SlideShare a Scribd company logo
Cloud & Security challenges
Dr. Tonny K. Omwansa
School of computing and Informatics
University of Nairobi
tomwansa@uonbi.ac.ke
@tomwansa
ISACA Kenya conference
May 2014
Overview
Presentation format
1. Cloud Overview
2. Cloud Penetration in Kenya – Study
3. Security Challenges and some solutions
Not ISACA Member:
ICT Resources provided on demand...
ISACA member + CISA:
‘an elastic execution environment of resources involving multiple
stakeholders and providing a metered service at multiple
granularities for a specified level of quality of service’
ISACA Chapter President:
‘A model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction’
Cloud
Cloud Overview: Here to stay…
Jeffrey, K. & Neidecker – lutz, B. (2009)
Cloud Benefits
Non-Functional aspects Economic considerations Technological benefits
Elasticity Cost Reduction Flexibility
Reliability Pay per use Multi-tenancy
Quality of Service Improved time to market Virtualization
Agility Return on investment Location independence
Adaptability Turning CAPEX into OPEX Infrastructure
independency
Availability Going Green Adaptability
Cloud terms
• Infrastructure as a Service (IaaS):
Computing resources used by others to deliver business solutions.
• Platform as a Service (PaaS):
Black-box services developers can use to build applications
• Software as a Service (SaaS):
Provider hosts software to be hired
• Public Cloud:
Shared infrastructure with pay-as-you-go economics
Provider makes resources available on demand, over public Internet
• Private Cloud:
Delivers services entirely within a firewall of an organization
• Hybrid and Community Clouds:
Elements of public and private
Cloud In Kenya - Study
• Objectives
– Investigate current status of CC adoption in Kenya
– Establish gaps/challenges in adoption and impact of cloud computing
– Make recommendations to better grow the sub-sector
• Justification
– Hardly any research has been done in this area
– Need to understand gaps/challenges
– We need policies informed more by solid research
Medium & large
businesses using cloud
services
[top three in Africa -
2013 Cisco survey]
50% in South Africa
48% in Kenya
36% in Nigeria
Approach
Scope:
– Institutions that have a physical presence in Nairobi
• Most HQs are in Nairobi
• Budget limits
• Not national representative
– Respondents
• Providers
– Infrastructure as a Service (IaaS)
– Software as a Service (SaaS)
– Platform as a Service (PaaS).
• Consumers
– Public cloud
– Private clouds.
• Policy makers
Conceptual Framework
DETERMINANTS:
Affect cloud performance & its outcomes/impacts
>Deployed Technologies
Investment cost, Reliability, Agility, Usability, Technology
availability & Sustainability
>Local firms technology capabilities
>Policy and legal frameworks
Availability, Flexibility, Comprehensiveness, Effectivenes
>Market
Certain actors dominating, Availability, Readiness
>Institutional legitimacy to the cloud
Government support , Institutional innovation culture
Conceptual Framework
STRATEGIES/ACTIONS OF CC ACTORS:
Instrumental in delivering cloud outcomes/impact
• Costing
• Promotion
• Training and capacity development
• Adoption
• Usage
• Cloud-related entrepreneurship
• Deployment decisions (e.g. open source or
proprietary solutions
Conceptual Framework
OUTCOMES/IMPACTS OF CC:
The ‘value’ created by the cloud
• Improved operational efficiency
• New products and services
• Extended/enhanced market reach
• Export of cloud related services
• Job creation
• Enhanced security enhancement
Sampling
Quantitative
– 207 organ’s identified
– 60 sampled
– 54 participated
Qualitative
– 12 in-depth
interviews planned
with industry leaders
– 7 were available
Cloud computing stakeholders’ taxonomy
Data collection
• Extensive desktop research & literature
review
• Conceptual framework transformed to 5
point likert scale questionnaire
• Collection between October 10th, 2013 and
November 10th, 2013
• ICT Managers, Information Security
Managers, Network Administrators or Chief
Information Officers were interviewed
Category Population Sample
Government entities 14 8
Banks 10 4
Consulting firms 5 4
Insurance firms 10 4
Hospitals 9 4
Universities 10 4
Business & Industries 24 8
Tech companies 25 8
SaaS Companies 11 8
PaaS Companies 3 0
IaaS Companies 18 8
Total 207 60
Findings
• Cloud computing has been
around since 2000
– most organizations
adopted between 2010
& 2011
– 69% use some form of
cloud.
• Private cloud is more
pronounced than public.
• IaaS option is the most
prominent
Year 2000 (2)
Year 2006 (2)
Year 2009 (4)
Year 2010 (9)
Year 2011(
12)
Year 2012 (4)
Year 2013( 4)
Cloud Deployment
Findings
Three skills lacking in the Kenyan market:
• Security (networks, data etc) skills [highest]
• Cloud architecture and design skills
• Storage and virtualization skills
Cloud value is appreciated
Skills gap Cloud reliability
What determines cloud reliability offered?
• reliable connectivity and infrastructure
• dependable technical support
• systems uptime [power?]
0% 20% 40% 60% 80% 100%
Providing/utilising cloud
services is sustainable
More agile than traditional
solutions
Cloud technologies received
are reliable
Findings
Policy, Legal frameworks & Standards
