deal-us-china-trump-microsoft . Retrieved 28 July 2023 .   \n \n\n\u2191 Cox, K. (10 February 2021). \"Oracle\u2019s TikTok acquisition reportedly \u201cshelved\u201d indefinitely\". Ars Technica. https:\/\/arstechnica.com\/tech-policy\/2021\/02\/oracles-tiktok-acquisition-reportedly-shelved-indefinitely\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 55.0 55.1 Eustice, J.C. (2018). \"Understand the intersection between data privacy laws and cloud computing\". Legal Technology, Products, and Services. Thomson Reuters. https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:28.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 236 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","02f10c1b263da2845885019939f8c31c_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Standards_and_security_in_the_cloud_Standards_and_regulations_influencing_cloud_computing rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Standards_and_security_in_the_cloud_Standards_and_regulations_influencing_cloud_computing skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Standards and security in the cloud\/Standards and regulations influencing cloud computing<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><div align=\"center\">-----Return to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction\" class=\"wiki-link\" data-key=\"a5122d160da552b7fab8ca62d4bc6155\">the beginning<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"2._Standards_and_security_in_the_cloud\">2. Standards and security in the cloud<\/span><\/h2>\n<div class=\"thumb tright\"><div class=\"thumbinner\" style=\"width:502px;\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:NIST_Cloud_Computing_Security_Reference_Architecture_(9029002396).jpg\" class=\"image wiki-link\" data-key=\"1515cdb344d32bf28d93b4f67f639535\"><img alt=\"\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/5\/5b\/NIST_Cloud_Computing_Security_Reference_Architecture_%289029002396%29.jpg\" decoding=\"async\" class=\"thumbimage\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a> <div class=\"thumbcaption\"><div class=\"magnify\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:NIST_Cloud_Computing_Security_Reference_Architecture_(9029002396).jpg\" class=\"internal wiki-link\" title=\"Enlarge\" data-key=\"1515cdb344d32bf28d93b4f67f639535\"><\/a><\/div><b>Figure 3.<\/b> The <i>NIST Cloud Computing Security Reference Architecture<\/i> provides a security overlay to the <i>NIST Cloud Computing Reference Architecture<\/i>, published in 2011.<\/div><\/div><\/div><p>In a 2010 Cloud Computing Adoption Survey by Mimecast, the leading response (46 percent of surveyed IT managers) to the question \"Why did you decide against moving to the cloud?\" was \"security concerns.\"<sup id=\"rdp-ebb-cite_ref-MimecastCloud10_1-0\" class=\"reference\"><a href=\"#cite_note-MimecastCloud10-1\">[1]<\/a><\/sup> In a separate survey published around the same time by the IEEE and Cloud Security Alliance, \"93 percent of respondents said the need for <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> security standards is important; 82 percent said the need is urgent.\"<sup id=\"rdp-ebb-cite_ref-CSASurvey10_2-0\" class=\"reference\"><a href=\"#cite_note-CSASurvey10-2\">[2]<\/a><\/sup> Fast-forward to today and it's easy to see worries about cloud security have eased somewhat in comparison. A Cloud Threat Report by Oracle and KPMG in 2020 found that \"40% of <a href=\"https:\/\/www.limswiki.org\/index.php\/Cybersecurity\" class=\"mw-redirect wiki-link\" title=\"Cybersecurity\" data-key=\"ba653dc2a1384e5f9f6ac9dc1a740109\">cybersecurity<\/a> and IT professionals from private and public businesses perceive public clouds as more secure than on-premise environments ... 12% believe public clouds are no more secure or insecure than what they can deliver with on-premises environments, and 2% think public clouds are less secure.\"<sup id=\"rdp-ebb-cite_ref-Bizga40_20_3-0\" class=\"reference\"><a href=\"#cite_note-Bizga40_20-3\">[3]<\/a><\/sup> A survey less than a year before found similar numbers, also noting, however, that while confidence in cloud security was strong, a strong majority of respondents (71 percent) still believe there are at least moderate concerns about \"malicious activity in cloud systems.\"<sup id=\"rdp-ebb-cite_ref-CCCloud19_4-0\" class=\"reference\"><a href=\"#cite_note-CCCloud19-4\">[4]<\/a><\/sup>\n<\/p><p>To be sure, there are undoubtedly opportunities for malicious activity within the cloud, which has its own share of complexities. A 2023 collaborative report by Check Point Software Technologies and Cybersecurity Insiders points to annual increases in attack attempts on cloud-based networks, needlessly complex and inadequate security policies, and insufficient and unsecure cloud configurations and interfaces as being drivers of security mishaps in the cloud.<sup id=\"rdp-ebb-cite_ref-CheckCloud23_5-0\" class=\"reference\"><a href=\"#cite_note-CheckCloud23-5\">[5]<\/a><\/sup> Additionally, given that cloud computing is internet-based (i.e., networked), a networking approach based on normal internet and network standards is not sufficient to address the complexities inherent to many cloud computing implementations.<sup id=\"rdp-ebb-cite_ref-MaurerCloud20_6-0\" class=\"reference\"><a href=\"#cite_note-MaurerCloud20-6\">[6]<\/a><\/sup> From integrating public and private clouds to meeting regulations mandating localized data storage, additional considerations must be made as to how best ensure standardized cloud services remain driven on solid security principles. With the transition to cloud, on-site data storage has moved online, with its own set of security nuances. Additionally, increased scalability, interfacing, and proximity to other networked data and systems adds more complexity to security.<sup id=\"rdp-ebb-cite_ref-KasperskyWhatIs_7-0\" class=\"reference\"><a href=\"#cite_note-KasperskyWhatIs-7\">[7]<\/a><\/sup> As complexity is added, a more standardized approach is called for. Just as the Cloud Native Computing Foundation's (CNCF's) Certified Kubernetes Conformance Program attempts to ensure a standardized conformance of all Kubernetes instances to the Kubernetes <a href=\"https:\/\/www.limswiki.org\/index.php\/Application_programming_interface\" title=\"Application programming interface\" class=\"wiki-link\" data-key=\"36fc319869eba4613cb0854b421b0934\">application programming interfaces<\/a> (APIs) for consistency and interoperability across cloud platforms<sup id=\"rdp-ebb-cite_ref-SarrelWhyCloud20_8-0\" class=\"reference\"><a href=\"#cite_note-SarrelWhyCloud20-8\">[8]<\/a><\/sup>, standards organizations like the Institute of Electrical and Electronics Engineers (IEEE), <a href=\"https:\/\/www.limswiki.org\/index.php\/International_Organization_for_Standardization\" title=\"International Organization for Standardization\" class=\"wiki-link\" data-key=\"116defc5d89c8a55f5b7c1be0790b442\">International Organization for Standardization<\/a> (ISO), and National Institute of Standards and Technology (NIST) develop standards and guidelines to ensure quality and security across all cloud computing platforms.<sup id=\"rdp-ebb-cite_ref-IEEE2301_20_9-0\" class=\"reference\"><a href=\"#cite_note-IEEE2301_20-9\">[9]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-KirvanTop20_10-0\" class=\"reference\"><a href=\"#cite_note-KirvanTop20-10\">[10]<\/a><\/sup>\n<\/p><p>The next few sections examine the various organizations, agencies, and industries developing and promoting standards, guidelines, and recommendations that shape the proper use of cloud computing platforms. Note that you won't see much about <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a> and cloud computing in this chapter, as we pan outward and look at cloud standards and security from up high. We'll focus on how all this information relates to laboratories in the coming chapters.\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"2.1_Standards_and_regulations_influencing_cloud_computing\">2.1 Standards and regulations influencing cloud computing<\/span><\/h3>\n<p>Numerous organizations have taken up the mantle in developing and disseminating cloud compliance standards, guidelines, and recommendations since the late 2000s, some independently (e.g., the Storage Networking Industry Association) and others by government mandate (e.g., National Institute of Standards and Technology). Some organizations have tailored their content to a specific industry (e.g., PCI Security Standards Council and the financial industry), while others have focused on a sector of business (e.g., FedRAMP and the U.S. Federal government). As the development of these standards, guidelines, and recommendations has continued, the groundwork has been created for future updates. NIST's early work with its SP 500-293 <i>NIST Cloud Computing Technology Roadmap, Volume I and II<\/i> and SP 500-299 <i>NIST Cloud Computing Security Reference Architecture<\/i> (Figure 3) have gone on to further define a modern approach to categorizing, evaluating, comparing, and selecting cloud services.<sup id=\"rdp-ebb-cite_ref-SimmonEval18_11-0\" class=\"reference\"><a href=\"#cite_note-SimmonEval18-11\">[11]<\/a><\/sup> And those documents were influenced by even earlier work by the Cloud Security Alliance's Enterprise Architecture efforts.<sup id=\"rdp-ebb-cite_ref-CSAEnt20_12-0\" class=\"reference\"><a href=\"#cite_note-CSAEnt20-12\">[12]<\/a><\/sup>\n<\/p><p>The work to improve and expand upon existing standards continues today, even as new service models for cloud computing emerge. Examples of the prior mentioned and other organizations contributing to these efforts are shown in Table 3.\n<\/p>\n<table class=\"wikitable\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\" style=\"\">\n\n<tbody><tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\" colspan=\"3\"><b>Table 3.<\/b> Organizations that have developed and are developing cloud compliance standards, guidelines, recommendations, and frameworks\n<\/td><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Organization\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Description\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Link to standards, etc.\n<\/th><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Crown Commercial Services and G-Cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Though not a standards organization, the U.K. Crown Commercial Service's (CSS's) G-Cloud program and framework allows companies considering selling cloud-based services to the U.K. government to make their services available \"through a front-end catalogue called the Digital Marketplace.\" The framework agreements place specific requirements on the various services being offered by the provider, and in return, the provider can bid on government opportunities without going through the full procurement process.<sup id=\"rdp-ebb-cite_ref-AdviceCloudUltimate_13-0\" class=\"reference\"><a href=\"#cite_note-AdviceCloudUltimate-13\">[13]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gov.uk\/government\/publications\/g-cloud-12-framework-agreement\" target=\"_blank\">G-Cloud standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">DMTF\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Formerly known as the Distributed Management Task Force, DMTF \"creates open manageability standards spanning diverse emerging and traditional IT infrastructures.\"<sup id=\"rdp-ebb-cite_ref-DMTFAbout_14-0\" class=\"reference\"><a href=\"#cite_note-DMTFAbout-14\">[14]<\/a><\/sup> This includes cloud standards, <a href=\"https:\/\/www.limswiki.org\/index.php\/Virtualization\" title=\"Virtualization\" class=\"wiki-link\" data-key=\"e6ef1e0497ceb6545c0948d436eba29c\">virtualization<\/a> standards, networking standards, and more.\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dmtf.org\/standards\/cloud\" target=\"_blank\">DMTF standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">European Telecommunications Standards Institute\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">ETSI \"supports the timely development, ratification and testing of globally applicable standards\" for information and communications technology (ICT) hardware, software, and services.<sup id=\"rdp-ebb-cite_ref-ETSIAbout_15-0\" class=\"reference\"><a href=\"#cite_note-ETSIAbout-15\">[15]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.etsi.org\/standards#page=1&search=cloud\" target=\"_blank\">ETSI standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">General Services Administration and FedRAMP\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Though not a standards organization, the U.S. General Services Administration's (GSA's) FedRAMP program \"provides a standardized approach to security authorizations for cloud service offerings\" for the U.S. Federal government.<sup id=\"rdp-ebb-cite_ref-FedRAMP_16-0\" class=\"reference\"><a href=\"#cite_note-FedRAMP-16\">[16]<\/a><\/sup> FedRAMP \"standardizes security requirements for the authorization and ongoing cybersecurity of cloud services\" as authorized by a number of regulations and policies.<sup id=\"rdp-ebb-cite_ref-FedRAMPProg_17-0\" class=\"reference\"><a href=\"#cite_note-FedRAMPProg-17\">[17]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.fedramp.gov\/documents-templates\/\" target=\"_blank\">FedRAMP standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">IEEE Computer Society and IEEE Standards Association\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The IEEE Cloud Computing Standards Committee, which is chartered \"to promote the development of standards in all aspects of the cloud computing ecosystem,\" has four working groups that help develop cloud computing standards for the IEEE Standards Association.<sup id=\"rdp-ebb-cite_ref-IEEESAStandards_18-0\" class=\"reference\"><a href=\"#cite_note-IEEESAStandards-18\">[18]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.computer.org\/volunteering\/boards-and-committees\/standards-activities\/committees\/cloud\" target=\"_blank\">IEEE SA standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">International Organization for Standardization (ISO)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The ISO is a primary global standards organization that has been developing a wide variety of standards for decades. Numerous cloud-computing standards have been published under International Classification for Standards (ICS) code 35.210.<sup id=\"rdp-ebb-cite_ref-ISO35.210_19-0\" class=\"reference\"><a href=\"#cite_note-ISO35.210-19\">[19]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.iso.org\/ics\/35.210\/x\/\" target=\"_blank\">ISO standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">International Telecommunication Union (ITU)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The ITU is the United Nation's specialized agency for information communication technologies (ICTs). Among their activities, the agency develops technical standards and facilitates international connectivity in communication networks.<sup id=\"rdp-ebb-cite_ref-ITUAbout_20-0\" class=\"reference\"><a href=\"#cite_note-ITUAbout-20\">[20]<\/a><\/sup> Many recommendation documents have been developed through its Telecommunication Standardization Sector (ITU-T), SG13 Study Group, including cloud computing recommendations (Y Series).\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.itu.int\/ITU-T\/recommendations\/index_sg.aspx?sg=13\" target=\"_blank\">ITU-T standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">National Institute of Standards and Technology (NIST)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">NIST is a U.S. Department of Commerce institute which focuses on scientific measurement and standardization. They have developed a numbers roadmaps, guidelines, and definitions through its SAJACC<sup id=\"rdp-ebb-cite_ref-NISTStand18_21-0\" class=\"reference\"><a href=\"#cite_note-NISTStand18-21\">[21]<\/a><\/sup> and NCCP<sup id=\"rdp-ebb-cite_ref-NIST_NCCP19_22-0\" class=\"reference\"><a href=\"#cite_note-NIST_NCCP19-22\">[22]<\/a><\/sup> initiatives.\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nist.gov\/news-events\/news-updates\/topic\/248706\" target=\"_blank\">NIST standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">OMG Cloud Working Group\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Previously known as the Cloud Standards Customer Council (CSCC), OMG's Cloud Working Group (CWG) \"publishes vendor-neutral guidance on important considerations for cloud computing adoption, highlighting standards, opportunities for standardization, cloud customer requirements, and best practices to foster an ecosystem of open, standards-based cloud computing technologies.\"<sup id=\"rdp-ebb-cite_ref-OMGCloud_23-0\" class=\"reference\"><a href=\"#cite_note-OMGCloud-23\">[23]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.omg.org\/cloud\/deliverables\/index.htm\" target=\"_blank\">CWG standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Open Grid Forum (OGF)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The OGF is \"an open global community committed to driving the rapid evolution and adoption of modern advanced applied distributed computing, including cloud, grid and associated storage, networking and workflow methods.\"<sup id=\"rdp-ebb-cite_ref-OGFHome_24-0\" class=\"reference\"><a href=\"#cite_note-OGFHome-24\">[24]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/ogf.org\/ogf\/doku.php\/documents\/documents\" target=\"_blank\">OGF standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Organization for the Advancement of Structured Information Standards (OASIS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">OASIS Open is a standards body that \"offers projects\u2014including open source projects\u2014a path to standardization and de jure approval for reference in international policy and procurement.\"<sup id=\"rdp-ebb-cite_ref-OASISAbout_25-0\" class=\"reference\"><a href=\"#cite_note-OASISAbout-25\">[25]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oasis-open.org\/standards\/\" target=\"_blank\">OASIS Open standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">PCI Security Standards Council (PCI SSC)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">PCI SSC \"is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.\"<sup id=\"rdp-ebb-cite_ref-PCISecAbout.22_26-0\" class=\"reference\"><a href=\"#cite_note-PCISecAbout.22-26\">[26]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.pcisecuritystandards.org\/document_library\" target=\"_blank\">PCI SSC Open standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Storage Networking Industry Association (SNIA)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">SNIA develops and promotes \"vendor-neutral architectures, standards, and educational services that facilitate the efficient management, movement, and security of information,\"<sup id=\"rdp-ebb-cite_ref-SNIAVision_27-0\" class=\"reference\"><a href=\"#cite_note-SNIAVision-27\">[27]<\/a><\/sup> including the Cloud Data Management Interface (CDMI) standard.<sup id=\"rdp-ebb-cite_ref-SNIAStand_28-0\" class=\"reference\"><a href=\"#cite_note-SNIAStand-28\">[28]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.snia.org\/tech_activities\/standards\/curr_standards\" target=\"_blank\">SNIA standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The Open Group\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This organization attempts \"to capture, clarify, and integrate current and emerging requirements, establish standards and policies, and share best practices.\"<sup id=\"rdp-ebb-cite_ref-TOGHome_29-0\" class=\"reference\"><a href=\"#cite_note-TOGHome-29\">[29]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.opengroup.org\/subject-areas-0\" target=\"_blank\">Open Group standards, etc.<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">TM Forum\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This global alliance attempts \"to collaboratively solve complex industry-wide challenges, deploy new services and create technology breakthroughs to accelerate change.\"<sup id=\"rdp-ebb-cite_ref-TMForumAbout_30-0\" class=\"reference\"><a href=\"#cite_note-TMForumAbout-30\">[30]<\/a><\/sup> As a result of this collaboration, several technical documents and guides related to cloud computing have been developed.\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tmforum.org\/?s=cloud&post_type=product\" target=\"_blank\">TM Forum standards, etc.<\/a>\n<\/td><\/tr>\n<\/tbody><\/table>\n<p>However, organizational standards, guidelines, and recommendations alone do not influence how cloud computing services can and should be implemented and operated. Regulatory bodies, legislative bodies, and government agencies also directly or indirectly have an impact on cloud service operations. In some cases, the law, regulation, or guidance coming from such bodies may not even mention \"cloud computing,\" yet because they mandate how specific data and information can be managed, used, and distributed, they ultimately influence what a cloud service provider (CSP) does and how they do it. This can be observed by more than a few of the examples in Table 4. The California Consumer Privacy Act, for example, makes no mention of the word \"cloud,\" but CSPs and cloud users alike must consider aspects of the regulation, e.g., what can and cannot be done with a consumer's information based on location of the stored information.<sup id=\"rdp-ebb-cite_ref-Cal1.18.5_31-0\" class=\"reference\"><a href=\"#cite_note-Cal1.18.5-31\">[31]<\/a><\/sup>\n<\/p>\n<table class=\"wikitable\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\" style=\"\">\n\n<tbody><tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\" colspan=\"4\"><b>Table 4.<\/b> Examples of some common regulations, recommendations, and guidance that shape the proper use of cloud-computing platforms\n<\/td><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Regulation, recommendation, or guidance\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Creator\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Description\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Link\n<\/th><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">California Consumer Privacy Act (CCPA)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The State of California\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The CCPA \"provides California consumers with a number of privacy protections, including right to access, delete, and opt-out of the 'sale' of their personal information.\"<sup id=\"rdp-ebb-cite_ref-GoogleCCPA_32-0\" class=\"reference\"><a href=\"#cite_note-GoogleCCPA-32\">[32]<\/a><\/sup> Cloud solutions such as Google Cloud attempt to help users meet CCPA obligations, as well as meet their own commitments.<sup id=\"rdp-ebb-cite_ref-GoogleCCPA_32-1\" class=\"reference\"><a href=\"#cite_note-GoogleCCPA-32\">[32]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cloud Computing Regulatory Framework (CCRF)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Kingdom of Saudi Arabia\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The KSA's CCRF \"is based on international best practices and governs the rights and obligations of cloud service providers (CSPs), individual customers, government entities and businesses.\"<sup id=\"rdp-ebb-cite_ref-GuseyvaData20_33-0\" class=\"reference\"><a href=\"#cite_note-GuseyvaData20-33\">[33]<\/a><\/sup> It is one of only a few existing cloud-specific regulatory frameworks created by a government.<sup id=\"rdp-ebb-cite_ref-GuseyvaData20_33-1\" class=\"reference\"><a href=\"#cite_note-GuseyvaData20-33\">[33]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cst.gov.sa\/en\/RulesandSystems\/RegulatoryDocuments\/Pages\/CCRF.aspx\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Cloud Security Principles\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Government of the United Kingdom\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The U.K. developed a collection of 14 Cloud Security Principles that \"include important considerations such as protection of data in transit, supply chain security, identity and authentication, and secure use of cloud services.\"<sup id=\"rdp-ebb-cite_ref-GoogleUKCloud_34-0\" class=\"reference\"><a href=\"#cite_note-GoogleUKCloud-34\">[34]<\/a><\/sup> This is an example of a national government developing a cloud-specific set of guidance for its public sector.\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ncsc.gov.uk\/collection\/cloud\/the-cloud-security-principles\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Federal Information Security Modernization Act of 2014 (FISMA)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">United States Government\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Amending the prior FISMA 2002, FISMA 2014 achieves several things, chief among them giving Federal government the ability to better respond to cybersecurity attacks on its departments and agencies. Compliance with FISMA means implementing \"recommended information security controls for federal information systems as identified in the NIST SP 800-53.\"<sup id=\"rdp-ebb-cite_ref-PAWhatIs21_35-0\" class=\"reference\"><a href=\"#cite_note-PAWhatIs21-35\">[35]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cisa.gov\/topics\/cyber-threats-and-advisories\/federal-information-security-modernization-act\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a href=\"https:\/\/www.limswiki.org\/index.php\/General_Data_Protection_Regulation\" title=\"General Data Protection Regulation\" class=\"wiki-link\" data-key=\"3f4bdf6f0dcb360b1e79aad8674c2447\">General Data Protection Regulation<\/a> (GDPR)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">European Union\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The GDPR is a non-trivial regulatory hurdle with positive intentions, with the goal of strengthening personal data protection in Europe. The regulation \"lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe.\"<sup id=\"rdp-ebb-cite_ref-GoogleGDPR_36-0\" class=\"reference\"><a href=\"#cite_note-GoogleGDPR-36\">[36]<\/a><\/sup> Cloud vendors like Google may stipulate in their contracts with European clients how they meet that guidance, as well as offer tools, documentation, and other resources to assist with assessment of the vendor's services.<sup id=\"rdp-ebb-cite_ref-GoogleGDPR_36-1\" class=\"reference\"><a href=\"#cite_note-GoogleGDPR-36\">[36]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A32016R0679\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Guidance on Outsourcing to Cloud Service Providers\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Germany's Bundesanstalt f\u00fcr Finanzdienstleistungsaufsicht (BaFin)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">BaFin's Guidance document on cloud service outsourcing \"provides specific outsourcing guidance for financial institutions on contractual terms, including information and audit rights, the right to issue instructions, data security \/ protection, termination and chain outsourcing.\"<sup id=\"rdp-ebb-cite_ref-GoogleBaFinCloud_37-0\" class=\"reference\"><a href=\"#cite_note-GoogleBaFinCloud-37\">[37]<\/a><\/sup> Cloud vendors like Google may stipulate in their contracts with German clients how they meet that guidance.<sup id=\"rdp-ebb-cite_ref-GoogleBaFinCloud_37-1\" class=\"reference\"><a href=\"#cite_note-GoogleBaFinCloud-37\">[37]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.bafin.de\/SharedDocs\/Downloads\/EN\/Merkblatt\/BA\/dl_181108_orientierungshilfe_zu_auslagerungen_an_cloud_anbieter_ba_en.html?nn=9866146\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a href=\"https:\/\/www.limswiki.org\/index.php\/Health_Insurance_Portability_and_Accountability_Act\" title=\"Health Insurance Portability and Accountability Act\" class=\"wiki-link\" data-key=\"b70673a0117c21576016cb7498867153\">Health Insurance Portability and Accountability Act<\/a> (HIPAA)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">United States Government\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The HIPAA Rules \"establish important protections for individually identifiable health information ..., including limitations on uses and disclosures of such information, safeguards against inappropriate uses and disclosures, and individuals\u2019 rights with respect to their health information.\"<sup id=\"rdp-ebb-cite_ref-HHSGuidance20_38-0\" class=\"reference\"><a href=\"#cite_note-HHSGuidance20-38\">[38]<\/a><\/sup> HIPAA compliance is so vital for some organizations that U.S. government entities like the U.S. Department of Health & Human Services (HHS) have published their own guidance towards how HIPAA covered entities can best comply when using cloud services.<sup id=\"rdp-ebb-cite_ref-HHSGuidance20_38-1\" class=\"reference\"><a href=\"#cite_note-HHSGuidance20-38\">[38]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/index.html\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Joint Statement: Security in a Cloud Computing Environment\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Federal Financial Institutions Examination Council (FFIEC)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">In this document, the FFIEC\u2014an interagency group of federal and state banking regulators\u2014addresses \"the use of cloud computing services and security risk management principles in the financial services sector\" and \"highlights examples of risk management practices for a financial institution\u2019s safe and sound use of cloud computing services and safeguards to protect customers\u2019 sensitive information from risks that pose potential consumer harm.\"<sup id=\"rdp-ebb-cite_ref-FFIECJoint20_39-0\" class=\"reference\"><a href=\"#cite_note-FFIECJoint20-39\">[39]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-RossUS20_40-0\" class=\"reference\"><a href=\"#cite_note-RossUS20-40\">[40]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ffiec.gov\/press\/PDF\/FFIEC_Cloud_Computing_Statement.pdf\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">OMB Circular A-130, Managing Information as a Strategic Resource\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">United States Government\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This (revised) Obama-era circular \"establishes general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources, and supporting infrastructure and services,\" including cloud services.<sup id=\"rdp-ebb-cite_ref-WHOMBA-130_16_41-0\" class=\"reference\"><a href=\"#cite_note-WHOMBA-130_16-41\">[41]<\/a><\/sup> In addition to FISMA, this circular supports the FedRAMP program and its standardized security requirements.<sup id=\"rdp-ebb-cite_ref-FedRAMP_16-1\" class=\"reference\"><a href=\"#cite_note-FedRAMP-16\">[16]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/obamawhitehouse.archives.gov\/sites\/default\/files\/omb\/assets\/OMB\/circulars\/a130\/a130revised.pdf\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Personal Data Protection Law (KVKK)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Government of Turkey\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Turkey's KVKK (Ki\u015fisel Verileri Koruma Kanunu) \"regulates the protection of personal data and outlines the obligations that entities and individuals dealing with personal data must comply with.\"<sup id=\"rdp-ebb-cite_ref-CoosAllYou20_42-0\" class=\"reference\"><a href=\"#cite_note-CoosAllYou20-42\">[42]<\/a><\/sup> It has significant relevancy to cloud computing efforts in the country.<sup id=\"rdp-ebb-cite_ref-ErsoyCloud20_43-0\" class=\"reference\"><a href=\"#cite_note-ErsoyCloud20-43\">[43]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.kvkk.gov.tr\/en\/\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Protective Security Policy Framework\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Australian Government\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">The PSPF \"assists Australian Government entities to protect their people, information, and assets, both at home and overseas.\" It contains multiple statements about how cloud computing should be handled.<sup id=\"rdp-ebb-cite_ref-AGProtect_44-0\" class=\"reference\"><a href=\"#cite_note-AGProtect-44\">[44]<\/a><\/sup>\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.protectivesecurity.gov.au\/\" target=\"_blank\">Link<\/a>\n<\/td><\/tr>\n<\/tbody><\/table>\n<p>While Big Tech was as early as 2010 asking the U.S. government to take a more proactive regulatory approach to cloud computing<sup id=\"rdp-ebb-cite_ref-AlpernMicro10_45-0\" class=\"reference\"><a href=\"#cite_note-AlpernMicro10-45\">[45]<\/a><\/sup>, actual direct regulation of cloud computing by the world's governments has been limited.<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_46-0\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-46\">[46]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AliTheRole20_47-0\" class=\"reference\"><a href=\"#cite_note-AliTheRole20-47\">[47]<\/a><\/sup> This leads to complicated viewpoints about the value of regulation vs. its drawbacks. Yes, careful regulation can help ensure consistent, affordable, and secure access to cloud services and may even encourage organizations to adopt the technology.<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_46-1\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-46\">[46]<\/a><\/sup> However, a headstrong approach to regulations for CSPs, without sector- and industry-specific considerations, may have unintended consequences, e.g., unduly raising compliance costs or forcing insufficient levels of access control on an entity.<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_46-2\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-46\">[46]<\/a><\/sup>\n<\/p><p>At least in the U.S., lawmakers and regulators may soon be pressured to increase regulatory approaches to cloud computing. This may be driven by the increasingly concentrated nature of cloud services in a handful of tech giants, though at the same time hampered by the widely varying approaches to addressing cloud-related issues via policy and regulation at the national and international levels. First, the very nature of these cloud services\u2014and the ever increasing criticality they attain\u2014as centralized services ensures the regulatory eye will increasingly be placed upon those cloud vendors. In fact, discussion about and designation of cloud services as critical infrastructure is already occurring in earnest, as they have \"become essential to the performance of a growing swath of other sectors that have not heretofore been massively dependent on centralized cloud functionalities, and hence vulnerable to their disruption.\"<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_46-3\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-46\">[46]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-MaurerCloud20_6-1\" class=\"reference\"><a href=\"#cite_note-MaurerCloud20-6\">[6]<\/a><\/sup> A 2023 Digital Forensic Research Lab report by Zuo <i>et al.<\/i> highlights this further by nodding to the U.S. government's designation of \"critical infrastructure\" sectors and how their loss would result in a \"debilitating effect on security, national economic security, national public health or safety, or any combination of those matters.\" Their report argues that \"the maturation of current [regulatory] policy tools, and creation of others,\" is vital going forward.<sup id=\"rdp-ebb-cite_ref-ZuoCritical23_48-0\" class=\"reference\"><a href=\"#cite_note-ZuoCritical23-48\">[48]<\/a><\/sup> These and other such spotlights may lead to policymakers, regulatory bodies, and legislators being left with little choice but to move forward with more policy and regulation. \n<\/p><p>Second, and consequently, the development of such policy and regulation may not occur in a manner more unified with global perceptions but rather largely based upon localized values, interests, and priorities. The failure here is the lack of recognition of CSPs as being integral to individual, retail, corporate, organizational, and government operations around the globe<sup id=\"rdp-ebb-cite_ref-ZuoCritical23_48-1\" class=\"reference\"><a href=\"#cite_note-ZuoCritical23-48\">[48]<\/a><\/sup>, i.e. their centralized and concentrated position within a changing computing paradigm. As such, greater effort must be made by policymakers, regulators, and legislatures to find at least a minimum level of \"compatibility and reconciliation\" with other existing governance mechanisms, while carefully addressing both security of operation and operational robustness in tandem, such that there is greater harmonization globally.<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_46-4\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-46\">[46]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-ZuoCritical23_48-2\" class=\"reference\"><a href=\"#cite_note-ZuoCritical23-48\">[48]<\/a><\/sup> And through government-level support of harmonized controls\u2014as well as a vested interest in promoting the responsible \"development, dissemination, and operation of cloud infrastructure\"\u2014cloud users will stand a greater chance of reaping the economic benefits of adopting cloud computing.<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_46-5\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-46\">[46]<\/a><\/sup>\n<\/p><p>Current and future regulatory action applies to several areas of cloud computing. How a CSP responds to and notifies affected users of a security breach is one concern. Up until 2022, the U.S. government didn't fully address in a unified fashion aspects of cloud security breaches such as protection obligations, reporting time, and required notification parties, nor any compensation mechanism for those affected.<sup id=\"rdp-ebb-cite_ref-MitnickNoMore18_49-0\" class=\"reference\"><a href=\"#cite_note-MitnickNoMore18-49\">[49]<\/a><\/sup> (All U.S. states and most territories did already have their own flavor of breach notification legislation<sup id=\"rdp-ebb-cite_ref-NCSLSecurity20_50-0\" class=\"reference\"><a href=\"#cite_note-NCSLSecurity20-50\">[50]<\/a><\/sup>, but like cannabis law, this was problematic in the face of a strong divergence with federal law or lack thereof.) In March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which requires covered entities to report substantial cybersecurity incidents and any paid ransom for ransomware attacks, with more scope and definition to come.<sup id=\"rdp-ebb-cite_ref-RGExpansive22_51-0\" class=\"reference\"><a href=\"#cite_note-RGExpansive22-51\">[51]<\/a><\/sup> While this addresses some of the prior-mentioned aspects, its thoroughness towards protection obligations and compensation remains lacking. A year later, however, cybersecurity thought leaders like Viakoo's CEO Bud Broomhead positively acknowledge CIRCIA as \"not the destination ... but an important waypoint toward it,\" with other activities like the creation of the Joint Ransomware Task Forces and Ransomware Vulnerability Warning Pilot Program further promoting stronger federal efforts towards cloud security.<sup id=\"rdp-ebb-cite_ref-Blair-FrasierExperts23_52-0\" class=\"reference\"><a href=\"#cite_note-Blair-FrasierExperts23-52\">[52]<\/a><\/sup>\n<\/p><p>Other areas of cloud security also face regulatory action. For example, the applications and algorithms that drive and collect data from users of cloud-enabled applications may also face regulatory scrutiny or control by a national government, as was seen with both China's and the U.S.'s scrutiny of the TikTok application, its algorithms, and its security.<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_46-6\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-46\">[46]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-BrandomTrump20_53-0\" class=\"reference\"><a href=\"#cite_note-BrandomTrump20-53\">[53]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-CoxOracle21_54-0\" class=\"reference\"><a href=\"#cite_note-CoxOracle21-54\">[54]<\/a><\/sup> Data localization also remains a significant area of cloud computing regulation, not just for security concerns but also industrial policy, economic policy, privacy concerns, and human rights concerns.<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_46-7\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-46\">[46]<\/a><\/sup> Other areas of concern that may see regulation include interoperability and portability, digital preservation (retention) obligations, and cross-border data transfer.\n<\/p><p>And then there's the proverbial \"elephant in the room\": overall data privacy and protection considerations in the cloud. This is a major concern typically because of statutes\u2014like the California Consumer Privacy Act<sup id=\"rdp-ebb-cite_ref-GoogleCCPA_32-2\" class=\"reference\"><a href=\"#cite_note-GoogleCCPA-32\">[32]<\/a><\/sup>\u2014that broadly protect a collective of affected individuals and how their cloud data is collected, preserved, organized, stored, and used not only within the governing entity (e.g., state, country, political and economic union) but also as its transferred to and from the governing entity. The previously mentioned data localization and cross-border data transfer issues fall under this heading.<sup id=\"rdp-ebb-cite_ref-EusticeUnder18_55-0\" class=\"reference\"><a href=\"#cite_note-EusticeUnder18-55\">[55]<\/a><\/sup> These often prove to be some of the most challenging regulations to develop, as lawmakers and regulators don't always anticipate the rate of change of technology. They're also difficult for CSPs and organizations to comply with, particularly due to the variance in requirements among all governing entities' laws.