Risk management is essential for cloud computing due to security, privacy, availability and compliance risks. Organizations should thoroughly evaluate cloud vendors to ensure adequate controls over data access, regulatory compliance, privacy, disaster recovery, and contractual obligations. A risk-based approach is needed to determine which applications and data can be safely moved to the cloud. Major cloud providers like AWS have robust security and risk management programs, but due diligence is still required from organizations.
Infrastructure as a Service ( IaaS) is one of the three fundamental services in cloud computing. IaaS provides access to basic computing resources such as hardware- processor, storage , network cards and more
Cloud Security is critical to Data Security and Application Resilience against CyberAttacks. This talk looks at Security Best Practices that need to be practised.
This talk was presented at AWS Community Day Bengaluru 2019 by Amar Prusty, Cloud-Data Center Consultant Architect, DXC Technology
Infrastructure as a Service ( IaaS) is one of the three fundamental services in cloud computing. IaaS provides access to basic computing resources such as hardware- processor, storage , network cards and more
Cloud Security is critical to Data Security and Application Resilience against CyberAttacks. This talk looks at Security Best Practices that need to be practised.
This talk was presented at AWS Community Day Bengaluru 2019 by Amar Prusty, Cloud-Data Center Consultant Architect, DXC Technology
This presentation gives a detailed overview about Cloud Computing, its features and challenges faced by it in the market. It gives an insight into cloud security and privacy issues and its measures.
Analyze key aspects to be considered before embarking on your cloud journey. The presentation outlines the strategies, approach, and choices that need to be made, to ensure a smooth transition to the cloud.
Cloud Computing offers an on-demand and scalable access to a shared pool of resources hosted in a data center at providers’ site. It reduces the overheads of up-front investments and financial risks for the end-user. Regardless of the fact that cloud computing offers great advantages to the end users, there are several challenging issues that are mandatory to be addressed.
This is a basic presentation on Cyber Security & Hygiene with an aim to understanding the "abc" on the said topic. This could be helpful to students, teachers and IT community who seek the basics in most simplified way.
Cloud computing began to get both awareness and popularity in the early 2000s.
When the concept of cloud computing originally came to prominence most people did
not fully understand what role it fullled or how it helped an organization. In some
cases people still do not fully understand the concept of cloud computing. Cloud
computing can refer to business intelligence (BI), complex event processing (CEP),
service-oriented architecture (SOA), Software as a Service (SaaS), Web-oriented architecture
(WOA), and even Enterprise 2.0. With the advent and growing acceptance
of cloud-based applications like Gmail, Google Calendar, Flickr, Google Docs, and
Delicious, more and more individuals are now open to using a cloud computing environment
than ever before. As this need has continued to grow so has the support
and surrounding infrastructure needed to support it. To meet those needs companies
like Google, Microsoft, and Amazon have started growing server farms in order to
provide companies with the ability to store, process, and retrieve data while generating
income for themselves. To meet this need Google has brought on-line more
than a million servers in over 30 data centers across its global network. Microsoft
is also investing billions to grow its own cloud infrastructure. Microsoft is currently
adding an estimated 20,000 servers a month. With this amount of process, storage
and computing power coming online, the concept of cloud computing is more of a
reality than ever before. The growth of cloud computing had the net eect of businesses
migrating to a new way of managing their data infrastructure. This growth of
cloud computing capabilities has been described as driving massive centralization at
its deep center to take advantage of economies of scale in computing power, energy
consumption, cooling, and administration.
Along with accessibility and convenience, cloud-based IT resources also bring risk. This webinar provides you with a brief introduction on the development of cloud computing and the related business risks. Additionally, you will learn questions to ask to determine if your company is using cloud-based IT resources along with information on the formal assurance frameworks that exist and can be effectively employed by both cloud consumers and providers without specialized training.
Cloud Computing - A Pragmatic Approach to Cloud AdoptionBob Rhubart
The road to Cloud Computing is not without a few bumps. This session will help to smooth out your journey by tackling some of the potential complications. We'll examine whether standardization is a prerequisite for the Cloud. We'll look at why refactoring isn't just for application code. We'll check out deployable entities and their simplification via higher levels of abstraction. And we'll close out the session with a look at engineered systems and modular clouds.
This presentation gives a detailed overview about Cloud Computing, its features and challenges faced by it in the market. It gives an insight into cloud security and privacy issues and its measures.
