SlideShare a Scribd company logo

Cloud and challenges isacakenya

Download as PPTX, PDF
Tonny Omwansa
Tonny Omwansa

This document summarizes a presentation on cloud and security challenges given by Dr. Tonny K. Omwansa at the ISACA Kenya conference in May 2014. The presentation covered an overview of cloud computing, the results of a study on cloud penetration in Kenya, and security challenges and solutions related to cloud computing. Some key findings from the study included that 69% of organizations in Kenya use some form of cloud, with private cloud being more common than public cloud. The top security concerns related to cloud computing were around traditional security issues, availability concerns, and lack of control and transparency with third-party data in the cloud. Recommendations focused on developing cloud strategies, policies, skills and awareness to better facilitate cloud adoption in Kenya

1 of 27
Cloud & Security challenges Dr. Tonny K. Omwansa School of computing and Informatics University of Nairobi tomwansa@uonbi.ac.ke @tomwansa ISACA Kenya conference May 2014
Overview Presentation format 1. Cloud Overview 2. Cloud Penetration in Kenya – Study 3. Security Challenges and some solutions
Not ISACA Member: ICT Resources provided on demand... ISACA member + CISA: ‘an elastic execution environment of resources involving multiple stakeholders and providing a metered service at multiple granularities for a specified level of quality of service’ ISACA Chapter President: ‘A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction’ Cloud
Cloud Overview: Here to stay… Jeffrey, K. & Neidecker – lutz, B. (2009)
Cloud Benefits Non-Functional aspects Economic considerations Technological benefits Elasticity Cost Reduction Flexibility Reliability Pay per use Multi-tenancy Quality of Service Improved time to market Virtualization Agility Return on investment Location independence Adaptability Turning CAPEX into OPEX Infrastructure independency Availability Going Green Adaptability
Cloud terms • Infrastructure as a Service (IaaS): Computing resources used by others to deliver business solutions. • Platform as a Service (PaaS): Black-box services developers can use to build applications • Software as a Service (SaaS): Provider hosts software to be hired • Public Cloud: Shared infrastructure with pay-as-you-go economics Provider makes resources available on demand, over public Internet • Private Cloud: Delivers services entirely within a firewall of an organization • Hybrid and Community Clouds: Elements of public and private
Cloud In Kenya - Study • Objectives – Investigate current status of CC adoption in Kenya – Establish gaps/challenges in adoption and impact of cloud computing – Make recommendations to better grow the sub-sector • Justification – Hardly any research has been done in this area – Need to understand gaps/challenges – We need policies informed more by solid research Medium & large businesses using cloud services [top three in Africa - 2013 Cisco survey] 50% in South Africa 48% in Kenya 36% in Nigeria
Approach Scope: – Institutions that have a physical presence in Nairobi • Most HQs are in Nairobi • Budget limits • Not national representative – Respondents • Providers – Infrastructure as a Service (IaaS) – Software as a Service (SaaS) – Platform as a Service (PaaS). • Consumers – Public cloud – Private clouds. • Policy makers
Conceptual Framework DETERMINANTS: Affect cloud performance & its outcomes/impacts >Deployed Technologies Investment cost, Reliability, Agility, Usability, Technology availability & Sustainability >Local firms technology capabilities >Policy and legal frameworks Availability, Flexibility, Comprehensiveness, Effectivenes >Market Certain actors dominating, Availability, Readiness >Institutional legitimacy to the cloud Government support , Institutional innovation culture
Conceptual Framework STRATEGIES/ACTIONS OF CC ACTORS: Instrumental in delivering cloud outcomes/impact • Costing • Promotion • Training and capacity development • Adoption • Usage • Cloud-related entrepreneurship • Deployment decisions (e.g. open source or proprietary solutions
Conceptual Framework OUTCOMES/IMPACTS OF CC: The ‘value’ created by the cloud • Improved operational efficiency • New products and services • Extended/enhanced market reach • Export of cloud related services • Job creation • Enhanced security enhancement
Sampling Quantitative – 207 organ’s identified – 60 sampled – 54 participated Qualitative – 12 in-depth interviews planned with industry leaders – 7 were available Cloud computing stakeholders’ taxonomy
Data collection • Extensive desktop research & literature review • Conceptual framework transformed to 5 point likert scale questionnaire • Collection between October 10th, 2013 and November 10th, 2013 • ICT Managers, Information Security Managers, Network Administrators or Chief Information Officers were interviewed Category Population Sample Government entities 14 8 Banks 10 4 Consulting firms 5 4 Insurance firms 10 4 Hospitals 9 4 Universities 10 4 Business & Industries 24 8 Tech companies 25 8 SaaS Companies 11 8 PaaS Companies 3 0 IaaS Companies 18 8 Total 207 60
Findings • Cloud computing has been around since 2000 – most organizations adopted between 2010 & 2011 – 69% use some form of cloud. • Private cloud is more pronounced than public. • IaaS option is the most prominent Year 2000 (2) Year 2006 (2) Year 2009 (4) Year 2010 (9) Year 2011( 12) Year 2012 (4) Year 2013( 4) Cloud Deployment