<sup id=\"rdp-ebb-cite_ref-EusticeUnder18_55-1\" class=\"reference\"><a href=\"#cite_note-EusticeUnder18-55\">[55]<\/a><\/sup>\n<\/p><p>Other approaches to regulation also affect how cloud computing services are implemented and managed. For example, rather than taking a broad approach towards regulation, addressing everyone providing and\/or using cloud services, it's possible that regulators and legislators may take a more focused, sector-based approach. But that comes with its own set of problems, as Maurer and Hinck noted in their 2020 Carnegie Endowment paper<sup id=\"rdp-ebb-cite_ref-MaurerCloud20_6-2\" class=\"reference\"><a href=\"#cite_note-MaurerCloud20-6\">[6]<\/a><\/sup>:\n<\/p>\n<blockquote><p>[T]he impact of a cloud security incident usually depends on what type of data or service is affected. Thus, the most suitable potential regulatory requirements with respect to security may differ across sectors that deal with different types of data\u2014from the highly sensitive, fast-moving data common in the financial sector to the more privacy-sensitive personal data used by medical service providers. However, crafting regulation on a sector-by-sector basis would likely create conflicting requirements and incomplete standards.<\/p><\/blockquote>\n<p>Finally, as a third option, rather than direct regulation of the broad market or even specific sectors, some governments may simply use their considerable weight to influence how CSPs provide their services, influencing future regulation, as Levite and Kalwani note in their 2020 paper for the Carnegie Endowment<sup id=\"rdp-ebb-cite_ref-LeviteCloud20_46-8\" class=\"reference\"><a href=\"#cite_note-LeviteCloud20-46\">[46]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Finally, some of the efforts to influence CSP behavior may not come through explicit regulation, but rather through exercise of the government\u2019s market power. Cloud adoption strategies and trends in e-governance have made governments some of the largest and most important clients of CSPs. Governments will likely use their market clout and status as a large and powerful consumer as a source of leverage over industry to set standards of contracting fairness and other provisions that transcend the immediate cloud service contracts they enter. While formally these provisions will only apply to government contracts, they could over time cross over to public clouds as well, or at least help set precedents that drive regulatory attention and inform industry standards. Yet over the longer run, government privatization of many services might actually weaken their leverage, given lock-in issues. How the balance between the two parties ultimately will play out remains to be seen.<\/p><\/blockquote>\n<p>Whatever direction regulators and legislators continue take, it ideally will be done with thorough consideration of how to implement regulation, as well as the potential effects regulation will have on various markets.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-MimecastCloud10-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MimecastCloud10_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mimecast (2010). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/system.netsuite.com\/core\/media\/media.nl?id=181214&c=601905&h=2ef3796f7c4d9c8a585e&_xt=.pdf\" target=\"_blank\">\"Cloud Computing Adoption Survey\"<\/a> (PDF)<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/system.netsuite.com\/core\/media\/media.nl?id=181214&c=601905&h=2ef3796f7c4d9c8a585e&_xt=.pdf\" target=\"_blank\">https:\/\/system.netsuite.com\/core\/media\/media.nl?id=181214&c=601905&h=2ef3796f7c4d9c8a585e&_xt=.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Computing+Adoption+Survey&rft.atitle=&rft.aulast=Mimecast&rft.au=Mimecast&rft.date=2010&rft_id=https%3A%2F%2Fsystem.netsuite.com%2Fcore%2Fmedia%2Fmedia.nl%3Fid%3D181214%26c%3D601905%26h%3D2ef3796f7c4d9c8a585e%26_xt%3D.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CSASurvey10-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CSASurvey10_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">IEEE; Cloud Security Alliance (1 March 2010). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloudsecurityalliance.org\/press-releases\/2010\/03\/01\/survey-by-ieee-and-cloud-security-alliance-details-importance-and-urgency-of-cloud-computing-security-standards\/\" target=\"_blank\">\"Survey by IEEE and Cloud Security Alliance Details Importance and Urgency of Cloud Computing Security Standards\"<\/a>. Cloud Security Alliance<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloudsecurityalliance.org\/press-releases\/2010\/03\/01\/survey-by-ieee-and-cloud-security-alliance-details-importance-and-urgency-of-cloud-computing-security-standards\/\" target=\"_blank\">https:\/\/cloudsecurityalliance.org\/press-releases\/2010\/03\/01\/survey-by-ieee-and-cloud-security-alliance-details-importance-and-urgency-of-cloud-computing-security-standards\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Survey+by+IEEE+and+Cloud+Security+Alliance+Details+Importance+and+Urgency+of+Cloud+Computing+Security+Standards&rft.atitle=&rft.aulast=IEEE%3B+Cloud+Security+Alliance&rft.au=IEEE%3B+Cloud+Security+Alliance&rft.date=1+March+2010&rft.pub=Cloud+Security+Alliance&rft_id=https%3A%2F%2Fcloudsecurityalliance.org%2Fpress-releases%2F2010%2F03%2F01%2Fsurvey-by-ieee-and-cloud-security-alliance-details-importance-and-urgency-of-cloud-computing-security-standards%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Bizga40_20-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Bizga40_20_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Bizga, A. (19 May 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/securityboulevard.com\/2020\/05\/40-of-it-professionals-believe-that-public-clouds-are-more-secure-than-on-premise-environments\/\" target=\"_blank\">\"40% of IT professionals believe that public clouds are more secure than on-premise environments\"<\/a>. <i>Security Boulevard<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/securityboulevard.com\/2020\/05\/40-of-it-professionals-believe-that-public-clouds-are-more-secure-than-on-premise-environments\/\" target=\"_blank\">https:\/\/securityboulevard.com\/2020\/05\/40-of-it-professionals-believe-that-public-clouds-are-more-secure-than-on-premise-environments\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=40%25+of+IT+professionals+believe+that+public+clouds+are+more+secure+than+on-premise+environments&rft.atitle=Security+Boulevard&rft.aulast=Bizga%2C+A.&rft.au=Bizga%2C+A.&rft.date=19+May+2020&rft_id=https%3A%2F%2Fsecurityboulevard.com%2F2020%2F05%2F40-of-it-professionals-believe-that-public-clouds-are-more-secure-than-on-premise-environments%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CCCloud19-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CCCloud19_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.continuitycentral.com\/index.php\/news\/technology\/4384-cloud-is-safer-than-on-premise-say-that-majority-of-security-leaders\" target=\"_blank\">\"Cloud is safer than on-premise say that majority of security leaders\"<\/a>. Continuity Central. 4 September 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.continuitycentral.com\/index.php\/news\/technology\/4384-cloud-is-safer-than-on-premise-say-that-majority-of-security-leaders\" target=\"_blank\">https:\/\/www.continuitycentral.com\/index.php\/news\/technology\/4384-cloud-is-safer-than-on-premise-say-that-majority-of-security-leaders<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+is+safer+than+on-premise+say+that+majority+of+security+leaders&rft.atitle=&rft.date=4+September+2019&rft.pub=Continuity+Central&rft_id=https%3A%2F%2Fwww.continuitycentral.com%2Findex.php%2Fnews%2Ftechnology%2F4384-cloud-is-safer-than-on-premise-say-that-majority-of-security-leaders&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CheckCloud23-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CheckCloud23_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.checkpoint.com\/press-releases\/cloud-security-threats-remain-rampant-check-point-survey-reveals-heightened-concerns-for-76-of-organizations-amid-48-increase-in-cloud-based-network-attacks\/\" target=\"_blank\">\"Cloud Security Threats Remain Rampant: Check Point Survey Reveals Heightened Concerns for 76% of Organizations Amid 48% Increase in Cloud-Based Network Attacks\"<\/a>. Check Point Software Technologies Ltd. 26 June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.checkpoint.com\/press-releases\/cloud-security-threats-remain-rampant-check-point-survey-reveals-heightened-concerns-for-76-of-organizations-amid-48-increase-in-cloud-based-network-attacks\/\" target=\"_blank\">https:\/\/www.checkpoint.com\/press-releases\/cloud-security-threats-remain-rampant-check-point-survey-reveals-heightened-concerns-for-76-of-organizations-amid-48-increase-in-cloud-based-network-attacks\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Security+Threats+Remain+Rampant%3A+Check+Point+Survey+Reveals+Heightened+Concerns+for+76%25+of+Organizations+Amid+48%25+Increase+in+Cloud-Based+Network+Attacks&rft.atitle=&rft.date=26+June+2023&rft.pub=Check+Point+Software+Technologies+Ltd&rft_id=https%3A%2F%2Fwww.checkpoint.com%2Fpress-releases%2Fcloud-security-threats-remain-rampant-check-point-survey-reveals-heightened-concerns-for-76-of-organizations-amid-48-increase-in-cloud-based-network-attacks%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MaurerCloud20-6\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-MaurerCloud20_6-0\">6.0<\/a><\/sup> <sup><a href=\"#cite_ref-MaurerCloud20_6-1\">6.1<\/a><\/sup> <sup><a href=\"#cite_ref-MaurerCloud20_6-2\">6.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Maurer, T.; Hinck, G. (31 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">\"Cloud Security: A Primer for Policymakers\"<\/a>. Carnegie Endowment for International Peace<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Security%3A+A+Primer+for+Policymakers&rft.atitle=&rft.aulast=Maurer%2C+T.%3B+Hinck%2C+G.&rft.au=Maurer%2C+T.%3B+Hinck%2C+G.&rft.date=31+August+2020&rft.pub=Carnegie+Endowment+for+International+Peace&rft_id=https%3A%2F%2Fcarnegieendowment.org%2F2020%2F08%2F31%2Fcloud-security-primer-for-policymakers-pub-82597&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KasperskyWhatIs-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-KasperskyWhatIs_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security\" target=\"_blank\">\"What is Cloud Security?\"<\/a>. <i>Resource Center<\/i>. AO Kaspersky Lab. 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security\" target=\"_blank\">https:\/\/usa.kaspersky.com\/resource-center\/definitions\/what-is-cloud-security<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Cloud+Security%3F&rft.atitle=Resource+Center&rft.date=2021&rft.pub=AO+Kaspersky+Lab&rft_id=https%3A%2F%2Fusa.kaspersky.com%2Fresource-center%2Fdefinitions%2Fwhat-is-cloud-security&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SarrelWhyCloud20-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SarrelWhyCloud20_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Sarrel, M. (4 February 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20221218143215\/https:\/\/www.hpe.com\/us\/en\/insights\/articles\/why-cloud-native-open-source-kubernetes-matters-2002.html\" target=\"_blank\">\"Why cloud-native open source Kubernetes matters\"<\/a>. <i>enterprise.nxt<\/i>. Hewlett Packard Enterprise. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/insights\/articles\/why-cloud-native-open-source-kubernetes-matters-2002.html\" target=\"_blank\">the original<\/a> on 18 December 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20221218143215\/https:\/\/www.hpe.com\/us\/en\/insights\/articles\/why-cloud-native-open-source-kubernetes-matters-2002.html\" target=\"_blank\">https:\/\/web.archive.org\/web\/20221218143215\/https:\/\/www.hpe.com\/us\/en\/insights\/articles\/why-cloud-native-open-source-kubernetes-matters-2002.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Why+cloud-native+open+source+Kubernetes+matters&rft.atitle=enterprise.nxt&rft.aulast=Sarrel%2C+M.&rft.au=Sarrel%2C+M.&rft.date=4+February+2020&rft.pub=Hewlett+Packard+Enterprise&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20221218143215%2Fhttps%3A%2F%2Fwww.hpe.com%2Fus%2Fen%2Finsights%2Farticles%2Fwhy-cloud-native-open-source-kubernetes-matters-2002.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IEEE2301_20-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IEEE2301_20_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/standards.ieee.org\/ieee\/2301\/5077\/\" target=\"_blank\">\"IEEE 2301-2020 - IEEE Guide for Cloud Portability and Interoperability Profiles (CPIP)\"<\/a>. IEEE Standards Association. 13 August 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/standards.ieee.org\/ieee\/2301\/5077\/\" target=\"_blank\">https:\/\/standards.ieee.org\/ieee\/2301\/5077\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IEEE+2301-2020+-+IEEE+Guide+for+Cloud+Portability+and+Interoperability+Profiles+%28CPIP%29&rft.atitle=&rft.date=13+August+2020&rft.pub=IEEE+Standards+Association&rft_id=https%3A%2F%2Fstandards.ieee.org%2Fieee%2F2301%2F5077%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KirvanTop20-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-KirvanTop20_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Kirvan, P. (17 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20201221150028\/https:\/\/searchcompliance.techtarget.com\/tip\/Top-cloud-compliance-standards-and-how-to-use-them\" target=\"_blank\">\"Top cloud compliance standards and how to use them\"<\/a>. <i>TechTarget SearchCompliance<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/searchcompliance.techtarget.com\/tip\/Top-cloud-compliance-standards-and-how-to-use-them\" target=\"_blank\">the original<\/a> on 21 December 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20201221150028\/https:\/\/searchcompliance.techtarget.com\/tip\/Top-cloud-compliance-standards-and-how-to-use-them\" target=\"_blank\">https:\/\/web.archive.org\/web\/20201221150028\/https:\/\/searchcompliance.techtarget.com\/tip\/Top-cloud-compliance-standards-and-how-to-use-them<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Top+cloud+compliance+standards+and+how+to+use+them&rft.atitle=TechTarget+SearchCompliance&rft.aulast=Kirvan%2C+P.&rft.au=Kirvan%2C+P.&rft.date=17+December+2020&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20201221150028%2Fhttps%3A%2F%2Fsearchcompliance.techtarget.com%2Ftip%2FTop-cloud-compliance-standards-and-how-to-use-them&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SimmonEval18-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SimmonEval18_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Simmon, E.D. (23 February 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nist.gov\/publications\/evaluation-cloud-computing-services-based-nist-sp-800-145\" target=\"_blank\">\"Evaluation of Cloud Computing Services Based on NIST SP 800-145\"<\/a>. NIST<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.nist.gov\/publications\/evaluation-cloud-computing-services-based-nist-sp-800-145\" target=\"_blank\">https:\/\/www.nist.gov\/publications\/evaluation-cloud-computing-services-based-nist-sp-800-145<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Evaluation+of+Cloud+Computing+Services+Based+on+NIST+SP+800-145&rft.atitle=&rft.aulast=Simmon%2C+E.D.&rft.au=Simmon%2C+E.D.&rft.date=23+February+2018&rft.pub=NIST&rft_id=https%3A%2F%2Fwww.nist.gov%2Fpublications%2Fevaluation-cloud-computing-services-based-nist-sp-800-145&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CSAEnt20-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CSAEnt20_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/enterprise-architecture-reference-guide-v2\/\" target=\"_blank\">\"CSA Enterprise Architecture Reference Guide v2\"<\/a>. Cloud Security Alliance. 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/enterprise-architecture-reference-guide-v2\/\" target=\"_blank\">https:\/\/cloudsecurityalliance.org\/artifacts\/enterprise-architecture-reference-guide-v2\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=CSA+Enterprise+Architecture+Reference+Guide+v2&rft.atitle=&rft.date=2020&rft.pub=Cloud+Security+Alliance&rft_id=https%3A%2F%2Fcloudsecurityalliance.org%2Fartifacts%2Fenterprise-architecture-reference-guide-v2%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AdviceCloudUltimate-13\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AdviceCloudUltimate_13-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/advice-cloud.co.uk\/knowledge-hub\/ultimate-guide-to-g-cloud\/\" target=\"_blank\">\"Ultimate Guide to G-Cloud\"<\/a>. AdviceCloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/advice-cloud.co.uk\/knowledge-hub\/ultimate-guide-to-g-cloud\/\" target=\"_blank\">https:\/\/advice-cloud.co.uk\/knowledge-hub\/ultimate-guide-to-g-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Ultimate+Guide+to+G-Cloud&rft.atitle=&rft.pub=AdviceCloud&rft_id=https%3A%2F%2Fadvice-cloud.co.uk%2Fknowledge-hub%2Fultimate-guide-to-g-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DMTFAbout-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DMTFAbout_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dmtf.org\/about\" target=\"_blank\">\"About DMTF\"<\/a>. DMTF<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dmtf.org\/about\" target=\"_blank\">https:\/\/www.dmtf.org\/about<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=About+DMTF&rft.atitle=&rft.pub=DMTF&rft_id=https%3A%2F%2Fwww.dmtf.org%2Fabout&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ETSIAbout-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ETSIAbout_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.etsi.org\/about\" target=\"_blank\">\"About ETSI\"<\/a>. European Telecommunications Standards Institute<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.etsi.org\/about\" target=\"_blank\">https:\/\/www.etsi.org\/about<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=About+ETSI&rft.atitle=&rft.pub=European+Telecommunications+Standards+Institute&rft_id=https%3A%2F%2Fwww.etsi.org%2Fabout&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FedRAMP-16\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-FedRAMP_16-0\">16.0<\/a><\/sup> <sup><a href=\"#cite_ref-FedRAMP_16-1\">16.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.fedramp.gov\/\" target=\"_blank\">\"FedRAMP\"<\/a>. General Services Administration<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.fedramp.gov\/\" target=\"_blank\">https:\/\/www.fedramp.gov\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=FedRAMP&rft.atitle=&rft.pub=General+Services+Administration&rft_id=https%3A%2F%2Fwww.fedramp.gov%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FedRAMPProg-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FedRAMPProg_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.fedramp.gov\/program-basics\/\" target=\"_blank\">\"Program Basics\"<\/a>. General Services Administration<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.fedramp.gov\/program-basics\/\" target=\"_blank\">https:\/\/www.fedramp.gov\/program-basics\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Program+Basics&rft.atitle=&rft.pub=General+Services+Administration&rft_id=https%3A%2F%2Fwww.fedramp.gov%2Fprogram-basics%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IEEESAStandards-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IEEESAStandards_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.computer.org\/volunteering\/boards-and-committees\/standards-activities\/committees\/cloud\" target=\"_blank\">\"IEEE Cloud Computing Standards Committee\"<\/a>. IEEE Computer Society<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.computer.org\/volunteering\/boards-and-committees\/standards-activities\/committees\/cloud\" target=\"_blank\">https:\/\/www.computer.org\/volunteering\/boards-and-committees\/standards-activities\/committees\/cloud<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=IEEE+Cloud+Computing+Standards+Committee&rft.atitle=&rft.pub=IEEE+Computer+Society&rft_id=https%3A%2F%2Fwww.computer.org%2Fvolunteering%2Fboards-and-committees%2Fstandards-activities%2Fcommittees%2Fcloud&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ISO35.210-19\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ISO35.210_19-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.iso.org\/ics\/35.210\/x\/\" target=\"_blank\">\"ICS > 35: 35.210 Cloud Computing\"<\/a>. International Organization for Standardization<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.iso.org\/ics\/35.210\/x\/\" target=\"_blank\">https:\/\/www.iso.org\/ics\/35.210\/x\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=ICS+%3E+35%3A+35.210+Cloud+Computing&rft.atitle=&rft.pub=International+Organization+for+Standardization&rft_id=https%3A%2F%2Fwww.iso.org%2Fics%2F35.210%2Fx%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ITUAbout-20\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ITUAbout_20-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.itu.int\/en\/about\/Pages\/default.aspx\" target=\"_blank\">\"About International Telecommunication Union (ITU)\"<\/a>. International Telecommunication Union<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.itu.int\/en\/about\/Pages\/default.aspx\" target=\"_blank\">https:\/\/www.itu.int\/en\/about\/Pages\/default.aspx<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=About+International+Telecommunication+Union+%28ITU%29&rft.atitle=&rft.pub=International+Telecommunication+Union&rft_id=https%3A%2F%2Fwww.itu.int%2Fen%2Fabout%2FPages%2Fdefault.aspx&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NISTStand18-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NISTStand18_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nist.gov\/itl\/standards-acceleration-jumpstart-adoption-cloud-computing-sajacc\" target=\"_blank\">\"Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC)\"<\/a>. National Institute of Standards and Technology. 3 June 2018<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.nist.gov\/itl\/standards-acceleration-jumpstart-adoption-cloud-computing-sajacc\" target=\"_blank\">https:\/\/www.nist.gov\/itl\/standards-acceleration-jumpstart-adoption-cloud-computing-sajacc<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Standards+Acceleration+to+Jumpstart+Adoption+of+Cloud+Computing+%28SAJACC%29&rft.atitle=&rft.date=3+June+2018&rft.pub=National+Institute+of+Standards+and+Technology&rft_id=https%3A%2F%2Fwww.nist.gov%2Fitl%2Fstandards-acceleration-jumpstart-adoption-cloud-computing-sajacc&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NIST_NCCP19-22\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NIST_NCCP19_22-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nist.gov\/programs-projects\/nist-cloud-computing-program-nccp\" target=\"_blank\">\"NIST Cloud Computing Program - NCCP\"<\/a>. National Institute of Standards and Technology. 9 July 2019<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.nist.gov\/programs-projects\/nist-cloud-computing-program-nccp\" target=\"_blank\">https:\/\/www.nist.gov\/programs-projects\/nist-cloud-computing-program-nccp<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=NIST+Cloud+Computing+Program+-+NCCP&rft.atitle=&rft.date=9+July+2019&rft.pub=National+Institute+of+Standards+and+Technology&rft_id=https%3A%2F%2Fwww.nist.gov%2Fprograms-projects%2Fnist-cloud-computing-program-nccp&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OMGCloud-23\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OMGCloud_23-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.omg.org\/cloud\/\" target=\"_blank\">\"Cloud Working Group\"<\/a>. Object Management Group<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.omg.org\/cloud\/\" target=\"_blank\">https:\/\/www.omg.org\/cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Working+Group&rft.atitle=&rft.pub=Object+Management+Group&rft_id=https%3A%2F%2Fwww.omg.org%2Fcloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OGFHome-24\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OGFHome_24-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/ogf.org\/ogf\/doku.html\" target=\"_blank\">\"Open Grid Forum\"<\/a>. Open Grid Forum<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/ogf.org\/ogf\/doku.html\" target=\"_blank\">https:\/\/ogf.org\/ogf\/doku.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Open+Grid+Forum&rft.atitle=&rft.pub=Open+Grid+Forum&rft_id=https%3A%2F%2Fogf.org%2Fogf%2Fdoku.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OASISAbout-25\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OASISAbout_25-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.oasis-open.org\/org\/\" target=\"_blank\">\"About Us\"<\/a>. OASIS Open<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.oasis-open.org\/org\/\" target=\"_blank\">https:\/\/www.oasis-open.org\/org\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=About+Us&rft.atitle=&rft.pub=OASIS+Open&rft_id=https%3A%2F%2Fwww.oasis-open.org%2Forg%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PCISecAbout.22-26\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PCISecAbout.22_26-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.pcisecuritystandards.org\/about_us\/\" target=\"_blank\">\"About Us\"<\/a>. PCI Security Standards Council<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.pcisecuritystandards.org\/about_us\/\" target=\"_blank\">https:\/\/www.pcisecuritystandards.org\/about_us\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=About+Us&rft.atitle=&rft.pub=PCI+Security+Standards+Council&rft_id=https%3A%2F%2Fwww.pcisecuritystandards.org%2Fabout_us%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SNIAVision-27\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SNIAVision_27-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.snia.org\/about\/vision-mission\" target=\"_blank\">\"Vision and Mission\"<\/a>. Storage Networking Industry Association<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.snia.org\/about\/vision-mission\" target=\"_blank\">https:\/\/www.snia.org\/about\/vision-mission<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Vision+and+Mission&rft.atitle=&rft.pub=Storage+Networking+Industry+Association&rft_id=https%3A%2F%2Fwww.snia.org%2Fabout%2Fvision-mission&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SNIAStand-28\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SNIAStand_28-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.snia.org\/tech_activities\/standards\/curr_standards\" target=\"_blank\">\"Standards Portfolio\"<\/a>. Storage Networking Industry Association<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.snia.org\/tech_activities\/standards\/curr_standards\" target=\"_blank\">https:\/\/www.snia.org\/tech_activities\/standards\/curr_standards<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Standards+Portfolio&rft.atitle=&rft.pub=Storage+Networking+Industry+Association&rft_id=https%3A%2F%2Fwww.snia.org%2Ftech_activities%2Fstandards%2Fcurr_standards&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TOGHome-29\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TOGHome_29-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.opengroup.org\/\" target=\"_blank\">\"The Open Group\"<\/a>. The Open Group<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.opengroup.org\/\" target=\"_blank\">https:\/\/www.opengroup.org\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+Open+Group&rft.atitle=&rft.pub=The+Open+Group&rft_id=https%3A%2F%2Fwww.opengroup.org%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TMForumAbout-30\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TMForumAbout_30-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.tmforum.org\/about-tm-forum\/\" target=\"_blank\">\"About Us\"<\/a>. TM Forum<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.tmforum.org\/about-tm-forum\/\" target=\"_blank\">https:\/\/www.tmforum.org\/about-tm-forum\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=About+Us&rft.atitle=&rft.pub=TM+Forum&rft_id=https%3A%2F%2Fwww.tmforum.org%2Fabout-tm-forum%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Cal1.18.5-31\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Cal1.18.5_31-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5\" target=\"_blank\">\"TITLE 1.81.5. California Consumer Privacy Act of 2018 [1798.100 - 1798.199.100<\/a>\"]. <i>California Legislative Information<\/i>. Legislative Counsel Bureau<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5\" target=\"_blank\">https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=TITLE+1.81.5.+California+Consumer+Privacy+Act+of+2018+%5B1798.100+-+1798.199.100%5D&rft.atitle=California+Legislative+Information&rft.pub=Legislative+Counsel+Bureau&rft_id=https%3A%2F%2Fleginfo.legislature.ca.gov%2Ffaces%2Fcodes_displayText.xhtml%3Fdivision%3D3.%26part%3D4.%26lawCode%3DCIV%26title%3D1.81.5&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleCCPA-32\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GoogleCCPA_32-0\">32.0<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleCCPA_32-1\">32.1<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleCCPA_32-2\">32.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/ccpa\" target=\"_blank\">\"California Consumer Privacy Act (CCPA)\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/security\/compliance\/ccpa\" target=\"_blank\">https:\/\/cloud.google.com\/security\/compliance\/ccpa<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=California+Consumer+Privacy+Act+%28CCPA%29&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fsecurity%2Fcompliance%2Fccpa&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GuseyvaData20-33\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GuseyvaData20_33-0\">33.0<\/a><\/sup> <sup><a href=\"#cite_ref-GuseyvaData20_33-1\">33.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Guseyva, V. (18 September 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/incountry.com\/blog\/data-residency-laws-by-country-overview\/\" target=\"_blank\">\"Data residency laws by country: An overview\"<\/a>. <i>InCountry<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/incountry.com\/blog\/data-residency-laws-by-country-overview\/\" target=\"_blank\">https:\/\/incountry.com\/blog\/data-residency-laws-by-country-overview\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Data+residency+laws+by+country%3A+An+overview&rft.atitle=InCountry&rft.aulast=Guseyva%2C+V.&rft.au=Guseyva%2C+V.&rft.date=18+September+2020&rft_id=https%3A%2F%2Fincountry.com%2Fblog%2Fdata-residency-laws-by-country-overview%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleUKCloud-34\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GoogleUKCloud_34-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/ncsc-uk\" target=\"_blank\">\"NCSC - Cloud Security (UK)\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/security\/compliance\/ncsc-uk\" target=\"_blank\">https:\/\/cloud.google.com\/security\/compliance\/ncsc-uk<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=NCSC+-+Cloud+Security+%28UK%29&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fsecurity%2Fcompliance%2Fncsc-uk&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PAWhatIs21-35\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PAWhatIs21_35-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/difference-between-fisma-and-fedramp\" target=\"_blank\">\"What is the Difference between FISMA and FedRAMP?\"<\/a>. PaloAlto Networks. 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/difference-between-fisma-and-fedramp\" target=\"_blank\">https:\/\/www.paloaltonetworks.com\/cyberpedia\/difference-between-fisma-and-fedramp<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+the+Difference+between+FISMA+and+FedRAMP%3F&rft.atitle=&rft.date=2021&rft.pub=PaloAlto+Networks&rft_id=https%3A%2F%2Fwww.paloaltonetworks.com%2Fcyberpedia%2Fdifference-between-fisma-and-fedramp&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleGDPR-36\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GoogleGDPR_36-0\">36.0<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleGDPR_36-1\">36.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/privacy\/gdpr\" target=\"_blank\">\"Google Cloud & the General Data Protection Regulation (GDPR)\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/privacy\/gdpr\" target=\"_blank\">https:\/\/cloud.google.com\/privacy\/gdpr<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+Cloud+%26+the+General+Data+Protection+Regulation+%28GDPR%29&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fprivacy%2Fgdpr&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GoogleBaFinCloud-37\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GoogleBaFinCloud_37-0\">37.0<\/a><\/sup> <sup><a href=\"#cite_ref-GoogleBaFinCloud_37-1\">37.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/cloud.google.com\/security\/compliance\/bafin\" target=\"_blank\">\"BaFin Cloud Outsourcing Guidance\"<\/a>. Google Cloud<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/cloud.google.com\/security\/compliance\/bafin\" target=\"_blank\">https:\/\/cloud.google.com\/security\/compliance\/bafin<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=BaFin+Cloud+Outsourcing+Guidance&rft.atitle=&rft.pub=Google+Cloud&rft_id=https%3A%2F%2Fcloud.google.com%2Fsecurity%2Fcompliance%2Fbafin&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HHSGuidance20-38\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-HHSGuidance20_38-0\">38.0<\/a><\/sup> <sup><a href=\"#cite_ref-HHSGuidance20_38-1\">38.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Office for Civil Rights (23 December 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html\" target=\"_blank\">\"Guidance on HIPAA & Cloud Computing\"<\/a>. <i>Health Information Privacy<\/i>. U.S. Department of Health & Human Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html\" target=\"_blank\">https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/health-information-technology\/cloud-computing\/index.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Guidance+on+HIPAA+%26+Cloud+Computing&rft.atitle=Health+Information+Privacy&rft.aulast=Office+for+Civil+Rights&rft.au=Office+for+Civil+Rights&rft.date=23+December+2022&rft.pub=U.S.+Department+of+Health+%26+Human+Services&rft_id=https%3A%2F%2Fwww.hhs.gov%2Fhipaa%2Ffor-professionals%2Fspecial-topics%2Fhealth-information-technology%2Fcloud-computing%2Findex.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FFIECJoint20-39\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FFIECJoint20_39-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ffiec.gov\/press\/PDF\/FFIEC_Cloud_Computing_Statement.pdf\" target=\"_blank\">\"Joint Statement: Security in a Cloud Computing Environment\"<\/a> (PDF). 30 April 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ffiec.gov\/press\/PDF\/FFIEC_Cloud_Computing_Statement.pdf\" target=\"_blank\">https:\/\/www.ffiec.gov\/press\/PDF\/FFIEC_Cloud_Computing_Statement.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Joint+Statement%3A+Security+in+a+Cloud+Computing+Environment&rft.atitle=&rft.date=30+April+2020&rft_id=https%3A%2F%2Fwww.ffiec.gov%2Fpress%2FPDF%2FFFIEC_Cloud_Computing_Statement.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-RossUS20-40\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-RossUS20_40-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Ross, S.; Scott, K. (6 May 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.regulationtomorrow.com\/us\/us-bank-regulators-issue-cloud-computing-security-guidance\/\" target=\"_blank\">\"US bank regulators issue cloud computing security guidance\"<\/a>. <i>Financial Services: Regulation Tomorrow<\/i>. Norton Rose Fulbright<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.regulationtomorrow.com\/us\/us-bank-regulators-issue-cloud-computing-security-guidance\/\" target=\"_blank\">https:\/\/www.regulationtomorrow.com\/us\/us-bank-regulators-issue-cloud-computing-security-guidance\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=US+bank+regulators+issue+cloud+computing+security+guidance&rft.atitle=Financial+Services%3A+Regulation+Tomorrow&rft.aulast=Ross%2C+S.%3B+Scott%2C+K.&rft.au=Ross%2C+S.%3B+Scott%2C+K.&rft.date=6+May+2020&rft.pub=Norton+Rose+Fulbright&rft_id=https%3A%2F%2Fwww.regulationtomorrow.com%2Fus%2Fus-bank-regulators-issue-cloud-computing-security-guidance%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WHOMBA-130_16-41\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-WHOMBA-130_16_41-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/obamawhitehouse.archives.gov\/sites\/default\/files\/omb\/assets\/OMB\/circulars\/a130\/a130revised.pdf\" target=\"_blank\">\"OMB Circular A-130, Managing Information as a Strategic Resource\"<\/a> (PDF). The White House. 28 July 2016<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/obamawhitehouse.archives.gov\/sites\/default\/files\/omb\/assets\/OMB\/circulars\/a130\/a130revised.pdf\" target=\"_blank\">https:\/\/obamawhitehouse.archives.gov\/sites\/default\/files\/omb\/assets\/OMB\/circulars\/a130\/a130revised.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=OMB+Circular+A-130%2C+Managing+Information+as+a+Strategic+Resource&rft.atitle=&rft.date=28+July+2016&rft.pub=The+White+House&rft_id=https%3A%2F%2Fobamawhitehouse.archives.gov%2Fsites%2Fdefault%2Ffiles%2Fomb%2Fassets%2FOMB%2Fcirculars%2Fa130%2Fa130revised.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CoosAllYou20-42\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CoosAllYou20_42-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Coos, A. (30 April 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.endpointprotector.com\/blog\/everything-you-need-to-know-about-turkeys-personal-data-protection-law\/\" target=\"_blank\">\"All You Need to Know About Turkey\u2019s Personal Data Protection Law (KVKK)\"<\/a>. <i>Endpoint Protector Blog<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.endpointprotector.com\/blog\/everything-you-need-to-know-about-turkeys-personal-data-protection-law\/\" target=\"_blank\">https:\/\/www.endpointprotector.com\/blog\/everything-you-need-to-know-about-turkeys-personal-data-protection-law\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=All+You+Need+to+Know+About+Turkey%E2%80%99s+Personal+Data+Protection+Law+%28KVKK%29&rft.atitle=Endpoint+Protector+Blog&rft.aulast=Coos%2C+A.&rft.au=Coos%2C+A.&rft.date=30+April+2020&rft_id=https%3A%2F%2Fwww.endpointprotector.com%2Fblog%2Feverything-you-need-to-know-about-turkeys-personal-data-protection-law%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ErsoyCloud20-43\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ErsoyCloud20_43-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Ersoy, E.C.; Karaka\u015f, M. (19 June 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.kilinclaw.com.tr\/en\/cloud-computing-technologies-and-its-legal-dimension\/\" target=\"_blank\">\"Cloud Computing Technologies and Its Legal Dimension\"<\/a>. K\u0131l\u0131n\u00e7 Law and Consulting<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.kilinclaw.com.tr\/en\/cloud-computing-technologies-and-its-legal-dimension\/\" target=\"_blank\">https:\/\/www.kilinclaw.com.tr\/en\/cloud-computing-technologies-and-its-legal-dimension\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Computing+Technologies+and+Its+Legal+Dimension&rft.atitle=&rft.aulast=Ersoy%2C+E.C.%3B+Karaka%C5%9F%2C+M.&rft.au=Ersoy%2C+E.C.%3B+Karaka%C5%9F%2C+M.&rft.date=19+June+2020&rft.pub=K%C4%B1l%C4%B1n%C3%A7+Law+and+Consulting&rft_id=https%3A%2F%2Fwww.kilinclaw.com.tr%2Fen%2Fcloud-computing-technologies-and-its-legal-dimension%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AGProtect-44\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AGProtect_44-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.protectivesecurity.gov.au\/\" target=\"_blank\">\"The Protective Security Policy Framework\"<\/a>. Australian Government<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.protectivesecurity.gov.au\/\" target=\"_blank\">https:\/\/www.protectivesecurity.gov.au\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+Protective+Security+Policy+Framework&rft.atitle=&rft.pub=Australian+Government&rft_id=https%3A%2F%2Fwww.protectivesecurity.gov.au%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AlpernMicro10-45\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AlpernMicro10_45-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Alpern, P. (10 February 2010). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.industryweek.com\/innovation\/article\/21932894\/microsoft-to-congress-time-for-new-cloud-computing-laws\" target=\"_blank\">\"Microsoft to Congress: Time For New Cloud Computing Laws\"<\/a>. <i>IndustryWeek<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.industryweek.com\/innovation\/article\/21932894\/microsoft-to-congress-time-for-new-cloud-computing-laws\" target=\"_blank\">https:\/\/www.industryweek.com\/innovation\/article\/21932894\/microsoft-to-congress-time-for-new-cloud-computing-laws<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Microsoft+to+Congress%3A+Time+For+New+Cloud+Computing+Laws&rft.atitle=IndustryWeek&rft.aulast=Alpern%2C+P.&rft.au=Alpern%2C+P.&rft.date=10+February+2010&rft_id=https%3A%2F%2Fwww.industryweek.com%2Finnovation%2Farticle%2F21932894%2Fmicrosoft-to-congress-time-for-new-cloud-computing-laws&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LeviteCloud20-46\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-LeviteCloud20_46-0\">46.0<\/a><\/sup> <sup><a href=\"#cite_ref-LeviteCloud20_46-1\">46.1<\/a><\/sup> <sup><a href=\"#cite_ref-LeviteCloud20_46-2\">46.2<\/a><\/sup> <sup><a href=\"#cite_ref-LeviteCloud20_46-3\">46.3<\/a><\/sup> <sup><a href=\"#cite_ref-LeviteCloud20_46-4\">46.4<\/a><\/sup> <sup><a href=\"#cite_ref-LeviteCloud20_46-5\">46.5<\/a><\/sup> <sup><a href=\"#cite_ref-LeviteCloud20_46-6\">46.6<\/a><\/sup> <sup><a href=\"#cite_ref-LeviteCloud20_46-7\">46.7<\/a><\/sup> <sup><a href=\"#cite_ref-LeviteCloud20_46-8\">46.8<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Levite, A.; Kalwani, G. (9 November 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124\" target=\"_blank\">\"Cloud Governance Challenges: A Survey of Policy and Regulatory Issues\"<\/a>. Carnegie Endowment for International Peace<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124\" target=\"_blank\">https:\/\/carnegieendowment.org\/2020\/11\/09\/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Governance+Challenges%3A+A+Survey+of+Policy+and+Regulatory+Issues&rft.atitle=&rft.aulast=Levite%2C+A.%3B+Kalwani%2C+G.&rft.au=Levite%2C+A.%3B+Kalwani%2C+G.