• 80% did not know of any policy framework
• 80% did not know of any legal framework
• The few how knew about policy framework, also knew about legal
• 75% not aware of any standards
Those who know a framework Agree
Policy framework gives you flexibility to exploit CC as you wish? 27%
Existing policy framework is comprehensive 27%
Policy framework is effective enough to facilitate growth in the sub-sector 45%
Legal framework give you flexibility to exploit CC as you wish? 33%
Legal framework is comprehensive 33%
Legal framework is effective enough to facilitate growth in the sub-sector 16%
Findings
Policy, Legal frameworks recommendations by respondents
Policy Legal
Increased awareness of availability &
power of CC
Mechanisms for controlling cyber crime
& offenders
Guidelines for enforcing security, privacy
and standards
Mechanisms for guaranteeing privacy
Guidelines for service level agreements Mechanisms to enforce service level
agreements
Appropriate licensing and certification
of providers
Mechanisms for conflict resolutions and
addressing liability
Mostly suggest that ordinary consumers are anxious and sensitive about their data.
Findings
Markets
• Market is ready for cloud: 90% say YES
• Largest consumers:
– Financial and telecommunication sectors
– Education and government are moderate users
• Majority of Kenyans are unaware of CC and its benefits
• There are many misconceptions about cloud technology
• Safaricom, Dimension Data and KDN are market leaders
Support received
• Government support has been generic, e.g. development of infrastructure
like fibre connectivity
• Some financial support has been received
• Many not aware of government initiatives towards CC development
Conclusions & Recommendations
• Assessment of Kenya’s cloud readiness:
– clearly understand the national status through an elaborate national study.
• Develop national cloud strategy:
– focus on capacity building, architectures and implementation.
• Government to champion cloud services:
– set pace for better uptake by private sector.
• Enhance relevant legal & regulatory frameworks:
– protect of users, address cyber security challenges,
– guarantee secure online payments, privacy, data security
• Develop human resource capacity:
– technical skills, legal skills, management skills
• Enhance awareness of cloud technologies:
– through a multi-stakeholder approach,
– demystified the technology
Security concerns
• Each benefits of cloud, comes with potential several risks!
– Infrastructure independency
– Flexibility and Adaptability
– Location independence
– Multi-tenancy
– Virtualization
– etc
• Traditional security mechanisms
- identity,
- authentication,
- authorization are no longer enough for clouds
Security concerns: 3 Classes
1. Traditional security concerns:
• Computer and network intrusions made possible or easier
by moving to cloud
• Huge array of attacks
– from Authentication to Phishing cloud provider
• Conducting Forensics in the cloud can be complicated
– E.g. data gets overwritten easily and fast.
Security concerns
2. Availability concerns:
• Will critical applications and data be available?
– Gmail’s one-day outage in mid-October 2008
• Maintaining the uptime
• Denial of service attacks
• Ensuring robustness of computational integrity
Security concerns
3. Third Party Data Control
• Legal implications of 3rd party holding data & applications
– complex and not well understood.
• Potential lack of control & transparency when a third party
holds the data
– Can provider guarantee that data has been deleted?
– Can provider guarantee response time?
– Is there sufficient transparency in the operations of cloud provider
for auditing purposes?
– On-site audit in distributed & dynamic multi-tenant computing
environment spread all over the globe is a major challenge.
– Regulations can require data & operations remain in certain
geographic locations.
– Can theft of company information by the cloud provider happen?
– etc
Security Concerns: Solutions
• Role of Providers:
– ensure that customers will continue to have the same security
and privacy controls
– provide evidence to customers that organization are secure
– guarantee to meet their service-level agreements
– prove compliance to auditors and regulations
• Role of Consumers:
Stage 1:
– think about data security from content instead of location
• security regulations become consistent no matter where data
resides.
– a three-step process:
1. Establish high-level information security policies to protect data
2. Establish more granular compliance-related policies for specific
departments, e.g finance and human resources
3. Establish processes for auditing & improving policy effectiveness
Security Concerns: Solutions
• Role of Consumers:
Stage 2:
– Look at what third-party service providers can contribute.
– Similar to outsourcing procurement plans.
– Involves:
• conduct cost/benefit analysis
• ensure third-party service aligns with business objectives
• identify regulatory and privacy requirements
• developing a contingency plan/exit strategy
Security Concerns: Solutions
Keep critical data local, otherwise take to public cloud
Bottom line: Develop a Cloud Strategy
Thank You!
@tomwansa
END