Findings Three skills lacking in the Kenyan market: • Security (networks, data etc) skills [highest] • Cloud architecture and design skills • Storage and virtualization skills Cloud value is appreciated Skills gap Cloud reliability What determines cloud reliability offered? • reliable connectivity and infrastructure • dependable technical support • systems uptime [power?] 0% 20% 40% 60% 80% 100% Providing/utilising cloud services is sustainable More agile than traditional solutions Cloud technologies received are reliable
Findings Policy, Legal frameworks & Standards • 80% did not know of any policy framework • 80% did not know of any legal framework • The few how knew about policy framework, also knew about legal • 75% not aware of any standards Those who know a framework Agree Policy framework gives you flexibility to exploit CC as you wish? 27% Existing policy framework is comprehensive 27% Policy framework is effective enough to facilitate growth in the sub-sector 45% Legal framework give you flexibility to exploit CC as you wish? 33% Legal framework is comprehensive 33% Legal framework is effective enough to facilitate growth in the sub-sector 16%
Findings Policy, Legal frameworks recommendations by respondents Policy Legal Increased awareness of availability & power of CC Mechanisms for controlling cyber crime & offenders Guidelines for enforcing security, privacy and standards Mechanisms for guaranteeing privacy Guidelines for service level agreements Mechanisms to enforce service level agreements Appropriate licensing and certification of providers Mechanisms for conflict resolutions and addressing liability Mostly suggest that ordinary consumers are anxious and sensitive about their data.
Findings Markets • Market is ready for cloud: 90% say YES • Largest consumers: – Financial and telecommunication sectors – Education and government are moderate users • Majority of Kenyans are unaware of CC and its benefits • There are many misconceptions about cloud technology • Safaricom, Dimension Data and KDN are market leaders Support received • Government support has been generic, e.g. development of infrastructure like fibre connectivity • Some financial support has been received • Many not aware of government initiatives towards CC development
Conclusions & Recommendations • Assessment of Kenya’s cloud readiness: – clearly understand the national status through an elaborate national study. • Develop national cloud strategy: – focus on capacity building, architectures and implementation. • Government to champion cloud services: – set pace for better uptake by private sector. • Enhance relevant legal & regulatory frameworks: – protect of users, address cyber security challenges, – guarantee secure online payments, privacy, data security • Develop human resource capacity: – technical skills, legal skills, management skills • Enhance awareness of cloud technologies: – through a multi-stakeholder approach, – demystified the technology
Security concerns • Each benefits of cloud, comes with potential several risks! – Infrastructure independency – Flexibility and Adaptability – Location independence – Multi-tenancy – Virtualization – etc • Traditional security mechanisms - identity, - authentication, - authorization are no longer enough for clouds
Security concerns: 3 Classes 1. Traditional security concerns: • Computer and network intrusions made possible or easier by moving to cloud • Huge array of attacks – from Authentication to Phishing cloud provider • Conducting Forensics in the cloud can be complicated – E.g. data gets overwritten easily and fast.
Security concerns 2. Availability concerns: • Will critical applications and data be available? – Gmail’s one-day outage in mid-October 2008 • Maintaining the uptime • Denial of service attacks • Ensuring robustness of computational integrity
Security concerns 3. Third Party Data Control • Legal implications of 3rd party holding data & applications – complex and not well understood. • Potential lack of control & transparency when a third party holds the data – Can provider guarantee that data has been deleted? – Can provider guarantee response time? – Is there sufficient transparency in the operations of cloud provider for auditing purposes? – On-site audit in distributed & dynamic multi-tenant computing environment spread all over the globe is a major challenge. – Regulations can require data & operations remain in certain geographic locations. – Can theft of company information by the cloud provider happen? – etc
Security Concerns: Solutions • Role of Providers: – ensure that customers will continue to have the same security and privacy controls – provide evidence to customers that organization are secure – guarantee to meet their service-level agreements – prove compliance to auditors and regulations
• Role of Consumers: Stage 1: – think about data security from content instead of location • security regulations become consistent no matter where data resides. – a three-step process: 1. Establish high-level information security policies to protect data 2. Establish more granular compliance-related policies for specific departments, e.g finance and human resources 3. Establish processes for auditing & improving policy effectiveness Security Concerns: Solutions
• Role of Consumers: Stage 2: – Look at what third-party service providers can contribute. – Similar to outsourcing procurement plans. – Involves: • conduct cost/benefit analysis • ensure third-party service aligns with business objectives • identify regulatory and privacy requirements • developing a contingency plan/exit strategy Security Concerns: Solutions
Keep critical data local, otherwise take to public cloud Bottom line: Develop a Cloud Strategy Thank You! @tomwansa END

