The document provides an extensive overview of cloud computing, defining its service models and key attributes, while highlighting its disruptive potential for traditional IT models. It analyzes different cloud deployment types (public, private, hybrid) and discusses the implications for chartered accountants, including regulatory compliance and risk management. Success stories illustrate the efficiency gains from adopting cloud services, with a call for businesses to experiment with cloud infrastructure.

1. 1
Cloud Computing
- The news buzzword
By: CA Anand Prakash Jangid

2. 2
Agenda
Check in
Cloud computing defined
Service models & Types
Chartered accountants and cloud computing
Check out

4. 4
The Future is not, What it used to
be

5. 5
Famous Technology Predictions
I think there is a world market for maybe five computers.‘
Thomas Watson, Chairman of IBM, 1943
‗There is no reason why anyone would want a computer in the home.‘
Ken Olson, Present, Chairman and founder of Digital Equipment Corporation,
1977
‗640K should be enough for anybody.‘
Bill Gates, 1981
‗So far, Java seems like a stinker to me…I have a hunch that it won't be a very
successful language.‘
Paul Graham, Author

6. 6
Check in
Cloud Computing has
the potential to disrupt IT
as we know it today.

7. 7
Agenda
Check in
Cloud computing defined
Service models & Types
Chartered accountants and cloud computing
Check out

8. 8

9. 9
What is Cloud Computing
“Cloud computing is a style of computing where
massively scalable IT-related capabilities are
provided as a service across the Internet to
multiple external customers”
“Cloud computing: A pool of abstracted, highly
scalable, and managed infrastructure capable of
hosting end-customer applications and billed
by consumption”
“Cloud computing is Web-based processing,
whereby shared resources, software, and
information are provided to computers and
other devices (such as smart phones) on
demand over the Internet.”

10. 10

11. 11

12. 12

13. 13
Cloud Computing viewpoints

14. 14
Conventional
Conventional cloud
Manually Provisioned Self-provisioned
Dedicated Hardware Shared Hardware
Fixed Capacity Elastic Capacity
Pay for Capacity Pay for Use
Capital & Operational Expenses Operational Expenses
Managed
Conventional model vs Cloud model

15. 15
Early uses: CPU Sharing example (SETI)
SETI –Search for Extra-Terrestrial Intelligence
•Initiative by Space Science Institute & Berkeley
university
•Uses screen-saver CPU time for
▫analyze radio signals from space
▫present results as a very cool (geek oriented)
screen-saver
•One of the first wide-spread examples of
distributing processing tasks over the internet
to simple users PCs

16. 16
S3 Launches/EC2
Launch of Amazon web services
The arrival of Salesforce.com
Supercomputers/Mainframe
2006
2002
1990
1960
Google App / Azure
2008 - 2009
The first milestone for Cloud Computing
Launches of Google App
Engine/Windows Azure Beta
Evolution of Cloud Computing

17. 17
• Shared / pooled resources
• Broad network access
• On-demand self-service
• Scalable and elastic
• Metered by use
Five Key Cloud Attributes:

18. 18
• Resources are drawn from a common pool
• Common resources build economies of scale
• Common infrastructure runs at high efficiency
Shared / Pooled Resources:

19. 19
• Open standards and APIs
• Almost always IP, HTTP, and REST
• Available from anywhere with an internet connection
Broad Network Access:

20. 20
• Completely automated
• Users abstracted from the implementation
• Near real-time delivery (seconds or minutes)
• Services accessed through a self-serve
• web interface
On-Demand Self-Service:

21. 21
• Resources dynamically-allocated between users
• Additional resources dynamically-released when needed
• Fully automated
Scalable and Elastic:

22. 22
Services are metered, like a utility
Users pay only for services used
Services can be cancelled at any time
Metered by Use:

23. 23
Some success stories
GE:
Global procurement hosting 500k suppliers and 100k users in six languages on SaaS
platform to manage $55B/yr in spend
Eli Lilly :
Using Amazon Web Services can deploy a new server in 3min vs 50days and a 64-node
Linux cluster in 5min vs 100days
Nasdaq:
Using Amazon Storage to store 30-80GB/day of trading activity

24. 24
Agenda
Check in
Cloud computing defined
Service models & Types
Chartered accountants and cloud computing
Check out

25. 25

26. 26

27. 27

28. 28

29. 29

30. 30
• Owned and managed by the enterprise
• Limits access to enterprise and partner network
• Retains high degree of control, privacy and security
• Enables business to more easily customize service
• Accessed from "inside" the firewall
Private Cloud

