KPMG Risk & Compliance




Cloud computing
Assurance of “The Cloud”

Drs. Mike Chung RE

ADVISORY
Cloud computing - introduction


Cloud computing as phenomenon
 The IT (model) of choice for 2010 and beyond
 − More than ...
Cloud computing - definition


What is cloud computing?                                                                   ...
Cloud computing - opportunities


Opportunities
 Cost savings
  − Costs are transparent and relatively easy to manage: shi...
Cloud computing - risks


                                                                       Risks
                   ...
Cloud computing - assurance


State of affairs
  Auditing of cloud computing environments requires
  specific knowledge du...
Cloud computing - KPMG


                                                     What does KPMG do?
                         ...
Cloud computing - contact




                                                                                 Drs. Mike C...
Upcoming SlideShare
Loading in …5
×

Kpmg Cloud Computing Presentation Short Version

5,248 views

Published on

Cloud computing assurance audit KPMG

Published in: Business, Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,248
On SlideShare
0
From Embeds
0
Number of Embeds
51
Actions
Shares
0
Downloads
351
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Kpmg Cloud Computing Presentation Short Version

  1. 1. KPMG Risk & Compliance Cloud computing Assurance of “The Cloud” Drs. Mike Chung RE ADVISORY
  2. 2. Cloud computing - introduction Cloud computing as phenomenon The IT (model) of choice for 2010 and beyond − More than 10 million enterprises in the cloud within 3 years − More than 50% of all Fortune500 companies are already using cloud computing Heavy investments from big software vendors and IT integrators − Google: enormous data storage capacities, new services, aggressive marketing campaign − Microsoft: considerable expansion of data centres − Salesforce.com: new platform services, building data centres in Europe − Accenture: offering of implementation and advisory services − T-Systems: offering of cloud and integration services Growing interest despite/thanks to economic downturn and the perceptive reliability of the internet © 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 1
  3. 3. Cloud computing - definition What is cloud computing? ‘On-premise’ versus cloud computing Hosted services from the (inter)net, metaphorically depicted as a ‘cloud’ ‘On-premise’ Cloud computing Utilisation of Web 2.0 Customer Customer ASP 2.0 Examples: Users Users Software-as-a-Service (Salesforce.com, Microsoft BPOS, Gmail) IT services IT services Platform-as-a-Service (Google Apps, Force.com, 3tera AppLogic) Internal IT Infrastructure-as-a-Service Internet (Amazon EC2, Citrix Cloud Centre) Subscription or Characteristics ‘pay as you go’ Hardware, software + data − Separation of ownership and use Cloud vendor − On-demand Software licences + support costs − Elastic − Multi-tenant Software vendor − External data storage Hardware, software + data − Use of the (public) internet © 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 2
  4. 4. Cloud computing - opportunities Opportunities Cost savings − Costs are transparent and relatively easy to manage: shift from CAPEX to OPEX − Costs (TCO) are significantly lower when compared with traditional ‘on-premise’ counterparts – between 10% and 50% of original costs Complexity reduction & business-focus − Complete outsourcing of IT − IT management discontinued or reduced to demand management and vendor management − All required software services accessible through the internet without additional client software − The enterprise can really focus on its key activities without being hampered or curbed by the internal IT department Economies of scale − The cloud vendor is able to deploy new technologies and service processes efficiently through economies of scale − Efficiency and effectiveness of cloud services can be enhanced © 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 3
  5. 5. Cloud computing - risks Risks External data storage − Weak control over data (failing backup & recovery) − Legal complications (violation on privacy, conflicting legislations) − Viability uncertain (insufficient guarantee on continuity and availability of services) Multi-tenancy architecture − Inadequate segregation of data − Poor Identity and Access Management (IAM) − Insufficient logging and monitoring − Weakest link is decisive (virtualisation, shared databases) Use of the public internet − Vague and/or non-existing accountability and ownership − Loss, misuse and theft of data − No access to data and/or services Integration with the internal IT environment − Unclear perimeters − No connection and/or alignment with internal security − Complexity of integration © 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 4
  6. 6. Cloud computing - assurance State of affairs Auditing of cloud computing environments requires specific knowledge due to the particular architecture (multi-tenant, processes), new technologies (advanced web technology, SOA and virtualisation) and changing organisational and legal aspects, and corresponding risks. The much-needed expertise and experience on cloud computing audits and risk management are scarce. Vendors and integrators focus purely on implementations. Various surveys show that large organisations are having the following questions regarding the cloud: − What are the main (security) risks and mitigations? − What are the possible solutions and suitable vendors? − What should be the migration strategy and architecture? © 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 5
  7. 7. Cloud computing - KPMG What does KPMG do? KPMG performs audits on customer’s side − Specific audits on cloud computing environments (security, performance, feasibility) − As part of the regular IT audits KPMG performs audits on vendor’s side − SAS70 audits − Certifications (ISO27001, ‘cloud computing quality marks’) KPMG performs risk assessments KPMG performs benchmarkings KPMG delivers high-quality, independent advisory services − Market research − Cloud computing strategies − Cloud architectures − Quality Assurance © 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 6
  8. 8. Cloud computing - contact Drs. Mike Chung RE Manager KPMG Advisory N.V. Tel: +31 6 1455 9916 E-mail: chung.mike@kpmg.nl Ing. John Hermans RE Associate Partner KPMG Advisory N.V. Tel: +31 6 5136 6389 E-mail: hermans.john@kpmg.nl © 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 7

×