Recommended

Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
scoopnewsgroup
 
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
Phil Agcaoili
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
ITpreneurs
 
The importance of Wi-Fi to students - Hewlett Packard Enterprise - Networkshop44
The importance of Wi-Fi to students - Hewlett Packard Enterprise - Networkshop44The importance of Wi-Fi to students - Hewlett Packard Enterprise - Networkshop44
The importance of Wi-Fi to students - Hewlett Packard Enterprise - Networkshop44
Jisc
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
KBIZEAU
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Ariel Litvin - CCSK
Ariel Litvin - CCSKAriel Litvin - CCSK
Ariel Litvin - CCSK
CSAIsrael
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
Norbi Hegedus
 

Recommended

Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
scoopnewsgroup
 
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
Phil Agcaoili
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
ITpreneurs
 
The importance of Wi-Fi to students - Hewlett Packard Enterprise - Networkshop44
The importance of Wi-Fi to students - Hewlett Packard Enterprise - Networkshop44The importance of Wi-Fi to students - Hewlett Packard Enterprise - Networkshop44
The importance of Wi-Fi to students - Hewlett Packard Enterprise - Networkshop44
Jisc
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
KBIZEAU
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Ariel Litvin - CCSK
Ariel Litvin - CCSKAriel Litvin - CCSK
Ariel Litvin - CCSK
CSAIsrael
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
Norbi Hegedus
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
Jisc
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
Peter HJ van Eijk
 
Ohm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshareOhm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshare
Peter HJ van Eijk
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud final
guest50a642f
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
Padma Jella
 
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
Eduardo Gonzalez Loumiet, MBA, PMP, CPHIMS
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
stacybre
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44
Jisc
 
Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology
Mekhi Da ‘Quay Daniels
 
Cloud computing risk & challenges
Cloud computing risk & challengesCloud computing risk & challenges
Cloud computing risk & challenges
Parag Deodhar
 
Is cloud computing really ready for prime time
Is cloud computing really ready for prime timeIs cloud computing really ready for prime time
Is cloud computing really ready for prime time
Vaishnavi
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
Anchises Moraes
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
Danny Miller
 
Internet of things
Internet of thingsInternet of things
Internet of things
Satish Chavan
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
Jody Keyser
 