31. 31
Public Cloud
• Owned and managed by service provider
• Delivers select set business process, application or
infrastructure services on a ―pay per use‖ basis
• Highly standardized
• Limited customization options
• Accessed from "outside" the firewall

32. 32
Hybrid Cloud
• A hybrid infrastructure takes advantage of both public and private clouds:
• Services provided over the Internet—the public cloud
• Services provided by the enterprise data center—the private cloud

33. 33
SaaS
PaaS
IaaS
Amazon Google Microsoft Salesforce
Service Delivery Model Examples
Products and companies shown for illustrative purposes only and should not
be construed as an endorsement

34. 34
Agenda
Check in
Cloud computing defined
Service models & Types
Chartered accountants and cloud computing
Check out

35. 35
Cloud computing and Chartered Accountants

36. 36
• Regulatory compliance
• Conflicts with international privacy laws,
• Data ownership & location
• Data Segregation
• Service guarantees & lack of control
• Contingency planning / disaster recovery for clouds
• Investigative support
• Privilege user access
• Long term viability(going concern for Service provider)
• IT general controls
Why should we worry

37. 37
New role envisaged for Internal audit/Risk
management team

38. 38
• Business case for moving to cloud
• How does this align to business need
• Understanding the current state of system and
data
Being part of the cloud strategy

39. 39
• Who manages the vendor relationship
• How the asset are protected
• How is the responsibility divided
• Impact on the present disaster recovery plan
• How the vendor manage multi client environment
• Where is the data physically stored
• Impact of change in technology
• Gap in the risk & controls of the vendors
Evaluating vendors

40. 40
• Defining and managing the SLA and OLA
• What are your and cloud service provider compliance
responsibility
• How are incident managed
• How often are the data backed up
• Who determine the user access right to data(BBMP
example)
Implementation of cloud computing model

41. 41
• Process of managing the SLA and OLA with the
vendor
• How are the contractual control requirement are
managed
• Other related issue
Last but not least …Monitoring the vendor

42. 42
Some illustration of the cloud risk ranking

43. 43
Attribute High (5) Med (3) Low (1)
Deployment Model Public Community Private
Service Model IaaS PaaS SaaS
Data Security level Secret Restricted Unclassified
Physical Hosting Site Undefined Int'l Location Domestic Location
SOX Critical Yes No
Dependent Apps Greater than 10 4 to 10 0 to 3
Recovery Time 4 Hours 7 Days 31 Days
Region Supported Europe or Global US All other
Cloud Risk Ranking Example

44. 44
Deployment Model Considerations
High Medium Low
Deploy
Model
Public Community Private
- Security and privacy are not a priority
- Service level agreements may not exist
- Private environments provide
adequate security and privacy
- Service level agreements should exist
Public
Private

45. 45
Service Model Considerations
High Medium Low
Service
Model
IaaS PaaS SaaS
- Issues may impact all hosted applications and
data
- No control over foundational general controls
- PaaS - Impact limited to outsourced platform
- SaaS - Impact limited to applications and data
IaaS
SaaS

46. 46
Data Security Considerations
High Medium Low
Security
Level
Secret Restricted Unclassified
- Difficult to enforce security standards when outsourcing
- Difficult to demonstrate compliance with regulations
- Security and privacy is not a concern (good
candidate for cloud computing)
Secret
Unclassified

47. 47
Dependent Applications
High Medium Low
Number of
Apps
Greater than 10 4 to 9 Less than 3
- Implies complexity and greater organizational
significance
- Implies simplicity and less organizational
significance
> 10
< 3

48. 48
Recovery Time Objectives (RTO) Considerations
High Medium Low
RTO 4 Hours 7 days 31 Days
Implies increased business importance
Cloud provider may lack geographic diversity
Single points of failure may exist in network
Implies lower business importance - good
candidate for cloud computing
4 Hours
31 Days

49. 49
Regions Supported Considerations
High Medium Low
Region Europe or Global United States All Other
- Strictest cross border data protection
regulations – can be at odds with abstract
cloud computing
- ―Other‖ countries may have less
restrictive cross border data protection
regulations
Europe
/ Global
All Other

50. 50
Agenda
Check in
Cloud computing defined
Service models & Types
Chartered accountants and cloud computing
Check out

51. 51
Check out
Start
experimenting
with the cloud.
Be prepared for
your business
to experiment
with it.
Let them know
what you want.
Leverage the
cloud
infrastructure
internally.
Build your own
cloud.

52. 52
Questions???

53. 53
Reference
www.Cloudsecurityalliance.com
www.NIST.gov
www.opencloudconsortium.org
www.csoonline.com

54. 54
Thank you
anand@quadrisk.com
+91-9620233516