&rft.date=9+November+2020&rft.pub=Carnegie+Endowment+for+International+Peace&rft_id=https%3A%2F%2Fcarnegieendowment.org%2F2020%2F11%2F09%2Fcloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AliTheRole20-47\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AliTheRole20_47-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Ali, O.; Osmanaj, V. (2020). \"The role of government regulations in the adoption of cloud computing: A case study of local government\". <i>Computer Law & Security Review<\/i> <b>36<\/b>: 105396. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1016%2Fj.clsr.2020.105396\" target=\"_blank\">10.1016\/j.clsr.2020.105396<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=The+role+of+government+regulations+in+the+adoption+of+cloud+computing%3A+A+case+study+of+local+government&rft.jtitle=Computer+Law+%26+Security+Review&rft.aulast=Ali%2C+O.%3B+Osmanaj%2C+V.&rft.au=Ali%2C+O.%3B+Osmanaj%2C+V.&rft.date=2020&rft.volume=36&rft.pages=105396&rft_id=info:doi\/10.1016%2Fj.clsr.2020.105396&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ZuoCritical23-48\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-ZuoCritical23_48-0\">48.0<\/a><\/sup> <sup><a href=\"#cite_ref-ZuoCritical23_48-1\">48.1<\/a><\/sup> <sup><a href=\"#cite_ref-ZuoCritical23_48-2\">48.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Zuo, T.; Sherman, J.; Hamin, M. et al. (10 July 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/dfrlab.org\/2023\/07\/10\/critical-infrastructure-and-the-cloud-policy-for-emerging-risk\/\" target=\"_blank\">\"Critical Infrastructure and the Cloud: Policy for Emerging Risk\"<\/a>. <i>DFRLab<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/dfrlab.org\/2023\/07\/10\/critical-infrastructure-and-the-cloud-policy-for-emerging-risk\/\" target=\"_blank\">https:\/\/dfrlab.org\/2023\/07\/10\/critical-infrastructure-and-the-cloud-policy-for-emerging-risk\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Critical+Infrastructure+and+the+Cloud%3A+Policy+for+Emerging+Risk&rft.atitle=DFRLab&rft.aulast=Zuo%2C+T.%3B+Sherman%2C+J.%3B+Hamin%2C+M.+et+al.&rft.au=Zuo%2C+T.%3B+Sherman%2C+J.%3B+Hamin%2C+M.+et+al.&rft.date=10+July+2023&rft_id=https%3A%2F%2Fdfrlab.org%2F2023%2F07%2F10%2Fcritical-infrastructure-and-the-cloud-policy-for-emerging-risk%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MitnickNoMore18-49\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MitnickNoMore18_49-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mitnick, D. (10 April 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.accessnow.org\/no-more-waiting-its-time-for-a-federal-data-breach-law-in-the-u-s\/\" target=\"_blank\">\"No more waiting: It\u2019s time for a federal data breach law in the U.S.\"<\/a>. <i>Access Now Blog<\/i>. Access Now<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.accessnow.org\/no-more-waiting-its-time-for-a-federal-data-breach-law-in-the-u-s\/\" target=\"_blank\">https:\/\/www.accessnow.org\/no-more-waiting-its-time-for-a-federal-data-breach-law-in-the-u-s\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=No+more+waiting%3A+It%E2%80%99s+time+for+a+federal+data+breach+law+in+the+U.S.&rft.atitle=Access+Now+Blog&rft.aulast=Mitnick%2C+D.&rft.au=Mitnick%2C+D.&rft.date=10+April+2018&rft.pub=Access+Now&rft_id=https%3A%2F%2Fwww.accessnow.org%2Fno-more-waiting-its-time-for-a-federal-data-breach-law-in-the-u-s%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-NCSLSecurity20-50\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-NCSLSecurity20_50-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ncsl.org\/technology-and-communication\/security-breach-notification-laws\" target=\"_blank\">\"Security Breach Notification Laws\"<\/a>. National Conference of State Legislatures. 17 January 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ncsl.org\/technology-and-communication\/security-breach-notification-laws\" target=\"_blank\">https:\/\/www.ncsl.org\/technology-and-communication\/security-breach-notification-laws<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Security+Breach+Notification+Laws&rft.atitle=&rft.date=17+January+2022&rft.pub=National+Conference+of+State+Legislatures&rft_id=https%3A%2F%2Fwww.ncsl.org%2Ftechnology-and-communication%2Fsecurity-breach-notification-laws&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-RGExpansive22-51\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-RGExpansive22_51-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ropesgray.com\/en\/newsroom\/alerts\/2022\/march\/expansive-federal-breach-reporting-requirement-becomes-law\" target=\"_blank\">\"Expansive Federal Breach Reporting Requirement Becomes Law\"<\/a>. Ropes & Gray. 22 March 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ropesgray.com\/en\/newsroom\/alerts\/2022\/march\/expansive-federal-breach-reporting-requirement-becomes-law\" target=\"_blank\">https:\/\/www.ropesgray.com\/en\/newsroom\/alerts\/2022\/march\/expansive-federal-breach-reporting-requirement-becomes-law<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Expansive+Federal+Breach+Reporting+Requirement+Becomes+Law&rft.atitle=&rft.date=22+March+2022&rft.pub=Ropes+%26+Gray&rft_id=https%3A%2F%2Fwww.ropesgray.com%2Fen%2Fnewsroom%2Falerts%2F2022%2Fmarch%2Fexpansive-federal-breach-reporting-requirement-becomes-law&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Blair-FrasierExperts23-52\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Blair-FrasierExperts23_52-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Blair-Frasier, R. (31 March 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20230331233533\/https:\/\/www.securitymagazine.com\/articles\/99138-experts-weigh-in-on-circia-one-year-later\" target=\"_blank\">\"Experts weigh in on CIRCIA one year later\"<\/a>. <i>Security Magazine<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.securitymagazine.com\/articles\/99138-experts-weigh-in-on-circia-one-year-later\" target=\"_blank\">the original<\/a> on 31 March 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20230331233533\/https:\/\/www.securitymagazine.com\/articles\/99138-experts-weigh-in-on-circia-one-year-later\" target=\"_blank\">https:\/\/web.archive.org\/web\/20230331233533\/https:\/\/www.securitymagazine.com\/articles\/99138-experts-weigh-in-on-circia-one-year-later<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Experts+weigh+in+on+CIRCIA+one+year+later&rft.atitle=Security+Magazine&rft.aulast=Blair-Frasier%2C+R.&rft.au=Blair-Frasier%2C+R.&rft.date=31+March+2023&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20230331233533%2Fhttps%3A%2F%2Fwww.securitymagazine.com%2Farticles%2F99138-experts-weigh-in-on-circia-one-year-later&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BrandomTrump20-53\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BrandomTrump20_53-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Brandom, R. (2 September 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.theverge.com\/2020\/9\/2\/21418496\/tiktok-for-you-page-algorithm-deal-us-china-trump-microsoft\" target=\"_blank\">\"Trump\u2019s TikTok deal has hit a serious roadblock\"<\/a>. <i>The Verge<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.theverge.com\/2020\/9\/2\/21418496\/tiktok-for-you-page-algorithm-deal-us-china-trump-microsoft\" target=\"_blank\">https:\/\/www.theverge.com\/2020\/9\/2\/21418496\/tiktok-for-you-page-algorithm-deal-us-china-trump-microsoft<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Trump%E2%80%99s+TikTok+deal+has+hit+a+serious+roadblock&rft.atitle=The+Verge&rft.aulast=Brandom%2C+R.&rft.au=Brandom%2C+R.&rft.date=2+September+2020&rft_id=https%3A%2F%2Fwww.theverge.com%2F2020%2F9%2F2%2F21418496%2Ftiktok-for-you-page-algorithm-deal-us-china-trump-microsoft&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CoxOracle21-54\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CoxOracle21_54-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Cox, K. (10 February 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/arstechnica.com\/tech-policy\/2021\/02\/oracles-tiktok-acquisition-reportedly-shelved-indefinitely\/\" target=\"_blank\">\"Oracle\u2019s TikTok acquisition reportedly \u201cshelved\u201d indefinitely\"<\/a>. <i>Ars Technica<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/arstechnica.com\/tech-policy\/2021\/02\/oracles-tiktok-acquisition-reportedly-shelved-indefinitely\/\" target=\"_blank\">https:\/\/arstechnica.com\/tech-policy\/2021\/02\/oracles-tiktok-acquisition-reportedly-shelved-indefinitely\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Oracle%E2%80%99s+TikTok+acquisition+reportedly+%E2%80%9Cshelved%E2%80%9D+indefinitely&rft.atitle=Ars+Technica&rft.aulast=Cox%2C+K.&rft.au=Cox%2C+K.&rft.date=10+February+2021&rft_id=https%3A%2F%2Farstechnica.com%2Ftech-policy%2F2021%2F02%2Foracles-tiktok-acquisition-reportedly-shelved-indefinitely%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EusticeUnder18-55\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-EusticeUnder18_55-0\">55.0<\/a><\/sup> <sup><a href=\"#cite_ref-EusticeUnder18_55-1\">55.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Eustice, J.C. (2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">\"Understand the intersection between data privacy laws and cloud computing\"<\/a>. <i>Legal Technology, Products, and Services<\/i>. Thomson Reuters<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing\" target=\"_blank\">https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/understanding-data-privacy-and-cloud-computing<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Understand+the+intersection+between+data+privacy+laws+and+cloud+computing&rft.atitle=Legal+Technology%2C+Products%2C+and+Services&rft.aulast=Eustice%2C+J.C.&rft.au=Eustice%2C+J.C.&rft.date=2018&rft.pub=Thomson+Reuters&rft_id=https%3A%2F%2Flegal.thomsonreuters.com%2Fen%2Finsights%2Farticles%2Funderstanding-data-privacy-and-cloud-computing&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205729\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.400 seconds\nReal time usage: 0.417 seconds\nPreprocessor visited node count: 35698\/1000000\nPost\u2010expand include size: 282061\/2097152 bytes\nTemplate argument size: 93739\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 88051\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 376.772 1 -total\n 91.40% 344.357 1 Template:Reflist\n 77.06% 290.323 54 Template:Cite_web\n 75.43% 284.184 55 Template:Citation\/core\n 12.40% 46.732 32 Template:Date\n 8.57% 32.307 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\n 4.53% 17.066 1 Template:Cite_journal\n 4.23% 15.924 74 Template:Citation\/make_link\n 2.06% 7.753 1 Template:Citation\/identifier\n 0.62% 2.324 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13040-0!canonical and timestamp 20230816205728 and revision id 46389. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","02f10c1b263da2845885019939f8c31c_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/5\/5b\/NIST_Cloud_Computing_Security_Reference_Architecture_%289029002396%29.jpg"],"02f10c1b263da2845885019939f8c31c_timestamp":1692220359,"d6f2bfcbe7b23469e6f8c92f1c453787_type":"article","d6f2bfcbe7b23469e6f8c92f1c453787_title":"1.3 The relationship between cloud computing and the open source paradigm","d6f2bfcbe7b23469e6f8c92f1c453787_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm","d6f2bfcbe7b23469e6f8c92f1c453787_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/What is cloud computing?\/The relationship between cloud computing and the open source paradigmFrom LIMSWikiJump to navigationJump to search1.3 The relationship between cloud computing and the open source paradigm \nCloud computing is built on a wide array of technologies and utilities, including many built on the open source paradigm. According to the Open Source Initiative, open-source software, hardware, etc. is open-source not only because of its implied open access to how it's constructed (e.g., source code, schematics) but also for a number of other reasons[1]:\n\nIt should be without restriction in how it is \"distributed\" or used within an aggregate software distribution of many components.\nIt should allow derivatives and modifications under the same terms as the original license, and that license should be portable with the derived or modified item.\nIt should permit distribution of software, hardware, etc. built from modified source code or schematics.\nIt should be without restriction in what person, organization, business, etc. is permitted to use it.\nIts license should not place restrictions on other software or hardware schematics distributed with the original item.\nIts license should not place technology-specific restriction on how the item is implemented.\nLicenses vary widely from product to product, but broadly speaking, this all means if a commercial venture wants to run a significant chunk of its cloud operations on open-source technologies, it should be able to do so, as long as all license requirements are met. This same principle can be seen in early pushes for \"open cloud,\" which emphasizes the need for \"interoperability and portability across different clouds\" through principles similar to the Open Source Initiative.[2]\nOne need look no further than to Linux, a family of open-source operating systems, to discover how open-source solutions have gained prevalence in cloud computing and other enterprises. More than 95 percent of the top one million web domains are served up using Linux-based servers.[3] In 2019, 96.3 percent of the top one billion enterprise business servers were running on Linux.[4] And Canonical's open-source Ubuntu Linux distribution has garnered a growing reputation in cloud computing and other enterprise scenarios due to its focus on security.[5]\nIn fact, Microsoft shifted its formerly anti-Linux stance in the mid-2010s to a stronger embrace of the open-source OS. In 2014, it began offering several Linux distributions in its Azure public cloud platform and infrastructure and announced it would make server-side .NET open-source, while also adding Linux support to its SQL Server and joining the Linux Foundation in 2016.[6][7][8] Why the philosophy change? As Microsoft's Database Systems Manager Rohan Kumar put it in 2016: \"In the messy, real world of enterprise IT, hybrid shops are the norm and customers don't need or want vendors to force their hands when it comes to operating systems. Serving these customers means giving them flexibility.\"[6] That flexibility expanded to open sourcing SONiC, its network operating system, in 2017 and PowerShell, it's task automation and configuration tool, in 2018. Microsoft's Teams client was made available for Linux in 2019[8], and other elements of Microsoft Windows continue to see increased compatibility with Linux distributions such as Ubuntu.[9]\nOthers in Big Tech have also made contributions to open-source cloud-based technologies. Take for example Kubernetes, originally a Google project that eventually was open-sourced in 2014.[10] The open-source container management tool soon after was donated to the Cloud Native Computing Foundation (CNCF) run by the Linux Foundation, \"to help facilitate collaboration among developers and operators on common technologies for deploying cloud native applications and services.\"[11] Since then, Kubernetes has become an integral part of many a cloud infrastructure due to its ability to provide lightweight, portable containerization\u2014a complete runtime environment\u2014to a bundle of applications run in the cloud. The software also manages resource scaling for applications, manages underlying infrastructure deployment, and allows for automatically mounting local and cloud storages.[12] The open-source nature of the code also allows an organization's developers to review Kubernetes\u2019 code to ensure it's meeting security policies and regulations, as well as make their own tweaks as needed.[13] Writing for Hewlett Packard in 2020, entrepreneur Matt Sarrel estimated that some 70 to 85 percent of containerized applications are doing it on top of some version of Kubernetes.[13]\nFinally, other open-source software tools complement cloud computing efforts. For example, applications like Apache CloudStack, Cloudify, ManageIQ, and OpenStack put open-source cloud management in the hands of a cloud-ops team.[14] Eucalyptus is \"open-source software for building AWS-compatible private and hybrid clouds.\"[15] Keylime is a security tool that allows users \"to check for themselves that the cloud storing their data is as secure as the cloud computer owners say it is.\"[16] Rook is a \"cloud-native storage orchestrator\" that provides a variety of storage management tools to allow cloud developers to \"natively integrate with cloud-native environments.\"[17] And the OpenStack project, with its collection of software components enabling cloud infrastructure, can't be forgotten.[18] These and other open-source tools continue to drive how cloud computing is implemented, managed, and monitored, while highlighting the importance of the open source paradigm to cloud computing.\n\nReferences \n\n\n\u2191 \"The Open Source Definition, Version 1.9\". Open Source Initiative. 3 June 2007. https:\/\/opensource.org\/osd\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Olavsrud, T. (13 April 2012). \"Why Open Source Is the Key to Cloud Innovation\". CIO. https:\/\/www.cio.com\/article\/284247\/software-as-a-service-why-open-source-is-the-key-to-cloud-innovation.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Price, D. (27 March 2018). \"The True Market Shares of Windows vs. Linux Compared\". MakeUseOf. https:\/\/www.makeuseof.com\/tag\/linux-market-share\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Linux Operating System Market Size, Share & Covid-19 Impact Analysis, By Distribution (Virtual Machines, Servers and Desktops), By End-use (Commercial\/Enterprise and Individual), and Regional Forecast, 2020-2027\". Fortune Business Insights. June 2020. https:\/\/www.fortunebusinessinsights.com\/linux-operating-system-market-103037 . Retrieved 28 July 2023 .   \n \n\n\u2191 Burt, J. (23 April 2020). \"Locking Down Linux for the Enterprise\". The Next Platform. https:\/\/www.nextplatform.com\/2020\/04\/23\/locking-down-linux-for-the-enterprise\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 6.0 6.1 Olavsrud, T. (21 November 2016). \"Microsoft embraces open source in the cloud and on-premises\". CIO. https:\/\/www.cio.com\/article\/236651\/microsoft-embraces-open-source-in-the-cloud-and-on-premises.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Ibanez, L. (19 November 2014). \"Microsoft gets on board with open source\". OpenSource.com. https:\/\/opensource.com\/business\/14\/11\/microsoft-dot-net-empower-open-source-communities . Retrieved 28 July 2023 .   \n \n\n\u2191 8.0 8.1 Branscombe, M. (2 December 2020). \"What is Microsoft doing with Linux? Everything you need to know about its plans for open source\". TechRepublic. https:\/\/www.techrepublic.com\/article\/what-is-microsoft-doing-with-linux-everything-you-need-to-know-about-its-plans-for-open-source\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Barnes, H. (11 October 2020). \"No, Microsoft is not rebasing Windows to Linux\". Box of Cables. https:\/\/boxofcables.dev\/no-microsoft-is-not-rebasing-windows-to-linux\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Metz, C. (18 June 2014). \"Google Open Sources Its Secret Weapon in Cloud Computing\". Wired. https:\/\/www.wired.com\/2014\/06\/google-kubernetes\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Lardinois, F. (21 July 2015). \"As Kubernetes Hits 1.0, Google Donates Technology To Newly Formed Cloud Native Computing Foundation\". Tech Crunch. https:\/\/techcrunch.com\/2015\/07\/21\/as-kubernetes-hits-1-0-google-donates-technology-to-newly-formed-cloud-native-computing-foundation-with-ibm-intel-twitter-and-others\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 The Linux Foundation (3 January 2023). \"Overview\". Kubernetes Documentation. https:\/\/kubernetes.io\/docs\/concepts\/overview\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 13.0 13.1 Sarrel, M. (4 February 2020). \"Why cloud-native open source Kubernetes matters\". enterprise.nxt. Hewlett Packard Enterprise. Archived from the original on 18 December 2022. https:\/\/web.archive.org\/web\/20221218143215\/https:\/\/www.hpe.com\/us\/en\/insights\/articles\/why-cloud-native-open-source-kubernetes-matters-2002.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Linthicum, D. (2020). \"4 essential open-source tools for cloud management\". TechBeacon. https:\/\/techbeacon.com\/enterprise-it\/4-essential-open-source-tools-cloud-management . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Eucalyptus\". Appscale Systems. https:\/\/www.eucalyptus.cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Millar, M. (27 August 2019). \"Laboratory staff develop new cybersecurity solutions for cloud computing\". Lincoln Laboratory - MIT. https:\/\/www.ll.mit.edu\/news\/laboratory-staff-develop-new-cybersecurity-solutions-cloud-computing . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Deploying highly scalable cloud storage with Rook, Part 1 (Ceph Storage)\". GCore. 27 March 2023. https:\/\/gcore.com\/learning\/deploying-highly-scalable-cloud-storage-with-rook-part-1-ceph-storage\/ . Retrieved 14 August 2023 .   \n \n\n\u2191 \"OpenStack\". Open Infrastructure Foundation. https:\/\/www.openstack.org\/ . Retrieved 28 July 2023 .   \n \n\n\n\r\n\n\n-----Go to the next chapter of this guide-----\nCitation information for this chapter \nChapter: 1. What is cloud computing?\nTitle: Choosing and Implementing a Cloud-based Service for Your Laboratory\nEdition: Second edition\nAuthor for citation: Shawn E. Douglas\nLicense for content: Creative Commons Attribution-ShareAlike 4.0 International\nPublication date: August 2023\n\r\n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 16 August 2023, at 21:07.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 320 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","d6f2bfcbe7b23469e6f8c92f1c453787_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_What_is_cloud_computing_The_relationship_between_cloud_computing_and_the_open_source_paradigm rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_What_is_cloud_computing_The_relationship_between_cloud_computing_and_the_open_source_paradigm skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/What is cloud computing?\/The relationship between cloud computing and the open source paradigm<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><h3><span class=\"mw-headline\" id=\"1.3_The_relationship_between_cloud_computing_and_the_open_source_paradigm\">1.3 The relationship between cloud computing and the open source paradigm<\/span><\/h3>\n<p>Cloud computing is built on a wide array of technologies and utilities, including many built on the open source paradigm. According to the Open Source Initiative, open-source software, hardware, etc. is open-source not only because of its implied open access to how it's constructed (e.g., source code, schematics) but also for a number of other reasons<sup id=\"rdp-ebb-cite_ref-OSITheOpen07_1-0\" class=\"reference\"><a href=\"#cite_note-OSITheOpen07-1\">[1]<\/a><\/sup>:\n<\/p>\n<ul><li>It should be without restriction in how it is \"distributed\" or used within an aggregate software distribution of many components.<\/li>\n<li>It should allow derivatives and modifications under the same terms as the original license, and that license should be portable with the derived or modified item.<\/li>\n<li>It should permit distribution of software, hardware, etc. built from modified source code or schematics.<\/li>\n<li>It should be without restriction in what person, organization, business, etc. is permitted to use it.<\/li>\n<li>Its license should not place restrictions on other software or hardware schematics distributed with the original item.<\/li>\n<li>Its license should not place technology-specific restriction on how the item is implemented.<\/li><\/ul>\n<p>Licenses vary widely from product to product, but broadly speaking, this all means if a commercial venture wants to run a significant chunk of its cloud operations on open-source technologies, it should be able to do so, as long as all license requirements are met. This same principle can be seen in early pushes for \"open cloud,\" which emphasizes the need for \"interoperability and portability across different clouds\" through principles similar to the Open Source Initiative.<sup id=\"rdp-ebb-cite_ref-OlavsrudWhyOpen12_2-0\" class=\"reference\"><a href=\"#cite_note-OlavsrudWhyOpen12-2\">[2]<\/a><\/sup>\n<\/p><p>One need look no further than to Linux, a family of open-source operating systems, to discover how open-source solutions have gained prevalence in cloud computing and other enterprises. More than 95 percent of the top one million web domains are served up using Linux-based servers.<sup id=\"rdp-ebb-cite_ref-PriceTheTrue18_3-0\" class=\"reference\"><a href=\"#cite_note-PriceTheTrue18-3\">[3]<\/a><\/sup> In 2019, 96.3 percent of the top one billion enterprise business servers were running on Linux.<sup id=\"rdp-ebb-cite_ref-FBILinux20_4-0\" class=\"reference\"><a href=\"#cite_note-FBILinux20-4\">[4]<\/a><\/sup> And Canonical's open-source Ubuntu Linux distribution has garnered a growing reputation in cloud computing and other enterprise scenarios due to its focus on security.<sup id=\"rdp-ebb-cite_ref-BurtLocking20_5-0\" class=\"reference\"><a href=\"#cite_note-BurtLocking20-5\">[5]<\/a><\/sup>\n<\/p><p>In fact, Microsoft shifted its formerly anti-Linux stance in the mid-2010s to a stronger embrace of the open-source OS. In 2014, it began offering several Linux distributions in its Azure public cloud platform and infrastructure and announced it would make server-side .NET open-source, while also adding Linux support to its SQL Server and joining the Linux Foundation in 2016.<sup id=\"rdp-ebb-cite_ref-OlavsrudMicrosoft16_6-0\" class=\"reference\"><a href=\"#cite_note-OlavsrudMicrosoft16-6\">[6]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-IbanezMicro14_7-0\" class=\"reference\"><a href=\"#cite_note-IbanezMicro14-7\">[7]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-BranscombeWhat20_8-0\" class=\"reference\"><a href=\"#cite_note-BranscombeWhat20-8\">[8]<\/a><\/sup> Why the philosophy change? As Microsoft's Database Systems Manager Rohan Kumar put it in 2016: \"In the messy, real world of enterprise IT, hybrid shops are the norm and customers don't need or want vendors to force their hands when it comes to operating systems. Serving these customers means giving them flexibility.\"<sup id=\"rdp-ebb-cite_ref-OlavsrudMicrosoft16_6-1\" class=\"reference\"><a href=\"#cite_note-OlavsrudMicrosoft16-6\">[6]<\/a><\/sup> That flexibility expanded to open sourcing SONiC, its network operating system, in 2017 and PowerShell, it's task automation and configuration tool, in 2018. Microsoft's Teams client was made available for Linux in 2019<sup id=\"rdp-ebb-cite_ref-BranscombeWhat20_8-1\" class=\"reference\"><a href=\"#cite_note-BranscombeWhat20-8\">[8]<\/a><\/sup>, and other elements of Microsoft Windows continue to see increased compatibility with Linux distributions such as Ubuntu.<sup id=\"rdp-ebb-cite_ref-BarnesNoMicro20_9-0\" class=\"reference\"><a href=\"#cite_note-BarnesNoMicro20-9\">[9]<\/a><\/sup>\n<\/p><p>Others in Big Tech have also made contributions to open-source cloud-based technologies. Take for example Kubernetes, originally a Google project that eventually was open-sourced in 2014.<sup id=\"rdp-ebb-cite_ref-MetzGoogle14_10-0\" class=\"reference\"><a href=\"#cite_note-MetzGoogle14-10\">[10]<\/a><\/sup> The open-source container management tool soon after was donated to the Cloud Native Computing Foundation (CNCF) run by the Linux Foundation, \"to help facilitate collaboration among developers and operators on common technologies for deploying cloud native applications and services.\"<sup id=\"rdp-ebb-cite_ref-LardinoisAsKub15_11-0\" class=\"reference\"><a href=\"#cite_note-LardinoisAsKub15-11\">[11]<\/a><\/sup> Since then, Kubernetes has become an integral part of many a cloud infrastructure due to its ability to provide lightweight, portable containerization\u2014a complete runtime environment\u2014to a bundle of applications run in the cloud. The software also manages resource scaling for applications, manages underlying infrastructure deployment, and allows for automatically mounting local and cloud storages.<sup id=\"rdp-ebb-cite_ref-TLFKubernetesAbout21_12-0\" class=\"reference\"><a href=\"#cite_note-TLFKubernetesAbout21-12\">[12]<\/a><\/sup> The open-source nature of the code also allows an organization's developers to review Kubernetes\u2019 code to ensure it's meeting security policies and regulations, as well as make their own tweaks as needed.<sup id=\"rdp-ebb-cite_ref-SarrelWhyCloud20_13-0\" class=\"reference\"><a href=\"#cite_note-SarrelWhyCloud20-13\">[13]<\/a><\/sup> Writing for Hewlett Packard in 2020, entrepreneur Matt Sarrel estimated that some 70 to 85 percent of containerized applications are doing it on top of some version of Kubernetes.<sup id=\"rdp-ebb-cite_ref-SarrelWhyCloud20_13-1\" class=\"reference\"><a href=\"#cite_note-SarrelWhyCloud20-13\">[13]<\/a><\/sup>\n<\/p><p>Finally, other open-source software tools complement cloud computing efforts. For example, applications like Apache CloudStack, Cloudify, ManageIQ, and OpenStack put open-source cloud management in the hands of a cloud-ops team.<sup id=\"rdp-ebb-cite_ref-LinthicumFour20_14-0\" class=\"reference\"><a href=\"#cite_note-LinthicumFour20-14\">[14]<\/a><\/sup> Eucalyptus is \"open-source software for building AWS-compatible private and hybrid clouds.\"<sup id=\"rdp-ebb-cite_ref-EucHome_15-0\" class=\"reference\"><a href=\"#cite_note-EucHome-15\">[15]<\/a><\/sup> Keylime is a security tool that allows users \"to check for themselves that the cloud storing their data is as secure as the cloud computer owners say it is.\"<sup id=\"rdp-ebb-cite_ref-MillarLab19_16-0\" class=\"reference\"><a href=\"#cite_note-MillarLab19-16\">[16]<\/a><\/sup> Rook is a \"cloud-native storage orchestrator\" that provides a variety of storage management tools to allow cloud developers to \"natively integrate with cloud-native environments.\"<sup id=\"rdp-ebb-cite_ref-GCoreDeploy23_17-0\" class=\"reference\"><a href=\"#cite_note-GCoreDeploy23-17\">[17]<\/a><\/sup> And the OpenStack project, with its collection of software components enabling cloud infrastructure, can't be forgotten.<sup id=\"rdp-ebb-cite_ref-OpenStack_18-0\" class=\"reference\"><a href=\"#cite_note-OpenStack-18\">[18]<\/a><\/sup> These and other open-source tools continue to drive how cloud computing is implemented, managed, and monitored, while highlighting the importance of the open source paradigm to cloud computing.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-OSITheOpen07-1\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OSITheOpen07_1-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/opensource.org\/osd\/\" target=\"_blank\">\"The Open Source Definition, Version 1.9\"<\/a>. Open Source Initiative. 3 June 2007<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/opensource.org\/osd\/\" target=\"_blank\">https:\/\/opensource.org\/osd\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+Open+Source+Definition%2C+Version+1.9&rft.atitle=&rft.date=3+June+2007&rft.pub=Open+Source+Initiative&rft_id=https%3A%2F%2Fopensource.org%2Fosd%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OlavsrudWhyOpen12-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OlavsrudWhyOpen12_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Olavsrud, T. (13 April 2012). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cio.com\/article\/284247\/software-as-a-service-why-open-source-is-the-key-to-cloud-innovation.html\" target=\"_blank\">\"Why Open Source Is the Key to Cloud Innovation\"<\/a>. <i>CIO<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cio.com\/article\/284247\/software-as-a-service-why-open-source-is-the-key-to-cloud-innovation.html\" target=\"_blank\">https:\/\/www.cio.com\/article\/284247\/software-as-a-service-why-open-source-is-the-key-to-cloud-innovation.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Why+Open+Source+Is+the+Key+to+Cloud+Innovation&rft.atitle=CIO&rft.aulast=Olavsrud%2C+T.&rft.au=Olavsrud%2C+T.&rft.date=13+April+2012&rft_id=https%3A%2F%2Fwww.cio.com%2Farticle%2F284247%2Fsoftware-as-a-service-why-open-source-is-the-key-to-cloud-innovation.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PriceTheTrue18-3\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PriceTheTrue18_3-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Price, D. (27 March 2018). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.makeuseof.com\/tag\/linux-market-share\/\" target=\"_blank\">\"The True Market Shares of Windows vs. Linux Compared\"<\/a>. <i>MakeUseOf<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.makeuseof.com\/tag\/linux-market-share\/\" target=\"_blank\">https:\/\/www.makeuseof.com\/tag\/linux-market-share\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+True+Market+Shares+of+Windows+vs.+Linux+Compared&rft.atitle=MakeUseOf&rft.aulast=Price%2C+D.&rft.au=Price%2C+D.&rft.date=27+March+2018&rft_id=https%3A%2F%2Fwww.makeuseof.com%2Ftag%2Flinux-market-share%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FBILinux20-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FBILinux20_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.fortunebusinessinsights.com\/linux-operating-system-market-103037\" target=\"_blank\">\"Linux Operating System Market Size, Share & Covid-19 Impact Analysis, By Distribution (Virtual Machines, Servers and Desktops), By End-use (Commercial\/Enterprise and Individual), and Regional Forecast, 2020-2027\"<\/a>. Fortune Business Insights. June 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.fortunebusinessinsights.com\/linux-operating-system-market-103037\" target=\"_blank\">https:\/\/www.fortunebusinessinsights.com\/linux-operating-system-market-103037<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Linux+Operating+System+Market+Size%2C+Share+%26+Covid-19+Impact+Analysis%2C+By+Distribution+%28Virtual+Machines%2C+Servers+and+Desktops%29%2C+By+End-use+%28Commercial%2FEnterprise+and+Individual%29%2C+and+Regional+Forecast%2C+2020-2027&rft.atitle=&rft.date=June+2020&rft.pub=Fortune+Business+Insights&rft_id=https%3A%2F%2Fwww.fortunebusinessinsights.com%2Flinux-operating-system-market-103037&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BurtLocking20-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BurtLocking20_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Burt, J. (23 April 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nextplatform.com\/2020\/04\/23\/locking-down-linux-for-the-enterprise\/\" target=\"_blank\">\"Locking Down Linux for the Enterprise\"<\/a>. <i>The Next Platform<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.nextplatform.com\/2020\/04\/23\/locking-down-linux-for-the-enterprise\/\" target=\"_blank\">https:\/\/www.nextplatform.com\/2020\/04\/23\/locking-down-linux-for-the-enterprise\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Locking+Down+Linux+for+the+Enterprise&rft.atitle=The+Next+Platform&rft.aulast=Burt%2C+J.&rft.au=Burt%2C+J.&rft.date=23+April+2020&rft_id=https%3A%2F%2Fwww.nextplatform.com%2F2020%2F04%2F23%2Flocking-down-linux-for-the-enterprise%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OlavsrudMicrosoft16-6\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-OlavsrudMicrosoft16_6-0\">6.0<\/a><\/sup> <sup><a href=\"#cite_ref-OlavsrudMicrosoft16_6-1\">6.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Olavsrud, T. (21 November 2016). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cio.com\/article\/236651\/microsoft-embraces-open-source-in-the-cloud-and-on-premises.html\" target=\"_blank\">\"Microsoft embraces open source in the cloud and on-premises\"<\/a>. <i>CIO<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cio.com\/article\/236651\/microsoft-embraces-open-source-in-the-cloud-and-on-premises.html\" target=\"_blank\">https:\/\/www.cio.com\/article\/236651\/microsoft-embraces-open-source-in-the-cloud-and-on-premises.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Microsoft+embraces+open+source+in+the+cloud+and+on-premises&rft.atitle=CIO&rft.aulast=Olavsrud%2C+T.&rft.au=Olavsrud%2C+T.&rft.date=21+November+2016&rft_id=https%3A%2F%2Fwww.cio.com%2Farticle%2F236651%2Fmicrosoft-embraces-open-source-in-the-cloud-and-on-premises.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IbanezMicro14-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IbanezMicro14_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Ibanez, L. (19 November 2014). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/opensource.com\/business\/14\/11\/microsoft-dot-net-empower-open-source-communities\" target=\"_blank\">\"Microsoft gets on board with open source\"<\/a>. <i>OpenSource.com<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/opensource.com\/business\/14\/11\/microsoft-dot-net-empower-open-source-communities\" target=\"_blank\">https:\/\/opensource.com\/business\/14\/11\/microsoft-dot-net-empower-open-source-communities<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Microsoft+gets+on+board+with+open+source&rft.atitle=OpenSource.com&rft.aulast=Ibanez%2C+L.&rft.au=Ibanez%2C+L.&rft.date=19+November+2014&rft_id=https%3A%2F%2Fopensource.com%2Fbusiness%2F14%2F11%2Fmicrosoft-dot-net-empower-open-source-communities&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BranscombeWhat20-8\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-BranscombeWhat20_8-0\">8.0<\/a><\/sup> <sup><a href=\"#cite_ref-BranscombeWhat20_8-1\">8.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Branscombe, M. (2 December 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.techrepublic.com\/article\/what-is-microsoft-doing-with-linux-everything-you-need-to-know-about-its-plans-for-open-source\/\" target=\"_blank\">\"What is Microsoft doing with Linux? Everything you need to know about its plans for open source\"<\/a>. <i>TechRepublic<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.techrepublic.com\/article\/what-is-microsoft-doing-with-linux-everything-you-need-to-know-about-its-plans-for-open-source\/\" target=\"_blank\">https:\/\/www.techrepublic.com\/article\/what-is-microsoft-doing-with-linux-everything-you-need-to-know-about-its-plans-for-open-source\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Microsoft+doing+with+Linux%3F+Everything+you+need+to+know+about+its+plans+for+open+source&rft.atitle=TechRepublic&rft.aulast=Branscombe%2C+M.&rft.au=Branscombe%2C+M.&rft.date=2+December+2020&rft_id=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fwhat-is-microsoft-doing-with-linux-everything-you-need-to-know-about-its-plans-for-open-source%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BarnesNoMicro20-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BarnesNoMicro20_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Barnes, H. (11 October 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/boxofcables.dev\/no-microsoft-is-not-rebasing-windows-to-linux\/\" target=\"_blank\">\"No, Microsoft is not rebasing Windows to Linux\"<\/a>. <i>Box of Cables<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/boxofcables.dev\/no-microsoft-is-not-rebasing-windows-to-linux\/\" target=\"_blank\">https:\/\/boxofcables.dev\/no-microsoft-is-not-rebasing-windows-to-linux\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=No%2C+Microsoft+is+not+rebasing+Windows+to+Linux&rft.atitle=Box+of+Cables&rft.aulast=Barnes%2C+H.&rft.au=Barnes%2C+H.&rft.date=11+October+2020&rft_id=https%3A%2F%2Fboxofcables.dev%2Fno-microsoft-is-not-rebasing-windows-to-linux%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MetzGoogle14-10\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MetzGoogle14_10-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Metz, C. (18 June 2014). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.wired.com\/2014\/06\/google-kubernetes\/\" target=\"_blank\">\"Google Open Sources Its Secret Weapon in Cloud Computing\"<\/a>. <i>Wired<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.wired.com\/2014\/06\/google-kubernetes\/\" target=\"_blank\">https:\/\/www.wired.com\/2014\/06\/google-kubernetes\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+Open+Sources+Its+Secret+Weapon+in+Cloud+Computing&rft.atitle=Wired&rft.aulast=Metz%2C+C.&rft.au=Metz%2C+C.&rft.date=18+June+2014&rft_id=https%3A%2F%2Fwww.wired.com%2F2014%2F06%2Fgoogle-kubernetes%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LardinoisAsKub15-11\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LardinoisAsKub15_11-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lardinois, F. (21 July 2015). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/techcrunch.com\/2015\/07\/21\/as-kubernetes-hits-1-0-google-donates-technology-to-newly-formed-cloud-native-computing-foundation-with-ibm-intel-twitter-and-others\/\" target=\"_blank\">\"As Kubernetes Hits 1.0, Google Donates Technology To Newly Formed Cloud Native Computing Foundation\"<\/a>. <i>Tech Crunch<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/techcrunch.com\/2015\/07\/21\/as-kubernetes-hits-1-0-google-donates-technology-to-newly-formed-cloud-native-computing-foundation-with-ibm-intel-twitter-and-others\/\" target=\"_blank\">https:\/\/techcrunch.com\/2015\/07\/21\/as-kubernetes-hits-1-0-google-donates-technology-to-newly-formed-cloud-native-computing-foundation-with-ibm-intel-twitter-and-others\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=As+Kubernetes+Hits+1.0%2C+Google+Donates+Technology+To+Newly+Formed+Cloud+Native+Computing+Foundation&rft.atitle=Tech+Crunch&rft.aulast=Lardinois%2C+F.&rft.au=Lardinois%2C+F.