Cloud Computing - Benefits and Risks

Cloud Computing – Benefits and Risks President, ISACA China Hong Kong Michael Yung

Evolution – Mainframe Computer Page 

Evolution – Mini Computer, PCs and Internet Page 

Evolution - Cloud Computing Page 

Next 25 Minutes Page  Pain Points Benefits Risks

Infrastructure Cost and Service Delivery Page  Pain Points

Pain Points Page  Keep It Running vs. Implement New Things

Pain Points Page  We Are Too Slow

Pain Points Page  Right Sizing

Pain Points Page 

Cloud Computing Page  Benefits

Cloud Computing Market Page  Estimation by IBM, 2009 84% Saving on H/W, labour, power

IT and Business Benefits Page  Highly abstracted H/W, S/W resources for pooling Near instant scalability, provisioning ‘ Service On demand’ A ‘Pay as you go’ billing system 1 2 3 4

Business Benefits Page  We are finally in sync with business

Cloud Computing Page  What Are the Risks ?

Applicability for Cloud Computing Page  Source: Federal Reserve System, USA System Type Scalability Availability Security Cloud Type Information site Medium Medium Low Public /Hybrid External Collaboration Medium Medium Medium Public /Hybrid Public research / survey Low Medium Medium Public /Hybrid Internal R&D Low Low Medium Public /Hybrid Disaster Recovery Medium Medium Medium Public /Hybrid Application Test and QA Low Medium Medium Private Application Development Low Medium Medium Private Production Applications High High Medium No Mission Critical Applications High High High No

Risks and Security Concerns Page  Vendor Lock In Poor SLA 3 rd Party access to Data Poor DR Plan
Few tools, procedures or standard formats available for data and service portability
Service level affects confidentiality and availability
The needs to protect the intellectual property, trade secrets; and complied to regulations and laws in different geographical regions
Business continuity and disaster recovery plans must be well documented and tested
Service and contractual risks

Risks and Security Concerns Page  Integration / Bandwidth Encryption and Key Mgnt Testing and Monitoring Resource Allocation
How to integrate the in-house systems to the Cloud ?
High speed bandwidth ready ?
Speedy encryption / decryption;
Key management
Provider may not allow you to do thorough PEN test, audit;
Are there good monitoring tools available ?
Overbooking, underbooking;
Handling of DOS attack; Payment cap
Technology risks

Cloud Computing Page  Addressing the Risks

Addressing the Risks Page 
Service Level Agreement to address
Handling, usage, storage, availability of data
Business continuity and disaster recovery objectives
Right to audit
Reassess your IT Governance framework
Meeting performance objectives
Technology provisioning is aligned to business
Risks are managed
Inventory of Information Assets
Classified, labeled

Assurance Considerations Page  Must demonstrate existence of effective and robust security controls Must prove that privacy controls are in place and able to prevent, detect and react to breaches Independent assurance from third-party audits and service auditor reports Ensure the compliance of various countries' laws, but at the same time able to access your own data when needed Transparency Certification Privacy Compliance

Take Away Messages Page 
Many benefits - reduce costs, greater agility
Need to assess business impact and risks
Address the risk with legal, security and assurance professionals

Resources Page 

Questions ? Page  www.isaca.org www.isaca.org.hk [email_address] [email_address]

End of Presentation Page 

http://www.michaelyung.com	124
http://www.slideshare.net	31
http://www.visualcv.com	10
http://cloudyblogauth.blogspot.com	6
http://www.linkedin.com	2
http://cloudyblogauth.blogspot.co.uk	1

Cloud Computing - Benefits and Risks

by Michael Yung on May 04, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

6 Embeds 174

Statistics

Cloud Computing - Benefits and Risks — Presentation Transcript