Cloud Essentials - ISACA CPE Meeting

269 views

Published on

Cloud Computing Essentials

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
269
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • Start consolidating servers, storage, networks and IT resources Virtulizing the technology resources, including applications Organize your IT Offering as Business Services Structure IT as a Shared service Organization Prepare your Organization ( Change Management) © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • Effective Access Control and Audit Single Sign On (SSO) Strong authentication: password & biometric measure Review on audit logs Secure Cloud Storage Encryption Integrity by mechanisms as hashing Secure Network Infrastructure Encryption protocols against leakage Integrity protocols (digital signatures) against modification Consult a lawyer, specialized in international legislation Know where (which country) your data is © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • Optimal and holistic compliance addresses the inter and intra-organizational challenges of persistent information security by clearly delineating control ownership.
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • © Property of Learning Lake All rights reserved
  • Cloud Essentials - ISACA CPE Meeting

    1. 1. Cloud EssentialsCloud Essentials Benefits, Risks and ControlsBenefits, Risks and Controls
    2. 2.  How many of you are using Cloud Services at your organization?  How many of you are planning / evaluating Cloud Solutions?  How many of you are Cloud Service Providers? 07/29/13 Global Success Systems FZ LLC 2
    3. 3. Lighter side of Cloud 07/29/13 Global Success Systems FZ LLC 3
    4. 4. Lighter side of Cloud 07/29/13 Global Success Systems FZ LLC 4
    5. 5. Lighter side of Cloud 07/29/13 Global Success Systems FZ LLC 5
    6. 6. Agenda 07/29/13 Global Success Systems FZ LLC 6
    7. 7. Some Predictions “By 2020 more than a third of the Digital Universe will either live in or pass through the cloud.” -- IDC, May 2010 “Four out of every five new commercial enterprise applications are deployed on cloud platforms, according to industry research, and more than half of Global 1000 companies will store customer-sensitive data in the public cloud by the end of 2016.” - Dimensional Research for Host Analytics (DRHA) “Cloud delivery has increased by 33.6% year on year for 2012 in UAE ” – IDC Jan 2013  c 07/29/13 Global Success Systems FZ LLC 7
    8. 8. What is Cloud ? “Cloud computing, method of running application software and storing related data in central computer systems and providing customers or other users access to them through the Internet”. Encyclopedia Britannica (eb.com, 2012) 07/29/13 Global Success Systems FZ LLC 8Image Copyright EXIN
    9. 9. What is Cloud ? “Cloud computing, is a model for enabling convenient, on- demand network access to a shared pool of configurable computing resources, that can be rapidly provisioned and released with minimum management effort or service provider interaction”- NIST 07/29/13 Global Success Systems FZ LLC 9Image Copyright EXIN
    10. 10. Cloud Computing is About 07/29/13 Global Success Systems FZ LLC 10 5 Characteristics Service Models Deployment Models Image Copyright NIST
    11. 11. Cloud Benefits  Reduced Cost (the pay-per-use, economics of scale)  Automated (updates, security patches, backups,…)  On demand (Flexibility + Scalability = Elasticity)  More Mobility ( "any time, any place, any device”)  Shared Resources (multi-tenancy)  Back to core business “Everything gets faster, cheaper, more flexible by using Cloud” - Werner Vogets CTO, Amazon 07/29/13 Global Success Systems FZ LLC 11
    12. 12. Recommendations to Adopt Cloud
    13. 13. Business drivers  Flexibility & Time to market (TTM)  Costs  Capex vs. Opex  TCO for 3 to 5 Year & ROI  Operational Beneift , Support Cost  Service Level Agreements (SLA)  Service Performance  Easy to navigate  Transaction posting time  Quality of Service  Support SLA ( Incidents, problems)  Architecture - Integration (PaaS), migration  Green(er) computing 07/29/13 Global Success Systems FZ LLC 13