Energy sector cybersecurity framework implementation guidance final 01-05-15
Energy sector cybersecurity framework implementation guidance final 01-05-15Energy sector cybersecurity framework implementation guidance final 01-05-15
Energy sector cybersecurity framework implementation guidance final 01-05-15
Dr Dev Kambhampati
 
Wireless Mobility
Wireless MobilityWireless Mobility
Wireless Mobility
ControlEng
 
InsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in InsuranceInsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in Insurance
Phil Reynolds
 
G0314043
G0314043G0314043
G0314043
iosrjournals
 
Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids
Real-Time Innovations (RTI)
 
Cloud computing in kenya
Cloud computing in kenyaCloud computing in kenya
Cloud computing in kenya
Tonny Omwansa
 
Cloud migration
Cloud migrationCloud migration
Cloud migration
christen gumbi
 

More Related Content

What's hot

eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
Jisc
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
Peter HJ van Eijk
 
Ohm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshareOhm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshare
Peter HJ van Eijk
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud final
guest50a642f
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
Padma Jella
 
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
Eduardo Gonzalez Loumiet, MBA, PMP, CPHIMS
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
stacybre
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44
Jisc
 
Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology
Mekhi Da ‘Quay Daniels
 
Cloud computing risk & challenges
Cloud computing risk & challengesCloud computing risk & challenges
Cloud computing risk & challenges
Parag Deodhar
 
Is cloud computing really ready for prime time
Is cloud computing really ready for prime timeIs cloud computing really ready for prime time
Is cloud computing really ready for prime time
Vaishnavi
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
Anchises Moraes
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
Danny Miller
 
Internet of things
Internet of thingsInternet of things
Internet of things
Satish Chavan
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
Jody Keyser
 
Energy sector cybersecurity framework implementation guidance final 01-05-15
Energy sector cybersecurity framework implementation guidance final 01-05-15Energy sector cybersecurity framework implementation guidance final 01-05-15
Energy sector cybersecurity framework implementation guidance final 01-05-15
Dr Dev Kambhampati
 
Wireless Mobility
Wireless MobilityWireless Mobility
Wireless Mobility
ControlEng
 
InsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in InsuranceInsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in Insurance
Phil Reynolds
 
G0314043
G0314043G0314043
G0314043
iosrjournals
 
Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids
Real-Time Innovations (RTI)
 

What's hot (20)

eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
 
Ohm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshareOhm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshare
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud final
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
 
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44
 
Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology
 
Cloud computing risk & challenges
Cloud computing risk & challengesCloud computing risk & challenges
Cloud computing risk & challenges
 
Is cloud computing really ready for prime time
Is cloud computing really ready for prime timeIs cloud computing really ready for prime time
Is cloud computing really ready for prime time
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
 
Energy sector cybersecurity framework implementation guidance final 01-05-15
Energy sector cybersecurity framework implementation guidance final 01-05-15Energy sector cybersecurity framework implementation guidance final 01-05-15
Energy sector cybersecurity framework implementation guidance final 01-05-15
 
Wireless Mobility
Wireless MobilityWireless Mobility
Wireless Mobility
 
InsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in InsuranceInsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in Insurance
 
G0314043
G0314043G0314043
G0314043
 
Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids
 

Similar to Cloud and challenges isacakenya

Cloud computing in kenya
Cloud computing in kenyaCloud computing in kenya
Cloud computing in kenya
Tonny Omwansa
 
Cloud migration
Cloud migrationCloud migration
Cloud migration
christen gumbi
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
Indonesia Honeynet Chapter
 
Ph d abstract
Ph d abstractPh d abstract
Ph d abstract
Bapuji Valaboju
 
cloud abstract
cloud abstractcloud abstract
cloud abstract
Bapuji Valaboju
 
Shift to Application & Infrastructure Hosting
Shift to Application & Infrastructure HostingShift to Application & Infrastructure Hosting
Shift to Application & Infrastructure Hosting
techzimslides
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
promediakw
 
Cloud Computing - A future prerogative
Cloud Computing - A future prerogativeCloud Computing - A future prerogative
Cloud Computing - A future prerogative
Wayne Poggenpoel
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behind
Matt Mandich
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Razib M
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
Ciente
 