&rft.date=21+July+2015&rft_id=https%3A%2F%2Ftechcrunch.com%2F2015%2F07%2F21%2Fas-kubernetes-hits-1-0-google-donates-technology-to-newly-formed-cloud-native-computing-foundation-with-ibm-intel-twitter-and-others%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TLFKubernetesAbout21-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TLFKubernetesAbout21_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">The Linux Foundation (3 January 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/kubernetes.io\/docs\/concepts\/overview\/\" target=\"_blank\">\"Overview\"<\/a>. <i>Kubernetes Documentation<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/kubernetes.io\/docs\/concepts\/overview\/\" target=\"_blank\">https:\/\/kubernetes.io\/docs\/concepts\/overview\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Overview&rft.atitle=Kubernetes+Documentation&rft.aulast=The+Linux+Foundation&rft.au=The+Linux+Foundation&rft.date=3+January+2023&rft_id=https%3A%2F%2Fkubernetes.io%2Fdocs%2Fconcepts%2Foverview%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SarrelWhyCloud20-13\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-SarrelWhyCloud20_13-0\">13.0<\/a><\/sup> <sup><a href=\"#cite_ref-SarrelWhyCloud20_13-1\">13.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Sarrel, M. (4 February 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20221218143215\/https:\/\/www.hpe.com\/us\/en\/insights\/articles\/why-cloud-native-open-source-kubernetes-matters-2002.html\" target=\"_blank\">\"Why cloud-native open source Kubernetes matters\"<\/a>. <i>enterprise.nxt<\/i>. Hewlett Packard Enterprise. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.hpe.com\/us\/en\/insights\/articles\/why-cloud-native-open-source-kubernetes-matters-2002.html\" target=\"_blank\">the original<\/a> on 18 December 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20221218143215\/https:\/\/www.hpe.com\/us\/en\/insights\/articles\/why-cloud-native-open-source-kubernetes-matters-2002.html\" target=\"_blank\">https:\/\/web.archive.org\/web\/20221218143215\/https:\/\/www.hpe.com\/us\/en\/insights\/articles\/why-cloud-native-open-source-kubernetes-matters-2002.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Why+cloud-native+open+source+Kubernetes+matters&rft.atitle=enterprise.nxt&rft.aulast=Sarrel%2C+M.&rft.au=Sarrel%2C+M.&rft.date=4+February+2020&rft.pub=Hewlett+Packard+Enterprise&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20221218143215%2Fhttps%3A%2F%2Fwww.hpe.com%2Fus%2Fen%2Finsights%2Farticles%2Fwhy-cloud-native-open-source-kubernetes-matters-2002.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LinthicumFour20-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LinthicumFour20_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Linthicum, D. (2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/techbeacon.com\/enterprise-it\/4-essential-open-source-tools-cloud-management\" target=\"_blank\">\"4 essential open-source tools for cloud management\"<\/a>. <i>TechBeacon<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/techbeacon.com\/enterprise-it\/4-essential-open-source-tools-cloud-management\" target=\"_blank\">https:\/\/techbeacon.com\/enterprise-it\/4-essential-open-source-tools-cloud-management<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=4+essential+open-source+tools+for+cloud+management&rft.atitle=TechBeacon&rft.aulast=Linthicum%2C+D.&rft.au=Linthicum%2C+D.&rft.date=2020&rft_id=https%3A%2F%2Ftechbeacon.com%2Fenterprise-it%2F4-essential-open-source-tools-cloud-management&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EucHome-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-EucHome_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.eucalyptus.cloud\/\" target=\"_blank\">\"Eucalyptus\"<\/a>. Appscale Systems<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.eucalyptus.cloud\/\" target=\"_blank\">https:\/\/www.eucalyptus.cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Eucalyptus&rft.atitle=&rft.pub=Appscale+Systems&rft_id=https%3A%2F%2Fwww.eucalyptus.cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MillarLab19-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MillarLab19_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Millar, M. (27 August 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ll.mit.edu\/news\/laboratory-staff-develop-new-cybersecurity-solutions-cloud-computing\" target=\"_blank\">\"Laboratory staff develop new cybersecurity solutions for cloud computing\"<\/a>. Lincoln Laboratory - MIT<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ll.mit.edu\/news\/laboratory-staff-develop-new-cybersecurity-solutions-cloud-computing\" target=\"_blank\">https:\/\/www.ll.mit.edu\/news\/laboratory-staff-develop-new-cybersecurity-solutions-cloud-computing<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Laboratory+staff+develop+new+cybersecurity+solutions+for+cloud+computing&rft.atitle=&rft.aulast=Millar%2C+M.&rft.au=Millar%2C+M.&rft.date=27+August+2019&rft.pub=Lincoln+Laboratory+-+MIT&rft_id=https%3A%2F%2Fwww.ll.mit.edu%2Fnews%2Flaboratory-staff-develop-new-cybersecurity-solutions-cloud-computing&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GCoreDeploy23-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GCoreDeploy23_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/gcore.com\/learning\/deploying-highly-scalable-cloud-storage-with-rook-part-1-ceph-storage\/\" target=\"_blank\">\"Deploying highly scalable cloud storage with Rook, Part 1 (Ceph Storage)\"<\/a>. GCore. 27 March 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/gcore.com\/learning\/deploying-highly-scalable-cloud-storage-with-rook-part-1-ceph-storage\/\" target=\"_blank\">https:\/\/gcore.com\/learning\/deploying-highly-scalable-cloud-storage-with-rook-part-1-ceph-storage\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Deploying+highly+scalable+cloud+storage+with+Rook%2C+Part+1+%28Ceph+Storage%29&rft.atitle=&rft.date=27+March+2023&rft.pub=GCore&rft_id=https%3A%2F%2Fgcore.com%2Flearning%2Fdeploying-highly-scalable-cloud-storage-with-rook-part-1-ceph-storage%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OpenStack-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OpenStack_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.openstack.org\/\" target=\"_blank\">\"OpenStack\"<\/a>. Open Infrastructure Foundation<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.openstack.org\/\" target=\"_blank\">https:\/\/www.openstack.org\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=OpenStack&rft.atitle=&rft.pub=Open+Infrastructure+Foundation&rft_id=https%3A%2F%2Fwww.openstack.org%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<p><br \/>\n<\/p>\n<div align=\"center\">-----Go to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Standards and security in the cloud\/Standards and regulations influencing cloud computing\" class=\"wiki-link\" data-key=\"02f10c1b263da2845885019939f8c31c\">the next chapter<\/a> of this guide-----<\/div>\n<h2><span class=\"mw-headline\" id=\"Citation_information_for_this_chapter\">Citation information for this chapter<\/span><\/h2>\n<p><b>Chapter<\/b>: 1. What is cloud computing?\n<\/p><p><b>Title<\/b>: <i>Choosing and Implementing a Cloud-based Service for Your Laboratory<\/i>\n<\/p><p><b>Edition<\/b>: Second edition\n<\/p><p><b>Author for citation<\/b>: Shawn E. Douglas\n<\/p><p><b>License for content<\/b>: <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/\" target=\"_blank\">Creative Commons Attribution-ShareAlike 4.0 International<\/a>\n<\/p><p><b>Publication date<\/b>: August 2023\n<\/p><p><br \/>\n<\/p>\n<!-- \nNewPP limit report\nCached time: 20230816210704\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.161 seconds\nReal time usage: 0.169 seconds\nPreprocessor visited node count: 12646\/1000000\nPost\u2010expand include size: 95022\/2097152 bytes\nTemplate argument size: 35179\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 29603\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 157.338 1 -total\n 91.65% 144.198 1 Template:Reflist\n 80.25% 126.257 18 Template:Cite_web\n 74.84% 117.748 18 Template:Citation\/core\n 17.82% 28.042 16 Template:Date\n 8.29% 13.046 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing?\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\n 5.71% 8.981 31 Template:Citation\/make_link\n 1.44% 2.272 1 Template:Column-width\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13039-0!canonical and timestamp 20230816210709 and revision id 52904. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","d6f2bfcbe7b23469e6f8c92f1c453787_images":[],"d6f2bfcbe7b23469e6f8c92f1c453787_timestamp":1692220359,"ded9d3142efb0e0c851296237a82d1f4_type":"article","ded9d3142efb0e0c851296237a82d1f4_title":"1.2 Cloud computing services and deployment models","ded9d3142efb0e0c851296237a82d1f4_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models","ded9d3142efb0e0c851296237a82d1f4_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/What is cloud computing?\/Cloud computing services and deployment modelsFrom LIMSWikiJump to navigationJump to searchContents \n\n1 1.2 Cloud computing services and deployment models \n\n1.1 1.2.1 Platform-as-a-service vs. serverless computing \n1.2 1.2.2 Hybrid cloud vs. multicloud vs. distributed cloud \n\n\n2 1.2.3 Edge computing? \n3 References \n\n\n\n1.2 Cloud computing services and deployment models \nYou've probably heard terms like \"software as a service\" and \"public cloud,\" and you may very well be familiar with their significance already. However, let's briefly run through the terminology associated with cloud services and deployments, as that terminology gets used abundantly, and it's best we're all clear on it from the start. Additionally, the cloud computing paradigm is expanding into areas like \"hybrid cloud\" and \"serverless computing,\" concepts which may be new to many.\nMentioned earlier was NIST's 2011 definition of cloud computing. When that was published, NIST defined three service models and four deployment models (Table 1)[1]:\n\n\n\n\nTable 1. The three service models and four deployment models for cloud computing, as defined by the National Institute of Standards and Technology (NIST) in 2011[1]\n\n\nService models\n\n\nModel\n\nDescription\n\n\nSoftware as a Service (SaaS)\n\n\"The capability provided to the consumer is to use the provider\u2019s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.\"\n\n\nPlatform as a Service (PaaS)\n\n\"The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.\"\n\n\nInfrastructure as a Service (IaaS)\n\n\"The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).\"\n\n\nDeployment models\n\n\nModel\n\nDescription\n\n\nPrivate cloud\n\n\"The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.\"\n\n\nCommunity cloud\n\n\"The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.\"\n\n\nPublic cloud\n\n\"The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.\"\n\n\nHybrid cloud\n\n\"The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).\"\n\n\n\r\n\nNearly a decade later, the picture painted in Table 1 is now more nuanced and varied, with slight changes in definitions, as well as additions to the service and deployment models. Cloudflare actually does a splendid job of describing these service and deployment models, so let's paraphrase from them, as seen in Table 2.\n\n\n\n\nTable 2. A more modern look at service models and deployment models for cloud computing, as inspired largely by Cloudflare\n\n\nService models\n\n\nModel\n\nDescription\n\n\nSoftware as a Service (SaaS)\n\nThis service model allows customers, via an internet connection and a web browser or app, to use software provided by and operated upon a cloud provider and its computing infrastructure. The customer isn't worried about anything hardware-related; from their perspective, they just want the software hosted by the cloud provider to be reliably and effectively operational. If the desired software is tied to strong regulatory or security standards, however, the customer must thoroughly vet the vendor, and even then, there is some risk in taking the word of the vendor that the application is properly secure since customers usually won't be able to test the software's security themselves (e.g., via a penetration test).[2]\n\n\nPlatform as a Service (PaaS)\n\nThis service model allows customers, via an internet connection and a web browser, to use not only the computing infrastructure (e.g., servers, hard drives, networking equipment) of the cloud provider but also development tools, operating systems, database management tools, middleware, etc. required to build web applications. As such, this allows a development team to spread around the world and still productively collaborate using the cloud provider's platform. However, app developers are essentially locked into the vendor's development environment, and additional security challenges may be introduced if the cloud provider has extended its infrastructure to one or more third parties. Finally, PaaS isn't truly \"serverless,\" as applications won't automatically scale unless programmed to do so, and processes must be running most or all the time in order to be immediately available to users.[3]\n\n\nInfrastructure as a Service (IaaS)\n\nThis service model allows customers to use the computing infrastructure of a cloud provider, via the internet, rather than invest in their own on-premises computing infrastructure. From their internet connection and a web browser, the customer can set up and allocate the resources required (i.e., scalable infrastructure) to build and host web applications, store data, run code, etc. These activities are often facilitated with the help of virtualization and container technologies.[4]\n\n\nFunction as a Service (FaaS)\n\nThis service model allows customers to run isolated or modular bits of code, preferably on local or \"edge\" cloud servers (more on that later), when triggered by an element, such as an internet-connected device taking a reading or a user selecting an option in a web application. The customer has the luxury of focusing on writing and fine-tuning the code, and the cloud provider is the one responsible for allocating the necessary server and backend resources to ensure the code is run rapidly and effectively. As such, the customer doesn't have to think about servers at all, making FaaS a \"serverless\" computing model.[5]\n\n\nBackend as a Service (BaaS)\n\nThis service model allows customers to focus on front-end application services like client-side logic and user interface (UI), while the cloud provider provides the backend services for user authentication, database management, data storage, etc. The customer uses APIs and software development kits (SDKs) provided by the cloud provider to integrate customer frontend application code with the vendor's backend functionality. As such, the customer doesn't have to think about servers, virtual machines, etc. However, in most cases, BaaS isn't truly serverless like FaaS, as actions aren't usually triggered by an element but rather run continuously (not as scalable as serverless). Additionally, BaaS isn't generally set up to run on the network's edge.[6]\n\n\nDeployment models\n\n\nModel\n\nDescription\n\n\nPrivate cloud\n\nThis deployment model involves the provision of cloud computing infrastructure and services exclusively to one customer. Those infrastructure and service offerings may be hosted locally on-site or be remotely and privately managed and accessed via the internet and a web browser. Those organizations with high security and regulatory requirements may benefit from a private cloud, as they have direct control over how those policies are implemented on the infrastructure and services (i.e., don't have to consider the needs of other users sharing the cloud, as in public cloud). However, private cloud may come with higher costs.[7]\n\n\nCommunity cloud\n\nThis deployment model, while not discussed often, still has some relevancy today. This model falls somewhere between private and public cloud, allowing authorized customers who need to work jointly on projects and applications, or require specific computing resources, in an integrated manner. The authorized customers typically have shared interests, policies, and security\/regulatory requirements. Like private cloud, the computing infrastructure and services may be hosted locally at one of the customer's locations or be remotely and privately managed, with each customer accessing the community cloud via the internet. Given a set of common interest, policies, and requirements, the community cloud benefits all customers using the community cloud, as does the flexibility, scalability, and availability of cloud computing in general. However, with more users comes more security risk, and more detailed role-based or group-based security levels and enforcement may be required. Additionally, there must be solid communication and agreement among all members of the community to ensure the community cloud operates as efficiently and securely as possible.[8]\n\n\nPublic cloud\n\nThis deployment model is what typically comes to mind when \"cloud computing\" is discussed, involving a cloud provider that provides computing resources to multiple customers at the same time, though each individual customer's applications, data, and resources remain \"hidden\" from all other customers not authorized to view and access them. Those provided resources come in many different services model, with SaaS, PaaS, and IaaS being the most common. Traditionally, the public cloud has been touted as being a cost-effective, less complex, relatively secure means of handling computing resources and applications. However, for organizations tied to strong regulatory or security standards, the organizaiton must thoroughly vet the cloud vendor and its approach to security and compliance, as the provider may not be able to meet regulatory needs. There's also the concern of vendor lock-in or even loss of data if the customer becomes too dependent on that one vendor's services.[9]\n\n\nHybrid cloud\n\nThis deployment model takes both private cloud and public cloud models and tightly integrates them, along with potentially any existing on-premises computing infrastructure. (Figure 2) The optimal end result is one seamless operating computing infrastructure, e.g., where a private cloud and on-premises infrastructure houses critical operations and a public cloud is used for data and information backup or computing resource scaling. Advantages include great flexibility in deployments, improved backup options, resource scalability, and potential cost savings. Downsides include greater effort required to integrate complex systems and make them sufficiently secure. Note that hybrid cloud is different from multicloud in that it combines both public and private computing components.[10]\n\n\nMulticloud\n\nThis deployment model takes the concept of public cloud and multiplies it. Instead of the customer relying on a singular public cloud provider, they spread their cloud hosting, data storage, and application stack usage across more than one provider. The advantage to the customer is redundancy protection for data and systems and better value by tapping into different services. Downside comes with increased complexity in managing a multicloud deployment, as well as the potential for increased network latency and a greater cyber-attack surface. Note that multicloud requires multiple public clouds, though a private cloud can also be in the mix.[11]\n\n\nDistributed cloud\n\nThis up-and-coming deployment model takes public cloud and expands it, such that a provider's public cloud infrastructure can be located in multiple places but be leveraged by a customer wherever they are, from a single control structure. As IBM puts it: \"In effect, distributed cloud extends the provider's centralized cloud with geographically distributed micro-cloud satellites. The cloud provider retains central control over the operations, updates, governance, security, and reliability of all distributed infrastructure.\"[12] Meanwhile, the customer can still access all infrastructure and services as an integrated cloud from a single control structure. The benefit of this model is that, unlike multicloud, latency issues can largely be eliminated, and the risk of failures in infrastructure and services can be further mitigated. Customers in regulated environments may also see benefits as data required to be in a specific geographic location can be better guaranteed with the distributed cloud. However, some challenges to this distributed model involve the allocation of public cloud resources to distributed use and determining who's responsible for bandwidth use.[13]\n\n\n\r\n\n\n Figure 2. A representation of hybrid cloud. The cloud on the left represents the public cloud, being fed to the organization's main building. The cloud on the right represents the organization's private cloud, which is spread across all business locations. The main building feeds access to the public cloud to its other locations through its private cloud.While Table 2 addresses the basic ideas inherent to these service and deployment models, even providing some upside and downside notes, we still need to make further comparisons in order to highlight some fundamental differences in otherwise seemingly similar models. Let's first compare PaaS with serverless computing or FaaS. Then we'll examine the differences among hybrid, multi-, and distributed cloud models.\n1.2.1 Platform-as-a-service vs. serverless computing \nAs a service model, platform as a service or PaaS uses both the infrastructure layer and the platform layer of cloud computing. Hosted on the infrastructure are platform components like development tools, operating systems, database management tools, middleware, and more, which are useful for application design, development, testing, and deployment, as well as web service integration, database integration, state management, application versioning, and application instrumentation.[14][15][16] In that regard, the user of the PaaS need not think about the backend processes.\nSimilarly, serverless computing or FaaS largely abstracts away (think \"out of sight, out of mind\") the servers running any software or code the user chooses to run on the cloud provider's infrastructure. The user practically doesn't need to know anything about the underlying hardware and operating system, or how that hardware and software handles the computational load of running your software or code, as the cloud provider ends up completely responsible for that. However, this is where the similarities stop. \nLet's use Amazon's AWS Lambda serverless computing service as an example for comparison with PaaS. Imagine you have some code you want performed on your website when an internet of things (IoT) device in the field takes a reading for your environmental laboratory. From your AWS Lambda account, you can \"stage and invoke\" the code you've written (it can be in any programming language) \"from within one of the support languages in the AWS Lambda runtime environment.\"[17][18] In turn, that runtime environment runs on top of Amazon Linux 2, an Amazon-developed version of Red Hat Enterprise running as a Linux server operating system.[19] This can then be packaged into a container image that runs on Amazon's servers.[18] When a designated event occurs (in this example, the internet-connected device taking a reading), a message is communicated\u2014typically via an API\u2014to the serverless code, which is then triggered, and Amazon Lambda provisions only the necessary resources to see the code to completion. Then the AWS server spins down those resources afterwards.[20] Yes, there are servers still involved, but the critical point is the customer need only to properly package their code up, without any concern whatsoever of how the AWS server manages its use and performance. In that regard, the code is said to be run in a \"serverless\" fashion, not because the servers aren't involved but because the code developer is effectively abstracted from the servers running and managing the code; the developer is left to only worry about the code itself.[20][21]\nPaaS is not serverless, however. First, a truly serverless model is significantly different in its scalability. The serverless model is meant to instantly provide computing resources based upon a \"trigger\" or programmed element, and then wind down those resources. This is perfect for the environmental lab wanting to upload remote sensor data to the cloud after each collection time; only the resources required for performing the action to completion are required, minimizing cost. However, this doesn't work well for a PaaS solution, which doesn't scale up automatically unless specifically programmed to. Sure, the developer using PaaS has more control over the development environment, but resources must be scaled up manually and left continuously running, making it less agile than serverless. This makes PaaS more suitable for more prescriptive and deliberate application development, though its usage-based pricing is a bit less precise than serverless. Additionally, serverless models aren't typically offered with development tools, as usually is the case with PaaS, so the serverless code developer must turn to their own development tools.[3][22]\n\n1.2.2 Hybrid cloud vs. multicloud vs. distributed cloud \nAt casual glance, one might be led to believe these three deployment models aren't all that different. However, there are some core differences to point out, which may affect an organization's deployment strategy significantly. As Table 2 notes:\n\nHybrid cloud takes private cloud and public cloud models (as well as an organization's local infrastructure) and tightly integrates them. This indicates a wide mix of computing services is being used in an integrated fashion to create value.[10][23]\nMulticloud takes the concept of public cloud and multiplies it. This indicates that two or more public clouds are being used, without a private cloud to muddy the integration.[11]\nDistributed cloud takes public cloud and expands it to multiple localized or \"edge\" locations. This indicates that a public cloud service's resources are strategically dispersed in locations as required by the user, while remaining accessible from and complementary to the user's private cloud or on-premises data center.[13][24]\nAs such, an organization's existing infrastructure and business demands, combined with its aspirations for moving into the cloud, will dictate their deployment model. But there are also advantages and disadvantages to each which may further dictate an organization's deployment decision. First, all three models provide some level of redundancy. If a failure occurs in one computing core (be it public, private, or local), another core can ideally provide backup services to fill the gap. However, each model does this in a slightly different way. In a similar way, if additional compute resources are required due to a spike in demand, each model can ramp up resources to smooth the demand spike. Hybrid and distributed clouds also have the benefit of making any future transition to a purely public cloud (be it singular or multi-) easier as part of an organization's processes and data are already found in public cloud. \nBeyond these benefits, things diverge a bit. While hybrid clouds provide flexibility to maintain sensitive data in a private cloud or on-site, where security can be more tightly controlled, private clouds are resource-intensive to maintain. Additionally, due to the complexity of integrating that private cloud with all other resources, the hybrid cloud reveals a greater attack surface, complicates security protocols, and raises integration costs.[10] Multicloud has the benefit of reducing vendor lock-in (discussed later in this guide) by implementing resource utilization and storage across more than one public cloud provider. Should a need to migrate away from one vendor arrive, it's easier to continue critical services with the other public cloud vendor. This also lends to \"shopping around\" for public cloud services as costs lower and offerings change. However, this multicloud approach brings with it its own integration challenges, including differences in technologies between vendors, latency complexities between the services, increased points of attack with more integrations, and load balancing issues between the services.[11] A distributed cloud model removes some of that latency and makes it easier to manage integrations and reduce network failure risks from one control center. It also benefits organizations requiring localized data storage due to regulations. However, with multiple servers being involved, it makes it a bit more difficult to troubleshoot integration and network issues across hardware and software. Additionally, implementation costs are likely to be higher, and security for replicated data across multiple locations becomes more complex and risky.[13][25]\n\n 1.2.3 Edge computing? \nThe concept of \"edge\" has been mentioned a few times in this chapter, but the topic of clouds, edges, cloud computing, and edge computing should be briefly addressed further, particularly as edges and edge computing gain traction in some industries.[26] Edges and edge computing share a few similarities to clouds and cloud computing, but they are largely different. These concepts can be broken down as such[26][27][28]:\n\nClouds: \"places where data can be stored or applications can run. They are software-defined environments created by datacenters or server farms.\" These involve strategic locations where network connectivity is essentially reliable.\nEdges: \"also places where data is collected. They are physical environments made up of hardware outside a datacenter.\" These are often remote locations where network connectivity is limited at best.\nCloud computing: an \"act of running workloads in a cloud.\"\nEdge computing: an \"act of running workloads on edge devices.\"\nIn this case, the locations are differentiated from the actions, though it's notable that actions involving the two aren't exclusive. For example, if remote sensors collect data at the edge of a network and, rather than processing it locally at the edge, transfer it to the cloud for processing, edge computing hasn't happened; it only happens if data is collected and processed all at the edge.[27] Additionally, those remote sensors\u2014which are representative of internet of things (IoT) technology\u2014shouldn't be assumed as connected to both a cloud and edge; they all can be connected as part of a network, but they don't have to be. Linux company Red Hat adds[27]:\n\nClouds can exist without the Internet of Things (IoT) or edge devices. IoT and edge can exist without clouds. IoT can exist without edge devices or edge computing. IoT devices may connect to an edge or a cloud. Some edge devices connect to a cloud or private datacenter, others edge devices only connect to similarly central locations intermittently, and others never connect to anything\u2014at all.\nHowever, edge computing associated with laboratory-tangential industry activities such as environmental monitoring, manufacturing, and mining will most often have IoT devices that don't necessarily rely on a central location or cloud. These industry activities rely on edges and edge computing because 1. those data-based activities must be executed as near to \"immediately\" as possible, and 2. those data-based activities usually involve large volumes of data, which are impractical to send to the cloud.[26][27][28]\nThat said, is your laboratory seeking cloud computing services or edge computing services? The most likely answer is cloud computing, particularly if you're seeking a cloud-based software solution to help manage your laboratory activities. However, there may be a few cases where edge computing makes sense for your laboratory, particularly if its a field laboratory in a more remote location. For example, the U.S. Department of Energy's Urban Integrated Field Laboratory is helping U.S. cities like Chicago using localized instrument clusters to gather climate data for local processing.[29] Another example can be found in a biological manufacturing laboratory with a strong need to integrate high-data-output devices to process and act upon that data locally.[30] Finally, consider the laboratory with significant need for environmental monitoring for mission-critical samples; such a laboratory may also benefit from an IoT + edge computing pairing that provides local redundancy in that monitoring program, especially during power and internet disruptions.[31] Just remember that these examples, however, don't represent a majority of lab's needs, which will largely depend more upon clouds and cloud computing to accomplish their goals more effectively.\n\nReferences \n\n\n\u2191 1.0 1.1 Mell, P.; Grance, T. (September 2011). \"The NIST Definition of Cloud Computing\" (PDF). NIST. https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-145.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What Is SaaS? SaaS Definition\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-saas\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 3.0 3.1 \"What is Platform-as-a-Service (PaaS)?\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/platform-as-a-service-paas\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What Is IaaS (Infrastructure-as-a-Service)?\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-iaas\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What is Function-as-a-Service (FaaS)?\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/function-as-a-service-faas\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What is BaaS? Backend-as-a-Service vs. serverless\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/backend-as-a-service-baas\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What Is a Private Cloud? Private Cloud vs. Public Cloud\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-a-private-cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Tucakov, D. (18 June 2020). \"What is Community Cloud? Benefits & Examples with Use Cases\". phoenixNAP Blog. phoenixNAP. https:\/\/phoenixnap.com\/blog\/community-cloud . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What Is Hybrid Cloud? Hybrid Cloud Definition\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-a-public-cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 10.0 10.1 10.2 \"What Is Hybrid Cloud? Hybrid Cloud Definition\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-hybrid-cloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 11.0 11.1 11.2 \"What Is Multicloud? Multicloud Definition\". Cloudflare, Inc. https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-multicloud\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 IBM Cloud Education (3 November 2020). \"Distributed cloud\". IBM. https:\/\/www.ibm.com\/topics\/distributed-cloud . Retrieved 28 July 2023 .   \n \n\n\u2191 13.0 13.1 13.2 Costello, K. (12 August 2020). \"The CIO\u2019s Guide to Distributed Cloud\". Smarter With Gartner. https:\/\/www.gartner.com\/smarterwithgartner\/the-cios-guide-to-distributed-cloud . Retrieved 28 July 2023 .   \n \n\n\u2191 Boniface, M.; Nasser, B.; Papay, J. et al. (2010). \"Platform-as-a-Service Architecture for Real-Time Quality of Service Management in Clouds\". Proceedings of the Fifth International Conference on Internet and Web Applications and Services: 155\u201360. doi:10.1109\/ICIW.2010.91.   \n \n\n\u2191 Xiong, H.; Fowley, F.; Pahl, C. et al. (2014). \"Scalable Architectures for Platform-as-a-Service Clouds: Performance and Cost Analysis\". Proceedings of the 2014 European Conference on Software Architecture: 226\u201333. doi:10.1007\/978-3-319-09970-5_21.   \n \n\n\u2191 Carey, S. (22 July 2022). \"What is PaaS (platform-as-a-service)? A simpler way to build software applications\". InfoWorld. https:\/\/www.infoworld.com\/article\/3223434\/what-is-paas-platform-as-a-service-a-simpler-way-to-build-software-applications.html . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Serverless Architectures with AWS Lambda: Overview and Best Practices\" (PDF). Amazon Web Services. November 2017. https:\/\/d1.awsstatic.com\/whitepapers\/serverless-architectures-with-aws-lambda.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 18.0 18.1 \"Lambda runtimes\". Amazon Web Services. https:\/\/docs.aws.amazon.com\/lambda\/latest\/dg\/lambda-runtimes.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Morelo, D. (2020). \"What is Amazon Linux 2?\". LinuxHint. https:\/\/linuxhint.com\/what_is_amazon_linux_2\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 20.0 20.1 \"Serverless computing: A cheat sheet\". TechRepublic. 25 December 2020. https:\/\/www.techrepublic.com\/article\/serverless-computing-the-smart-persons-guide\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Fruhlinger, J. (15 July 2019). \"What is serverless? Serverless computing explained\". InfoWorld. https:\/\/www.infoworld.com\/article\/3406501\/what-is-serverless-serverless-computing-explained.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Sander, J. (1 May 2019). \"Serverless computing vs platform-as-a-service: Which is right for your business?\". ZDNet. https:\/\/www.zdnet.com\/article\/serverless-computing-vs-platform-as-a-service-which-is-right-for-your-business\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Hurwitz, J.S.; Kaufman, M.; Halper, F. et al. (2021). \"What is Hybrid Cloud Computing?\". Dummies.com. John Wiley & Sons, Inc. https:\/\/www.dummies.com\/article\/technology\/information-technology\/networking\/cloud-computing\/what-is-hybrid-cloud-computing-174473\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What is Distributed Cloud Computing?\". Edge Academy. StackPath. 2021. Archived from the original on 28 February 2021. https:\/\/web.archive.org\/web\/20210228040550\/https:\/\/www.stackpath.com\/edge-academy\/distributed-cloud-computing\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What is Distributed Cloud\". Entradasoft. 2020. Archived from the original on 16 September 2020. https:\/\/web.archive.org\/web\/20200916021206\/http:\/\/entradasoft.com\/blogs\/what-is-distributed-cloud . Retrieved 28 July 2023 .   \n \n\n\u2191 26.0 26.1 26.2 Arora, S. (8 August 2023). \"Edge Computing Vs. Cloud Computing: Key Differences to Know\". Simplilearn. https:\/\/www.simplilearn.com\/edge-computing-vs-cloud-computing-article . Retrieved 16 August 2023 .   \n \n\n\u2191 27.0 27.1 27.2 27.3 \"Cloud vs. edge\". Red Hat, Inc. 14 November 2022. https:\/\/www.redhat.com\/en\/topics\/cloud-computing\/cloud-vs-edge . Retrieved 16 August 2023 .   \n \n\n\u2191 28.0 28.1 Bigelow, S.J. (December 2021). \"What is edge computing? Everything you need to know\". TechTarget Data Center. Archived from the original on 08 June 2023. https:\/\/web.archive.org\/web\/20230608045737\/https:\/\/www.techtarget.com\/searchdatacenter\/definition\/edge-computing . Retrieved 16 August 2023 .   \n \n\n\u2191 \"Chicago State University to serve as \u200b\u2018scientific supersite\u2019 to study climate change impact\". Argonne National Laboratory. 18 July 2023. https:\/\/www.anl.gov\/article\/chicago-state-university-to-serve-as-scientific-supersite-to-study-climate-change-impact . Retrieved 16 August 2023 .   \n \n\n\u2191 \"Laboratory Automation\". Edgenesis, Inc. 2023. https:\/\/edgenesis.com\/solutions\/moreDetail\/LaboratoryAutomation . Retrieved 16 August 2023 .   \n \n\n\u2191 \"Industrial IoT, Edge Computing and Data Streams: A Comprehensive Guide\". Flowfinity Blog. 2 August 2023. https:\/\/www.flowfinity.com\/blog\/industrial-iot-guide.aspx . Retrieved 16 August 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:28.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 434 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","ded9d3142efb0e0c851296237a82d1f4_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_What_is_cloud_computing_Cloud_computing_services_and_deployment_models rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_What_is_cloud_computing_Cloud_computing_services_and_deployment_models skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/What is cloud computing?\/Cloud computing services and deployment models<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\">\n\n<h3><span class=\"mw-headline\" id=\"1.2_Cloud_computing_services_and_deployment_models\">1.2 Cloud computing services and deployment models<\/span><\/h3>\n<p>You've probably heard terms like \"software as a service\" and \"public cloud,\" and you may very well be familiar with their significance already. However, let's briefly run through the terminology associated with cloud services and deployments, as that terminology gets used abundantly, and it's best we're all clear on it from the start. Additionally, the cloud computing paradigm is expanding into areas like \"hybrid cloud\" and \"serverless computing,\" concepts which may be new to many.\n<\/p><p>Mentioned earlier was NIST's 2011 definition of cloud computing. When that was published, NIST defined three service models and four deployment models (Table 1)<sup id=\"rdp-ebb-cite_ref-MellTheNIST11_1-0\" class=\"reference\"><a href=\"#cite_note-MellTheNIST11-1\">[1]<\/a><\/sup>:\n<\/p>\n<table class=\"wikitable\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\" style=\"\">\n\n<tbody><tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\" colspan=\"2\"><b>Table 1.<\/b> The three service models and four deployment models for cloud computing, as defined by the National Institute of Standards and Technology (NIST) in 2011<sup id=\"rdp-ebb-cite_ref-MellTheNIST11_1-1\" class=\"reference\"><a href=\"#cite_note-MellTheNIST11-1\">[1]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\" colspan=\"2\"><b>Service models<\/b>\n<\/th><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Model\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Description\n<\/th><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Software as a Service (SaaS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"The capability provided to the consumer is to use the provider\u2019s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.\"\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Platform as a Service (PaaS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.\"\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Infrastructure as a Service (IaaS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).