    14. 14. Compliance and Governance Understand the providers capabilities and compliances  Data Center Certifications  Average uptime  Regulations & international standards  Multiple sites and locations  Backup mechanisms & Data storage  Provider’s Supplier Details  High security components like firewalls, a DMZ and internet security software  4 Ps of Service Management (People, Process, Products & Partners)  Have a clear SLA 07/29/13 Global Success Systems FZ LLC 14
    15. 15. Try before you Buy  Demand a Trail Period and TEST Thoroughly  Don’t commit untill the service works the way you want  Have a Road Map for your Cloud Adoption 07/29/13 Global Success Systems FZ LLC 15
    16. 16. Risks Management
    17. 17. Organizational Risk  Difficulty knowing where data is stored  Technical failures that could destroy the stored data  Unauthorized access of data by others  Failure of Cloud Service due to New Technology, Competitors, Lack of Financial Support  Issues around data retrieval if a cloud provider goes out of business  Vendor Lock-In 07/29/13 Global Success Systems FZ LLC 17
    18. 18. Risk Management  Validation of credentials  Active monitoring of traffic  Strong authentication  Good SLAs and Audit  Operations procedures  Operational security practices  Consult a lawyer, specialized in international legislation  Staff vetting, etc. 07/29/13 Global Success Systems FZ LLC 18
    19. 19. Cloud Controls and Auditing
    20. 20. Personal Identifiable Information (PII)  Forms of identification: SSN, passport, fingerprints  Occupational: job title, company name  Financial: bank numbers, credit records  Health care: insurance, genetic  Online activity: log-ins  Demographic: ethnicity  Contact: phone, e-mail
    21. 21. PII Standards  The Privacy Act 1974, federal laws HIPAA & GLBA and Safe harbor - USA  Personal Information Protection Law and Law for Protection of Computer Processed Data Held by Administrative Organs (1988) – Japan  PIPEDA (Personal Information Protection and Electronic Data Act 2008) and Privacy Act (1983) – Canada  Laws and privacy standards of the member countries, EU Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002) and EU Data Protection Directive (1998) - EU 07/29/13 Global Success Systems FZ LLC 21
    22. 22. Cloud Controls Matrix (CCM) Controls baselined and mapped to: COBIT BITS Shared Assessments HIPAA/HITECH Act Jericho Forum ISO/IEC 27001-2005 NERC CIP NISTSP800-53 PCI DSSv2.0 22 © 2011 Cloud Security Alliance, Inc. All rights reserved.
    23. 23. Cloud Controls Matrix (CCM) First ever baseline control framework specifically designed for managing risk in the Cloud Supply Chain 23 © 2011 Cloud Security Alliance, Inc. All rights reserved. 1. Compliance (CO) 2. Data Governance (DG) 3. Facility Security (FS) 4. Human Resources (HR) 5. Information Security (IS) 6. Legal (LG) 7. Operations Management (OM) 8. Risk Management (RI) 9. Release Management (RM) 10. Resiliency (RS) 11.Security Architecture (SA)
    24. 24. CCM – 98 Controls © 2011 Cloud Security Alliance, Inc. All rights reserved.
    25. 25. Auditing Cloud Types of Audits you need to consider  Regulatory compliance audit  Disaster Recovery/Business Continuity (DR/BC)  Security audit  Performance and Reliability audit (SLA)  Benefit Realization audit (ROI) 07/29/13 Global Success Systems FZ LLC 25
    26. 26. Summary  Understand your business needs  Have a clear road map for Cloud Adoption  Understand provider’s capability and regulations  Pilot the cloud solution and ensure it is meeting your business needs  Have good control , monitoring and auditing mechanism  Enjoy the benefit of Cloud Opportunities 07/29/13 Global Success Systems FZ LLC 26
    27. 27. Thank you Questions ? Sreechith Radhakrishnan Email : sreechith@gssgrouponline.com Linked In : www.linkedin.com/in/sreechith Web : www.gssgrouponline.com 07/29/13 Global Success Systems FZ LLC 27

    ×