ACS cloud discussion paper
ACS cloud discussion paperACS cloud discussion paper
ACS cloud discussion paper
Roland Padilla
 
EMC Perspective: What Customers Seek from Cloud Services Providers
EMC Perspective: What Customers Seek from Cloud Services ProvidersEMC Perspective: What Customers Seek from Cloud Services Providers
EMC Perspective: What Customers Seek from Cloud Services Providers
EMC
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
Moshe Ferber
 
What Cloud Computing means to the future of organisations – A perspective fro...
What Cloud Computing means to the future of organisations – A perspective fro...What Cloud Computing means to the future of organisations – A perspective fro...
What Cloud Computing means to the future of organisations – A perspective fro...
itnewsafrica
 
Cloud Computing and Data Governance
Cloud Computing and Data GovernanceCloud Computing and Data Governance
Cloud Computing and Data Governance
Trillium Software
 
Cloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A PerspectiveCloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A Perspective
Cognizant
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
Mark Williams
 

Similar to Cloud and challenges isacakenya (20)

Cloud computing in kenya
Cloud computing in kenyaCloud computing in kenya
Cloud computing in kenya
 
Cloud migration
Cloud migrationCloud migration
Cloud migration
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
Ph d abstract
Ph d abstractPh d abstract
Ph d abstract
 
cloud abstract
cloud abstractcloud abstract
cloud abstract
 
Shift to Application & Infrastructure Hosting
Shift to Application & Infrastructure HostingShift to Application & Infrastructure Hosting
Shift to Application & Infrastructure Hosting
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
Cloud Computing - A future prerogative
Cloud Computing - A future prerogativeCloud Computing - A future prerogative
Cloud Computing - A future prerogative
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behind
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
 
ACS cloud discussion paper
ACS cloud discussion paperACS cloud discussion paper
ACS cloud discussion paper
 
EMC Perspective: What Customers Seek from Cloud Services Providers
EMC Perspective: What Customers Seek from Cloud Services ProvidersEMC Perspective: What Customers Seek from Cloud Services Providers
EMC Perspective: What Customers Seek from Cloud Services Providers
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
What Cloud Computing means to the future of organisations – A perspective fro...
What Cloud Computing means to the future of organisations – A perspective fro...What Cloud Computing means to the future of organisations – A perspective fro...
What Cloud Computing means to the future of organisations – A perspective fro...
 
Cloud Computing and Data Governance
Cloud Computing and Data GovernanceCloud Computing and Data Governance
Cloud Computing and Data Governance
 
Cloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A PerspectiveCloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A Perspective
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 

Recently uploaded

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 

Recently uploaded (20)