More Related Content

What's hot

eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
Jisc
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
Peter HJ van Eijk
 
Ohm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshareOhm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshare
Peter HJ van Eijk
 
Privacy issues in the cloud final
Privacy issues in the cloud   finalPrivacy issues in the cloud   final
Privacy issues in the cloud final
guest50a642f
 
Cloud computing Risk management
Cloud computing Risk management  Cloud computing Risk management
Cloud computing Risk management
Padma Jella
 
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
Eduardo Gonzalez Loumiet, MBA, PMP, CPHIMS
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
stacybre
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment  - Networkshop44Greenbone vulnerability assessment  - Networkshop44
Greenbone vulnerability assessment - Networkshop44
Jisc
 
Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS  The Dual Edged Sword of New Technology Cloud computing & IAAS  The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology
Mekhi Da ‘Quay Daniels
 
Cloud computing risk & challenges
Cloud computing risk & challengesCloud computing risk & challenges
Cloud computing risk & challenges
Parag Deodhar
 
Is cloud computing really ready for prime time
Is cloud computing really ready for prime timeIs cloud computing really ready for prime time
Is cloud computing really ready for prime time
Vaishnavi
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
Anchises Moraes
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
Danny Miller
 
Internet of things
Internet of thingsInternet of things
Internet of things
Satish Chavan
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
Jody Keyser
 
Energy sector cybersecurity framework implementation guidance final 01-05-15
Energy sector cybersecurity framework implementation guidance final 01-05-15Energy sector cybersecurity framework implementation guidance final 01-05-15
Energy sector cybersecurity framework implementation guidance final 01-05-15
Dr Dev Kambhampati
 
Wireless Mobility
Wireless MobilityWireless Mobility
Wireless Mobility
ControlEng
 
InsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in InsuranceInsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in Insurance
Phil Reynolds
 
G0314043
G0314043G0314043
G0314043
iosrjournals
 
Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids 	Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids
Real-Time Innovations (RTI)
 

What's hot (20)

eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
 
Ohm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshareOhm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshare
 
Privacy issues in the cloud final
Privacy issues in the cloud   finalPrivacy issues in the cloud   final
Privacy issues in the cloud final
 
Cloud computing Risk management
Cloud computing Risk management  Cloud computing Risk management
Cloud computing Risk management
 
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment  - Networkshop44Greenbone vulnerability assessment  - Networkshop44
Greenbone vulnerability assessment - Networkshop44
 
Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS  The Dual Edged Sword of New Technology Cloud computing & IAAS  The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology
 
Cloud computing risk & challenges
Cloud computing risk & challengesCloud computing risk & challenges
Cloud computing risk & challenges
 
Is cloud computing really ready for prime time
Is cloud computing really ready for prime timeIs cloud computing really ready for prime time
Is cloud computing really ready for prime time
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
 
Energy sector cybersecurity framework implementation guidance final 01-05-15
Energy sector cybersecurity framework implementation guidance final 01-05-15Energy sector cybersecurity framework implementation guidance final 01-05-15
Energy sector cybersecurity framework implementation guidance final 01-05-15
 
Wireless Mobility
Wireless MobilityWireless Mobility
Wireless Mobility
 
InsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in InsuranceInsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in Insurance
 
G0314043
G0314043G0314043
G0314043
 
Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids 	Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids
 