Analyze key aspects to be considered before embarking on your cloud journey. The presentation outlines the strategies, approach, and choices that need to be made, to ensure a smooth transition to the cloud.
Cloud Computing offers an on-demand and scalable access to a shared pool of resources hosted in a data center at providers’ site. It reduces the overheads of up-front investments and financial risks for the end-user. Regardless of the fact that cloud computing offers great advantages to the end users, there are several challenging issues that are mandatory to be addressed.
This is a basic presentation on Cyber Security & Hygiene with an aim to understanding the "abc" on the said topic. This could be helpful to students, teachers and IT community who seek the basics in most simplified way.
Cloud computing began to get both awareness and popularity in the early 2000s.
When the concept of cloud computing originally came to prominence most people did
not fully understand what role it fullled or how it helped an organization. In some
cases people still do not fully understand the concept of cloud computing. Cloud
computing can refer to business intelligence (BI), complex event processing (CEP),
service-oriented architecture (SOA), Software as a Service (SaaS), Web-oriented architecture
(WOA), and even Enterprise 2.0. With the advent and growing acceptance
of cloud-based applications like Gmail, Google Calendar, Flickr, Google Docs, and
Delicious, more and more individuals are now open to using a cloud computing environment
than ever before. As this need has continued to grow so has the support
and surrounding infrastructure needed to support it. To meet those needs companies
like Google, Microsoft, and Amazon have started growing server farms in order to
provide companies with the ability to store, process, and retrieve data while generating
income for themselves. To meet this need Google has brought on-line more
than a million servers in over 30 data centers across its global network. Microsoft
is also investing billions to grow its own cloud infrastructure. Microsoft is currently
adding an estimated 20,000 servers a month. With this amount of process, storage
and computing power coming online, the concept of cloud computing is more of a
reality than ever before. The growth of cloud computing had the net eect of businesses
migrating to a new way of managing their data infrastructure. This growth of
cloud computing capabilities has been described as driving massive centralization at
its deep center to take advantage of economies of scale in computing power, energy
consumption, cooling, and administration.
Along with accessibility and convenience, cloud-based IT resources also bring risk. This webinar provides you with a brief introduction on the development of cloud computing and the related business risks. Additionally, you will learn questions to ask to determine if your company is using cloud-based IT resources along with information on the formal assurance frameworks that exist and can be effectively employed by both cloud consumers and providers without specialized training.
Cloud Computing - A Pragmatic Approach to Cloud AdoptionBob Rhubart
The road to Cloud Computing is not without a few bumps. This session will help to smooth out your journey by tackling some of the potential complications. We'll examine whether standardization is a prerequisite for the Cloud. We'll look at why refactoring isn't just for application code. We'll check out deployable entities and their simplification via higher levels of abstraction. And we'll close out the session with a look at engineered systems and modular clouds.
The aim of this paper is to make cloud service consumer aware about cloud computing fundamentals, its essential services, service models and deployment options. This also through light on security and risk management piece of CSA trusted cloud reference architecture, cloud control matrix and notorious nine threats and ENISAs top risks to cloud computing. At the end it talks about certifications and attestation part.
Moving to the Cloud – Risk, Control, and Accounting ConsiderationsProformative, Inc.
Proformative presents Moving to the Cloud – Risk, Control, and Accounting Considerations. Special thanks to Jane Lin, Deloitte & Touche LLP.
To download full presentation, visit http://bit.ly/9jwNl2
What are archives
Security & security system
Disaster & emergency
Disaster & emergency planning
Fire & water prevention
Off-site storage
Disaster response & Recovery
Electronic record disaster
utline: Preservation & conservation of records
conclusion
What Are Archives:A collection of historical documents or records providing information about a place, institution, or group of people.
Security:
“The state of being free from danger or threat”.
“Security deals with potential human problems”.
Regarding security issues Archivist consider Two aspects
Physical Security
Collection Security
Physical/ Building Security:
Physical security refers to the protection of building sites and equipment from theft, natural disaster, man made catastrophes and accidental damage.