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 

Cloud and challenges isacakenya

  • 1. Cloud & Security challenges Dr. Tonny K. Omwansa School of computing and Informatics University of Nairobi tomwansa@uonbi.ac.ke @tomwansa ISACA Kenya conference May 2014
  • 2. Overview Presentation format 1. Cloud Overview 2. Cloud Penetration in Kenya – Study 3. Security Challenges and some solutions
  • 3. Not ISACA Member: ICT Resources provided on demand... ISACA member + CISA: ‘an elastic execution environment of resources involving multiple stakeholders and providing a metered service at multiple granularities for a specified level of quality of service’ ISACA Chapter President: ‘A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction’ Cloud
  • 4. Cloud Overview: Here to stay… Jeffrey, K. & Neidecker – lutz, B. (2009)
  • 5. Cloud Benefits Non-Functional aspects Economic considerations Technological benefits Elasticity Cost Reduction Flexibility Reliability Pay per use Multi-tenancy Quality of Service Improved time to market Virtualization Agility Return on investment Location independence Adaptability Turning CAPEX into OPEX Infrastructure independency Availability Going Green Adaptability
  • 6. Cloud terms • Infrastructure as a Service (IaaS): Computing resources used by others to deliver business solutions. • Platform as a Service (PaaS): Black-box services developers can use to build applications • Software as a Service (SaaS): Provider hosts software to be hired • Public Cloud: Shared infrastructure with pay-as-you-go economics Provider makes resources available on demand, over public Internet • Private Cloud: Delivers services entirely within a firewall of an organization • Hybrid and Community Clouds: Elements of public and private
  • 7. Cloud In Kenya - Study • Objectives – Investigate current status of CC adoption in Kenya – Establish gaps/challenges in adoption and impact of cloud computing – Make recommendations to better grow the sub-sector • Justification – Hardly any research has been done in this area – Need to understand gaps/challenges – We need policies informed more by solid research Medium & large businesses using cloud services [top three in Africa - 2013 Cisco survey] 50% in South Africa 48% in Kenya 36% in Nigeria
  • 8. Approach Scope: – Institutions that have a physical presence in Nairobi • Most HQs are in Nairobi • Budget limits • Not national representative – Respondents • Providers – Infrastructure as a Service (IaaS) – Software as a Service (SaaS) – Platform as a Service (PaaS). • Consumers – Public cloud – Private clouds. • Policy makers
  • 9. Conceptual Framework DETERMINANTS: Affect cloud performance & its outcomes/impacts >Deployed Technologies Investment cost, Reliability, Agility, Usability, Technology availability & Sustainability >Local firms technology capabilities >Policy and legal frameworks Availability, Flexibility, Comprehensiveness, Effectivenes >Market Certain actors dominating, Availability, Readiness >Institutional legitimacy to the cloud Government support , Institutional innovation culture
  • 10. Conceptual Framework STRATEGIES/ACTIONS OF CC ACTORS: Instrumental in delivering cloud outcomes/impact • Costing • Promotion • Training and capacity development • Adoption • Usage • Cloud-related entrepreneurship • Deployment decisions (e.g. open source or proprietary solutions
  • 11. Conceptual Framework OUTCOMES/IMPACTS OF CC: The ‘value’ created by the cloud • Improved operational efficiency • New products and services • Extended/enhanced market reach • Export of cloud related services • Job creation • Enhanced security enhancement
  • 12. Sampling Quantitative – 207 organ’s identified – 60 sampled – 54 participated Qualitative – 12 in-depth interviews planned with industry leaders – 7 were available Cloud computing stakeholders’ taxonomy
  • 13. Data collection • Extensive desktop research & literature review • Conceptual framework transformed to 5 point likert scale questionnaire • Collection between October 10th, 2013 and November 10th, 2013 • ICT Managers, Information Security Managers, Network Administrators or Chief Information Officers were interviewed Category Population Sample Government entities 14 8 Banks 10 4 Consulting firms 5 4 Insurance firms 10 4 Hospitals 9 4 Universities 10 4 Business & Industries 24 8 Tech companies 25 8 SaaS Companies 11 8 PaaS Companies 3 0 IaaS Companies 18 8 Total 207 60
  • 14. Findings • Cloud computing has been around since 2000 – most organizations adopted between 2010 & 2011 – 69% use some form of cloud. • Private cloud is more pronounced than public. • IaaS option is the most prominent Year 2000 (2) Year 2006 (2) Year 2009 (4) Year 2010 (9) Year 2011( 12) Year 2012 (4) Year 2013( 4) Cloud Deployment
  • 15. Findings Three skills lacking in the Kenyan market: • Security (networks, data etc) skills [highest] • Cloud architecture and design skills • Storage and virtualization skills Cloud value is appreciated Skills gap Cloud reliability What determines cloud reliability offered? • reliable connectivity and infrastructure • dependable technical support • systems uptime [power?] 0% 20% 40% 60% 80% 100% Providing/utilising cloud services is sustainable More agile than traditional solutions Cloud technologies received are reliable
