The presentation outlines the evolution and benefits of cloud computing, highlighting significant cost savings and scalability. It also addresses various risks and security concerns associated with cloud services, including vendor lock-in and compliance issues. The necessity for effective governance, risk management, and assurance practices in cloud adoption is emphasized.

1. Cloud Computing – Benefits and Risks President, ISACA China Hong Kong Michael Yung

2. Evolution – Mainframe Computer Page 

3. Evolution – Mini Computer, PCs and Internet Page 

4. Evolution - Cloud Computing Page 

5. Next 25 Minutes Page  Pain Points Benefits Risks

6. Infrastructure Cost and Service Delivery Page  Pain Points

7. Pain Points Page  Keep It Running vs. Implement New Things

8. Pain Points Page  We Are Too Slow

9. Pain Points Page  Right Sizing

10. Pain Points Page 

11. Cloud Computing Page  Benefits

12. Cloud Computing Market Page  Estimation by IBM, 2009 84% Saving on H/W, labour, power

13. IT and Business Benefits Page  Highly abstracted H/W, S/W resources for pooling Near instant scalability, provisioning ‘ Service On demand’ A ‘Pay as you go’ billing system 1 2 3 4

14. Business Benefits Page  We are finally in sync with business

15. Cloud Computing Page  What Are the Risks ?

16. Applicability for Cloud Computing Page  Source: Federal Reserve System, USA System Type Scalability Availability Security Cloud Type Information site Medium Medium Low Public /Hybrid External Collaboration Medium Medium Medium Public /Hybrid Public research / survey Low Medium Medium Public /Hybrid Internal R&D Low Low Medium Public /Hybrid Disaster Recovery Medium Medium Medium Public /Hybrid Application Test and QA Low Medium Medium Private Application Development Low Medium Medium Private Production Applications High High Medium No Mission Critical Applications High High High No

17. Risks and Security Concerns Page  Vendor Lock In Poor SLA 3 rd Party access to Data Poor DR Plan Few tools, procedures or standard formats available for data and service portability Service level affects confidentiality and availability The needs to protect the intellectual property, trade secrets; and complied to regulations and laws in different geographical regions Business continuity and disaster recovery plans must be well documented and tested Service and contractual risks

18. Risks and Security Concerns Page  Integration / Bandwidth Encryption and Key Mgnt Testing and Monitoring Resource Allocation How to integrate the in-house systems to the Cloud ? High speed bandwidth ready ? Speedy encryption / decryption; Key management Provider may not allow you to do thorough PEN test, audit; Are there good monitoring tools available ? Overbooking, underbooking; Handling of DOS attack; Payment cap Technology risks

19. Cloud Computing Page  Addressing the Risks

20. Addressing the Risks Page  Service Level Agreement to address Handling, usage, storage, availability of data Business continuity and disaster recovery objectives Right to audit Reassess your IT Governance framework Meeting performance objectives Technology provisioning is aligned to business Risks are managed Inventory of Information Assets Classified, labeled

21. Assurance Considerations Page  Must demonstrate existence of effective and robust security controls Must prove that privacy controls are in place and able to prevent, detect and react to breaches Independent assurance from third-party audits and service auditor reports Ensure the compliance of various countries' laws, but at the same time able to access your own data when needed Transparency Certification Privacy Compliance

22. Take Away Messages Page  Many benefits - reduce costs, greater agility Need to assess business impact and risks Address the risk with legal, security and assurance professionals

23. Resources Page 

24. Questions ? Page  www.isaca.org www.isaca.org.hk [email_address] [email_address]

25. End of Presentation Page 