Physical security deals with the repository and building
#OOW16 - Risk Management Cloud / GRC General SessionDane Roberts
The Risk Mgmt. (GRC) Cloud general session had some great speakers. The Treasurer of Pennsylvania, Tim Reese, spoke about how his department uses Advanced Controls technology to help identify $65M in erroneous payments annually. Corey West, EVP and Chief Accounting Officer of Oracle Corporation, explained why deploying the Risk and Financials Cloud at the same time is very important for Oracle. Brian Jensen, Director at KPMG, explained the latest trends in ERP Cloud security and controls. The session also included product updates & plans. Session presentation attached.
This webinar based on this presenation discusses the use of the AWS Cloud as a disaster recovery (DR) environment. It will explore how the architectural approaches to DR in the AWS Cloud makes DR and BCP a great scenario for familiarising yourself with AWS before moving on to production application deployments in the cloud.
Watch a recording of the webinar based on this presentation on YouTube here: https://youtu.be/YFuOTcOI8Bw
This webinar discussed the use of the AWS Cloud as a disaster recovery (DR) environment. It also explored how the architectural approaches to DR in the AWS Cloud makes DR and BCP a great scenario for familiarising yourself with AWS before moving on to production application deployments in the cloud.
It security for libraries part 3 - disaster recovery Brian Pichman
A very important topic in today's data age is Disaster Recovery. With the need for high up time in our environments, your environment must be prepared for the worse. From basic internet outages to full system failure, how you plan will determine how quickly you can recover. See more details below. Topics/Agenda: * Learn the key infrastructure components in mitigating risks as it relates to data loss or system failure * Identify the main points to include within a disaster plan
Alliance session 4373 risk management from on premise to the cloud – a foc...Smart ERP Solutions, Inc.
Lewis Hopkins, Senior Applications Consultant, Smart ERP Solutions, Inc. This session focuses on how organizations can manage their risks and automate reporting and controls over security within their PeopleSoft Application
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is critical for any enterprise IT departments. This requires a set of 12 cloud-based apps including infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS). With Amazon Web Services (AWS) as an environment, we offer a guide to the key considerations for PCI DSS compliance
To prosper in this new environment insurance companies can look to the cloud, in conjunction with other technologies, to help drive reinvention of their business model to offer new services and create direct, multi-channel relationships with customers
Managing risks related to vendors presents its own challenges particularly if they are high technology companies such as Cloud Service Providers (CSP).
EMC Perspective: What Customers Seek from Cloud Services ProvidersEMC
This EMC Perspective elaborates on how service providers can capitalize on the fast-growing cloud services market by being responsive to customers' goals, concerns, and performance and support requirements.
“What the hell is cloud computing?” After a year, those infamous words of Oracle CEO Larry Ellison still resonate. The definition of cloud computing is hazy at best, and many companies remain wary of the technology over concerns about infrastructure, security and regulation.
Cloud computing has unique potential to save the enterprise cost, reduce complexity and provide highly available service to the end-user or client. With such compelling benefits, companies should look to understand cloud better—what it is, what it isn’t and what it will be.
In this webinar, Yankee Group analysts Agatha Poon and Camille Mendler define cloud computing and explore the capabilities and challenges of the technology.
Gartner predicts that nearly 40% of enterprise IT application spend will be shifted to cloud versus on-premise by 2020.
However, most IT departments evaluate and select cloud-based apps based on their many business productivity benefits but a number of critical security and performance issues need to be considered at the same time.
This white paper details some of the major considerations you will need to focus on when looking for cloud app security. You will also learn about:
Limitations of existing products
Integrated cloud security gateway approach
Malware and data security challenges
And much, much more
Cloud Adoption in Capital Markets: A PerspectiveCognizant
For the financial services industry, the adoption of cloud services has become a viable business directive. As firms work to recoup their losses from the recent financial crisis, pay-as-you-go cloud services allow them to focus more on strategic, innovative and revenue-generating endeavors and less on managing routine IT activities and the supporting infrastructure.
Cloud computing is architecture for providing
computing service via the internet on demand and pay per use
access to a pool of shared resources namely networks, storage,
servers, services and applications, without physically acquiring
them. So it saves managing cost and time for organizations. The
market size the cloud computing shared is still far behind the one
expected. From the consumers’ perspective, cloud computing
security concerns, especially data security and privacy protection
issues, remain the primary inhibitor for adoption of cloud
computing services. The security for Cloud Computing is
emerging area for study and this paper provide security topic in
terms of cloud computing based on analysis of Cloud Security
treats and Technical Components of Cloud Computing
Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...CIOWomenMagazine
This person is none other than Oprah Winfrey, a highly influential figure whose impact extends beyond television. This article will delve into the remarkable life and lasting legacy of Oprah. Her story serves as a reminder of the importance of perseverance, compassion, and firm determination.