  • 16. Findings Policy, Legal frameworks & Standards • 80% did not know of any policy framework • 80% did not know of any legal framework • The few how knew about policy framework, also knew about legal • 75% not aware of any standards Those who know a framework Agree Policy framework gives you flexibility to exploit CC as you wish? 27% Existing policy framework is comprehensive 27% Policy framework is effective enough to facilitate growth in the sub-sector 45% Legal framework give you flexibility to exploit CC as you wish? 33% Legal framework is comprehensive 33% Legal framework is effective enough to facilitate growth in the sub-sector 16%
  • 17. Findings Policy, Legal frameworks recommendations by respondents Policy Legal Increased awareness of availability & power of CC Mechanisms for controlling cyber crime & offenders Guidelines for enforcing security, privacy and standards Mechanisms for guaranteeing privacy Guidelines for service level agreements Mechanisms to enforce service level agreements Appropriate licensing and certification of providers Mechanisms for conflict resolutions and addressing liability Mostly suggest that ordinary consumers are anxious and sensitive about their data.
  • 18. Findings Markets • Market is ready for cloud: 90% say YES • Largest consumers: – Financial and telecommunication sectors – Education and government are moderate users • Majority of Kenyans are unaware of CC and its benefits • There are many misconceptions about cloud technology • Safaricom, Dimension Data and KDN are market leaders Support received • Government support has been generic, e.g. development of infrastructure like fibre connectivity • Some financial support has been received • Many not aware of government initiatives towards CC development
  • 19. Conclusions & Recommendations • Assessment of Kenya’s cloud readiness: – clearly understand the national status through an elaborate national study. • Develop national cloud strategy: – focus on capacity building, architectures and implementation. • Government to champion cloud services: – set pace for better uptake by private sector. • Enhance relevant legal & regulatory frameworks: – protect of users, address cyber security challenges, – guarantee secure online payments, privacy, data security • Develop human resource capacity: – technical skills, legal skills, management skills • Enhance awareness of cloud technologies: – through a multi-stakeholder approach, – demystified the technology
  • 20. Security concerns • Each benefits of cloud, comes with potential several risks! – Infrastructure independency – Flexibility and Adaptability – Location independence – Multi-tenancy – Virtualization – etc • Traditional security mechanisms - identity, - authentication, - authorization are no longer enough for clouds
  • 21. Security concerns: 3 Classes 1. Traditional security concerns: • Computer and network intrusions made possible or easier by moving to cloud • Huge array of attacks – from Authentication to Phishing cloud provider • Conducting Forensics in the cloud can be complicated – E.g. data gets overwritten easily and fast.
  • 22. Security concerns 2. Availability concerns: • Will critical applications and data be available? – Gmail’s one-day outage in mid-October 2008 • Maintaining the uptime • Denial of service attacks • Ensuring robustness of computational integrity
  • 23. Security concerns 3. Third Party Data Control • Legal implications of 3rd party holding data & applications – complex and not well understood. • Potential lack of control & transparency when a third party holds the data – Can provider guarantee that data has been deleted? – Can provider guarantee response time? – Is there sufficient transparency in the operations of cloud provider for auditing purposes? – On-site audit in distributed & dynamic multi-tenant computing environment spread all over the globe is a major challenge. – Regulations can require data & operations remain in certain geographic locations. – Can theft of company information by the cloud provider happen? – etc
  • 24. Security Concerns: Solutions • Role of Providers: – ensure that customers will continue to have the same security and privacy controls – provide evidence to customers that organization are secure – guarantee to meet their service-level agreements – prove compliance to auditors and regulations
  • 25. • Role of Consumers: Stage 1: – think about data security from content instead of location • security regulations become consistent no matter where data resides. – a three-step process: 1. Establish high-level information security policies to protect data 2. Establish more granular compliance-related policies for specific departments, e.g finance and human resources 3. Establish processes for auditing & improving policy effectiveness Security Concerns: Solutions
  • 26. • Role of Consumers: Stage 2: – Look at what third-party service providers can contribute. – Similar to outsourcing procurement plans. – Involves: • conduct cost/benefit analysis • ensure third-party service aligns with business objectives • identify regulatory and privacy requirements • developing a contingency plan/exit strategy Security Concerns: Solutions
  • 27. Keep critical data local, otherwise take to public cloud Bottom line: Develop a Cloud Strategy Thank You! @tomwansa END