\"\n<\/td><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\" colspan=\"2\"><b>Deployment models<\/b>\n<\/th><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Model\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Description\n<\/th><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Private cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.\"\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Community cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.\"\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Public cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.\"\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Hybrid cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">\"The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).\"\n<\/td><\/tr>\n<\/tbody><\/table>\n<p><br \/>\nNearly a decade later, the picture painted in Table 1 is now more nuanced and varied, with slight changes in definitions, as well as additions to the service and deployment models. Cloudflare actually does a splendid job of describing these service and deployment models, so let's paraphrase from them, as seen in Table 2.\n<\/p>\n<table class=\"wikitable\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\" style=\"\">\n\n<tbody><tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\" colspan=\"2\"><b>Table 2.<\/b> A more modern look at service models and deployment models for cloud computing, as inspired largely by Cloudflare\n<\/td><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\" colspan=\"2\"><b>Service models<\/b>\n<\/th><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Model\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Description\n<\/th><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Software as a Service (SaaS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This service model allows customers, via an internet connection and a web browser or app, to use software provided by and operated upon a cloud provider and its computing infrastructure. The customer isn't worried about anything hardware-related; from their perspective, they just want the software hosted by the cloud provider to be reliably and effectively operational. If the desired software is tied to strong regulatory or security standards, however, the customer must thoroughly vet the vendor, and even then, there is some risk in taking the word of the vendor that the application is properly secure since customers usually won't be able to test the software's security themselves (e.g., via a penetration test).<sup id=\"rdp-ebb-cite_ref-CFWhatIsSoft_2-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsSoft-2\">[2]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Platform as a Service (PaaS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This service model allows customers, via an internet connection and a web browser, to use not only the computing infrastructure (e.g., servers, hard drives, networking equipment) of the cloud provider but also development tools, operating systems, database management tools, middleware, etc. required to build web applications. As such, this allows a development team to spread around the world and still productively collaborate using the cloud provider's platform. However, app developers are essentially locked into the vendor's development environment, and additional security challenges may be introduced if the cloud provider has extended its infrastructure to one or more third parties. Finally, PaaS isn't truly \"serverless,\" as applications won't automatically scale unless programmed to do so, and processes must be running most or all the time in order to be immediately available to users.<sup id=\"rdp-ebb-cite_ref-CFWhatIsPlat_3-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsPlat-3\">[3]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Infrastructure as a Service (IaaS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This service model allows customers to use the computing infrastructure of a cloud provider, via the internet, rather than invest in their own on-premises computing infrastructure. From their internet connection and a web browser, the customer can set up and allocate the resources required (i.e., scalable infrastructure) to build and host web applications, store data, run code, etc. These activities are often facilitated with the help of virtualization and container technologies.<sup id=\"rdp-ebb-cite_ref-CFWhatIsInfra_4-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsInfra-4\">[4]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Function as a Service (FaaS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This service model allows customers to run isolated or modular bits of code, preferably on local or \"edge\" cloud servers (more on that later), when triggered by an element, such as an internet-connected device taking a reading or a user selecting an option in a web application. The customer has the luxury of focusing on writing and fine-tuning the code, and the cloud provider is the one responsible for allocating the necessary server and backend resources to ensure the code is run rapidly and effectively. As such, the customer doesn't have to think about servers at all, making FaaS a \"serverless\" computing model.<sup id=\"rdp-ebb-cite_ref-CFWhatIsFunction_5-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsFunction-5\">[5]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Backend as a Service (BaaS)\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This service model allows customers to focus on front-end application services like client-side logic and user interface (UI), while the cloud provider provides the backend services for user authentication, database management, data storage, etc. The customer uses APIs and <a href=\"https:\/\/www.limswiki.org\/index.php\/Software_development_kit\" title=\"Software development kit\" class=\"wiki-link\" data-key=\"243d36bd4a885cbed022ef1781dffa05\">software development kits<\/a> (SDKs) provided by the cloud provider to integrate customer frontend application code with the vendor's backend functionality. As such, the customer doesn't have to think about servers, virtual machines, etc. However, in most cases, BaaS isn't truly serverless like FaaS, as actions aren't usually triggered by an element but rather run continuously (not as scalable as serverless). Additionally, BaaS isn't generally set up to run on the network's edge.<sup id=\"rdp-ebb-cite_ref-CFWhatIsBackend_6-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsBackend-6\">[6]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\" colspan=\"2\"><b>Deployment models<\/b>\n<\/th><\/tr>\n<tr>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Model\n<\/th>\n<th style=\"background-color:#e2e2e2; padding-left:10px; padding-right:10px;\">Description\n<\/th><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Private cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This deployment model involves the provision of cloud computing infrastructure and services exclusively to one customer. Those infrastructure and service offerings may be hosted locally on-site or be remotely and privately managed and accessed via the internet and a web browser. Those organizations with high security and regulatory requirements may benefit from a private cloud, as they have direct control over how those policies are implemented on the infrastructure and services (i.e., don't have to consider the needs of other users sharing the cloud, as in public cloud). However, private cloud may come with higher costs.<sup id=\"rdp-ebb-cite_ref-CFWhatIsPrivate_7-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsPrivate-7\">[7]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Community cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This deployment model, while not discussed often, still has some relevancy today. This model falls somewhere between private and public cloud, allowing authorized customers who need to work jointly on projects and applications, or require specific computing resources, in an integrated manner. The authorized customers typically have shared interests, policies, and security\/regulatory requirements. Like private cloud, the computing infrastructure and services may be hosted locally at one of the customer's locations or be remotely and privately managed, with each customer accessing the community cloud via the internet. Given a set of common interest, policies, and requirements, the community cloud benefits all customers using the community cloud, as does the flexibility, scalability, and availability of cloud computing in general. However, with more users comes more security risk, and more detailed role-based or group-based security levels and enforcement may be required. Additionally, there must be solid communication and agreement among all members of the community to ensure the community cloud operates as efficiently and securely as possible.<sup id=\"rdp-ebb-cite_ref-TucavkovWhat20_8-0\" class=\"reference\"><a href=\"#cite_note-TucavkovWhat20-8\">[8]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Public cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This deployment model is what typically comes to mind when \"cloud computing\" is discussed, involving a cloud provider that provides computing resources to multiple customers at the same time, though each individual customer's applications, data, and resources remain \"hidden\" from all other customers not authorized to view and access them. Those provided resources come in many different services model, with SaaS, PaaS, and IaaS being the most common. Traditionally, the public cloud has been touted as being a cost-effective, less complex, relatively secure means of handling computing resources and applications. However, for organizations tied to strong regulatory or security standards, the organizaiton must thoroughly vet the cloud vendor and its approach to security and compliance, as the provider may not be able to meet regulatory needs. There's also the concern of vendor lock-in or even loss of data if the customer becomes too dependent on that one vendor's services.<sup id=\"rdp-ebb-cite_ref-CFWhatIsPublic_9-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsPublic-9\">[9]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Hybrid cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This deployment model takes both private cloud and public cloud models and tightly integrates them, along with potentially any existing on-premises computing infrastructure. (Figure 2) The optimal end result is one seamless operating computing infrastructure, e.g., where a private cloud and on-premises infrastructure houses critical operations and a public cloud is used for data and information backup or computing resource scaling. Advantages include great flexibility in deployments, improved backup options, resource scalability, and potential cost savings. Downsides include greater effort required to integrate complex systems and make them sufficiently secure. Note that hybrid cloud is different from multicloud in that it combines both public and private computing components.<sup id=\"rdp-ebb-cite_ref-CFWhatIsHybrid_10-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsHybrid-10\">[10]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Multicloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This deployment model takes the concept of public cloud and multiplies it. Instead of the customer relying on a singular public cloud provider, they spread their cloud hosting, data storage, and application stack usage across more than one provider. The advantage to the customer is redundancy protection for data and systems and better value by tapping into different services. Downside comes with increased complexity in managing a multicloud deployment, as well as the potential for increased network latency and a greater cyber-attack surface. Note that multicloud requires multiple public clouds, though a private cloud can also be in the mix.<sup id=\"rdp-ebb-cite_ref-CFWhatIsMulti_11-0\" class=\"reference\"><a href=\"#cite_note-CFWhatIsMulti-11\">[11]<\/a><\/sup>\n<\/td><\/tr>\n<tr>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">Distributed cloud\n<\/td>\n<td style=\"background-color:white; padding-left:10px; padding-right:10px;\">This up-and-coming deployment model takes public cloud and expands it, such that a provider's public cloud infrastructure can be located in multiple places but be leveraged by a customer wherever they are, from a single control structure. As IBM puts it: \"In effect, distributed cloud extends the provider's centralized cloud with geographically distributed micro-cloud satellites. The cloud provider retains central control over the operations, updates, governance, security, and reliability of all distributed infrastructure.\"<sup id=\"rdp-ebb-cite_ref-IBMDistrib20_12-0\" class=\"reference\"><a href=\"#cite_note-IBMDistrib20-12\">[12]<\/a><\/sup> Meanwhile, the customer can still access all infrastructure and services as an integrated cloud from a single control structure. The benefit of this model is that, unlike multicloud, latency issues can largely be eliminated, and the risk of failures in infrastructure and services can be further mitigated. Customers in regulated environments may also see benefits as data required to be in a specific geographic location can be better guaranteed with the distributed cloud. However, some challenges to this distributed model involve the allocation of public cloud resources to distributed use and determining who's responsible for bandwidth use.<sup id=\"rdp-ebb-cite_ref-CostelloTheCIO20_13-0\" class=\"reference\"><a href=\"#cite_note-CostelloTheCIO20-13\">[13]<\/a><\/sup>\n<\/td><\/tr>\n<\/tbody><\/table>\n<p><br \/>\n<\/p>\n<div class=\"thumb tright\"><div class=\"thumbinner\" style=\"width:402px;\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Hybrid_Cloud.svg.png\" class=\"image wiki-link\" data-key=\"20fcde12ba4ab78508aedbef8ca0f5d5\"><img alt=\"\" src=\"https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/a\/a6\/Hybrid_Cloud.svg.png\" decoding=\"async\" class=\"thumbimage\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a> <div class=\"thumbcaption\"><div class=\"magnify\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Hybrid_Cloud.svg.png\" class=\"internal wiki-link\" title=\"Enlarge\" data-key=\"20fcde12ba4ab78508aedbef8ca0f5d5\"><\/a><\/div><b>Figure 2.<\/b> A representation of hybrid cloud. The cloud on the left represents the public cloud, being fed to the organization's main building. The cloud on the right represents the organization's private cloud, which is spread across all business locations. The main building feeds access to the public cloud to its other locations through its private cloud.<\/div><\/div><\/div><p>While Table 2 addresses the basic ideas inherent to these service and deployment models, even providing some upside and downside notes, we still need to make further comparisons in order to highlight some fundamental differences in otherwise seemingly similar models. Let's first compare PaaS with serverless computing or FaaS. Then we'll examine the differences among hybrid, multi-, and distributed cloud models.\n<\/p><h4><span class=\"mw-headline\" id=\"1.2.1_Platform-as-a-service_vs._serverless_computing\">1.2.1 Platform-as-a-service vs. serverless computing<\/span><\/h4>\n<p>As a service model, platform as a service or PaaS uses both the infrastructure layer and the platform layer of cloud computing. Hosted on the infrastructure are platform components like development tools, operating systems, database management tools, middleware, and more, which are useful for application design, development, testing, and deployment, as well as web service integration, database integration, state management, application versioning, and application instrumentation.<sup id=\"rdp-ebb-cite_ref-BonifacePlat10_14-0\" class=\"reference\"><a href=\"#cite_note-BonifacePlat10-14\">[14]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-XiongScalable14_15-0\" class=\"reference\"><a href=\"#cite_note-XiongScalable14-15\">[15]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-ViolinoWhat19_16-0\" class=\"reference\"><a href=\"#cite_note-ViolinoWhat19-16\">[16]<\/a><\/sup> In that regard, the user of the PaaS need not think about the backend processes.\n<\/p><p>Similarly, serverless computing or FaaS largely abstracts away (think \"out of sight, out of mind\") the servers running any software or code the user chooses to run on the cloud provider's infrastructure. The user practically doesn't need to know anything about the underlying hardware and operating system, or how that hardware and software handles the computational load of running your software or code, as the cloud provider ends up completely responsible for that. However, this is where the similarities stop. \n<\/p><p>Let's use Amazon's AWS Lambda serverless computing service as an example for comparison with PaaS. Imagine you have some code you want performed on your website when an <a href=\"https:\/\/www.limswiki.org\/index.php\/Internet_of_things\" title=\"Internet of things\" class=\"wiki-link\" data-key=\"13e0b826fa1770fe4bea72e3cb942f0f\">internet of things<\/a> (IoT) device in the field takes a reading for your environmental laboratory. From your AWS Lambda account, you can \"stage and invoke\" the code you've written (it can be in any programming language) \"from within one of the support languages in the AWS Lambda runtime environment.\"<sup id=\"rdp-ebb-cite_ref-AWSServer17_17-0\" class=\"reference\"><a href=\"#cite_note-AWSServer17-17\">[17]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-AWSLambda_18-0\" class=\"reference\"><a href=\"#cite_note-AWSLambda-18\">[18]<\/a><\/sup> In turn, that runtime environment runs on top of Amazon Linux 2, an Amazon-developed version of Red Hat Enterprise running as a Linux server operating system.<sup id=\"rdp-ebb-cite_ref-MoreloWhat20_19-0\" class=\"reference\"><a href=\"#cite_note-MoreloWhat20-19\">[19]<\/a><\/sup> This can then be packaged into a container image that runs on Amazon's servers.<sup id=\"rdp-ebb-cite_ref-AWSLambda_18-1\" class=\"reference\"><a href=\"#cite_note-AWSLambda-18\">[18]<\/a><\/sup> When a designated event occurs (in this example, the internet-connected device taking a reading), a message is communicated\u2014typically via an API\u2014to the serverless code, which is then triggered, and Amazon Lambda provisions only the necessary resources to see the code to completion. Then the AWS server spins down those resources afterwards.<sup id=\"rdp-ebb-cite_ref-TRServerless20_20-0\" class=\"reference\"><a href=\"#cite_note-TRServerless20-20\">[20]<\/a><\/sup> Yes, there are servers still involved, but the critical point is the customer need only to properly package their code up, without any concern whatsoever of how the AWS server manages its use and performance. In that regard, the code is said to be run in a \"serverless\" fashion, not because the servers aren't involved but because the code developer is effectively abstracted from the servers running and managing the code; the developer is left to only worry about the code itself.<sup id=\"rdp-ebb-cite_ref-TRServerless20_20-1\" class=\"reference\"><a href=\"#cite_note-TRServerless20-20\">[20]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-FrulingerWhatIs19_21-0\" class=\"reference\"><a href=\"#cite_note-FrulingerWhatIs19-21\">[21]<\/a><\/sup>\n<\/p><p>PaaS is not serverless, however. First, a truly serverless model is significantly different in its scalability. The serverless model is meant to instantly provide computing resources based upon a \"trigger\" or programmed element, and then wind down those resources. This is perfect for the environmental lab wanting to upload remote sensor data to the cloud after each collection time; only the resources required for performing the action to completion are required, minimizing cost. However, this doesn't work well for a PaaS solution, which doesn't scale up automatically unless specifically programmed to. Sure, the developer using PaaS has more control over the development environment, but resources must be scaled up manually and left continuously running, making it less agile than serverless. This makes PaaS more suitable for more prescriptive and deliberate application development, though its usage-based pricing is a bit less precise than serverless. Additionally, serverless models aren't typically offered with development tools, as usually is the case with PaaS, so the serverless code developer must turn to their own development tools.<sup id=\"rdp-ebb-cite_ref-CFWhatIsPlat_3-1\" class=\"reference\"><a href=\"#cite_note-CFWhatIsPlat-3\">[3]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-SandersServer19_22-0\" class=\"reference\"><a href=\"#cite_note-SandersServer19-22\">[22]<\/a><\/sup>\n<\/p>\n<h4><span class=\"mw-headline\" id=\"1.2.2_Hybrid_cloud_vs._multicloud_vs._distributed_cloud\">1.2.2 Hybrid cloud vs. multicloud vs. distributed cloud<\/span><\/h4>\n<p>At casual glance, one might be led to believe these three deployment models aren't all that different. However, there are some core differences to point out, which may affect an organization's deployment strategy significantly. As Table 2 notes:\n<\/p>\n<ul><li>Hybrid cloud takes private cloud and public cloud models (as well as an organization's local infrastructure) and tightly integrates them. This indicates a wide mix of computing services is being used in an integrated fashion to create value.<sup id=\"rdp-ebb-cite_ref-CFWhatIsHybrid_10-1\" class=\"reference\"><a href=\"#cite_note-CFWhatIsHybrid-10\">[10]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-HurwitzWhat21_23-0\" class=\"reference\"><a href=\"#cite_note-HurwitzWhat21-23\">[23]<\/a><\/sup><\/li>\n<li>Multicloud takes the concept of public cloud and multiplies it. This indicates that two or more public clouds are being used, without a private cloud to muddy the integration.<sup id=\"rdp-ebb-cite_ref-CFWhatIsMulti_11-1\" class=\"reference\"><a href=\"#cite_note-CFWhatIsMulti-11\">[11]<\/a><\/sup><\/li>\n<li>Distributed cloud takes public cloud and expands it to multiple localized or \"edge\" locations. This indicates that a public cloud service's resources are strategically dispersed in locations as required by the user, while remaining accessible from and complementary to the user's private cloud or on-premises data center.<sup id=\"rdp-ebb-cite_ref-CostelloTheCIO20_13-1\" class=\"reference\"><a href=\"#cite_note-CostelloTheCIO20-13\">[13]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-SPWhatIs21_24-0\" class=\"reference\"><a href=\"#cite_note-SPWhatIs21-24\">[24]<\/a><\/sup><\/li><\/ul>\n<p>As such, an organization's existing infrastructure and business demands, combined with its aspirations for moving into the cloud, will dictate their deployment model. But there are also advantages and disadvantages to each which may further dictate an organization's deployment decision. First, all three models provide some level of redundancy. If a failure occurs in one computing core (be it public, private, or local), another core can ideally provide backup services to fill the gap. However, each model does this in a slightly different way. In a similar way, if additional compute resources are required due to a spike in demand, each model can ramp up resources to smooth the demand spike. Hybrid and distributed clouds also have the benefit of making any future transition to a purely public cloud (be it singular or multi-) easier as part of an organization's processes and data are already found in public cloud. \n<\/p><p>Beyond these benefits, things diverge a bit. While hybrid clouds provide flexibility to maintain sensitive data in a private cloud or on-site, where security can be more tightly controlled, private clouds are resource-intensive to maintain. Additionally, due to the complexity of integrating that private cloud with all other resources, the hybrid cloud reveals a greater attack surface, complicates security protocols, and raises integration costs.<sup id=\"rdp-ebb-cite_ref-CFWhatIsHybrid_10-2\" class=\"reference\"><a href=\"#cite_note-CFWhatIsHybrid-10\">[10]<\/a><\/sup> Multicloud has the benefit of reducing vendor lock-in (discussed later in this guide) by implementing resource utilization and storage across more than one public cloud provider. Should a need to migrate away from one vendor arrive, it's easier to continue critical services with the other public cloud vendor. This also lends to \"shopping around\" for public cloud services as costs lower and offerings change. However, this multicloud approach brings with it its own integration challenges, including differences in technologies between vendors, latency complexities between the services, increased points of attack with more integrations, and load balancing issues between the services.<sup id=\"rdp-ebb-cite_ref-CFWhatIsMulti_11-2\" class=\"reference\"><a href=\"#cite_note-CFWhatIsMulti-11\">[11]<\/a><\/sup> A distributed cloud model removes some of that latency and makes it easier to manage integrations and reduce network failure risks from one control center. It also benefits organizations requiring localized data storage due to regulations. However, with multiple servers being involved, it makes it a bit more difficult to troubleshoot integration and network issues across hardware and software. Additionally, implementation costs are likely to be higher, and security for replicated data across multiple locations becomes more complex and risky.<sup id=\"rdp-ebb-cite_ref-CostelloTheCIO20_13-2\" class=\"reference\"><a href=\"#cite_note-CostelloTheCIO20-13\">[13]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-EntradasoftWhatIs20_25-0\" class=\"reference\"><a href=\"#cite_note-EntradasoftWhatIs20-25\">[25]<\/a><\/sup>\n<\/p>\n<h3><span id=\"rdp-ebb-1.2.3_Edge_computing?\"><\/span><span class=\"mw-headline\" id=\"1.2.3_Edge_computing.3F\">1.2.3 Edge computing?<\/span><\/h3>\n<p>The concept of \"edge\" has been mentioned a few times in this chapter, but the topic of clouds, edges, cloud computing, and edge computing should be briefly addressed further, particularly as edges and edge computing gain traction in some industries.<sup id=\"rdp-ebb-cite_ref-AroraEdge23_26-0\" class=\"reference\"><a href=\"#cite_note-AroraEdge23-26\">[26]<\/a><\/sup> Edges and edge computing share a few similarities to clouds and cloud computing, but they are largely different. These concepts can be broken down as such<sup id=\"rdp-ebb-cite_ref-AroraEdge23_26-1\" class=\"reference\"><a href=\"#cite_note-AroraEdge23-26\">[26]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-RHCloudVEdge22_27-0\" class=\"reference\"><a href=\"#cite_note-RHCloudVEdge22-27\">[27]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-BigelowWhatIsEdge21_28-0\" class=\"reference\"><a href=\"#cite_note-BigelowWhatIsEdge21-28\">[28]<\/a><\/sup>:\n<\/p>\n<ul><li><b>Clouds<\/b>: \"places where data can be stored or applications can run. They are software-defined environments created by datacenters or server farms.\" These involve strategic locations where network connectivity is essentially reliable.<\/li>\n<li><b>Edges<\/b>: \"also places where data is collected. They are physical environments made up of hardware outside a datacenter.\" These are often remote locations where network connectivity is limited at best.<\/li>\n<li><b>Cloud computing<\/b>: an \"act of running workloads in a cloud.\"<\/li>\n<li><b>Edge computing<\/b>: an \"act of running workloads on edge devices.\"<\/li><\/ul>\n<p>In this case, the locations are differentiated from the actions, though it's notable that actions involving the two aren't exclusive. For example, if remote sensors collect data at the edge of a network and, rather than processing it locally at the edge, transfer it to the cloud for processing, edge computing hasn't happened; it only happens if data is collected and processed all at the edge.<sup id=\"rdp-ebb-cite_ref-RHCloudVEdge22_27-1\" class=\"reference\"><a href=\"#cite_note-RHCloudVEdge22-27\">[27]<\/a><\/sup> Additionally, those remote sensors\u2014which are representative of <a href=\"https:\/\/www.limswiki.org\/index.php\/Internet_of_things\" title=\"Internet of things\" class=\"wiki-link\" data-key=\"13e0b826fa1770fe4bea72e3cb942f0f\">internet of things<\/a> (IoT) technology\u2014shouldn't be assumed as connected to both a cloud and edge; they all can be connected as part of a network, but they don't have to be. Linux company Red Hat adds<sup id=\"rdp-ebb-cite_ref-RHCloudVEdge22_27-2\" class=\"reference\"><a href=\"#cite_note-RHCloudVEdge22-27\">[27]<\/a><\/sup>:\n<\/p>\n<blockquote><p>Clouds can exist without the Internet of Things (IoT) or edge devices. IoT and edge can exist without clouds. IoT can exist without edge devices or edge computing. IoT devices may connect to an edge or a cloud. Some edge devices connect to a cloud or private datacenter, others edge devices only connect to similarly central locations intermittently, and others never connect to anything\u2014at all.<\/p><\/blockquote>\n<p>However, edge computing associated with laboratory-tangential industry activities such as environmental monitoring, manufacturing, and mining will most often have IoT devices that don't necessarily rely on a central location or cloud. These industry activities rely on edges and edge computing because 1. those data-based activities must be executed as near to \"immediately\" as possible, and 2. those data-based activities usually involve large volumes of data, which are impractical to send to the cloud.<sup id=\"rdp-ebb-cite_ref-AroraEdge23_26-2\" class=\"reference\"><a href=\"#cite_note-AroraEdge23-26\">[26]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-RHCloudVEdge22_27-3\" class=\"reference\"><a href=\"#cite_note-RHCloudVEdge22-27\">[27]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-BigelowWhatIsEdge21_28-1\" class=\"reference\"><a href=\"#cite_note-BigelowWhatIsEdge21-28\">[28]<\/a><\/sup>\n<\/p><p>That said, is your laboratory seeking cloud computing services or edge computing services? The most likely answer is cloud computing, particularly if you're seeking a cloud-based software solution to help manage your laboratory activities. However, there may be a few cases where edge computing makes sense for your laboratory, particularly if its a field laboratory in a more remote location. For example, the U.S. Department of Energy's Urban Integrated Field Laboratory is helping U.S. cities like Chicago using localized instrument clusters to gather climate data for local processing.<sup id=\"rdp-ebb-cite_ref-ArgonneChicago23_29-0\" class=\"reference\"><a href=\"#cite_note-ArgonneChicago23-29\">[29]<\/a><\/sup> Another example can be found in a biological manufacturing laboratory with a strong need to integrate high-data-output devices to process and act upon that data locally.<sup id=\"rdp-ebb-cite_ref-EdgenesisLabAuto_30-0\" class=\"reference\"><a href=\"#cite_note-EdgenesisLabAuto-30\">[30]<\/a><\/sup> Finally, consider the laboratory with significant need for environmental monitoring for mission-critical samples; such a laboratory may also benefit from an IoT + edge computing pairing that provides local redundancy in that monitoring program, especially during power and internet disruptions.<sup id=\"rdp-ebb-cite_ref-FFIndustrial23_31-0\" class=\"reference\"><a href=\"#cite_note-FFIndustrial23-31\">[31]<\/a><\/sup> Just remember that these examples, however, don't represent a majority of lab's needs, which will largely depend more upon clouds and cloud computing to accomplish their goals more effectively.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-MellTheNIST11-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-MellTheNIST11_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-MellTheNIST11_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mell, P.; Grance, T. (September 2011). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-145.pdf\" target=\"_blank\">\"The NIST Definition of Cloud Computing\"<\/a> (PDF). NIST<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-145.pdf\" target=\"_blank\">https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-145.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+NIST+Definition+of+Cloud+Computing&rft.atitle=&rft.aulast=Mell%2C+P.%3B+Grance%2C+T.&rft.au=Mell%2C+P.%3B+Grance%2C+T.&rft.date=September+2011&rft.pub=NIST&rft_id=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FLegacy%2FSP%2Fnistspecialpublication800-145.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsSoft-2\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CFWhatIsSoft_2-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-saas\/\" target=\"_blank\">\"What Is SaaS? SaaS Definition\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-saas\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-saas\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+Is+SaaS%3F+SaaS+Definition&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fcloud%2Fwhat-is-saas%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsPlat-3\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CFWhatIsPlat_3-0\">3.0<\/a><\/sup> <sup><a href=\"#cite_ref-CFWhatIsPlat_3-1\">3.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/platform-as-a-service-paas\/\" target=\"_blank\">\"What is Platform-as-a-Service (PaaS)?\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/platform-as-a-service-paas\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/platform-as-a-service-paas\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Platform-as-a-Service+%28PaaS%29%3F&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fserverless%2Fglossary%2Fplatform-as-a-service-paas%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsInfra-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CFWhatIsInfra_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-iaas\/\" target=\"_blank\">\"What Is IaaS (Infrastructure-as-a-Service)?\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-iaas\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-iaas\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+Is+IaaS+%28Infrastructure-as-a-Service%29%3F&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fcloud%2Fwhat-is-iaas%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsFunction-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CFWhatIsFunction_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/function-as-a-service-faas\/\" target=\"_blank\">\"What is Function-as-a-Service (FaaS)?\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/function-as-a-service-faas\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/function-as-a-service-faas\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Function-as-a-Service+%28FaaS%29%3F&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fserverless%2Fglossary%2Ffunction-as-a-service-faas%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsBackend-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CFWhatIsBackend_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/backend-as-a-service-baas\/\" target=\"_blank\">\"What is BaaS? Backend-as-a-Service vs. serverless\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/backend-as-a-service-baas\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/serverless\/glossary\/backend-as-a-service-baas\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+BaaS%3F+Backend-as-a-Service+vs.+serverless&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fserverless%2Fglossary%2Fbackend-as-a-service-baas%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsPrivate-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CFWhatIsPrivate_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-a-private-cloud\/\" target=\"_blank\">\"What Is a Private Cloud? Private Cloud vs. Public Cloud\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-a-private-cloud\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-a-private-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+Is+a+Private+Cloud%3F+Private+Cloud+vs.+Public+Cloud&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fcloud%2Fwhat-is-a-private-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TucavkovWhat20-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-TucavkovWhat20_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Tucakov, D. (18 June 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/phoenixnap.com\/blog\/community-cloud\" target=\"_blank\">\"What is Community Cloud? Benefits & Examples with Use Cases\"<\/a>. <i>phoenixNAP Blog<\/i>. phoenixNAP<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/phoenixnap.com\/blog\/community-cloud\" target=\"_blank\">https:\/\/phoenixnap.com\/blog\/community-cloud<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Community+Cloud%3F+Benefits+%26+Examples+with+Use+Cases&rft.atitle=phoenixNAP+Blog&rft.aulast=Tucakov%2C+D.&rft.au=Tucakov%2C+D.&rft.date=18+June+2020&rft.pub=phoenixNAP&rft_id=https%3A%2F%2Fphoenixnap.com%2Fblog%2Fcommunity-cloud&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsPublic-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CFWhatIsPublic_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-a-public-cloud\/\" target=\"_blank\">\"What Is Hybrid Cloud? Hybrid Cloud Definition\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-a-public-cloud\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-a-public-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+Is+Hybrid+Cloud%3F+Hybrid+Cloud+Definition&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fcloud%2Fwhat-is-a-public-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsHybrid-10\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CFWhatIsHybrid_10-0\">10.0<\/a><\/sup> <sup><a href=\"#cite_ref-CFWhatIsHybrid_10-1\">10.1<\/a><\/sup> <sup><a href=\"#cite_ref-CFWhatIsHybrid_10-2\">10.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-hybrid-cloud\/\" target=\"_blank\">\"What Is Hybrid Cloud? Hybrid Cloud Definition\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-hybrid-cloud\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-hybrid-cloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+Is+Hybrid+Cloud%3F+Hybrid+Cloud+Definition&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fcloud%2Fwhat-is-hybrid-cloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CFWhatIsMulti-11\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CFWhatIsMulti_11-0\">11.0<\/a><\/sup> <sup><a href=\"#cite_ref-CFWhatIsMulti_11-1\">11.1<\/a><\/sup> <sup><a href=\"#cite_ref-CFWhatIsMulti_11-2\">11.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-multicloud\/\" target=\"_blank\">\"What Is Multicloud? Multicloud Definition\"<\/a>. Cloudflare, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-multicloud\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/learning\/cloud\/what-is-multicloud\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+Is+Multicloud%3F+Multicloud+Definition&rft.atitle=&rft.pub=Cloudflare%2C+Inc&rft_id=https%3A%2F%2Fwww.cloudflare.com%2Flearning%2Fcloud%2Fwhat-is-multicloud%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-IBMDistrib20-12\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-IBMDistrib20_12-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">IBM Cloud Education (3 November 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.ibm.com\/topics\/distributed-cloud\" target=\"_blank\">\"Distributed cloud\"<\/a>. IBM<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.ibm.com\/topics\/distributed-cloud\" target=\"_blank\">https:\/\/www.ibm.com\/topics\/distributed-cloud<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Distributed+cloud&rft.atitle=&rft.aulast=IBM+Cloud+Education&rft.au=IBM+Cloud+Education&rft.date=3+November+2020&rft.pub=IBM&rft_id=https%3A%2F%2Fwww.ibm.com%2Ftopics%2Fdistributed-cloud&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CostelloTheCIO20-13\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-CostelloTheCIO20_13-0\">13.0<\/a><\/sup> <sup><a href=\"#cite_ref-CostelloTheCIO20_13-1\">13.1<\/a><\/sup> <sup><a href=\"#cite_ref-CostelloTheCIO20_13-2\">13.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Costello, K. (12 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gartner.com\/smarterwithgartner\/the-cios-guide-to-distributed-cloud\" target=\"_blank\">\"The CIO\u2019s Guide to Distributed Cloud\"<\/a>. <i>Smarter With Gartner<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.gartner.com\/smarterwithgartner\/the-cios-guide-to-distributed-cloud\" target=\"_blank\">https:\/\/www.gartner.com\/smarterwithgartner\/the-cios-guide-to-distributed-cloud<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+CIO%E2%80%99s+Guide+to+Distributed+Cloud&rft.atitle=Smarter+With+Gartner&rft.aulast=Costello%2C+K.&rft.au=Costello%2C+K.&rft.date=12+August+2020&rft_id=https%3A%2F%2Fwww.gartner.com%2Fsmarterwithgartner%2Fthe-cios-guide-to-distributed-cloud&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BonifacePlat10-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BonifacePlat10_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Boniface, M.; Nasser, B.; Papay, J. et al. (2010). \"Platform-as-a-Service Architecture for Real-Time Quality of Service Management in Clouds\". <i>Proceedings of the Fifth International Conference on Internet and Web Applications and Services<\/i>: 155\u201360. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1109%2FICIW.2010.91\" target=\"_blank\">10.1109\/ICIW.2010.91<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Platform-as-a-Service+Architecture+for+Real-Time+Quality+of+Service+Management+in+Clouds&rft.jtitle=Proceedings+of+the+Fifth+International+Conference+on+Internet+and+Web+Applications+and+Services&rft.aulast=Boniface%2C+M.%3B+Nasser%2C+B.%3B+Papay%2C+J.+et+al.&rft.au=Boniface%2C+M.%3B+Nasser%2C+B.%3B+Papay%2C+J.+et+al.&rft.date=2010&rft.pages=155%E2%80%9360&rft_id=info:doi\/10.1109%2FICIW.2010.91&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-XiongScalable14-15\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-XiongScalable14_15-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Xiong, H.; Fowley, F.; Pahl, C. et al. (2014). \"Scalable Architectures for Platform-as-a-Service Clouds: Performance and Cost Analysis\". <i>Proceedings of the 2014 European Conference on Software Architecture<\/i>: 226\u201333. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1007%2F978-3-319-09970-5_21\" target=\"_blank\">10.1007\/978-3-319-09970-5_21<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Scalable+Architectures+for+Platform-as-a-Service+Clouds%3A+Performance+and+Cost+Analysis&rft.jtitle=Proceedings+of+the+2014+European+Conference+on+Software+Architecture&rft.aulast=Xiong%2C+H.%3B+Fowley%2C+F.%3B+Pahl%2C+C.+et+al.&rft.au=Xiong%2C+H.%3B+Fowley%2C+F.%3B+Pahl%2C+C.+et+al.&rft.date=2014&rft.pages=226%E2%80%9333&rft_id=info:doi\/10.1007%2F978-3-319-09970-5_21&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ViolinoWhat19-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ViolinoWhat19_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Carey, S. (22 July 2022). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.infoworld.com\/article\/3223434\/what-is-paas-platform-as-a-service-a-simpler-way-to-build-software-applications.html\" target=\"_blank\">\"What is PaaS (platform-as-a-service)? A simpler way to build software applications\"<\/a>. <i>InfoWorld<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.infoworld.com\/article\/3223434\/what-is-paas-platform-as-a-service-a-simpler-way-to-build-software-applications.html\" target=\"_blank\">https:\/\/www.infoworld.com\/article\/3223434\/what-is-paas-platform-as-a-service-a-simpler-way-to-build-software-applications.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+PaaS+%28platform-as-a-service%29%3F+A+simpler+way+to+build+software+applications&rft.atitle=InfoWorld&rft.aulast=Carey%2C+S.&rft.au=Carey%2C+S.&rft.date=22+July+2022&rft_id=https%3A%2F%2Fwww.infoworld.com%2Farticle%2F3223434%2Fwhat-is-paas-platform-as-a-service-a-simpler-way-to-build-software-applications.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSServer17-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSServer17_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/d1.awsstatic.com\/whitepapers\/serverless-architectures-with-aws-lambda.pdf\" target=\"_blank\">\"Serverless Architectures with AWS Lambda: Overview and Best Practices\"<\/a> (PDF). Amazon Web Services. November 2017<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/d1.awsstatic.com\/whitepapers\/serverless-architectures-with-aws-lambda.pdf\" target=\"_blank\">https:\/\/d1.awsstatic.com\/whitepapers\/serverless-architectures-with-aws-lambda.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Serverless+Architectures+with+AWS+Lambda%3A+Overview+and+Best+Practices&rft.atitle=&rft.date=November+2017&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Fd1.awsstatic.com%2Fwhitepapers%2Fserverless-architectures-with-aws-lambda.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSLambda-18\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AWSLambda_18-0\">18.0<\/a><\/sup> <sup><a href=\"#cite_ref-AWSLambda_18-1\">18.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/docs.aws.amazon.com\/lambda\/latest\/dg\/lambda-runtimes.html\" target=\"_blank\">\"Lambda runtimes\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/docs.aws.amazon.com\/lambda\/latest\/dg\/lambda-runtimes.html\" target=\"_blank\">https:\/\/docs.aws.amazon.com\/lambda\/latest\/dg\/lambda-runtimes.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Lambda+runtimes&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Fdocs.aws.amazon.com%2Flambda%2Flatest%2Fdg%2Flambda-runtimes.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MoreloWhat20-19\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MoreloWhat20_19-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Morelo, D. (2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/linuxhint.com\/what_is_amazon_linux_2\/\" target=\"_blank\">\"What is Amazon Linux 2?\"<\/a>. <i>LinuxHint<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/linuxhint.com\/what_is_amazon_linux_2\/\" target=\"_blank\">https:\/\/linuxhint.com\/what_is_amazon_linux_2\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Amazon+Linux+2%3F&rft.atitle=LinuxHint&rft.aulast=Morelo%2C+D.&rft.au=Morelo%2C+D.&rft.date=2020&rft_id=https%3A%2F%2Flinuxhint.com%2Fwhat_is_amazon_linux_2%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-TRServerless20-20\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-TRServerless20_20-0\">20.0<\/a><\/sup> <sup><a href=\"#cite_ref-TRServerless20_20-1\">20.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.techrepublic.com\/article\/serverless-computing-the-smart-persons-guide\/\" target=\"_blank\">\"Serverless computing: A cheat sheet\"<\/a>. <i>TechRepublic<\/i>. 25 December 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.techrepublic.com\/article\/serverless-computing-the-smart-persons-guide\/\" target=\"_blank\">https:\/\/www.techrepublic.com\/article\/serverless-computing-the-smart-persons-guide\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Serverless+computing%3A+A+cheat+sheet&rft.atitle=TechRepublic&rft.date=25+December+2020&rft_id=https%3A%2F%2Fwww.techrepublic.com%2Farticle%2Fserverless-computing-the-smart-persons-guide%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FrulingerWhatIs19-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FrulingerWhatIs19_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Fruhlinger, J. (15 July 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.infoworld.com\/article\/3406501\/what-is-serverless-serverless-computing-explained.html\" target=\"_blank\">\"What is serverless? Serverless computing explained\"<\/a>. <i>InfoWorld<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.infoworld.com\/article\/3406501\/what-is-serverless-serverless-computing-explained.html\" target=\"_blank\">https:\/\/www.infoworld.com\/article\/3406501\/what-is-serverless-serverless-computing-explained.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+serverless%3F+Serverless+computing+explained&rft.atitle=InfoWorld&rft.aulast=Fruhlinger%2C+J.&rft.au=Fruhlinger%2C+J.&rft.date=15+July+2019&rft_id=https%3A%2F%2Fwww.infoworld.com%2Farticle%2F3406501%2Fwhat-is-serverless-serverless-computing-explained.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SandersServer19-22\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SandersServer19_22-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Sander, J. (1 May 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.zdnet.com\/article\/serverless-computing-vs-platform-as-a-service-which-is-right-for-your-business\/\" target=\"_blank\">\"Serverless computing vs platform-as-a-service: Which is right for your business?\"<\/a>. <i>ZDNet<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.zdnet.com\/article\/serverless-computing-vs-platform-as-a-service-which-is-right-for-your-business\/\" target=\"_blank\">https:\/\/www.zdnet.com\/article\/serverless-computing-vs-platform-as-a-service-which-is-right-for-your-business\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Serverless+computing+vs+platform-as-a-service%3A+Which+is+right+for+your+business%3F&rft.atitle=ZDNet&rft.aulast=Sander%2C+J.&rft.au=Sander%2C+J.&rft.date=1+May+2019&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fserverless-computing-vs-platform-as-a-service-which-is-right-for-your-business%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HurwitzWhat21-23\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HurwitzWhat21_23-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Hurwitz, J.S.; Kaufman, M.; Halper, F. et al. (2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.dummies.com\/article\/technology\/information-technology\/networking\/cloud-computing\/what-is-hybrid-cloud-computing-174473\/\" target=\"_blank\">\"What is Hybrid Cloud Computing?\"<\/a>. <i>Dummies.com<\/i>. John Wiley & Sons, Inc<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.dummies.com\/article\/technology\/information-technology\/networking\/cloud-computing\/what-is-hybrid-cloud-computing-174473\/\" target=\"_blank\">https:\/\/www.dummies.com\/article\/technology\/information-technology\/networking\/cloud-computing\/what-is-hybrid-cloud-computing-174473\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Hybrid+Cloud+Computing%3F&rft.atitle=Dummies.com&rft.aulast=Hurwitz%2C+J.S.%3B+Kaufman%2C+M.%3B+Halper%2C+F.+et+al.&rft.au=Hurwitz%2C+J.S.%3B+Kaufman%2C+M.%3B+Halper%2C+F.+et+al.&rft.date=2021&rft.pub=John+Wiley+%26+Sons%2C+Inc&rft_id=https%3A%2F%2Fwww.dummies.com%2Farticle%2Ftechnology%2Finformation-technology%2Fnetworking%2Fcloud-computing%2Fwhat-is-hybrid-cloud-computing-174473%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-SPWhatIs21-24\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-SPWhatIs21_24-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20210228040550\/https:\/\/www.stackpath.com\/edge-academy\/distributed-cloud-computing\/\" target=\"_blank\">\"What is Distributed Cloud Computing?\"<\/a>. <i>Edge Academy<\/i>. StackPath. 2021. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.stackpath.com\/edge-academy\/distributed-cloud-computing\/\" target=\"_blank\">the original<\/a> on 28 February 2021<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20210228040550\/https:\/\/www.stackpath.com\/edge-academy\/distributed-cloud-computing\/\" target=\"_blank\">https:\/\/web.archive.org\/web\/20210228040550\/https:\/\/www.stackpath.com\/edge-academy\/distributed-cloud-computing\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Distributed+Cloud+Computing%3F&rft.atitle=Edge+Academy&rft.date=2021&rft.pub=StackPath&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20210228040550%2Fhttps%3A%2F%2Fwww.stackpath.com%2Fedge-academy%2Fdistributed-cloud-computing%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EntradasoftWhatIs20-25\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-EntradasoftWhatIs20_25-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20200916021206\/http:\/\/entradasoft.com\/blogs\/what-is-distributed-cloud\" target=\"_blank\">\"What is Distributed Cloud\"<\/a>. Entradasoft. 2020. Archived from <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/entradasoft.com\/blogs\/what-is-distributed-cloud\" target=\"_blank\">the original<\/a> on 16 September 2020<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20200916021206\/http:\/\/entradasoft.com\/blogs\/what-is-distributed-cloud\" target=\"_blank\">https:\/\/web.archive.org\/web\/20200916021206\/http:\/\/entradasoft.com\/blogs\/what-is-distributed-cloud<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+Distributed+Cloud&rft.atitle=&rft.date=2020&rft.pub=Entradasoft&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20200916021206%2Fhttp%3A%2F%2Fentradasoft.com%2Fblogs%2Fwhat-is-distributed-cloud&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AroraEdge23-26\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-AroraEdge23_26-0\">26.0<\/a><\/sup> <sup><a href=\"#cite_ref-AroraEdge23_26-1\">26.1<\/a><\/sup> <sup><a href=\"#cite_ref-AroraEdge23_26-2\">26.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Arora, S. (8 August 2023). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.simplilearn.com\/edge-computing-vs-cloud-computing-article\" target=\"_blank\">\"Edge Computing Vs. Cloud Computing: Key Differences to Know\"<\/a>. <i>Simplilearn<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.simplilearn.com\/edge-computing-vs-cloud-computing-article\" target=\"_blank\">https:\/\/www.simplilearn.com\/edge-computing-vs-cloud-computing-article<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 16 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Edge+Computing+Vs.+Cloud+Computing%3A+Key+Differences+to+Know&rft.atitle=Simplilearn&rft.aulast=Arora%2C+S.&rft.au=Arora%2C+S.&rft.date=8+August+2023&rft_id=https%3A%2F%2Fwww.simplilearn.com%2Fedge-computing-vs-cloud-computing-article&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-RHCloudVEdge22-27\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-RHCloudVEdge22_27-0\">27.0<\/a><\/sup> <sup><a href=\"#cite_ref-RHCloudVEdge22_27-1\">27.1<\/a><\/sup> <sup><a href=\"#cite_ref-RHCloudVEdge22_27-2\">27.2<\/a><\/sup> <sup><a href=\"#cite_ref-RHCloudVEdge22_27-3\">27.3<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.redhat.com\/en\/topics\/cloud-computing\/cloud-vs-edge\" target=\"_blank\">\"Cloud vs. edge\"<\/a>. Red Hat, Inc. 14 November 2022<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.redhat.com\/en\/topics\/cloud-computing\/cloud-vs-edge\" target=\"_blank\">https:\/\/www.redhat.com\/en\/topics\/cloud-computing\/cloud-vs-edge<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 16 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+vs.+edge&rft.atitle=&rft.date=14+November+2022&rft.pub=Red+Hat%2C+Inc&rft_id=https%3A%2F%2Fwww.redhat.com%2Fen%2Ftopics%2Fcloud-computing%2Fcloud-vs-edge&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BigelowWhatIsEdge21-28\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-BigelowWhatIsEdge21_28-0\">28.0<\/a><\/sup> <sup><a href=\"#cite_ref-BigelowWhatIsEdge21_28-1\">28.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Bigelow, S.J. (December 2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20230608045737\/https:\/\/www.techtarget.com\/searchdatacenter\/definition\/edge-computing\" target=\"_blank\">\"What is edge computing? Everything you need to know\"<\/a>. <i>TechTarget Data Center<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.techtarget.com\/searchdatacenter\/definition\/edge-computing\" target=\"_blank\">the original<\/a> on 08 June 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20230608045737\/https:\/\/www.techtarget.com\/searchdatacenter\/definition\/edge-computing\" target=\"_blank\">https:\/\/web.archive.org\/web\/20230608045737\/https:\/\/www.techtarget.com\/searchdatacenter\/definition\/edge-computing<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 16 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+is+edge+computing%3F+Everything+you+need+to+know&rft.atitle=TechTarget+Data+Center&rft.aulast=Bigelow%2C+S.J.&rft.au=Bigelow%2C+S.J.&rft.date=December+2021&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20230608045737%2Fhttps%3A%2F%2Fwww.techtarget.com%2Fsearchdatacenter%2Fdefinition%2Fedge-computing&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ArgonneChicago23-29\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ArgonneChicago23_29-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.anl.gov\/article\/chicago-state-university-to-serve-as-scientific-supersite-to-study-climate-change-impact\" target=\"_blank\">\"Chicago State University to serve as \u200b\u2018scientific supersite\u2019 to study climate change impact\"<\/a>. Argonne National Laboratory. 18 July 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.anl.gov\/article\/chicago-state-university-to-serve-as-scientific-supersite-to-study-climate-change-impact\" target=\"_blank\">https:\/\/www.anl.gov\/article\/chicago-state-university-to-serve-as-scientific-supersite-to-study-climate-change-impact<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 16 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Chicago+State+University+to+serve+as+%E2%80%8B%E2%80%98scientific+supersite%E2%80%99+to+study+climate+change+impact&rft.atitle=&rft.date=18+July+2023&rft.pub=Argonne+National+Laboratory&rft_id=https%3A%2F%2Fwww.anl.gov%2Farticle%2Fchicago-state-university-to-serve-as-scientific-supersite-to-study-climate-change-impact&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-EdgenesisLabAuto-30\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-EdgenesisLabAuto_30-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/edgenesis.com\/solutions\/moreDetail\/LaboratoryAutomation\" target=\"_blank\">\"Laboratory Automation\"<\/a>. Edgenesis, Inc. 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/edgenesis.com\/solutions\/moreDetail\/LaboratoryAutomation\" target=\"_blank\">https:\/\/edgenesis.com\/solutions\/moreDetail\/LaboratoryAutomation<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 16 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Laboratory+Automation&rft.atitle=&rft.date=2023&rft.pub=Edgenesis%2C+Inc&rft_id=https%3A%2F%2Fedgenesis.com%2Fsolutions%2FmoreDetail%2FLaboratoryAutomation&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FFIndustrial23-31\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FFIndustrial23_31-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.flowfinity.com\/blog\/industrial-iot-guide.aspx\" target=\"_blank\">\"Industrial IoT, Edge Computing and Data Streams: A Comprehensive Guide\"<\/a>. <i>Flowfinity Blog<\/i>. 2 August 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.flowfinity.com\/blog\/industrial-iot-guide.aspx\" target=\"_blank\">https:\/\/www.flowfinity.com\/blog\/industrial-iot-guide.aspx<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 16 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Industrial+IoT%2C+Edge+Computing+and+Data+Streams%3A+A+Comprehensive+Guide&rft.atitle=Flowfinity+Blog&rft.date=2+August+2023&rft_id=https%3A%2F%2Fwww.flowfinity.com%2Fblog%2Findustrial-iot-guide.aspx&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205952\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.260 seconds\nReal time usage: 0.275 seconds\nPreprocessor visited node count: 20498\/1000000\nPost\u2010expand include size: 167628\/2097152 bytes\nTemplate argument size: 52827\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 50256\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 245.125 1 -total\n 89.36% 219.045 1 Template:Reflist\n 71.46% 175.174 31 Template:Citation\/core\n 69.31% 169.888 29 Template:Cite_web\n 12.15% 29.790 19 Template:Date\n 10.60% 25.975 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing?\/Cloud_computing_services_and_deployment_models\n 9.51% 23.308 2 Template:Cite_journal\n 4.59% 11.254 46 Template:Citation\/make_link\n 3.54% 8.667 2 Template:Citation\/identifier\n 1.08% 2.641 4 Template:Hide_in_print\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13038-0!canonical and timestamp 20230816205952 and revision id 46388. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","ded9d3142efb0e0c851296237a82d1f4_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/a\/a6\/Hybrid_Cloud.svg.png"],"ded9d3142efb0e0c851296237a82d1f4_timestamp":1692220358,"596bb2186b9a2b2aab001f641218edfe_type":"article","596bb2186b9a2b2aab001f641218edfe_title":"1.1 History and evolution","596bb2186b9a2b2aab001f641218edfe_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution","596bb2186b9a2b2aab001f641218edfe_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/What is cloud computing?\/History and evolutionFrom LIMSWikiJump to navigationJump to search-----Return to the beginning of this guide-----\n 1. What is cloud computing? \n Figure 1. A basic visualization of cloud computing architecture layers and some of the activities that take place on those layers.\nIf you were alive in the late 2000s and doing most anything related to computers and the internet, you were bound to encounter the latest internet buzzword: cloud computing.[1][2] A certain mysticism was seemingly attached to the concept, that your files and applications could reside on the internet, \"out there in the 'cloud.'\"[1] \"But what is this 'cloud'?\" many would ask. A plethora of media articles, journal articles, blogs, and company websites were published to give practically everyone's take on what the cloud was and wasn't meant to be.[3] However, the then growing consensus of cloud computing as networked and scalable architecture meant to rapidly provide application and infrastructure services at reasonable prices to internet users[2][3] largely matches up with today's definition. Pulling from both The Institution of Engineering and Technology[4] and Amazon Web Services[5], we come up with cloud computing as:\n\nan internet-based computing paradigm in which standardized and virtualized resources are used to rapidly, elastically, and cost-effectively provide a variety of globally available, \"always-on\" computing services to users on a continuous or as-needed basis\nOf course, those computing services come in a variety of flavors, the most common being software, platform, and infrastructure \"as a service\" (SaaS, PaaS, and IaaS, respectively). These conveniently correspond to the underlying architectural layers of the services, with infrastructure at the base, platform on top of that, and software (or application) on top of that. \nFigure 1 portrays a simplified visualization of cloud computing architecture layers, as well as examples of activities that happen on those layers. This concept has also been visualized by others using pyramids and pancake stacks of layers, but the concept remains the same. At the base is the computing infrastructure, including the physical data centers and their networking equipment, servers, hypervisors, application programming interfaces (APIs), and operating systems. This infrastructure is the foundation that supports not only applications users want to run but also that acts as the developmental foundation of users not wanting to implement their own infrastructure. On top of all that can be found platforms or middleware, which serve as software development and deployment environments (that include databases, web servers, load balancers, etc.) or connectivity tools for analytics, workflow management, system integration, and security management. And on top of that are applications, typically designed to run optimally in cloud environments and accessed via web browsers or apps using internet\u2014i.e. networking\u2014connectivity and computing devices.[6]\nCustomers who require application hosting, internet-hosted software development platforms, or underlying computing infrastructure (e.g., data storage, computational time, etc.)\u2014particularly when they can't or don't want to invest in their own hardware\u2014are increasingly turning to the cloud computing paradigm. Even before a worldwide COVID-19 pandemic started to take shape in late 2019, the global cloud services market was expected to reach $266.4 billion by the end of 2020, with Gartner expecting that to represent a 17 percent increase from 2019.[7] As work-from-home practices expanded significantly in 2020 due to the pandemic, expectations that the trend would last post-pandemic pushed estimates of overall cloud-based workloads moving from physical work offices to the cloud to 55 percent by 2022, with the cloud services market reaching $600 billion in 2023[8] and $1 trillion by 2030.[9] This growing migration to cloud computing has many implications for organizations of all types, including laboratories.\n\r\n\n\n1.1 History and evolution \nCloud computing has its strongest origins in the \"web services\" phase of internet development. In November 2000, Mind Electric CEO and distributed computing visionary Graham Glass, writing for IBM, described web services as \"building blocks for creating open distributed systems\" that \"allow companies and individuals to quickly and cheaply make their digital assets available worldwide,\" while prognosticating that web services \"will catalyze a shift from client-server to peer-to-peer architectures.\"[10] At that point, the likes of Microsoft and IBM were already developing toolkits for creating and deploying web services[10], with IBM releasing an initial high-level report in May 2001 on IBM's web services architecture approach. In that paper, web services were described by its author Heather Kreger as allowing \"companies to reduce the cost of doing e-business, to deploy solutions faster, and to open up new opportunities,\" while also allowing \"applications to be integrated more rapidly, easily, and less expensively than ever before.\"[11] \nHere's a recap of thinking on web services at the turn of the century:\n\n\"[act as] building blocks for creating open distributed systems\"[10]\n\"quickly and cheaply make ... digital assets available worldwide\"[10]\n\"catalyze a shift from client-server to peer-to-peer architectures\"[10]\n\"reduce the cost of doing e-business, to deploy solutions faster, and to open up new opportunities\"[11]\n\"[allow] applications to be integrated more rapidly, easily, and less expensively than ever before\"[11]\nWe'll come back to that. For the next stop, however, we have to consider the case of Amazon and how they viewed web services at that time. Leading up to the twenty-first century, Amazon was beginning to expand beyond its book selling roots, opening up its marketplace to other third parties (affiliates) to sell their own goods on Amazon's platform. That effort required an expansion of IT infrastructure to support web-scale third-party selling, but as it turned out, a lot of that IT infrastructure, while reliable and cost-effective, had been previously added piecemeal, with many components getting \"tangled\" along the way. Amazon project leads and external partners were clamoring for better infrastructure services. This required untangling the IT and associated provider data into an internally scalable, centralized infrastructure that allowed for smoother communication and data management using well-documented APIs.[12][13] By 2003, the company was indirectly acting as a services industry to its partners. \"Why not act upon this strength?\" was the sentiment that quickly developed that year, with Amazon choosing to use its internal compute, storage, and database infrastructure and related expertise to its advantage.[13] \nAt that point, the paradigm of web services expanded to include infrastructure as a service or IaaS, with compute, storage, and database services running over the internet for web developers to utilize.[12][13] \"If you believe developers will build applications from scratch using web services as primitive building blocks, then the operating system becomes the internet,\u201d noted AWS CEO Andy Jassy in a 2015 retrospective interview.[12] From that concept evolved the idea of determining what it would take to allow any entity to run their technology applications over their web-service-based IaaS platform. In August 2006, Amazon introduced its Amazon Elastic Compute Cloud (Amazon EC2), \"a web service that provides resizable compute capacity in the cloud.\"[14][15] This quickly prompted others in academic and scientific fields to continue the conversation of turning IT and its infrastructure into a service.[15][16] In turn, conversations changed, discussing the opportunities inherent to \"cloud computing,\" including Google and IBM partnering to virtualize computers on new data centers for boosting academic research and teaching new computer science students[17][18], IBM releasing a white paper on cloud computing[19] and announcing its Blue Cloud initiative[20], and Google doubling down on its cloud-based software offerings in competition with Microsoft.[21] \nIn IBM's 2007 white paper, they described cloud computing as a \"pool of virtualized computer resources\" that can[19]:\n\n\"host a variety of different workloads, including batch-style back-end jobs and interactive, user-facing applications\";\n\"allow workloads to be deployed and scaled-out quickly through the rapid provisioning of virtual machines or physical machines\";\n\"support redundant, self-recovering, highly scalable programming models that allow workloads to recover from many unavoidable hardware\/software failures\";\n\"monitor resource use in real time to enable rebalancing of allocations when needed\"; and\n\"be a cost efficient model for delivering information services, reducing IT management complexity, promoting innovation, and increasing responsiveness through real-time workload balancing.\"\nIn 2011, the National Institute of Standards and Technology (NIST) came up with a more standards-based definition to cloud computing. They described it as \"a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.\"[22] They went on to highlight the five essential characteristics further[22]:\n\nOn-demand self-service: The unilateral provision of computing resources should be an automatic or nearly automatic process.\nBroad network access: Thin- or thick-client platforms, both hardwired and mobile, should allow for standardized, networkable access to those computing resources.\nResource pooling: A multi-tenant model requires the provisioning of resources to serve a wide customer base, with a layer of abstraction that gives the user a sense of location independence from those resources.\nRapid elasticity: The platform's resources should be readily and\/or automatically scalable commensurate with demand, such that the user sees no negative impact in their activities.\nMeasured service: The resources should be automatically controlled and optimized by a measured service or metering system, transparently providing accurate and timely information about resource usage.\nWhen we compare these 2007 and 2011 definitions of cloud computing with the comments on web services by Glass and Kreger at the turn of the century (as well as our own derived definition prior), we can't help but see how the early vision for cloud computing has taken shape today. First, web services can indeed be paired with other technologies to form a distributed system, in this case a centralized and scalable computing infrastructure that can be used by practically anyone to run software, develop applications, and \"host a variety of different workloads.\"[19] Second, those workloads can be quickly deployed worldwide, wherever there is internet access, and typically at a fair price, when compared to the costs of on-premises data management.[23] Third, new opportunities are indeed developing for organizations seeking to tap into the on-demand, rapid, scalable, and cost-efficient nature of cloud computing.[24][25] And finally, benefits are being seen in the integration of applications via the cloud, particularly as more options for multicloud and hybrid cloud integration develop.[26] The early vision that perhaps hasn't been realized is found in Glass' \"shift from client-server to peer-to-peer architectures,\" though discussions about the promise of peer-to-peer cloud computing have occurred since.[27]\nThough clearly linked to web services and the early vision of cloud computing in the 2000s, the cloud computing of the 2020s is a remarkably more advanced and continually evolving technology. However, it's still not without its challenges today. The data security, privacy, and governance of computing in general, and cloud computing in particular, will continue to require more rigorous approaches, as will reducing remaining data silos in organizations with pivots to hybrid cloud, multicloud, and serverless cloud implementations.[28][29] But what is \"hybrid cloud\"? \"Serverless cloud?\" The next section goes into further detail.\n\nReferences \n\n\n\u2191 1.0 1.1 Pogue, D. (17 July 2008). \"In Sync to Pierce the Cloud\". The New York Times. Archived from the original on 05 January 2018. https:\/\/web.archive.org\/web\/20180105205750\/https:\/\/www.nytimes.com\/2008\/07\/17\/technology\/personaltech\/17pogue.html . Retrieved 28 July 2023 .   \n \n\n\u2191 2.0 2.1 Wang, L.; von Laszewski, G.; Younge, A. et al. (2010). \"Cloud Computing: A Perspective Study\". New Generation Computing 28: 137\u201346. doi:10.1007\/s00354-008-0081-5. https:\/\/scholarworks.rit.edu\/cgi\/viewcontent.cgi?article=1748&context=other .   \n \n\n\u2191 3.0 3.1 Chamberlin, B. (28 October 2008). \"Cloud Computing: What is it?\". BillChamberlin.com. https:\/\/www.billchamberlin.com\/cloud-computing-what-is-it\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 French, J. (2021). \"Cloud computing and web services\". The Institution of Engineering and Technology. https:\/\/www.theiet.org\/publishing\/inspec\/researching-hot-topics\/cloud-computing-and-web-services\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"What Is Cloud Native?\". Amazon Web Services. https:\/\/aws.amazon.com\/what-is\/cloud-native\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Maurer, T.; Hinck, G. (31 August 2020). \"Cloud Security: A Primer for Policymakers\". Carnegie Endowment for International Peace. https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597 . Retrieved 28 July 2023 .   \n \n\n\u2191 Costello, K.; Rimol, M. (13 November 2020). \"Gartner Forecasts Worldwide Public Cloud Revenue to Grow 17% in 2020\". Gartner. https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2019-11-13-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2020 . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Gartner Forecasts Worldwide Public Cloud End-User Spending to Reach Nearly $600 Billion in 2023\". Gartner. 19 April 2023. https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023 . Retrieved 14 August 2023 .   \n \n\n\u2191 Reinicke, C. (30 March 2020). \"3 reasons one Wall Street firm says to stick with cloud stocks amid the coronavirus-induced market rout\". Market Insider. https:\/\/markets.businessinsider.com\/news\/stocks\/wedbush-reasons-own-cloud-stocks-coronavirus-pandemic-tech-buy-2020-3-1029045273#2-the-move-to-cloud-will-accelerate-more-quickly-amid-the-coronavirus-pandemic2 . Retrieved 28 July 2023 .   \n \n\n\u2191 10.0 10.1 10.2 10.3 10.4 Glass, G. (November 2000). \"The Web services (r)evolution, Part 1: Applying Web services to applications\". IBM developerWorks. IBM. Archived from the original on 24 April 2001. https:\/\/web.archive.org\/web\/20010424015036\/http:\/\/www-106.ibm.com\/developerworks\/library\/ws-peer1.html . Retrieved 28 July 2023 .   \n \n\n\u2191 11.0 11.1 11.2 Kreger, H. (May 2001). \"Web Services Conceptual Architecture (WSCA 1.0)\" (PDF). IBM Software Group. https:\/\/www.researchgate.net\/profile\/Heather-Kreger\/publication\/235720479_Web_Services_Conceptual_Architecture_WSCA_10\/links\/563a67e008ae337ef2984607\/Web-Services-Conceptual-Architecture-WSCA-10.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 12.0 12.1 12.2 Furrier, J. (29 January 2015). \"Exclusive: The Story of AWS and Andy Jassy\u2019s Trillion Dollar Baby\". Medium.com. https:\/\/medium.com\/@furrier\/original-content-the-story-of-aws-and-andy-jassys-trillion-dollar-baby-4e8a35fd7ed . Retrieved 28 July 2023 .   \n \n\n\u2191 13.0 13.1 13.2 Miller, R. (2 July 2016). \"How AWS came to be\". TechCrunch. https:\/\/techcrunch.com\/2016\/07\/02\/andy-jassys-brief-history-of-the-genesis-of-aws\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 \"Announcing Amazon Elastic Compute Cloud (Amazon EC2) - beta\". Amazon Web Services. 24 August 2006. https:\/\/aws.amazon.com\/about-aws\/whats-new\/2006\/08\/24\/announcing-amazon-elastic-compute-cloud-amazon-ec2---beta\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 15.0 15.1 Butler, D. (2006). \"Amazon puts network power online\". Nature 444 (528). doi:10.1038\/444528a.   \n \n\n\u2191 Ke, J.-s. (2006). \"ITeS - Transcending the Traditional Service Model\". Proceedings of the 2006 IEEE International Conference on e-Business Engineering: 2. doi:10.1109\/ICEBE.2006.66.   \n \n\n\u2191 Lohr, S. (8 October 2007). \"Google and I.B.M. Join in 'Cloud Computing' Research\" (PDF). The New York Times. Archived from the original on 08 October 2007. http:\/\/www.csun.edu\/pubrels\/clips\/Oct07\/10-08-07E.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Hand, E. (2007). \"Head in the clouds\". Nature 449 (963). doi:10.1038\/449963a.   \n \n\n\u2191 19.0 19.1 19.2 Boss, G.; Malladi, P.; Quan, D. et al. (8 October 2007). \"Cloud Computing\" (PDF). IBM Corporation. Archived from the original on 06 February 2009. https:\/\/web.archive.org\/web\/20090206015244\/http:\/\/download.boulder.ibm.com\/ibmdl\/pub\/software\/dw\/wes\/hipods\/Cloud_computing_wp_final_8Oct.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Lohr, S. (15 November 2007). \"I.B.M. to Push 'Cloud Computing,' Using Data From Afar\". The New York Times. https:\/\/www.nytimes.com\/2007\/11\/15\/technology\/15blue.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Lohr, S.; Helft, M. (16 December 2007). \"Google Gets Ready to Rumble With Microsoft\" (PDF). The New York Times. Archived from the original on 16 December 2007. https:\/\/signallake.com\/innovation\/GoogleMicrosoft121607.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 22.0 22.1 Mell, P.; Grance, T. (September 2011). \"The NIST Definition of Cloud Computing\" (PDF). NIST. https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-145.pdf . Retrieved 28 July 2023 .   \n \n\n\u2191 Violino, B. (16 March 2020). \"Where to look for cost savings in the cloud\". InfoWorld. https:\/\/www.infoworld.com\/article\/3532288\/where-to-look-for-cost-savings-in-the-cloud.html . Retrieved 28 July 2023 .   \n \n\n\u2191 Ojala, A. (2016). \"Discovering and creating business opportunities for cloud services\". Journal of Systems and Software 113: 408\u201317. doi:10.1016\/j.jss.2015.11.004.   \n \n\n\u2191 Pettey, C. (26 October 2020). \"Cloud Shift Impacts All IT Markets\". Smarter with Gartner. https:\/\/www.gartner.com\/smarterwithgartner\/cloud-shift-impacts-all-it-markets\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Pettey, C. (14 May 2019). \"5 Approaches to Cloud Applications Integration\". Smarter with Gartner. https:\/\/www.gartner.com\/smarterwithgartner\/5-approaches-cloud-applications-integration\/ . Retrieved 28 July 2023 .   \n \n\n\u2191 Babaoglu, O.; Marzolla, M. (2014). \"The People's Cloud\". IEEE Spectrum 51 (10): 50\u201355. doi:10.1109\/MSPEC.2014.6905491. https:\/\/spectrum.ieee.org\/escape-from-the-data-center-the-promise-of-peertopeer-cloud-computing .   \n \n\n\u2191 Goodison, D. (20 November 2020). \"10 Future Cloud Computing Trends To Watch In 2021\". CRN. https:\/\/www.crn.com\/news\/cloud\/10-future-cloud-computing-trends-to-watch-in-2021 . Retrieved 28 July 2023 .   \n \n\n\u2191 DTCC (November 2020). \"Cloud Technology: Powerful and Evolving\" (PDF). http:\/\/www.dtcc.com\/-\/media\/Files\/Downloads\/WhitePapers\/DTCC-Cloud-Journey-WP . Retrieved 28 July 2023 .   \n \n\n\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 11 February 2022, at 21:21.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 372 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","596bb2186b9a2b2aab001f641218edfe_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_What_is_cloud_computing_History_and_evolution rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_What_is_cloud_computing_History_and_evolution skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/What is cloud computing?\/History and evolution<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><div align=\"center\">-----Return to <a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction\" class=\"wiki-link\" data-key=\"a5122d160da552b7fab8ca62d4bc6155\">the beginning<\/a> of this guide-----<\/div>\n<h2><span id=\"rdp-ebb-1._What_is_cloud_computing?\"><\/span><span class=\"mw-headline\" id=\"1._What_is_cloud_computing.3F\">1. What is cloud computing?<\/span><\/h2>\n<div class=\"thumb tright\"><div class=\"thumbinner\" style=\"width:652px;\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:1000px-Cloud_computing.svg.png\" class=\"image wiki-link\" data-key=\"37e0869145e0277df251adc25534941c\"><img alt=\"\" src=\"https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/4\/4d\/1000px-Cloud_computing.svg.png\" decoding=\"async\" class=\"thumbimage\" style=\"width: 100%;max-width: 400px;height: auto;\" \/><\/a> <div class=\"thumbcaption\"><div class=\"magnify\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:1000px-Cloud_computing.svg.png\" class=\"internal wiki-link\" title=\"Enlarge\" data-key=\"37e0869145e0277df251adc25534941c\"><\/a><\/div><b>Figure 1.<\/b> A basic visualization of <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> architecture layers and some of the activities that take place on those layers.<\/div><\/div><\/div>\n<p>If you were alive in the late 2000s and doing most anything related to computers and the internet, you were bound to encounter the latest internet buzzword: <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a>.<sup id=\"rdp-ebb-cite_ref-PogueInSync08_1-0\" class=\"reference\"><a href=\"#cite_note-PogueInSync08-1\">[1]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-WangCloud10_2-0\" class=\"reference\"><a href=\"#cite_note-WangCloud10-2\">[2]<\/a><\/sup> A certain mysticism was seemingly attached to the concept, that your files and applications could reside on the internet, \"out there in the 'cloud.'\"<sup id=\"rdp-ebb-cite_ref-PogueInSync08_1-1\" class=\"reference\"><a href=\"#cite_note-PogueInSync08-1\">[1]<\/a><\/sup> \"But what is this 'cloud'?\" many would ask. A plethora of media articles, journal articles, blogs, and company websites were published to give practically everyone's take on what the cloud was and wasn't meant to be.