Cloud Computing - Benefits and Risks


Published on

Recent economic pressures have resulted in increased requirements for the availability, scalability and efficiency of enterprise IT solutions.

Many parties claim that “cloud computing” can help enterprises meet the increased requirements of lower TCO, higher ROI, increased efficiency, dynamic provisioning and utility-like services.

However, many IT professionals are citing the increased risks associated with trusting information assets to the cloud as something that must be clearly understood and managed by relevant stakeholders.

This presentation examines the potential business benefits, risks and assurance considerations.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Hong Kong GDP is around 200 billion USD. In one case study moving from traditional data center to cloud infrastructure ( from US$3.9 million to US$0.6 million ).
  • Cloud Computing - Benefits and Risks

    1. 1. Cloud Computing – Benefits and Risks President, ISACA China Hong Kong Michael Yung
    2. 2. Evolution – Mainframe Computer Page 
    3. 3. Evolution – Mini Computer, PCs and Internet Page 
    4. 4. Evolution - Cloud Computing Page 
    5. 5. Next 25 Minutes Page  Pain Points Benefits Risks
    6. 6. Infrastructure Cost and Service Delivery Page  Pain Points
    7. 7. Pain Points Page  Keep It Running vs. Implement New Things
    8. 8. Pain Points Page  We Are Too Slow
    9. 9. Pain Points Page  Right Sizing
    10. 10. Pain Points Page 
    11. 11. Cloud Computing Page  Benefits
    12. 12. Cloud Computing Market Page  Estimation by IBM, 2009 84% Saving on H/W, labour, power
    13. 13. IT and Business Benefits Page  Highly abstracted H/W, S/W resources for pooling Near instant scalability, provisioning ‘ Service On demand’ A ‘Pay as you go’ billing system 1 2 3 4
    14. 14. Business Benefits Page  We are finally in sync with business
    15. 15. Cloud Computing Page  What Are the Risks ?
    16. 16. Applicability for Cloud Computing Page  Source: Federal Reserve System, USA System Type Scalability Availability Security Cloud Type Information site Medium Medium Low Public /Hybrid External Collaboration Medium Medium Medium Public /Hybrid Public research / survey Low Medium Medium Public /Hybrid Internal R&D Low Low Medium Public /Hybrid Disaster Recovery Medium Medium Medium Public /Hybrid Application Test and QA Low Medium Medium Private Application Development Low Medium Medium Private Production Applications High High Medium No Mission Critical Applications High High High No
    17. 17. Risks and Security Concerns Page  Vendor Lock In Poor SLA 3 rd Party access to Data Poor DR Plan <ul><li>Few tools, procedures or standard formats available for data and service portability </li></ul><ul><li>Service level affects confidentiality and availability </li></ul><ul><li>The needs to protect the intellectual property, trade secrets; and complied to regulations and laws in different geographical regions </li></ul><ul><li>Business continuity and disaster recovery plans must be well documented and tested </li></ul>Service and contractual risks
    18. 18. Risks and Security Concerns Page  Integration / Bandwidth Encryption and Key Mgnt Testing and Monitoring Resource Allocation <ul><li>How to integrate the in-house systems to the Cloud ? </li></ul><ul><li>High speed bandwidth ready ? </li></ul><ul><li>Speedy encryption / decryption; </li></ul><ul><li>Key management </li></ul><ul><li>Provider may not allow you to do thorough PEN test, audit; </li></ul><ul><li>Are there good monitoring tools available ? </li></ul><ul><li>Overbooking, underbooking; </li></ul><ul><li>Handling of DOS attack; Payment cap </li></ul>Technology risks
    19. 19. Cloud Computing Page  Addressing the Risks
    20. 20. Addressing the Risks Page  <ul><li>Service Level Agreement to address </li></ul><ul><ul><li>Handling, usage, storage, availability of data </li></ul></ul><ul><ul><li>Business continuity and disaster recovery objectives </li></ul></ul><ul><ul><li>Right to audit </li></ul></ul><ul><li>Reassess your IT Governance framework </li></ul><ul><ul><li>Meeting performance objectives </li></ul></ul><ul><ul><li>Technology provisioning is aligned to business </li></ul></ul><ul><ul><li>Risks are managed </li></ul></ul><ul><li>Inventory of Information Assets </li></ul><ul><ul><li>Classified, labeled </li></ul></ul>
    21. 21. Assurance Considerations Page  Must demonstrate existence of effective and robust security controls Must prove that privacy controls are in place and able to prevent, detect and react to breaches Independent assurance from third-party audits and service auditor reports Ensure the compliance of various countries' laws, but at the same time able to access your own data when needed Transparency Certification Privacy Compliance
    22. 22. Take Away Messages Page  <ul><li>Many benefits - reduce costs, greater agility </li></ul><ul><li>Need to assess business impact and risks </li></ul><ul><li>Address the risk with legal, security and assurance professionals </li></ul>
    23. 23. Resources Page 
    24. 24. Questions ? Page  [email_address] [email_address]
    25. 25. End of Presentation Page 