cloud essentials - isaca cpe meeting
DESCRIPTION
Cloud Computing EssentialsTRANSCRIPT
Cloud EssentialsCloud EssentialsBenefits, Risks and ControlsBenefits, Risks and Controls
How many of you are using Cloud Services at your organization?
How many of you are planning / evaluating Cloud Solutions?
How many of you are Cloud Service Providers?
04/12/23 Global Success Systems FZ LLC 2
Lighter side of Cloud
04/12/23 Global Success Systems FZ LLC 3
Lighter side of Cloud
04/12/23 Global Success Systems FZ LLC 4
Lighter side of Cloud
04/12/23 Global Success Systems FZ LLC 5
Agenda
04/12/23 Global Success Systems FZ LLC 6
Some Predictions
“By 2020 more than a third of the Digital Universe will either live in or pass through the cloud.” -- IDC, May 2010
“Four out of every five new commercial enterprise applications are deployed on cloud platforms, according to industry
research, and more than half of Global 1000 companies will store customer-sensitive data in the public cloud by the end
of 2016.” - Dimensional Research for Host Analytics (DRHA)
“Cloud delivery has increased by 33.6% year on year for 2012 in UAE ” – IDC Jan 2013
c
04/12/23 Global Success Systems FZ LLC 7
What is Cloud ?
“Cloud computing, method of running application software and storing related data in central computer systems and providing customers or other users access to them
through the Internet”.Encyclopedia Britannica (eb.com, 2012)
04/12/23 Global Success Systems FZ LLC 8Image Copyright EXIN
What is Cloud ?
“Cloud computing, is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources, that can be rapidly provisioned and released with minimum
management effort or service provider interaction”- NIST
04/12/23 Global Success Systems FZ LLC 9Image Copyright EXIN
Cloud Computing is About
04/12/23 Global Success Systems FZ LLC 10
5 Characteristics
Service Models
Deployment Models
Image Copyright NIST
Cloud Benefits Reduced Cost (the pay-per-use, economics of
scale) Automated (updates, security patches, backups,
…) On demand (Flexibility + Scalability = Elasticity) More Mobility ( "any time, any place, any device”) Shared Resources (multi-tenancy) Back to core business
“Everything gets faster, cheaper, more flexible by using Cloud” - Werner Vogets CTO, Amazon
04/12/23 Global Success Systems FZ LLC 11
Recommendations to Adopt Cloud
Business drivers Flexibility & Time to market (TTM) Costs
Capex vs. Opex TCO for 3 to 5 Year & ROI Operational Beneift , Support Cost
Service Level Agreements (SLA) Service Performance
Easy to navigate Transaction posting time Quality of Service
Support SLA ( Incidents, problems) Architecture - Integration (PaaS), migration
Green(er) computing04/12/23 Global Success Systems FZ LLC 13
Compliance and Governance
Understand the providers capabilities and compliances Data Center Certifications Average uptime Regulations & international standards Multiple sites and locations Backup mechanisms & Data storage Provider’s Supplier Details High security components like firewalls, a DMZ and internet
security software 4 Ps of Service Management (People, Process, Products &
Partners) Have a clear SLA
04/12/23 Global Success Systems FZ LLC 14
Try before you Buy
Demand a Trail Period and TEST Thoroughly Don’t commit untill the service works the way you
want
Have a Road Map for your Cloud Adoption
04/12/23 Global Success Systems FZ LLC 15
Risks Management
Organizational Risk
Difficulty knowing where data is stored Technical failures that could destroy the stored data Unauthorized access of data by others Failure of Cloud Service due to New Technology,
Competitors, Lack of Financial Support Issues around data retrieval if a cloud provider goes
out of business Vendor Lock-In
04/12/23 Global Success Systems FZ LLC 17
Risk Management
Validation of credentialsActive monitoring of trafficStrong authenticationGood SLAs and AuditOperations proceduresOperational security practicesConsult a lawyer, specialized in
international legislationStaff vetting, etc.
04/12/23 Global Success Systems FZ LLC 18
Cloud Controls and Auditing
Personal Identifiable Information (PII)
Forms of identification: SSN, passport, fingerprints Occupational: job title, company name Financial: bank numbers, credit records Health care: insurance, genetic Online activity: log-ins Demographic: ethnicity Contact: phone, e-mail
PII Standards The Privacy Act 1974, federal laws HIPAA & GLBA
and Safe harbor - USA Personal Information Protection Law and Law for
Protection of Computer Processed Data Held by Administrative Organs (1988) – Japan
PIPEDA (Personal Information Protection and Electronic Data Act 2008) and Privacy Act (1983) – Canada
Laws and privacy standards of the member countries, EU Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002) and EU Data Protection Directive (1998) - EU
04/12/23 Global Success Systems FZ LLC 21
Cloud Controls Matrix (CCM)
Controls baselined and mapped to:COBIT BITS Shared AssessmentsHIPAA/HITECH Act Jericho ForumISO/IEC 27001-2005 NERC CIPNISTSP800-53PCI DSSv2.0
22 © 2011 Cloud Security Alliance, Inc. All rights
reserved.
Cloud Controls Matrix (CCM)First ever baseline control framework specifically designed for
managing risk in the Cloud Supply Chain
23 © 2011 Cloud Security Alliance, Inc. All rights
reserved.
1. Compliance (CO)
2. Data Governance (DG)
3. Facility Security (FS)
4. Human Resources (HR)
5. Information Security (IS)
6. Legal (LG)
7. Operations Management (OM)
8. Risk Management (RI)
9. Release Management (RM)
10. Resiliency (RS)
11.Security Architecture (SA)
CCM – 98 Controls
© 2011 Cloud Security Alliance, Inc. All rights reserved.
Auditing Cloud
Types of Audits you need to consider Regulatory compliance audit Disaster Recovery/Business Continuity (DR/BC) Security audit Performance and Reliability audit (SLA) Benefit Realization audit (ROI)
04/12/23 Global Success Systems FZ LLC 25
Summary
Understand your business needs Have a clear road map for Cloud Adoption Understand provider’s capability and
regulations Pilot the cloud solution and ensure it is
meeting your business needs Have good control , monitoring and
auditing mechanism Enjoy the benefit of Cloud Opportunities
04/12/23 Global Success Systems FZ LLC 26
Thank you
Questions ?
Sreechith RadhakrishnanEmail : [email protected] In : www.linkedin.com/in/sreechithWeb : www.gssgrouponline.com
04/12/23 Global Success Systems FZ LLC 27