<sup id=\"rdp-ebb-cite_ref-ChamberlinCloud08_3-0\" class=\"reference\"><a href=\"#cite_note-ChamberlinCloud08-3\">[3]<\/a><\/sup> However, the then growing consensus of cloud computing as networked and scalable architecture meant to rapidly provide application and infrastructure services at reasonable prices to internet users<sup id=\"rdp-ebb-cite_ref-WangCloud10_2-1\" class=\"reference\"><a href=\"#cite_note-WangCloud10-2\">[2]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-ChamberlinCloud08_3-1\" class=\"reference\"><a href=\"#cite_note-ChamberlinCloud08-3\">[3]<\/a><\/sup> largely matches up with today's definition. Pulling from both The Institution of Engineering and Technology<sup id=\"rdp-ebb-cite_ref-FrenchCloud21_4-0\" class=\"reference\"><a href=\"#cite_note-FrenchCloud21-4\">[4]<\/a><\/sup> and Amazon Web Services<sup id=\"rdp-ebb-cite_ref-AWSCloud21_5-0\" class=\"reference\"><a href=\"#cite_note-AWSCloud21-5\">[5]<\/a><\/sup>, we come up with cloud computing as:\n<\/p>\n<blockquote><p>an internet-based computing paradigm in which standardized and <a href=\"https:\/\/www.limswiki.org\/index.php\/Virtualization\" title=\"Virtualization\" class=\"wiki-link\" data-key=\"e6ef1e0497ceb6545c0948d436eba29c\">virtualized<\/a> resources are used to rapidly, elastically, and cost-effectively provide a variety of globally available, \"always-on\" computing services to users on a continuous or as-needed basis<\/p><\/blockquote>\n<p>Of course, those computing services come in a variety of flavors, the most common being <a href=\"https:\/\/www.limswiki.org\/index.php\/Software_as_a_service\" title=\"Software as a service\" class=\"wiki-link\" data-key=\"ae8c8a7cd5ee1a264f4f0bbd4a4caedd\">software<\/a>, <a href=\"https:\/\/www.limswiki.org\/index.php\/Platform_as_a_service\" title=\"Platform as a service\" class=\"wiki-link\" data-key=\"abad55890b97c6a6153458ad3d62762f\">platform<\/a>, and <a href=\"https:\/\/www.limswiki.org\/index.php\/Infrastructure_as_a_service\" title=\"Infrastructure as a service\" class=\"wiki-link\" data-key=\"70b93c66f23363688d45f0d354e5c032\">infrastructure<\/a> \"as a service\" (SaaS, PaaS, and IaaS, respectively). These conveniently correspond to the underlying architectural layers of the services, with infrastructure at the base, platform on top of that, and software (or application) on top of that. \n<\/p><p>Figure 1 portrays a simplified visualization of cloud computing architecture layers, as well as examples of activities that happen on those layers. This concept has also been visualized by others using pyramids and pancake stacks of layers, but the concept remains the same. At the base is the computing infrastructure, including the physical data centers and their networking equipment, servers, <a href=\"https:\/\/www.limswiki.org\/index.php\/Hypervisor\" title=\"Hypervisor\" class=\"wiki-link\" data-key=\"005ea69938e7d4a809b64a61c0497209\">hypervisors<\/a>, <a href=\"https:\/\/www.limswiki.org\/index.php\/Application_programming_interface\" title=\"Application programming interface\" class=\"wiki-link\" data-key=\"36fc319869eba4613cb0854b421b0934\">application programming interfaces<\/a> (APIs), and operating systems. This infrastructure is the foundation that supports not only applications users want to run but also that acts as the developmental foundation of users not wanting to implement their own infrastructure. On top of all that can be found platforms or <a href=\"https:\/\/www.limswiki.org\/index.php\/Middleware\" title=\"Middleware\" class=\"wiki-link\" data-key=\"82ee1d9577571b4f9e4d83d6d6124c81\">middleware<\/a>, which serve as software development and deployment environments (that include databases, web servers, load balancers, etc.) or connectivity tools for analytics, <a href=\"https:\/\/www.limswiki.org\/index.php\/Workflow\" title=\"Workflow\" class=\"wiki-link\" data-key=\"92bd8748272e20d891008dcb8243e8a8\">workflow<\/a> management, system integration, and security management. And on top of that are applications, typically designed to run optimally in cloud environments and accessed via web browsers or apps using internet\u2014i.e. networking\u2014connectivity and computing devices.<sup id=\"rdp-ebb-cite_ref-MaurerCloud20_6-0\" class=\"reference\"><a href=\"#cite_note-MaurerCloud20-6\">[6]<\/a><\/sup>\n<\/p><p>Customers who require application hosting, internet-hosted software development platforms, or underlying computing infrastructure (e.g., data storage, computational time, etc.)\u2014particularly when they can't or don't want to invest in their own hardware\u2014are increasingly turning to the cloud computing paradigm. Even before a worldwide <a href=\"https:\/\/www.limswiki.org\/index.php\/COVID-19\" class=\"mw-redirect wiki-link\" title=\"COVID-19\" data-key=\"da9bd20c492b2a17074ad66c2fe25652\">COVID-19<\/a> <a href=\"https:\/\/www.limswiki.org\/index.php\/Pandemic\" title=\"Pandemic\" class=\"wiki-link\" data-key=\"bd9a48e6c6e41b6d603ee703836b01f1\">pandemic<\/a> started to take shape in late 2019, the global cloud services market was expected to reach $266.4 billion by the end of 2020, with Gartner expecting that to represent a 17 percent increase from 2019.<sup id=\"rdp-ebb-cite_ref-CostelloFore19_7-0\" class=\"reference\"><a href=\"#cite_note-CostelloFore19-7\">[7]<\/a><\/sup> As work-from-home practices expanded significantly in 2020 due to the pandemic, expectations that the trend would last post-pandemic pushed estimates of overall cloud-based workloads moving from physical work offices to the cloud to 55 percent by 2022, with the cloud services market reaching $600 billion in 2023<sup id=\"rdp-ebb-cite_ref-GartnerFore23_8-0\" class=\"reference\"><a href=\"#cite_note-GartnerFore23-8\">[8]<\/a><\/sup> and $1 trillion by 2030.<sup id=\"rdp-ebb-cite_ref-ReinickeThree20_9-0\" class=\"reference\"><a href=\"#cite_note-ReinickeThree20-9\">[9]<\/a><\/sup> This growing migration to cloud computing has many implications for organizations of all types, including <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a>.\n<\/p><p><br \/>\n<\/p>\n<h3><span class=\"mw-headline\" id=\"1.1_History_and_evolution\">1.1 History and evolution<\/span><\/h3>\n<p>Cloud computing has its strongest origins in the \"web services\" phase of internet development. In November 2000, Mind Electric CEO and <a href=\"https:\/\/www.limswiki.org\/index.php\/Distributed_computing\" title=\"Distributed computing\" class=\"wiki-link\" data-key=\"27ed4ce42fc1b6b5da4be13b7183158b\">distributed computing<\/a> visionary Graham Glass, writing for IBM, described web services as \"building blocks for creating open distributed systems\" that \"allow companies and individuals to quickly and cheaply make their digital assets available worldwide,\" while prognosticating that web services \"will catalyze a shift from client-server to peer-to-peer architectures.\"<sup id=\"rdp-ebb-cite_ref-GlassTheWeb00_10-0\" class=\"reference\"><a href=\"#cite_note-GlassTheWeb00-10\">[10]<\/a><\/sup> At that point, the likes of Microsoft and IBM were already developing toolkits for creating and deploying web services<sup id=\"rdp-ebb-cite_ref-GlassTheWeb00_10-1\" class=\"reference\"><a href=\"#cite_note-GlassTheWeb00-10\">[10]<\/a><\/sup>, with IBM releasing an initial high-level report in May 2001 on IBM's web services architecture approach. In that paper, web services were described by its author Heather Kreger as allowing \"companies to reduce the cost of doing e-business, to deploy solutions faster, and to open up new opportunities,\" while also allowing \"applications to be integrated more rapidly, easily, and less expensively than ever before.\"<sup id=\"rdp-ebb-cite_ref-KregerWeb01_11-0\" class=\"reference\"><a href=\"#cite_note-KregerWeb01-11\">[11]<\/a><\/sup> \n<\/p><p>Here's a recap of thinking on web services at the turn of the century:\n<\/p>\n<ul><li>\"[act as] building blocks for creating open distributed systems\"<sup id=\"rdp-ebb-cite_ref-GlassTheWeb00_10-2\" class=\"reference\"><a href=\"#cite_note-GlassTheWeb00-10\">[10]<\/a><\/sup><\/li>\n<li>\"quickly and cheaply make ... digital assets available worldwide\"<sup id=\"rdp-ebb-cite_ref-GlassTheWeb00_10-3\" class=\"reference\"><a href=\"#cite_note-GlassTheWeb00-10\">[10]<\/a><\/sup><\/li>\n<li>\"catalyze a shift from client-server to peer-to-peer architectures\"<sup id=\"rdp-ebb-cite_ref-GlassTheWeb00_10-4\" class=\"reference\"><a href=\"#cite_note-GlassTheWeb00-10\">[10]<\/a><\/sup><\/li>\n<li>\"reduce the cost of doing e-business, to deploy solutions faster, and to open up new opportunities\"<sup id=\"rdp-ebb-cite_ref-KregerWeb01_11-1\" class=\"reference\"><a href=\"#cite_note-KregerWeb01-11\">[11]<\/a><\/sup><\/li>\n<li>\"[allow] applications to be integrated more rapidly, easily, and less expensively than ever before\"<sup id=\"rdp-ebb-cite_ref-KregerWeb01_11-2\" class=\"reference\"><a href=\"#cite_note-KregerWeb01-11\">[11]<\/a><\/sup><\/li><\/ul>\n<p>We'll come back to that. For the next stop, however, we have to consider the case of Amazon and how they viewed web services at that time. Leading up to the twenty-first century, Amazon was beginning to expand beyond its book selling roots, opening up its marketplace to other third parties (affiliates) to sell their own goods on Amazon's platform. That effort required an expansion of IT infrastructure to support web-scale third-party selling, but as it turned out, a lot of that IT infrastructure, while reliable and cost-effective, had been previously added piecemeal, with many components getting \"tangled\" along the way. Amazon project leads and external partners were clamoring for better infrastructure services. This required untangling the IT and associated provider data into an internally scalable, centralized infrastructure that allowed for smoother communication and <a href=\"https:\/\/www.limswiki.org\/index.php\/Information_management\" title=\"Information management\" class=\"wiki-link\" data-key=\"f8672d270c0750a858ed940158ca0a73\">data management<\/a> using well-documented APIs.<sup id=\"rdp-ebb-cite_ref-FurrierExclusive15_12-0\" class=\"reference\"><a href=\"#cite_note-FurrierExclusive15-12\">[12]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-MillerHowAWS16_13-0\" class=\"reference\"><a href=\"#cite_note-MillerHowAWS16-13\">[13]<\/a><\/sup> By 2003, the company was indirectly acting as a services industry to its partners. \"Why not act upon this strength?\" was the sentiment that quickly developed that year, with Amazon choosing to use its internal compute, storage, and database infrastructure and related expertise to its advantage.<sup id=\"rdp-ebb-cite_ref-MillerHowAWS16_13-1\" class=\"reference\"><a href=\"#cite_note-MillerHowAWS16-13\">[13]<\/a><\/sup> \n<\/p><p>At that point, the paradigm of web services expanded to include infrastructure as a service or IaaS, with compute, storage, and database services running over the internet for web developers to utilize.<sup id=\"rdp-ebb-cite_ref-FurrierExclusive15_12-1\" class=\"reference\"><a href=\"#cite_note-FurrierExclusive15-12\">[12]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-MillerHowAWS16_13-2\" class=\"reference\"><a href=\"#cite_note-MillerHowAWS16-13\">[13]<\/a><\/sup> \"If you believe developers will build applications from scratch using web services as primitive building blocks, then the operating system becomes the internet,\u201d noted AWS CEO Andy Jassy in a 2015 retrospective interview.<sup id=\"rdp-ebb-cite_ref-FurrierExclusive15_12-2\" class=\"reference\"><a href=\"#cite_note-FurrierExclusive15-12\">[12]<\/a><\/sup> From that concept evolved the idea of determining what it would take to allow any entity to run their technology applications over their web-service-based IaaS platform. In August 2006, Amazon introduced its Amazon Elastic Compute Cloud (Amazon EC2), \"a web service that provides resizable compute capacity in the cloud.\"<sup id=\"rdp-ebb-cite_ref-AWSAnnounc06_14-0\" class=\"reference\"><a href=\"#cite_note-AWSAnnounc06-14\">[14]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-ButlerAmazon06_15-0\" class=\"reference\"><a href=\"#cite_note-ButlerAmazon06-15\">[15]<\/a><\/sup> This quickly prompted others in academic and scientific fields to continue the conversation of turning IT and its infrastructure into a service.<sup id=\"rdp-ebb-cite_ref-ButlerAmazon06_15-1\" class=\"reference\"><a href=\"#cite_note-ButlerAmazon06-15\">[15]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-KeITeS06_16-0\" class=\"reference\"><a href=\"#cite_note-KeITeS06-16\">[16]<\/a><\/sup> In turn, conversations changed, discussing the opportunities inherent to \"cloud computing,\" including Google and IBM partnering to virtualize computers on new data centers for boosting academic research and teaching new computer science students<sup id=\"rdp-ebb-cite_ref-LohrGoogle07_17-0\" class=\"reference\"><a href=\"#cite_note-LohrGoogle07-17\">[17]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-HandHead07_18-0\" class=\"reference\"><a href=\"#cite_note-HandHead07-18\">[18]<\/a><\/sup>, IBM releasing a white paper on cloud computing<sup id=\"rdp-ebb-cite_ref-BossCloud07_19-0\" class=\"reference\"><a href=\"#cite_note-BossCloud07-19\">[19]<\/a><\/sup> and announcing its Blue Cloud initiative<sup id=\"rdp-ebb-cite_ref-LohrIBM07_20-0\" class=\"reference\"><a href=\"#cite_note-LohrIBM07-20\">[20]<\/a><\/sup>, and Google doubling down on its cloud-based software offerings in competition with Microsoft.<sup id=\"rdp-ebb-cite_ref-LohrGoogleGets07_21-0\" class=\"reference\"><a href=\"#cite_note-LohrGoogleGets07-21\">[21]<\/a><\/sup> \n<\/p><p>In IBM's 2007 white paper, they described cloud computing as a \"pool of virtualized computer resources\" that can<sup id=\"rdp-ebb-cite_ref-BossCloud07_19-1\" class=\"reference\"><a href=\"#cite_note-BossCloud07-19\">[19]<\/a><\/sup>:\n<\/p>\n<ul><li>\"host a variety of different workloads, including batch-style back-end jobs and interactive, user-facing applications\";<\/li>\n<li>\"allow workloads to be deployed and scaled-out quickly through the rapid provisioning of virtual machines or physical machines\";<\/li>\n<li>\"support redundant, self-recovering, highly scalable programming models that allow workloads to recover from many unavoidable hardware\/software failures\";<\/li>\n<li>\"monitor resource use in real time to enable rebalancing of allocations when needed\"; and<\/li>\n<li>\"be a cost efficient model for delivering information services, reducing IT management complexity, promoting innovation, and increasing responsiveness through real-time workload balancing.\"<\/li><\/ul>\n<p>In 2011, the National Institute of Standards and Technology (NIST) came up with a more standards-based definition to cloud computing. They described it as \"a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.\"<sup id=\"rdp-ebb-cite_ref-MellTheNIST11_22-0\" class=\"reference\"><a href=\"#cite_note-MellTheNIST11-22\">[22]<\/a><\/sup> They went on to highlight the five essential characteristics further<sup id=\"rdp-ebb-cite_ref-MellTheNIST11_22-1\" class=\"reference\"><a href=\"#cite_note-MellTheNIST11-22\">[22]<\/a><\/sup>:\n<\/p>\n<ul><li>On-demand self-service: The unilateral provision of computing resources should be an automatic or nearly automatic process.<\/li>\n<li>Broad network access: Thin- or thick-client platforms, both hardwired and mobile, should allow for standardized, networkable access to those computing resources.<\/li>\n<li>Resource pooling: A multi-tenant model requires the provisioning of resources to serve a wide customer base, with a layer of abstraction that gives the user a sense of location independence from those resources.<\/li>\n<li>Rapid elasticity: The platform's resources should be readily and\/or automatically scalable commensurate with demand, such that the user sees no negative impact in their activities.<\/li>\n<li>Measured service: The resources should be automatically controlled and optimized by a measured service or metering system, transparently providing accurate and timely information about resource usage.<\/li><\/ul>\n<p>When we compare these 2007 and 2011 definitions of cloud computing with the comments on web services by Glass and Kreger at the turn of the century (as well as our own derived definition prior), we can't help but see how the early vision for cloud computing has taken shape today. First, web services can indeed be paired with other technologies to form a distributed system, in this case a centralized and scalable computing infrastructure that can be used by practically anyone to run software, develop applications, and \"host a variety of different workloads.\"<sup id=\"rdp-ebb-cite_ref-BossCloud07_19-2\" class=\"reference\"><a href=\"#cite_note-BossCloud07-19\">[19]<\/a><\/sup> Second, those workloads can be quickly deployed worldwide, wherever there is internet access, and typically at a fair price, when compared to the costs of on-premises data management.<sup id=\"rdp-ebb-cite_ref-ViolinoWhere20_23-0\" class=\"reference\"><a href=\"#cite_note-ViolinoWhere20-23\">[23]<\/a><\/sup> Third, new opportunities are indeed developing for organizations seeking to tap into the on-demand, rapid, scalable, and cost-efficient nature of cloud computing.<sup id=\"rdp-ebb-cite_ref-OjalaDiscover16_24-0\" class=\"reference\"><a href=\"#cite_note-OjalaDiscover16-24\">[24]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-PetteyCloud20_25-0\" class=\"reference\"><a href=\"#cite_note-PetteyCloud20-25\">[25]<\/a><\/sup> And finally, benefits are being seen in the integration of applications via the cloud, particularly as more options for multicloud and hybrid cloud integration develop.<sup id=\"rdp-ebb-cite_ref-PetteyFiveApp19_26-0\" class=\"reference\"><a href=\"#cite_note-PetteyFiveApp19-26\">[26]<\/a><\/sup> The early vision that perhaps hasn't been realized is found in Glass' \"shift from client-server to peer-to-peer architectures,\" though discussions about the promise of peer-to-peer cloud computing have occurred since.<sup id=\"rdp-ebb-cite_ref-BabaogluEscape14_27-0\" class=\"reference\"><a href=\"#cite_note-BabaogluEscape14-27\">[27]<\/a><\/sup>\n<\/p><p>Though clearly linked to web services and the early vision of cloud computing in the 2000s, the cloud computing of the 2020s is a remarkably more advanced and continually evolving technology. However, it's still not without its challenges today. The data security, privacy, and governance of computing in general, and cloud computing in particular, will continue to require more rigorous approaches, as will reducing remaining data silos in organizations with pivots to hybrid cloud, multicloud, and serverless cloud implementations.<sup id=\"rdp-ebb-cite_ref-Goodison10Fut20_28-0\" class=\"reference\"><a href=\"#cite_note-Goodison10Fut20-28\">[28]<\/a><\/sup><sup id=\"rdp-ebb-cite_ref-DTCCCloud20_29-0\" class=\"reference\"><a href=\"#cite_note-DTCCCloud20-29\">[29]<\/a><\/sup> But what is \"hybrid cloud\"? \"Serverless cloud?\" The next section goes into further detail.\n<\/p>\n<h2><span class=\"mw-headline\" id=\"References\">References<\/span><\/h2>\n<div class=\"reflist references-column-width\" style=\"-moz-column-width: 30em; -webkit-column-width: 30em; column-width: 30em; list-style-type: decimal;\">\n<div class=\"mw-references-wrap mw-references-columns\"><ol class=\"references\">\n<li id=\"cite_note-PogueInSync08-1\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-PogueInSync08_1-0\">1.0<\/a><\/sup> <sup><a href=\"#cite_ref-PogueInSync08_1-1\">1.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Pogue, D. (17 July 2008). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20180105205750\/https:\/\/www.nytimes.com\/2008\/07\/17\/technology\/personaltech\/17pogue.html\" target=\"_blank\">\"In Sync to Pierce the Cloud\"<\/a>. <i>The New York Times<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nytimes.com\/2008\/07\/17\/technology\/personaltech\/17pogue.html\" target=\"_blank\">the original<\/a> on 05 January 2018<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20180105205750\/https:\/\/www.nytimes.com\/2008\/07\/17\/technology\/personaltech\/17pogue.html\" target=\"_blank\">https:\/\/web.archive.org\/web\/20180105205750\/https:\/\/www.nytimes.com\/2008\/07\/17\/technology\/personaltech\/17pogue.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=In+Sync+to+Pierce+the+Cloud&rft.atitle=The+New+York+Times&rft.aulast=Pogue%2C+D.&rft.au=Pogue%2C+D.&rft.date=17+July+2008&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20180105205750%2Fhttps%3A%2F%2Fwww.nytimes.com%2F2008%2F07%2F17%2Ftechnology%2Fpersonaltech%2F17pogue.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-WangCloud10-2\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-WangCloud10_2-0\">2.0<\/a><\/sup> <sup><a href=\"#cite_ref-WangCloud10_2-1\">2.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Wang, L.; von Laszewski, G.; Younge, A. et al. (2010). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/scholarworks.rit.edu\/cgi\/viewcontent.cgi?article=1748&context=other\" target=\"_blank\">\"Cloud Computing: A Perspective Study\"<\/a>. <i>New Generation Computing<\/i> <b>28<\/b>: 137\u201346. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1007%2Fs00354-008-0081-5\" target=\"_blank\">10.1007\/s00354-008-0081-5<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/scholarworks.rit.edu\/cgi\/viewcontent.cgi?article=1748&context=other\" target=\"_blank\">https:\/\/scholarworks.rit.edu\/cgi\/viewcontent.cgi?article=1748&context=other<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Cloud+Computing%3A+A+Perspective+Study&rft.jtitle=New+Generation+Computing&rft.aulast=Wang%2C+L.%3B+von+Laszewski%2C+G.%3B+Younge%2C+A.+et+al.&rft.au=Wang%2C+L.%3B+von+Laszewski%2C+G.%3B+Younge%2C+A.+et+al.&rft.date=2010&rft.volume=28&rft.pages=137%E2%80%9346&rft_id=info:doi\/10.1007%2Fs00354-008-0081-5&rft_id=https%3A%2F%2Fscholarworks.rit.edu%2Fcgi%2Fviewcontent.cgi%3Farticle%3D1748%26context%3Dother&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ChamberlinCloud08-3\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-ChamberlinCloud08_3-0\">3.0<\/a><\/sup> <sup><a href=\"#cite_ref-ChamberlinCloud08_3-1\">3.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Chamberlin, B. (28 October 2008). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.billchamberlin.com\/cloud-computing-what-is-it\/\" target=\"_blank\">\"Cloud Computing: What is it?\"<\/a>. <i>BillChamberlin.com<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.billchamberlin.com\/cloud-computing-what-is-it\/\" target=\"_blank\">https:\/\/www.billchamberlin.com\/cloud-computing-what-is-it\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Computing%3A+What+is+it%3F&rft.atitle=BillChamberlin.com&rft.aulast=Chamberlin%2C+B.&rft.au=Chamberlin%2C+B.&rft.date=28+October+2008&rft_id=https%3A%2F%2Fwww.billchamberlin.com%2Fcloud-computing-what-is-it%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FrenchCloud21-4\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-FrenchCloud21_4-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">French, J. (2021). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.theiet.org\/publishing\/inspec\/researching-hot-topics\/cloud-computing-and-web-services\/\" target=\"_blank\">\"Cloud computing and web services\"<\/a>. The Institution of Engineering and Technology<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.theiet.org\/publishing\/inspec\/researching-hot-topics\/cloud-computing-and-web-services\/\" target=\"_blank\">https:\/\/www.theiet.org\/publishing\/inspec\/researching-hot-topics\/cloud-computing-and-web-services\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+computing+and+web+services&rft.atitle=&rft.aulast=French%2C+J.&rft.au=French%2C+J.&rft.date=2021&rft.pub=The+Institution+of+Engineering+and+Technology&rft_id=https%3A%2F%2Fwww.theiet.org%2Fpublishing%2Finspec%2Fresearching-hot-topics%2Fcloud-computing-and-web-services%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSCloud21-5\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSCloud21_5-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/what-is\/cloud-native\/\" target=\"_blank\">\"What Is Cloud Native?\"<\/a>. Amazon Web Services<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/what-is\/cloud-native\/\" target=\"_blank\">https:\/\/aws.amazon.com\/what-is\/cloud-native\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=What+Is+Cloud+Native%3F&rft.atitle=&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fwhat-is%2Fcloud-native%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MaurerCloud20-6\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-MaurerCloud20_6-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Maurer, T.; Hinck, G. (31 August 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">\"Cloud Security: A Primer for Policymakers\"<\/a>. Carnegie Endowment for International Peace<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597\" target=\"_blank\">https:\/\/carnegieendowment.org\/2020\/08\/31\/cloud-security-primer-for-policymakers-pub-82597<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Security%3A+A+Primer+for+Policymakers&rft.atitle=&rft.aulast=Maurer%2C+T.%3B+Hinck%2C+G.&rft.au=Maurer%2C+T.%3B+Hinck%2C+G.&rft.date=31+August+2020&rft.pub=Carnegie+Endowment+for+International+Peace&rft_id=https%3A%2F%2Fcarnegieendowment.org%2F2020%2F08%2F31%2Fcloud-security-primer-for-policymakers-pub-82597&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-CostelloFore19-7\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-CostelloFore19_7-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Costello, K.; Rimol, M. (13 November 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2019-11-13-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2020\" target=\"_blank\">\"Gartner Forecasts Worldwide Public Cloud Revenue to Grow 17% in 2020\"<\/a>. Gartner<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2019-11-13-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2020\" target=\"_blank\">https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2019-11-13-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2020<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Gartner+Forecasts+Worldwide+Public+Cloud+Revenue+to+Grow+17%25+in+2020&rft.atitle=&rft.aulast=Costello%2C+K.%3B+Rimol%2C+M.&rft.au=Costello%2C+K.%3B+Rimol%2C+M.&rft.date=13+November+2020&rft.pub=Gartner&rft_id=https%3A%2F%2Fwww.gartner.com%2Fen%2Fnewsroom%2Fpress-releases%2F2019-11-13-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2020&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GartnerFore23-8\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-GartnerFore23_8-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023\" target=\"_blank\">\"Gartner Forecasts Worldwide Public Cloud End-User Spending to Reach Nearly $600 Billion in 2023\"<\/a>. Gartner. 19 April 2023<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023\" target=\"_blank\">https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 14 August 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Gartner+Forecasts+Worldwide+Public+Cloud+End-User+Spending+to+Reach+Nearly+%24600+Billion+in+2023&rft.atitle=&rft.date=19+April+2023&rft.pub=Gartner&rft_id=https%3A%2F%2Fwww.gartner.com%2Fen%2Fnewsroom%2Fpress-releases%2F2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ReinickeThree20-9\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ReinickeThree20_9-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Reinicke, C. (30 March 2020). <a rel=\"nofollow\" class=\"external text\" href=\"#2-the-move-to-cloud-will-accelerate-more-quickly-amid-the-coronavirus-pandemic2\">\"3 reasons one Wall Street firm says to stick with cloud stocks amid the coronavirus-induced market rout\"<\/a>. <i>Market Insider<\/i><span class=\"printonly\">. <a rel=\"nofollow\" class=\"external free\" href=\"#2-the-move-to-cloud-will-accelerate-more-quickly-amid-the-coronavirus-pandemic2\">https:\/\/markets.businessinsider.com\/news\/stocks\/wedbush-reasons-own-cloud-stocks-coronavirus-pandemic-tech-buy-2020-3-1029045273#2-the-move-to-cloud-will-accelerate-more-quickly-amid-the-coronavirus-pandemic2<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=3+reasons+one+Wall+Street+firm+says+to+stick+with+cloud+stocks+amid+the+coronavirus-induced+market+rout&rft.atitle=Market+Insider&rft.aulast=Reinicke%2C+C.&rft.au=Reinicke%2C+C.&rft.date=30+March+2020&rft_id=https%3A%2F%2Fmarkets.businessinsider.com%2Fnews%2Fstocks%2Fwedbush-reasons-own-cloud-stocks-coronavirus-pandemic-tech-buy-2020-3-1029045273%232-the-move-to-cloud-will-accelerate-more-quickly-amid-the-coronavirus-pandemic2&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-GlassTheWeb00-10\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-GlassTheWeb00_10-0\">10.0<\/a><\/sup> <sup><a href=\"#cite_ref-GlassTheWeb00_10-1\">10.1<\/a><\/sup> <sup><a href=\"#cite_ref-GlassTheWeb00_10-2\">10.2<\/a><\/sup> <sup><a href=\"#cite_ref-GlassTheWeb00_10-3\">10.3<\/a><\/sup> <sup><a href=\"#cite_ref-GlassTheWeb00_10-4\">10.4<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Glass, G. (November 2000). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20010424015036\/http:\/\/www-106.ibm.com\/developerworks\/library\/ws-peer1.html\" target=\"_blank\">\"The Web services (r)evolution, Part 1: Applying Web services to applications\"<\/a>. <i>IBM developerWorks<\/i>. IBM. Archived from <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www-106.ibm.com\/developerworks\/library\/ws-peer1.html\" target=\"_blank\">the original<\/a> on 24 April 2001<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20010424015036\/http:\/\/www-106.ibm.com\/developerworks\/library\/ws-peer1.html\" target=\"_blank\">https:\/\/web.archive.org\/web\/20010424015036\/http:\/\/www-106.ibm.com\/developerworks\/library\/ws-peer1.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+Web+services+%28r%29evolution%2C+Part+1%3A+Applying+Web+services+to+applications&rft.atitle=IBM+developerWorks&rft.aulast=Glass%2C+G.&rft.au=Glass%2C+G.&rft.date=November+2000&rft.pub=IBM&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20010424015036%2Fhttp%3A%2F%2Fwww-106.ibm.com%2Fdeveloperworks%2Flibrary%2Fws-peer1.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KregerWeb01-11\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-KregerWeb01_11-0\">11.0<\/a><\/sup> <sup><a href=\"#cite_ref-KregerWeb01_11-1\">11.1<\/a><\/sup> <sup><a href=\"#cite_ref-KregerWeb01_11-2\">11.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Kreger, H. (May 2001). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.researchgate.net\/profile\/Heather-Kreger\/publication\/235720479_Web_Services_Conceptual_Architecture_WSCA_10\/links\/563a67e008ae337ef2984607\/Web-Services-Conceptual-Architecture-WSCA-10.pdf\" target=\"_blank\">\"Web Services Conceptual Architecture (WSCA 1.0)\"<\/a> (PDF). IBM Software Group<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.researchgate.net\/profile\/Heather-Kreger\/publication\/235720479_Web_Services_Conceptual_Architecture_WSCA_10\/links\/563a67e008ae337ef2984607\/Web-Services-Conceptual-Architecture-WSCA-10.pdf\" target=\"_blank\">https:\/\/www.researchgate.net\/profile\/Heather-Kreger\/publication\/235720479_Web_Services_Conceptual_Architecture_WSCA_10\/links\/563a67e008ae337ef2984607\/Web-Services-Conceptual-Architecture-WSCA-10.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Web+Services+Conceptual+Architecture+%28WSCA+1.0%29&rft.atitle=&rft.aulast=Kreger%2C+H.&rft.au=Kreger%2C+H.&rft.date=May+2001&rft.pub=IBM+Software+Group&rft_id=https%3A%2F%2Fwww.researchgate.net%2Fprofile%2FHeather-Kreger%2Fpublication%2F235720479_Web_Services_Conceptual_Architecture_WSCA_10%2Flinks%2F563a67e008ae337ef2984607%2FWeb-Services-Conceptual-Architecture-WSCA-10.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-FurrierExclusive15-12\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-FurrierExclusive15_12-0\">12.0<\/a><\/sup> <sup><a href=\"#cite_ref-FurrierExclusive15_12-1\">12.1<\/a><\/sup> <sup><a href=\"#cite_ref-FurrierExclusive15_12-2\">12.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Furrier, J. (29 January 2015). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/medium.com\/@furrier\/original-content-the-story-of-aws-and-andy-jassys-trillion-dollar-baby-4e8a35fd7ed\" target=\"_blank\">\"Exclusive: The Story of AWS and Andy Jassy\u2019s Trillion Dollar Baby\"<\/a>. <i>Medium.com<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/medium.com\/@furrier\/original-content-the-story-of-aws-and-andy-jassys-trillion-dollar-baby-4e8a35fd7ed\" target=\"_blank\">https:\/\/medium.com\/@furrier\/original-content-the-story-of-aws-and-andy-jassys-trillion-dollar-baby-4e8a35fd7ed<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Exclusive%3A+The+Story+of+AWS+and+Andy+Jassy%E2%80%99s+Trillion+Dollar+Baby&rft.atitle=Medium.com&rft.aulast=Furrier%2C+J.&rft.au=Furrier%2C+J.&rft.date=29+January+2015&rft_id=https%3A%2F%2Fmedium.com%2F%40furrier%2Foriginal-content-the-story-of-aws-and-andy-jassys-trillion-dollar-baby-4e8a35fd7ed&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MillerHowAWS16-13\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-MillerHowAWS16_13-0\">13.0<\/a><\/sup> <sup><a href=\"#cite_ref-MillerHowAWS16_13-1\">13.1<\/a><\/sup> <sup><a href=\"#cite_ref-MillerHowAWS16_13-2\">13.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Miller, R. (2 July 2016). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/techcrunch.com\/2016\/07\/02\/andy-jassys-brief-history-of-the-genesis-of-aws\/\" target=\"_blank\">\"How AWS came to be\"<\/a>. <i>TechCrunch<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/techcrunch.com\/2016\/07\/02\/andy-jassys-brief-history-of-the-genesis-of-aws\/\" target=\"_blank\">https:\/\/techcrunch.com\/2016\/07\/02\/andy-jassys-brief-history-of-the-genesis-of-aws\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=How+AWS+came+to+be&rft.atitle=TechCrunch&rft.aulast=Miller%2C+R.&rft.au=Miller%2C+R.&rft.date=2+July+2016&rft_id=https%3A%2F%2Ftechcrunch.com%2F2016%2F07%2F02%2Fandy-jassys-brief-history-of-the-genesis-of-aws%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-AWSAnnounc06-14\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-AWSAnnounc06_14-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\"><a rel=\"external_link\" class=\"external text\" href=\"https:\/\/aws.amazon.com\/about-aws\/whats-new\/2006\/08\/24\/announcing-amazon-elastic-compute-cloud-amazon-ec2---beta\/\" target=\"_blank\">\"Announcing Amazon Elastic Compute Cloud (Amazon EC2) - beta\"<\/a>. Amazon Web Services. 24 August 2006<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/aws.amazon.com\/about-aws\/whats-new\/2006\/08\/24\/announcing-amazon-elastic-compute-cloud-amazon-ec2---beta\/\" target=\"_blank\">https:\/\/aws.amazon.com\/about-aws\/whats-new\/2006\/08\/24\/announcing-amazon-elastic-compute-cloud-amazon-ec2---beta\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Announcing+Amazon+Elastic+Compute+Cloud+%28Amazon+EC2%29+-+beta&rft.atitle=&rft.date=24+August+2006&rft.pub=Amazon+Web+Services&rft_id=https%3A%2F%2Faws.amazon.com%2Fabout-aws%2Fwhats-new%2F2006%2F08%2F24%2Fannouncing-amazon-elastic-compute-cloud-amazon-ec2---beta%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ButlerAmazon06-15\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-ButlerAmazon06_15-0\">15.0<\/a><\/sup> <sup><a href=\"#cite_ref-ButlerAmazon06_15-1\">15.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Butler, D. (2006). \"Amazon puts network power online\". <i>Nature<\/i> <b>444<\/b> (528). <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1038%2F444528a\" target=\"_blank\">10.1038\/444528a<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Amazon+puts+network+power+online&rft.jtitle=Nature&rft.aulast=Butler%2C+D.&rft.au=Butler%2C+D.&rft.date=2006&rft.volume=444&rft.issue=528&rft_id=info:doi\/10.1038%2F444528a&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-KeITeS06-16\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-KeITeS06_16-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Ke, J.-s. (2006). \"ITeS - Transcending the Traditional Service Model\". <i>Proceedings of the 2006 IEEE International Conference on e-Business Engineering<\/i>: 2. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1109%2FICEBE.2006.66\" target=\"_blank\">10.1109\/ICEBE.2006.66<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=ITeS+-+Transcending+the+Traditional+Service+Model&rft.jtitle=Proceedings+of+the+2006+IEEE+International+Conference+on+e-Business+Engineering&rft.aulast=Ke%2C+J.-s.&rft.au=Ke%2C+J.-s.&rft.date=2006&rft.pages=2&rft_id=info:doi\/10.1109%2FICEBE.2006.66&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LohrGoogle07-17\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LohrGoogle07_17-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lohr, S. (8 October 2007). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.csun.edu\/pubrels\/clips\/Oct07\/10-08-07E.pdf\" target=\"_blank\">\"Google and I.B.M. Join in 'Cloud Computing' Research\"<\/a> (PDF). <i>The New York Times<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.nytimes.com\/2007\/10\/08\/technology\/08cloud.html?_r=1&or\" target=\"_blank\">the original<\/a> on 08 October 2007<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.csun.edu\/pubrels\/clips\/Oct07\/10-08-07E.pdf\" target=\"_blank\">http:\/\/www.csun.edu\/pubrels\/clips\/Oct07\/10-08-07E.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+and+I.B.M.+Join+in+%27Cloud+Computing%27+Research&rft.atitle=The+New+York+Times&rft.aulast=Lohr%2C+S.&rft.au=Lohr%2C+S.&rft.date=8+October+2007&rft_id=http%3A%2F%2Fwww.csun.edu%2Fpubrels%2Fclips%2FOct07%2F10-08-07E.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-HandHead07-18\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-HandHead07_18-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Hand, E. (2007). \"Head in the clouds\". <i>Nature<\/i> <b>449<\/b> (963). <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1038%2F449963a\" target=\"_blank\">10.1038\/449963a<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Head+in+the+clouds&rft.jtitle=Nature&rft.aulast=Hand%2C+E.&rft.au=Hand%2C+E.&rft.date=2007&rft.volume=449&rft.issue=963&rft_id=info:doi\/10.1038%2F449963a&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BossCloud07-19\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-BossCloud07_19-0\">19.0<\/a><\/sup> <sup><a href=\"#cite_ref-BossCloud07_19-1\">19.1<\/a><\/sup> <sup><a href=\"#cite_ref-BossCloud07_19-2\">19.2<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Boss, G.; Malladi, P.; Quan, D. et al. (8 October 2007). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/web.archive.org\/web\/20090206015244\/http:\/\/download.boulder.ibm.com\/ibmdl\/pub\/software\/dw\/wes\/hipods\/Cloud_computing_wp_final_8Oct.pdf\" target=\"_blank\">\"Cloud Computing\"<\/a> (PDF). IBM Corporation. Archived from <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/download.boulder.ibm.com\/ibmdl\/pub\/software\/dw\/wes\/hipods\/Cloud_computing_wp_final_8Oct.pdf\" target=\"_blank\">the original<\/a> on 06 February 2009<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/web.archive.org\/web\/20090206015244\/http:\/\/download.boulder.ibm.com\/ibmdl\/pub\/software\/dw\/wes\/hipods\/Cloud_computing_wp_final_8Oct.pdf\" target=\"_blank\">https:\/\/web.archive.org\/web\/20090206015244\/http:\/\/download.boulder.ibm.com\/ibmdl\/pub\/software\/dw\/wes\/hipods\/Cloud_computing_wp_final_8Oct.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Computing&rft.atitle=&rft.aulast=Boss%2C+G.%3B+Malladi%2C+P.%3B+Quan%2C+D.+et+al.&rft.au=Boss%2C+G.%3B+Malladi%2C+P.%3B+Quan%2C+D.+et+al.&rft.date=8+October+2007&rft.pub=IBM+Corporation&rft_id=https%3A%2F%2Fweb.archive.org%2Fweb%2F20090206015244%2Fhttp%3A%2F%2Fdownload.boulder.ibm.com%2Fibmdl%2Fpub%2Fsoftware%2Fdw%2Fwes%2Fhipods%2FCloud_computing_wp_final_8Oct.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LohrIBM07-20\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LohrIBM07_20-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lohr, S. (15 November 2007). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nytimes.com\/2007\/11\/15\/technology\/15blue.html\" target=\"_blank\">\"I.B.M. to Push 'Cloud Computing,' Using Data From Afar\"<\/a>. <i>The New York Times<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.nytimes.com\/2007\/11\/15\/technology\/15blue.html\" target=\"_blank\">https:\/\/www.nytimes.com\/2007\/11\/15\/technology\/15blue.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=I.B.M.+to+Push+%27Cloud+Computing%2C%27+Using+Data+From+Afar&rft.atitle=The+New+York+Times&rft.aulast=Lohr%2C+S.&rft.au=Lohr%2C+S.&rft.date=15+November+2007&rft_id=https%3A%2F%2Fwww.nytimes.com%2F2007%2F11%2F15%2Ftechnology%2F15blue.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-LohrGoogleGets07-21\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-LohrGoogleGets07_21-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Lohr, S.; Helft, M. (16 December 2007). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/signallake.com\/innovation\/GoogleMicrosoft121607.pdf\" target=\"_blank\">\"Google Gets Ready to Rumble With Microsoft\"<\/a> (PDF). <i>The New York Times<\/i>. Archived from <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.nytimes.com\/2007\/12\/16\/technology\/16goog.html\" target=\"_blank\">the original<\/a> on 16 December 2007<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/signallake.com\/innovation\/GoogleMicrosoft121607.pdf\" target=\"_blank\">https:\/\/signallake.com\/innovation\/GoogleMicrosoft121607.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Google+Gets+Ready+to+Rumble+With+Microsoft&rft.atitle=The+New+York+Times&rft.aulast=Lohr%2C+S.%3B+Helft%2C+M.&rft.au=Lohr%2C+S.%3B+Helft%2C+M.&rft.date=16+December+2007&rft_id=https%3A%2F%2Fsignallake.com%2Finnovation%2FGoogleMicrosoft121607.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-MellTheNIST11-22\"><span class=\"mw-cite-backlink\">\u2191 <sup><a href=\"#cite_ref-MellTheNIST11_22-0\">22.0<\/a><\/sup> <sup><a href=\"#cite_ref-MellTheNIST11_22-1\">22.1<\/a><\/sup><\/span> <span class=\"reference-text\"><span class=\"citation web\">Mell, P.; Grance, T. (September 2011). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-145.pdf\" target=\"_blank\">\"The NIST Definition of Cloud Computing\"<\/a> (PDF). NIST<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-145.pdf\" target=\"_blank\">https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-145.pdf<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=The+NIST+Definition+of+Cloud+Computing&rft.atitle=&rft.aulast=Mell%2C+P.%3B+Grance%2C+T.&rft.au=Mell%2C+P.%3B+Grance%2C+T.&rft.date=September+2011&rft.pub=NIST&rft_id=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FLegacy%2FSP%2Fnistspecialpublication800-145.pdf&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-ViolinoWhere20-23\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-ViolinoWhere20_23-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Violino, B. (16 March 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.infoworld.com\/article\/3532288\/where-to-look-for-cost-savings-in-the-cloud.html\" target=\"_blank\">\"Where to look for cost savings in the cloud\"<\/a>. <i>InfoWorld<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.infoworld.com\/article\/3532288\/where-to-look-for-cost-savings-in-the-cloud.html\" target=\"_blank\">https:\/\/www.infoworld.com\/article\/3532288\/where-to-look-for-cost-savings-in-the-cloud.html<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Where+to+look+for+cost+savings+in+the+cloud&rft.atitle=InfoWorld&rft.aulast=Violino%2C+B.&rft.au=Violino%2C+B.