Similar to Cloud and challenges isacakenya

Cloud computing in kenya
Cloud computing in kenyaCloud computing in kenya
Cloud computing in kenya
Tonny Omwansa
 
Cloud migration
Cloud migrationCloud migration
Cloud migration
christen gumbi
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
Indonesia Honeynet Chapter
 
Ph d abstract
Ph d abstractPh d abstract
Ph d abstract
Bapuji Valaboju
 
cloud abstract
cloud abstractcloud abstract
cloud abstract
Bapuji Valaboju
 
Shift to Application & Infrastructure Hosting
Shift to Application & Infrastructure HostingShift to Application & Infrastructure Hosting
Shift to Application & Infrastructure Hosting
techzimslides
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
promediakw
 
Cloud Computing - A future prerogative
Cloud Computing - A future prerogativeCloud Computing - A future prerogative
Cloud Computing - A future prerogative
Wayne Poggenpoel
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behind
Matt Mandich
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Razib M
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
Ciente
 
ACS cloud discussion paper
ACS cloud discussion paperACS cloud discussion paper
ACS cloud discussion paper
Roland Padilla
 
EMC Perspective: What Customers Seek from Cloud Services Providers
EMC Perspective: What Customers Seek from Cloud Services ProvidersEMC Perspective: What Customers Seek from Cloud Services Providers
EMC Perspective: What Customers Seek from Cloud Services Providers
EMC
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
Moshe Ferber
 
What Cloud Computing means to the future of organisations – A perspective fro...
What Cloud Computing means to the future of organisations – A perspective fro...What Cloud Computing means to the future of organisations – A perspective fro...
What Cloud Computing means to the future of organisations – A perspective fro...
itnewsafrica
 
Cloud Computing and Data Governance
Cloud Computing and Data GovernanceCloud Computing and Data Governance
Cloud Computing and Data Governance
Trillium Software
 
Cloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A PerspectiveCloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A Perspective
Cognizant
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
Mark Williams
 

Similar to Cloud and challenges isacakenya (20)

Cloud computing in kenya
Cloud computing in kenyaCloud computing in kenya
Cloud computing in kenya
 
Cloud migration
Cloud migrationCloud migration
Cloud migration
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
Ph d abstract
Ph d abstractPh d abstract
Ph d abstract
 
cloud abstract
cloud abstractcloud abstract
cloud abstract
 
Shift to Application & Infrastructure Hosting
Shift to Application & Infrastructure HostingShift to Application & Infrastructure Hosting
Shift to Application & Infrastructure Hosting
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
Cloud Computing - A future prerogative
Cloud Computing - A future prerogativeCloud Computing - A future prerogative
Cloud Computing - A future prerogative
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behind
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
 
ACS cloud discussion paper
ACS cloud discussion paperACS cloud discussion paper
ACS cloud discussion paper
 
EMC Perspective: What Customers Seek from Cloud Services Providers
EMC Perspective: What Customers Seek from Cloud Services ProvidersEMC Perspective: What Customers Seek from Cloud Services Providers
EMC Perspective: What Customers Seek from Cloud Services Providers
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
What Cloud Computing means to the future of organisations – A perspective fro...
What Cloud Computing means to the future of organisations – A perspective fro...What Cloud Computing means to the future of organisations – A perspective fro...
What Cloud Computing means to the future of organisations – A perspective fro...
 
Cloud Computing and Data Governance
Cloud Computing and Data GovernanceCloud Computing and Data Governance
Cloud Computing and Data Governance
 
Cloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A PerspectiveCloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A Perspective
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 

Recently uploaded

Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 

Recently uploaded (20)

Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 

Cloud and challenges isacakenya

  • 1. Cloud & Security challenges Dr. Tonny K. Omwansa School of computing and Informatics University of Nairobi tomwansa@uonbi.ac.ke @tomwansa ISACA Kenya conference May 2014
  • 2. Overview Presentation format 1. Cloud Overview 2. Cloud Penetration in Kenya – Study 3. Security Challenges and some solutions
  • 3. Not ISACA Member: ICT Resources provided on demand... ISACA member + CISA: ‘an elastic execution environment of resources involving multiple stakeholders and providing a metered service at multiple granularities for a specified level of quality of service’ ISACA Chapter President: ‘A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction’ Cloud
  • 4. Cloud Overview: Here to stay… Jeffrey, K. & Neidecker – lutz, B. (2009)
  • 5. Cloud Benefits Non-Functional aspects Economic considerations Technological benefits Elasticity Cost Reduction Flexibility Reliability Pay per use Multi-tenancy Quality of Service Improved time to market Virtualization Agility Return on investment Location independence Adaptability Turning CAPEX into OPEX Infrastructure independency Availability Going Green Adaptability
  • 6. Cloud terms • Infrastructure as a Service (IaaS): Computing resources used by others to deliver business solutions. • Platform as a Service (PaaS): Black-box services developers can use to build applications • Software as a Service (SaaS): Provider hosts software to be hired • Public Cloud: Shared infrastructure with pay-as-you-go economics Provider makes resources available on demand, over public Internet • Private Cloud: Delivers services entirely within a firewall of an organization • Hybrid and Community Clouds: Elements of public and private
  • 7. Cloud In Kenya - Study • Objectives – Investigate current status of CC adoption in Kenya – Establish gaps/challenges in adoption and impact of cloud computing – Make recommendations to better grow the sub-sector • Justification – Hardly any research has been done in this area – Need to understand gaps/challenges – We need policies informed more by solid research Medium & large businesses using cloud services [top three in Africa - 2013 Cisco survey] 50% in South Africa 48% in Kenya 36% in Nigeria
  • 8. Approach Scope: – Institutions that have a physical presence in Nairobi • Most HQs are in Nairobi • Budget limits • Not national representative – Respondents • Providers – Infrastructure as a Service (IaaS) – Software as a Service (SaaS) – Platform as a Service (PaaS). • Consumers – Public cloud – Private clouds. • Policy makers
  • 9. Conceptual Framework DETERMINANTS: Affect cloud performance & its outcomes/impacts >Deployed Technologies Investment cost, Reliability, Agility, Usability, Technology availability & Sustainability >Local firms technology capabilities >Policy and legal frameworks Availability, Flexibility, Comprehensiveness, Effectivenes >Market Certain actors dominating, Availability, Readiness >Institutional legitimacy to the cloud Government support , Institutional innovation culture
  • 10. Conceptual Framework STRATEGIES/ACTIONS OF CC ACTORS: Instrumental in delivering cloud outcomes/impact • Costing • Promotion • Training and capacity development • Adoption • Usage • Cloud-related entrepreneurship • Deployment decisions (e.g. open source or proprietary solutions
  • 11. Conceptual Framework OUTCOMES/IMPACTS OF CC: The ‘value’ created by the cloud • Improved operational efficiency • New products and services • Extended/enhanced market reach • Export of cloud related services • Job creation • Enhanced security enhancement
  • 12. Sampling Quantitative – 207 organ’s identified – 60 sampled – 54 participated Qualitative – 12 in-depth interviews planned with industry leaders – 7 were available Cloud computing stakeholders’ taxonomy
  • 13. Data collection • Extensive desktop research & literature review • Conceptual framework transformed to 5 point likert scale questionnaire • Collection between October 10th, 2013 and November 10th, 2013 • ICT Managers, Information Security Managers, Network Administrators or Chief Information Officers were interviewed Category Population Sample Government entities 14 8 Banks 10 4 Consulting firms 5 4 Insurance firms 10 4 Hospitals 9 4 Universities 10 4 Business & Industries 24 8 Tech companies 25 8 SaaS Companies 11 8 PaaS Companies 3 0 IaaS Companies 18 8 Total 207 60
  • 14. Findings • Cloud computing has been around since 2000 – most organizations adopted between 2010 & 2011 – 69% use some form of cloud. • Private cloud is more pronounced than public. • IaaS option is the most prominent Year 2000 (2) Year 2006 (2) Year 2009 (4) Year 2010 (9) Year 2011( 12) Year 2012 (4) Year 2013( 4) Cloud Deployment
  • 15. Findings Three skills lacking in the Kenyan market: • Security (networks, data etc) skills [highest] • Cloud architecture and design skills • Storage and virtualization skills Cloud value is appreciated Skills gap Cloud reliability What determines cloud reliability offered? • reliable connectivity and infrastructure • dependable technical support • systems uptime [power?] 0% 20% 40% 60% 80% 100% Providing/utilising cloud services is sustainable More agile than traditional solutions Cloud technologies received are reliable