&rft.date=16+March+2020&rft_id=https%3A%2F%2Fwww.infoworld.com%2Farticle%2F3532288%2Fwhere-to-look-for-cost-savings-in-the-cloud.html&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-OjalaDiscover16-24\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-OjalaDiscover16_24-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Ojala, A. (2016). \"Discovering and creating business opportunities for cloud services\". <i>Journal of Systems and Software<\/i> <b>113<\/b>: 408\u201317. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1016%2Fj.jss.2015.11.004\" target=\"_blank\">10.1016\/j.jss.2015.11.004<\/a>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Discovering+and+creating+business+opportunities+for+cloud+services&rft.jtitle=Journal+of+Systems+and+Software&rft.aulast=Ojala%2C+A.&rft.au=Ojala%2C+A.&rft.date=2016&rft.volume=113&rft.pages=408%E2%80%9317&rft_id=info:doi\/10.1016%2Fj.jss.2015.11.004&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PetteyCloud20-25\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PetteyCloud20_25-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Pettey, C. (26 October 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gartner.com\/smarterwithgartner\/cloud-shift-impacts-all-it-markets\/\" target=\"_blank\">\"Cloud Shift Impacts All IT Markets\"<\/a>. <i>Smarter with Gartner<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.gartner.com\/smarterwithgartner\/cloud-shift-impacts-all-it-markets\/\" target=\"_blank\">https:\/\/www.gartner.com\/smarterwithgartner\/cloud-shift-impacts-all-it-markets\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Shift+Impacts+All+IT+Markets&rft.atitle=Smarter+with+Gartner&rft.aulast=Pettey%2C+C.&rft.au=Pettey%2C+C.&rft.date=26+October+2020&rft_id=https%3A%2F%2Fwww.gartner.com%2Fsmarterwithgartner%2Fcloud-shift-impacts-all-it-markets%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-PetteyFiveApp19-26\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-PetteyFiveApp19_26-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Pettey, C. (14 May 2019). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.gartner.com\/smarterwithgartner\/5-approaches-cloud-applications-integration\/\" target=\"_blank\">\"5 Approaches to Cloud Applications Integration\"<\/a>. <i>Smarter with Gartner<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.gartner.com\/smarterwithgartner\/5-approaches-cloud-applications-integration\/\" target=\"_blank\">https:\/\/www.gartner.com\/smarterwithgartner\/5-approaches-cloud-applications-integration\/<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=5+Approaches+to+Cloud+Applications+Integration&rft.atitle=Smarter+with+Gartner&rft.aulast=Pettey%2C+C.&rft.au=Pettey%2C+C.&rft.date=14+May+2019&rft_id=https%3A%2F%2Fwww.gartner.com%2Fsmarterwithgartner%2F5-approaches-cloud-applications-integration%2F&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-BabaogluEscape14-27\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-BabaogluEscape14_27-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation Journal\">Babaoglu, O.; Marzolla, M. (2014). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/spectrum.ieee.org\/escape-from-the-data-center-the-promise-of-peertopeer-cloud-computing\" target=\"_blank\">\"The People's Cloud\"<\/a>. <i>IEEE Spectrum<\/i> <b>51<\/b> (10): 50\u201355. <a rel=\"nofollow\" class=\"external text wiki-link\" href=\"http:\/\/en.wikipedia.org\/wiki\/Digital_object_identifier\" data-key=\"ae6d69c760ab710abc2dd89f3937d2f4\">doi<\/a>:<a rel=\"external_link\" class=\"external text\" href=\"http:\/\/dx.doi.org\/10.1109%2FMSPEC.2014.6905491\" target=\"_blank\">10.1109\/MSPEC.2014.6905491<\/a><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/spectrum.ieee.org\/escape-from-the-data-center-the-promise-of-peertopeer-cloud-computing\" target=\"_blank\">https:\/\/spectrum.ieee.org\/escape-from-the-data-center-the-promise-of-peertopeer-cloud-computing<\/a><\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=The+People%27s+Cloud&rft.jtitle=IEEE+Spectrum&rft.aulast=Babaoglu%2C+O.%3B+Marzolla%2C+M.&rft.au=Babaoglu%2C+O.%3B+Marzolla%2C+M.&rft.date=2014&rft.volume=51&rft.issue=10&rft.pages=50%E2%80%9355&rft_id=info:doi\/10.1109%2FMSPEC.2014.6905491&rft_id=https%3A%2F%2Fspectrum.ieee.org%2Fescape-from-the-data-center-the-promise-of-peertopeer-cloud-computing&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-Goodison10Fut20-28\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-Goodison10Fut20_28-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">Goodison, D. (20 November 2020). <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/www.crn.com\/news\/cloud\/10-future-cloud-computing-trends-to-watch-in-2021\" target=\"_blank\">\"10 Future Cloud Computing Trends To Watch In 2021\"<\/a>. <i>CRN<\/i><span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"https:\/\/www.crn.com\/news\/cloud\/10-future-cloud-computing-trends-to-watch-in-2021\" target=\"_blank\">https:\/\/www.crn.com\/news\/cloud\/10-future-cloud-computing-trends-to-watch-in-2021<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=10+Future+Cloud+Computing+Trends+To+Watch+In+2021&rft.atitle=CRN&rft.aulast=Goodison%2C+D.&rft.au=Goodison%2C+D.&rft.date=20+November+2020&rft_id=https%3A%2F%2Fwww.crn.com%2Fnews%2Fcloud%2F10-future-cloud-computing-trends-to-watch-in-2021&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<li id=\"cite_note-DTCCCloud20-29\"><span class=\"mw-cite-backlink\"><a href=\"#cite_ref-DTCCCloud20_29-0\">\u2191<\/a><\/span> <span class=\"reference-text\"><span class=\"citation web\">DTCC (November 2020). <a rel=\"external_link\" class=\"external text\" href=\"http:\/\/www.dtcc.com\/-\/media\/Files\/Downloads\/WhitePapers\/DTCC-Cloud-Journey-WP\" target=\"_blank\">\"Cloud Technology: Powerful and Evolving\"<\/a> (PDF)<span class=\"printonly\">. <a rel=\"external_link\" class=\"external free\" href=\"http:\/\/www.dtcc.com\/-\/media\/Files\/Downloads\/WhitePapers\/DTCC-Cloud-Journey-WP\" target=\"_blank\">http:\/\/www.dtcc.com\/-\/media\/Files\/Downloads\/WhitePapers\/DTCC-Cloud-Journey-WP<\/a><\/span><span class=\"reference-accessdate\">. Retrieved 28 July 2023<\/span>.<\/span><span class=\"Z3988\" title=\"ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.btitle=Cloud+Technology%3A+Powerful+and+Evolving&rft.atitle=&rft.aulast=DTCC&rft.au=DTCC&rft.date=November+2020&rft_id=http%3A%2F%2Fwww.dtcc.com%2F-%2Fmedia%2FFiles%2FDownloads%2FWhitePapers%2FDTCC-Cloud-Journey-WP&rfr_id=info:sid\/en.wikipedia.org:Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\"><span style=\"display: none;\"> <\/span><\/span>\n<\/span>\n<\/li>\n<\/ol><\/div><\/div>\n<!-- \nNewPP limit report\nCached time: 20230816205720\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.316 seconds\nReal time usage: 0.340 seconds\nPreprocessor visited node count: 20787\/1000000\nPost\u2010expand include size: 161563\/2097152 bytes\nTemplate argument size: 59271\/2097152 bytes\nHighest expansion depth: 18\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 51276\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 306.321 1 -total\n 91.25% 279.517 1 Template:Reflist\n 74.94% 229.570 29 Template:Citation\/core\n 63.74% 195.262 23 Template:Cite_web\n 18.23% 55.855 6 Template:Cite_journal\n 14.96% 45.813 22 Template:Date\n 8.72% 26.701 1 Template:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing?\/History_and_evolution\n 5.24% 16.042 6 Template:Citation\/identifier\n 4.95% 15.151 47 Template:Citation\/make_link\n 1.59% 4.856 12 Template:Hide_in_print\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:13037-0!canonical and timestamp 20230816205719 and revision id 46385. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","596bb2186b9a2b2aab001f641218edfe_images":["https:\/\/s3.limswiki.org\/www.limswiki.org\/images\/4\/4d\/1000px-Cloud_computing.svg.png"],"596bb2186b9a2b2aab001f641218edfe_timestamp":1692220358,"a5122d160da552b7fab8ca62d4bc6155_type":"article","a5122d160da552b7fab8ca62d4bc6155_title":"Introduction","a5122d160da552b7fab8ca62d4bc6155_url":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction","a5122d160da552b7fab8ca62d4bc6155_plaintext":"\n\nBook:Choosing and Implementing a Cloud-based Service for Your Laboratory\/IntroductionFrom LIMSWikiJump to navigationJump to search\nTitle: Choosing and Implementing a Cloud-based Service for Your Laboratory\nEdition: Second edition\nAuthor for citation: Shawn E. Douglas\nLicense for content: Creative Commons Attribution-ShareAlike 4.0 International\nPublication date: August 2023\n\r\n\nThis guide examines the state of cloud computing and the security mechanisms inherent to it, especially in regards to how it relates to today's laboratories. While cloud computing and cloud-based applications can enhance the activities of many types of labs, a methodical and meticulous approach to cybersecurity is required to not only get the most out of a cloud solution but also mitigate future data catastrophes. This means understanding risk management, regulatory considerations, deployment approaches, and the potential value of managed security services in the cloud. Additionally, the essential links between laboratory quality assurance, the shared responsibility model, and cybersecurity in the lab are emphasized. Of course, it's also vital to understand what to look for in cloud providers, as well as how to approach finding them. In that regard, this guide adds value by more closely examining major public\/hybrid cloud and managed security service providers (Appendix 1 and 2), as well as providing example request for information (RFI) templates for both provider types (Appendix 3). While this guide can prove useful to even non-laboratory organizations looking to dip into cloud services, it focuses heavily on laboratories implementing and updating information systems in the cloud.\nThe second edition of this guide updates grammar and phrasing, tweaks a variety of historical statistics, tweaks information about container security, updates a few trends in hybrid and multicloud, updates information about cybersecurity insurance for cloud, updates information about the DoD JEDI project and the replacement JWCC project, and adds a subsection to Chapter 1 about edges and edge computing.\nThe table of contents for Choosing and Implementing a Cloud-based Service for Your Laboratory is as follows: \n\r\n\n1. What is cloud computing?\n\n1.1 History and evolution\n1.2 Cloud computing services and deployment models\n1.2.1 Platform-as-a-service vs. serverless computing\n1.2.2 Hybrid cloud vs. multicloud vs. distributed cloud\n1.2.3 Edge computing?<\/dd>\n1.3 The relationship between cloud computing and the open source paradigm\n2. Standards and security in the cloud\n\n2.1 Standards and regulations influencing cloud computing\n2.2 Security in the cloud\n2.2.1 The shared responsibility model\n2.2.2 Public cloud\n2.2.3 Hybrid cloud and multicloud\n2.2.4 Container security and other concerns\n2.2.5 Software as a service<\/dd>\n3. Organizational cloud computing risk management\n\n3.1 Five risk categories to consider\n3.2 Risk management and cybersecurity frameworks\n3.3 A brief note on cloud-inclusive cybersecurity insurance\n4. Cloud computing in the laboratory\n\n4.1 Benefits\n4.2 Regulatory considerations\n4.3 Deployment approaches\n4.3.1 Hybrid cloud, multicloud, and the vendor lock-in conundrum<\/dd>\n5. Managed security services and quality assurance\n\n5.1 The provision of managed security services\n5.1.1 Managed security services in the cloud<\/dd>\n5.2 Managed security services and the laboratory\n5.2.1 The quality assurance officer\n5.2.2 The shared responsibility model in the scope of security management and quality assurance<\/dd>\n5.3 Choosing a provider for managed security services\n5.3.1 Using a request for information (RFI) process<\/dd>\n6. Considerations when choosing and implementing a cloud solution\n\n6.1 What are the various characteristics of an average cloud provider?\n6.2 What should your lab look for in a cloud provider?\n6.2.1 Service-level agreements<\/dd>\n6.3 What questions should you ask yourself?\n6.4 What questions should be asked of a cloud provider?\n6.4.1 Using a request for information (RFI) process<\/dd>\n7. Final thoughts and additional resources\n\n7.1 Final thoughts\n7.2 Key reading and reference material\n7.3 Associations, organizations, and interest groups\n7.4 Consultancy and support services\nAppendix 1. Top public and hybrid\/mutlicloud services\n\nAlibaba Cloud\nAmazon Web Services\nCisco Cloudcenter and UCS Director\nDell Technologies Cloud\nDigitalOcean\nGoogle Cloud\nHPE GreenLake\nIBM Cloud\nLinode\nMicrosoft Azure\nOracle Cloud Infrastructure\nOVHcloud\nTencent Cloud\nVMware Cloud\nAppendix 2. Top managed security services\n\nAccenture Security Managed Security\nAT&T C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443\nAtos Managed Security Services\nBT Cyber Security Platform\nCisco Active Threat Analytics\nCyderes Managed Services\nForesite Managed Cybersecurity\nIBM Managed Security Services\nNTT Managed Security Services\nOrange Cyberdefense\nSecureworks Managed Security Services\nTrustwave Managed Security Services\nVerizon Managed Security Services\nWipro Managed Security Services\nAppendix 3. RFI questions for cloud providers and MSSPs\n\nRFI questions for cloud providers\nRFI questions for MSSPs\n\n\n\n\nSource: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction<\/a>\nNavigation menuPage actionsBookDiscussionView sourceHistoryPage actionsBookDiscussionMoreToolsIn other languagesPersonal toolsLog inNavigationMain pageEncyclopedic articlesRecent changesRandom pageHelp about MediaWikiSearch\u00a0 ToolsWhat links hereRelated changesSpecial pagesPermanent linkPage informationPopular publications\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\n\n\t\r\nPrint\/exportCreate a bookDownload as PDFDownload as PDFDownload as Plain textPrintable version This page was last edited on 16 August 2023, at 20:57.Content is available under a Creative Commons Attribution-ShareAlike 4.0 International License unless otherwise noted.This page has been accessed 326 times.Privacy policyAbout LIMSWikiDisclaimers\n\n\n\n","a5122d160da552b7fab8ca62d4bc6155_html":"<body class=\"mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-208 ns-subject page-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Introduction rootpage-Book_Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory_Introduction skin-monobook action-view skin--responsive\"><div id=\"rdp-ebb-globalWrapper\"><div id=\"rdp-ebb-column-content\"><div id=\"rdp-ebb-content\" class=\"mw-body\" role=\"main\"><a id=\"rdp-ebb-top\"><\/a>\n<h1 id=\"rdp-ebb-firstHeading\" class=\"firstHeading\" lang=\"en\">Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Introduction<\/h1><div id=\"rdp-ebb-bodyContent\" class=\"mw-body-content\"><!-- start content --><div id=\"rdp-ebb-mw-content-text\" lang=\"en\" dir=\"ltr\" class=\"mw-content-ltr\"><div class=\"mw-parser-output\"><div class=\"floatright\"><a href=\"https:\/\/www.limswiki.org\/index.php\/File:Cloud-computing-1.gif\" class=\"image wiki-link\" data-key=\"2336e083ed48b160f81ab5442b97bf30\"><img alt=\"Cloud-computing-1.gif\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/2\/2d\/Cloud-computing-1.gif\" decoding=\"async\" width=\"300\" height=\"210\" \/><\/a><\/div>\n<p><b>Title<\/b>: <i>Choosing and Implementing a Cloud-based Service for Your Laboratory<\/i>\n<\/p><p><b>Edition<\/b>: Second edition\n<\/p><p><b>Author for citation<\/b>: Shawn E. Douglas\n<\/p><p><b>License for content<\/b>: <a rel=\"external_link\" class=\"external text\" href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/\" target=\"_blank\">Creative Commons Attribution-ShareAlike 4.0 International<\/a>\n<\/p><p><b>Publication date<\/b>: August 2023\n<\/p><p><br \/>\nThis guide examines the state of <a href=\"https:\/\/www.limswiki.org\/index.php\/Cloud_computing\" title=\"Cloud computing\" class=\"wiki-link\" data-key=\"fcfe5882eaa018d920cedb88398b604f\">cloud computing<\/a> and the security mechanisms inherent to it, especially in regards to how it relates to today's <a href=\"https:\/\/www.limswiki.org\/index.php\/Laboratory\" title=\"Laboratory\" class=\"wiki-link\" data-key=\"c57fc5aac9e4abf31dccae81df664c33\">laboratories<\/a>. While cloud computing and cloud-based applications can enhance the activities of many types of labs, a methodical and meticulous approach to <a href=\"https:\/\/www.limswiki.org\/index.php\/Cybersecurity\" class=\"mw-redirect wiki-link\" title=\"Cybersecurity\" data-key=\"ba653dc2a1384e5f9f6ac9dc1a740109\">cybersecurity<\/a> is required to not only get the most out of a cloud solution but also mitigate future data catastrophes. This means understanding <a href=\"https:\/\/www.limswiki.org\/index.php\/Risk_management\" title=\"Risk management\" class=\"wiki-link\" data-key=\"ecfbfb2550c23f053bd1aa0d9ea63e4e\">risk management<\/a>, regulatory considerations, deployment approaches, and the potential value of managed security services in the cloud. Additionally, the essential links between laboratory <a href=\"https:\/\/www.limswiki.org\/index.php\/Quality_assurance\" title=\"Quality assurance\" class=\"wiki-link\" data-key=\"2ede4490f0ea707b14456f44439c0984\">quality assurance<\/a>, the shared responsibility model, and cybersecurity in the lab are emphasized. Of course, it's also vital to understand what to look for in cloud providers, as well as how to approach finding them. In that regard, this guide adds value by more closely examining major public\/hybrid cloud and managed security service providers (Appendix 1 and 2), as well as providing example request for information (RFI) templates for both provider types (Appendix 3). While this guide can prove useful to even non-laboratory organizations looking to dip into cloud services, it focuses heavily on laboratories implementing and updating information systems in the cloud.\n<\/p><p>The second edition of this guide updates grammar and phrasing, tweaks a variety of historical statistics, tweaks information about container security, updates a few trends in hybrid and multicloud, updates information about cybersecurity insurance for cloud, updates information about the DoD JEDI project and the replacement JWCC project, and adds a subsection to Chapter 1 about edges and edge computing.\n<\/p><p>The table of contents for <i>Choosing and Implementing a Cloud-based Service for Your Laboratory<\/i> is as follows: \n<\/p><p><br \/>\n<a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/What is cloud computing?\/History and evolution\" class=\"wiki-link\" data-key=\"596bb2186b9a2b2aab001f641218edfe\">1. What is cloud computing?<\/a>\n<\/p>\n<dl><dd>1.1 History and evolution<\/dd>\n<dd>1.2 Cloud computing services and deployment models\n<dl><dd>1.2.1 Platform-as-a-service vs. serverless computing<\/dd>\n<dd>1.2.2 Hybrid cloud vs. multicloud vs. distributed cloud<\/dd>\n<dd>1.2.3 Edge computing?<\/dd><\/dl><\/dd>\n<dd>1.3 The relationship between cloud computing and the open source paradigm<\/dd><\/dl>\n<p><a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Standards and security in the cloud\/Standards and regulations influencing cloud computing\" class=\"wiki-link\" data-key=\"02f10c1b263da2845885019939f8c31c\">2. Standards and security in the cloud<\/a>\n<\/p>\n<dl><dd>2.1 Standards and regulations influencing cloud computing<\/dd>\n<dd>2.2 Security in the cloud\n<dl><dd>2.2.1 The shared responsibility model<\/dd>\n<dd>2.2.2 Public cloud<\/dd>\n<dd>2.2.3 Hybrid cloud and multicloud<\/dd>\n<dd>2.2.4 Container security and other concerns<\/dd>\n<dd>2.2.5 Software as a service<\/dd><\/dl><\/dd><\/dl>\n<p><a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Organizational cloud computing risk management\/Five risk categories to consider\" class=\"wiki-link\" data-key=\"d18f1a3ad802fb40b2cefc9e7d83bf91\">3. Organizational cloud computing risk management<\/a>\n<\/p>\n<dl><dd>3.1 Five risk categories to consider<\/dd>\n<dd>3.2 Risk management and cybersecurity frameworks<\/dd>\n<dd>3.3 A brief note on cloud-inclusive cybersecurity insurance<\/dd><\/dl>\n<p><a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Cloud computing in the laboratory\/Benefits\" class=\"wiki-link\" data-key=\"83c534f3616a80e2abc7e3d28c0c5cdc\">4. Cloud computing in the laboratory<\/a>\n<\/p>\n<dl><dd>4.1 Benefits<\/dd>\n<dd>4.2 Regulatory considerations<\/dd>\n<dd>4.3 Deployment approaches\n<dl><dd>4.3.1 Hybrid cloud, multicloud, and the vendor lock-in conundrum<\/dd><\/dl><\/dd><\/dl>\n<p><a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Managed security services and quality assurance\/The provision of managed security services\" class=\"wiki-link\" data-key=\"cb1e31bcf056262630548fdf6c7e5c5b\">5. Managed security services and quality assurance<\/a>\n<\/p>\n<dl><dd>5.1 The provision of managed security services\n<dl><dd>5.1.1 Managed security services in the cloud<\/dd><\/dl><\/dd>\n<dd>5.2 Managed security services and the laboratory\n<dl><dd>5.2.1 The quality assurance officer<\/dd>\n<dd>5.2.2 The shared responsibility model in the scope of security management and quality assurance<\/dd><\/dl><\/dd>\n<dd>5.3 Choosing a provider for managed security services\n<dl><dd>5.3.1 Using a request for information (RFI) process<\/dd><\/dl><\/dd><\/dl>\n<p><a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Considerations when choosing and implementing a cloud solution\/What are the various characteristics of an average cloud provider?\" class=\"wiki-link\" data-key=\"f5afb6897c6e2d7da619535848a35dc1\">6. Considerations when choosing and implementing a cloud solution<\/a>\n<\/p>\n<dl><dd>6.1 What are the various characteristics of an average cloud provider?<\/dd>\n<dd>6.2 What should your lab look for in a cloud provider?\n<dl><dd>6.2.1 Service-level agreements<\/dd><\/dl><\/dd>\n<dd>6.3 What questions should you ask yourself?<\/dd>\n<dd>6.4 What questions should be asked of a cloud provider?\n<dl><dd>6.4.1 Using a request for information (RFI) process<\/dd><\/dl><\/dd><\/dl>\n<p><a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Final_thoughts\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/Final thoughts and additional resources\/Final thoughts\" class=\"wiki-link\" data-key=\"e7e8242bf570be61f5e6832d83935ad5\">7. Final thoughts and additional resources<\/a>\n<\/p>\n<dl><dd>7.1 Final thoughts<\/dd>\n<dd>7.2 Key reading and reference material<\/dd>\n<dd>7.3 Associations, organizations, and interest groups<\/dd>\n<dd>7.4 Consultancy and support services<\/dd><\/dl>\n<p>Appendix 1. Top public and hybrid\/mutlicloud services\n<\/p>\n<dl><dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Alibaba_Cloud\" title=\"Alibaba Cloud\" class=\"wiki-link\" data-key=\"e9be3baac342297a3bdc810f251aaa22\">Alibaba Cloud<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Amazon_Web_Services\" title=\"Amazon Web Services\" class=\"wiki-link\" data-key=\"aa59005d6d3f6c0608f84c7ec811f8d6\">Amazon Web Services<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Cisco_Cloudcenter_and_UCS_Director\" title=\"Cisco Cloudcenter and UCS Director\" class=\"wiki-link\" data-key=\"e709b991d697c3abce9eb27a11117834\">Cisco Cloudcenter and UCS Director<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Dell_Technologies_Cloud\" class=\"mw-redirect wiki-link\" title=\"Dell Technologies Cloud\" data-key=\"d90a08936e17ff73a53fe4ef1c2dc4d6\">Dell Technologies Cloud<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/DigitalOcean\" title=\"DigitalOcean\" class=\"wiki-link\" data-key=\"34d141ef0de0e9a6a440133994ac0514\">DigitalOcean<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Google_Cloud\" title=\"Google Cloud\" class=\"wiki-link\" data-key=\"cba743b045cae23df5415fc78c061dab\">Google Cloud<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/HPE_GreenLake\" title=\"HPE GreenLake\" class=\"wiki-link\" data-key=\"0436e45d109ada76bce7694bd1ef81b2\">HPE GreenLake<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/IBM_Cloud\" title=\"IBM Cloud\" class=\"wiki-link\" data-key=\"369c09656e0406646380b45bb4d0ecc1\">IBM Cloud<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Linode\" title=\"Linode\" class=\"wiki-link\" data-key=\"ab58b7a0691a630e6588c0b35b76a79c\">Linode<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Microsoft_Azure\" title=\"Microsoft Azure\" class=\"wiki-link\" data-key=\"7681c52cec6f9c9f1cdd85f4aa70a424\">Microsoft Azure<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Oracle_Cloud_Infrastructure\" title=\"Oracle Cloud Infrastructure\" class=\"wiki-link\" data-key=\"ac68a3433020de439b666f2cb7102a80\">Oracle Cloud Infrastructure<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/OVHcloud\" title=\"OVHcloud\" class=\"wiki-link\" data-key=\"2ac2c388e2c6489bde4dc23edc83d436\">OVHcloud<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Tencent_Cloud\" title=\"Tencent Cloud\" class=\"wiki-link\" data-key=\"7d1e0e86edde46ec0b4105e48540bbcc\">Tencent Cloud<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/VMware_Cloud\" title=\"VMware Cloud\" class=\"wiki-link\" data-key=\"14cb097560fe3787a43bd1ce90d349f8\">VMware Cloud<\/a><\/dd><\/dl>\n<p>Appendix 2. Top managed security services\n<\/p>\n<dl><dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Accenture_Security_Managed_Security\" title=\"Accenture Security Managed Security\" class=\"wiki-link\" data-key=\"75c190ac91f9652b9b27abf5aaf9058d\">Accenture Security Managed Security<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83\" title=\"AT&T C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443\" class=\"wiki-link\" data-key=\"3fc9d3c781ba7f6a3482fd37b0d694e1\">AT&T C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Atos_Managed_Security_Services\" title=\"Atos Managed Security Services\" class=\"wiki-link\" data-key=\"0ca2df43ef997aefcef0ad7903656b3e\">Atos Managed Security Services<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/BT_Cyber_Security_Platform\" title=\"BT Cyber Security Platform\" class=\"wiki-link\" data-key=\"794978c8e53749fa1f92692f96d6809b\">BT Cyber Security Platform<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Cisco_Cloudcenter_and_UCS_Director\" title=\"Cisco Cloudcenter and UCS Director\" class=\"wiki-link\" data-key=\"e709b991d697c3abce9eb27a11117834\">Cisco Active Threat Analytics<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Cyderes_Managed_Services\" title=\"Cyderes Managed Services\" class=\"wiki-link\" data-key=\"258671573c3552d254229a052a931c9d\">Cyderes Managed Services<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Foresite_Managed_Cybersecurity\" title=\"Foresite Managed Cybersecurity\" class=\"wiki-link\" data-key=\"3c094564b036ad5e513e0a6350ca7206\">Foresite Managed Cybersecurity<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/IBM_Cloud\" title=\"IBM Cloud\" class=\"wiki-link\" data-key=\"369c09656e0406646380b45bb4d0ecc1\">IBM Managed Security Services<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/NTT_Managed_Security_Services\" title=\"NTT Managed Security Services\" class=\"wiki-link\" data-key=\"4f93d6af27744d1eb3ba7efe21bf81dd\">NTT Managed Security Services<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Orange_Cyberdefense\" title=\"Orange Cyberdefense\" class=\"wiki-link\" data-key=\"d0482648d6fc05144a29bf0dc750c89f\">Orange Cyberdefense<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Secureworks_Managed_Security_Services\" title=\"Secureworks Managed Security Services\" class=\"wiki-link\" data-key=\"31b12ef9194339383a8a705d36d38777\">Secureworks Managed Security Services<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Trustwave_Managed_Security_Services\" title=\"Trustwave Managed Security Services\" class=\"wiki-link\" data-key=\"38efc7250147e02845462f279525d6d8\">Trustwave Managed Security Services<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Verizon_Managed_Security_Services\" title=\"Verizon Managed Security Services\" class=\"wiki-link\" data-key=\"4c4d9521d62404ab1d5925b1ebc635bf\">Verizon Managed Security Services<\/a><\/dd>\n<dd><a href=\"https:\/\/www.limswiki.org\/index.php\/Wipro_Managed_Security_Services\" title=\"Wipro Managed Security Services\" class=\"wiki-link\" data-key=\"76e792c8eba6e8589fc26cda5cb6f224\">Wipro Managed Security Services<\/a><\/dd><\/dl>\n<p><a href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers\" title=\"Book:Choosing and Implementing a Cloud-based Service for Your Laboratory\/RFI questions for cloud providers\" class=\"wiki-link\" data-key=\"ed9df165f2657d5bb145909d714c2690\">Appendix 3. RFI questions for cloud providers and MSSPs<\/a>\n<\/p>\n<dl><dd>RFI questions for cloud providers<\/dd>\n<dd>RFI questions for MSSPs<\/dd><\/dl>\n<!-- \nNewPP limit report\nCached time: 20230816205711\nCache expiry: 86400\nDynamic content: false\nComplications: []\nCPU time usage: 0.309 seconds\nReal time usage: 0.782 seconds\nPreprocessor visited node count: 1\/1000000\nPost\u2010expand include size: 0\/2097152 bytes\nTemplate argument size: 0\/2097152 bytes\nHighest expansion depth: 1\/40\nExpensive parser function count: 0\/100\nUnstrip recursion depth: 0\/20\nUnstrip post\u2010expand size: 0\/5000000 bytes\n-->\n<!--\nTransclusion expansion time report (%,ms,calls,template)\n100.00% 0.000 1 -total\n-->\n\n<!-- Saved in parser cache with key limswiki:pcache:idhash:12986-0!canonical and timestamp 20230816205716 and revision id 52894. Serialized with JSON.\n -->\n<\/div><\/div><div class=\"printfooter\">Source: <a rel=\"external_link\" class=\"external\" href=\"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction\">https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction<\/a><\/div>\n<!-- end content --><div class=\"visualClear\"><\/div><\/div><\/div><div class=\"visualClear\"><\/div><\/div><!-- end of the left (by default at least) column --><div class=\"visualClear\"><\/div><\/div>\n\n\n\n<\/body>","a5122d160da552b7fab8ca62d4bc6155_images":["https:\/\/upload.wikimedia.org\/wikipedia\/commons\/2\/2d\/Cloud-computing-1.gif"],"a5122d160da552b7fab8ca62d4bc6155_timestamp":1692220358,"816bc5ee048c8669f9d42b30425606b4":{"type":"chapter","title":"About this book","key":"816bc5ee048c8669f9d42b30425606b4"}},"link":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory","price_currency":"","price_amount":"","book_size":"","download_url":"https:\/\/www.limsforum.com?ebb_action=book_download&book_id=101011","language":"","cta_button_content":"","toc":[{"type":"chapter","name":"About this book","id":"816bc5ee048c8669f9d42b30425606b4","children":[{"type":"article","name":"Introduction","id":"a5122d160da552b7fab8ca62d4bc6155","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Introduction"}]},{"type":"chapter","name":"1. What is cloud computing?","id":"751c7c6dd4de389dd9f74877aaffa933","children":[{"type":"article","name":"1.1 History and evolution","id":"596bb2186b9a2b2aab001f641218edfe","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/History_and_evolution"},{"type":"article","name":"1.2 Cloud computing services and deployment models","id":"ded9d3142efb0e0c851296237a82d1f4","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/Cloud_computing_services_and_deployment_models"},{"type":"article","name":"1.3 The relationship between cloud computing and the open source paradigm","id":"d6f2bfcbe7b23469e6f8c92f1c453787","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/What_is_cloud_computing%3F\/The_relationship_between_cloud_computing_and_the_open_source_paradigm"}]},{"type":"chapter","name":"2. Standards and security in the cloud","id":"5b1c3208c51e302a5149315b6f822558","children":[{"type":"article","name":"2.1 Standards and regulations influencing cloud computing","id":"02f10c1b263da2845885019939f8c31c","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Standards_and_regulations_influencing_cloud_computing"},{"type":"article","name":"2.2 Security in the cloud","id":"3323880907987943705cdfbc653c393d","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Standards_and_security_in_the_cloud\/Security_in_the_cloud"}]},{"type":"chapter","name":"3. Organizational cloud computing risk management","id":"3eeef08731ff99bbba5700ce60055f1d","children":[{"type":"article","name":"3.1 Five risk categories to consider","id":"d18f1a3ad802fb40b2cefc9e7d83bf91","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Five_risk_categories_to_consider"},{"type":"article","name":"3.2 Risk management and cybersecurity frameworks","id":"02aabc07c0d7e2cfb83052a33005079d","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/Risk_management_and_cybersecurity_frameworks"},{"type":"article","name":"3.3 A brief note on cloud-inclusive cybersecurity insurance","id":"fe08331184f2a9ce11d728851a0166d8","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Organizational_cloud_computing_risk_management\/A_brief_note_on_cloud-inclusive_cybersecurity_insurance"}]},{"type":"chapter","name":"4. Cloud computing in the laboratory","id":"9d348627f78814d8166b4742b385e915","children":[{"type":"article","name":"4.1 Benefits","id":"83c534f3616a80e2abc7e3d28c0c5cdc","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Benefits"},{"type":"article","name":"4.2 Regulatory considerations","id":"b0cb41c5916cbdd7468bdf719942f9e4","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Regulatory_considerations"},{"type":"article","name":"4.3 Deployment approaches","id":"3f6cdca956c811a19c1773e32fc70e7c","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Cloud_computing_in_the_laboratory\/Deployment_approaches"}]},{"type":"chapter","name":"5. Managed security services and quality assurance","id":"0479af5ce51e77b51927df43abde26c7","children":[{"type":"article","name":"5.1 The provision of managed security services","id":"cb1e31bcf056262630548fdf6c7e5c5b","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/The_provision_of_managed_security_services"},{"type":"article","name":"5.2 Managed security services and the laboratory","id":"fdbc78a3fed7fade69aa42c5a9b5cc07","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Managed_security_services_and_the_laboratory"},{"type":"article","name":"5.3 Choosing a provider for managed security services","id":"fdcca14cc0c87caa6d62c62a5ab55ad1","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Managed_security_services_and_quality_assurance\/Choosing_a_provider_for_managed_security_services"}]},{"type":"chapter","name":"6. Considerations when choosing and implementing a cloud solution]]","id":"4b2dc470db58557d05a6ccf3fb64171f","children":[{"type":"article","name":"6.1 What are the various characteristics of an average cloud provider?","id":"f5afb6897c6e2d7da619535848a35dc1","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_are_the_various_characteristics_of_an_average_cloud_provider%3F"},{"type":"article","name":"6.2 What should your lab look for in a cloud provider?","id":"5d4f0fe2817a20a0501ab40aa7e367f0","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_should_your_lab_look_for_in_a_cloud_provider%3F"},{"type":"article","name":"6.3 What questions should you ask yourself?","id":"2596b5f01edfd87717eacea81b2b20db","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_you_ask_yourself%3F"},{"type":"article","name":"6.4 What questions should be asked of a cloud provider?","id":"dc2b0daa94b0a62bc61f28ac50252e2c","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Considerations_when_choosing_and_implementing_a_cloud_solution\/What_questions_should_be_asked_of_a_cloud_provider%3F"}]},{"type":"chapter","name":"7. Final thoughts and additional resources","id":"1b97d0e377021af2be9c6bee31a64804","children":[{"type":"article","name":"7.1 Final thoughts","id":"e7e8242bf570be61f5e6832d83935ad5","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Final_thoughts"},{"type":"article","name":"7.2 Key reading and reference material","id":"c7d3e391ad370ee11ef8ace6bb205f75","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Key_reading_and_reference_material"},{"type":"article","name":"7.3 Associations, organizations, and interest groups","id":"1eeb2eecdbf4b97c32746a8ad1d40768","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Associations,_organizations,_and_interest_groups"},{"type":"article","name":"7.4 Consultancy and support services","id":"406be09edfd2af1794e15e3bfb661bc0","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/Final_thoughts_and_additional_resources\/Consultancy_and_support_services"}]},{"type":"chapter","name":"Appendix 1. Top public and hybrid\/mutlicloud services","id":"0ddbaa24335eb6630768e8b42adf23c6","children":[{"type":"article","name":"Alibaba Cloud","id":"e9be3baac342297a3bdc810f251aaa22","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Alibaba_Cloud"},{"type":"article","name":"Amazon Web Services","id":"aa59005d6d3f6c0608f84c7ec811f8d6","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Amazon_Web_Services"},{"type":"article","name":"Cisco Cloudcenter and UCS Director","id":"e709b991d697c3abce9eb27a11117834","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Cisco_Cloudcenter_and_UCS_Director"},{"type":"article","name":"Dell Technologies Cloud","id":"d90a08936e17ff73a53fe4ef1c2dc4d6","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Dell_Technologies_Cloud"},{"type":"article","name":"DigitalOcean","id":"34d141ef0de0e9a6a440133994ac0514","pageUrl":"https:\/\/www.limswiki.org\/index.php\/DigitalOcean"},{"type":"article","name":"Google Cloud","id":"cba743b045cae23df5415fc78c061dab","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Google_Cloud"},{"type":"article","name":"HPE GreenLake","id":"0436e45d109ada76bce7694bd1ef81b2","pageUrl":"https:\/\/www.limswiki.org\/index.php\/HPE_GreenLake"},{"type":"article","name":"IBM Cloud","id":"369c09656e0406646380b45bb4d0ecc1","pageUrl":"https:\/\/www.limswiki.org\/index.php\/IBM_Cloud"},{"type":"article","name":"Linode","id":"ab58b7a0691a630e6588c0b35b76a79c","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Linode"},{"type":"article","name":"Microsoft Azure","id":"7681c52cec6f9c9f1cdd85f4aa70a424","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Microsoft_Azure"},{"type":"article","name":"Oracle Cloud Infrastructure","id":"ac68a3433020de439b666f2cb7102a80","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Oracle_Cloud_Infrastructure"},{"type":"article","name":"OVHcloud","id":"2ac2c388e2c6489bde4dc23edc83d436","pageUrl":"https:\/\/www.limswiki.org\/index.php\/OVHcloud"},{"type":"article","name":"Tencent Cloud","id":"7d1e0e86edde46ec0b4105e48540bbcc","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Tencent_Cloud"},{"type":"article","name":"VMware Cloud","id":"14cb097560fe3787a43bd1ce90d349f8","pageUrl":"https:\/\/www.limswiki.org\/index.php\/VMware_Cloud"}]},{"type":"chapter","name":"Appendix 2. Top managed security services","id":"2fb8e6ce9a775e5e0d904ea0d674f1d3","children":[{"type":"article","name":"Accenture Security Managed Security","id":"75c190ac91f9652b9b27abf5aaf9058d","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Accenture_Security_Managed_Security"},{"type":"article","name":"AT&T C\u0443b\u0435r\u0455\u0435\u0441ur\u0456t\u0443","id":"3fc9d3c781ba7f6a3482fd37b0d694e1","pageUrl":"https:\/\/www.limswiki.org\/index.php\/AT%26T_C%D1%83b%D0%B5r%D1%95%D0%B5%D1%81ur%D1%96t%D1%83"},{"type":"article","name":"Atos Managed Security Services","id":"0ca2df43ef997aefcef0ad7903656b3e","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Atos_Managed_Security_Services"},{"type":"article","name":"BT Cyber Security Platform","id":"794978c8e53749fa1f92692f96d6809b","pageUrl":"https:\/\/www.limswiki.org\/index.php\/BT_Cyber_Security_Platform"},{"type":"article","name":"Cisco Active Threat Analytics","id":"e709b991d697c3abce9eb27a11117834","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Cisco_Cloudcenter_and_UCS_Director"},{"type":"article","name":"Cyderes Managed Services","id":"258671573c3552d254229a052a931c9d","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Cyderes_Managed_Services"},{"type":"article","name":"Foresite Managed Cybersecurity","id":"3c094564b036ad5e513e0a6350ca7206","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Foresite_Managed_Cybersecurity"},{"type":"article","name":"IBM Managed Security Services","id":"369c09656e0406646380b45bb4d0ecc1","pageUrl":"https:\/\/www.limswiki.org\/index.php\/IBM_Cloud"},{"type":"article","name":"NTT Managed Security Services","id":"4f93d6af27744d1eb3ba7efe21bf81dd","pageUrl":"https:\/\/www.limswiki.org\/index.php\/NTT_Managed_Security_Services"},{"type":"article","name":"Orange Cyberdefense","id":"d0482648d6fc05144a29bf0dc750c89f","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Orange_Cyberdefense"},{"type":"article","name":"Secureworks Managed Security Services","id":"31b12ef9194339383a8a705d36d38777","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Secureworks_Managed_Security_Services"},{"type":"article","name":"Trustwave Managed Security Services","id":"38efc7250147e02845462f279525d6d8","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Trustwave_Managed_Security_Services"},{"type":"article","name":"Verizon Managed Security Services","id":"4c4d9521d62404ab1d5925b1ebc635bf","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Verizon_Managed_Security_Services"},{"type":"article","name":"Wipro Managed Security Services","id":"76e792c8eba6e8589fc26cda5cb6f224","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Wipro_Managed_Security_Services"}]},{"type":"chapter","name":"Appendix 3. RFI questions for cloud providers and MSSPs","id":"bc6e52ee58124e09bbff6c78ec00120b","children":[{"type":"article","name":"RFI questions for cloud providers","id":"ed9df165f2657d5bb145909d714c2690","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_cloud_providers"},{"type":"article","name":"RFI questions for MSSPs","id":"9cc8b0dd65d5032d00360743f6ef5b8c","pageUrl":"https:\/\/www.limswiki.org\/index.php\/Book:Choosing_and_Implementing_a_Cloud-based_Service_for_Your_Laboratory\/RFI_questions_for_MSSPs"}]}],"settings":{"show_cover":1,"show_title":1,"show_subtitle":0,"show_full_title":1,"show_editor":1,"show_editor_pic":1,"show_publisher":1,"show_language":1,"show_size":1,"show_toc":1,"show_content_beneath_cover":1,"toc_links":"logged-in","cta_button":"2","content_location":"1","log_in_msg":"","cover_size":"medium"},"title_image":"https:\/\/s3.limsforum.com\/www.limsforum.com\/wp-content\/uploads\/Cloud-computing-1.gif"}}
Copyright LabLynx Inc. All rights reserved.