  • 16. Findings Policy, Legal frameworks & Standards • 80% did not know of any policy framework • 80% did not know of any legal framework • The few how knew about policy framework, also knew about legal • 75% not aware of any standards Those who know a framework Agree Policy framework gives you flexibility to exploit CC as you wish? 27% Existing policy framework is comprehensive 27% Policy framework is effective enough to facilitate growth in the sub-sector 45% Legal framework give you flexibility to exploit CC as you wish? 33% Legal framework is comprehensive 33% Legal framework is effective enough to facilitate growth in the sub-sector 16%
  • 17. Findings Policy, Legal frameworks recommendations by respondents Policy Legal Increased awareness of availability & power of CC Mechanisms for controlling cyber crime & offenders Guidelines for enforcing security, privacy and standards Mechanisms for guaranteeing privacy Guidelines for service level agreements Mechanisms to enforce service level agreements Appropriate licensing and certification of providers Mechanisms for conflict resolutions and addressing liability Mostly suggest that ordinary consumers are anxious and sensitive about their data.
  • 18. Findings Markets • Market is ready for cloud: 90% say YES • Largest consumers: – Financial and telecommunication sectors – Education and government are moderate users • Majority of Kenyans are unaware of CC and its benefits • There are many misconceptions about cloud technology • Safaricom, Dimension Data and KDN are market leaders Support received • Government support has been generic, e.g. development of infrastructure like fibre connectivity • Some financial support has been received • Many not aware of government initiatives towards CC development
  • 19. Conclusions & Recommendations • Assessment of Kenya’s cloud readiness: – clearly understand the national status through an elaborate national study. • Develop national cloud strategy: – focus on capacity building, architectures and implementation. • Government to champion cloud services: – set pace for better uptake by private sector. • Enhance relevant legal & regulatory frameworks: – protect of users, address cyber security challenges, – guarantee secure online payments, privacy, data security • Develop human resource capacity: – technical skills, legal skills, management skills • Enhance awareness of cloud technologies: – through a multi-stakeholder approach, – demystified the technology
  • 20. Security concerns • Each benefits of cloud, comes with potential several risks! – Infrastructure independency – Flexibility and Adaptability – Location independence – Multi-tenancy – Virtualization – etc • Traditional security mechanisms - identity, - authentication, - authorization are no longer enough for clouds
  • 21. Security concerns: 3 Classes 1. Traditional security concerns: • Computer and network intrusions made possible or easier by moving to cloud • Huge array of attacks – from Authentication to Phishing cloud provider • Conducting Forensics in the cloud can be complicated – E.g. data gets overwritten easily and fast.
  • 22. Security concerns 2. Availability concerns: • Will critical applications and data be available? – Gmail’s one-day outage in mid-October 2008 • Maintaining the uptime • Denial of service attacks • Ensuring robustness of computational integrity
  • 23. Security concerns 3. Third Party Data Control • Legal implications of 3rd party holding data & applications – complex and not well understood. • Potential lack of control & transparency when a third party holds the data – Can provider guarantee that data has been deleted? – Can provider guarantee response time? – Is there sufficient transparency in the operations of cloud provider for auditing purposes? – On-site audit in distributed & dynamic multi-tenant computing environment spread all over the globe is a major challenge. – Regulations can require data & operations remain in certain geographic locations. – Can theft of company information by the cloud provider happen? – etc
  • 24. Security Concerns: Solutions • Role of Providers: – ensure that customers will continue to have the same security and privacy controls – provide evidence to customers that organization are secure – guarantee to meet their service-level agreements – prove compliance to auditors and regulations
  • 25. • Role of Consumers: Stage 1: – think about data security from content instead of location • security regulations become consistent no matter where data resides. – a three-step process: 1. Establish high-level information security policies to protect data 2. Establish more granular compliance-related policies for specific departments, e.g finance and human resources 3. Establish processes for auditing & improving policy effectiveness Security Concerns: Solutions
  • 26. • Role of Consumers: Stage 2: – Look at what third-party service providers can contribute. – Similar to outsourcing procurement plans. – Involves: • conduct cost/benefit analysis • ensure third-party service aligns with business objectives • identify regulatory and privacy requirements • developing a contingency plan/exit strategy Security Concerns: Solutions
  • 27. Keep critical data local, otherwise take to public cloud Bottom line: Develop a Cloud Strategy Thank You! @tomwansa END