The case study discusses the potential of drone delivery and the challenges that need to be addressed before it becomes widespread.
Key takeaways:
Drone delivery is in its early stages: Amazon's trial in the UK demonstrates the potential for faster deliveries, but it's still limited by regulations and technology.
Regulations are a major hurdle: Safety concerns around drone collisions with airplanes and people have led to restrictions on flight height and location.
Other challenges exist: Who will use drone delivery the most? Is it cost-effective compared to traditional delivery trucks?
Discussion questions:
Managerial challenges: Integrating drones requires planning for new infrastructure, training staff, and navigating regulations. There are also marketing and recruitment considerations specific to this technology.
External forces vary by country: Regulations, consumer acceptance, and infrastructure all differ between countries.
Demographics matter: Younger generations might be more receptive to drone delivery, while older populations might have concerns.
Stakeholders for Amazon: Customers, regulators, aviation authorities, and competitors are all stakeholders. Regulators likely hold the greatest influence as they determine the feasibility of drone delivery.
Senior Project and Engineering Leader Jim Smith.pdfJim Smith
I am a Project and Engineering Leader with extensive experience as a Business Operations Leader, Technical Project Manager, Engineering Manager and Operations Experience for Domestic and International companies such as Electrolux, Carrier, and Deutz. I have developed new products using Stage Gate development/MS Project/JIRA, for the pro-duction of Medical Equipment, Large Commercial Refrigeration Systems, Appliances, HVAC, and Diesel engines.
My experience includes:
Managed customized engineered refrigeration system projects with high voltage power panels from quote to ship, coordinating actions between electrical engineering, mechanical design and application engineering, purchasing, production, test, quality assurance and field installation. Managed projects $25k to $1M per project; 4-8 per month. (Hussmann refrigeration)
Successfully developed the $15-20M yearly corporate capital strategy for manufacturing, with the Executive Team and key stakeholders. Created project scope and specifications, business case, ROI, managed project plans with key personnel for nine consumer product manufacturing and distribution sites; to support the company’s strategic sales plan.
Over 15 years of experience managing and developing cost improvement projects with key Stakeholders, site Manufacturing Engineers, Mechanical Engineers, Maintenance, and facility support personnel to optimize pro-duction operations, safety, EHS, and new product development. (BioLab, Deutz, Caire)
Experience working as a Technical Manager developing new products with chemical engineers and packaging engineers to enhance and reduce the cost of retail products. I have led the activities of multiple engineering groups with diverse backgrounds.
Great experience managing the product development of products which utilize complex electrical controls, high voltage power panels, product testing, and commissioning.
Created project scope, business case, ROI for multiple capital projects to support electrotechnical assembly and CPG goods. Identified project cost, risk, success criteria, and performed equipment qualifications. (Carrier, Electrolux, Biolab, Price, Hussmann)
Created detailed projects plans using MS Project, Gant charts in excel, and updated new product development in Jira for stakeholders and project team members including critical path.
Great knowledge of ISO9001, NFPA, OSHA regulations.
User level knowledge of MRP/SAP, MS Project, Powerpoint, Visio, Mastercontrol, JIRA, Power BI and Tableau.
I appreciate your consideration, and look forward to discussing this role with you, and how I can lead your company’s growth and profitability. I can be contacted via LinkedIn via phone or E Mail.
Jim Smith
678-993-7195
jimsmith30024@gmail.com
Artificial intelligence (AI) offers new opportunities to radically reinvent the way we do business. This study explores how CEOs and top decision makers around the world are responding to the transformative potential of AI.
The Team Member and Guest Experience - Lead and Take Care of your restaurant team. They are the people closest to and delivering Hospitality to your paying Guests!
Make the call, and we can assist you.
408-784-7371
Foodservice Consulting + Design
2. CLOUD COMPUTING AS AN
EVOLUTION OF ITO
Cloud computing is an outsourcing decision as it gives organizations the
opportunity to externalize and purchase IT resources and capabilities from
another organization as a service
How CC differs from ITO ? -“with outsourcing an existing function is moved
out of the department, enterprise, or geographic jurisdiction, whereas
with CC the home of an application originates in the cloud”
CC offers many advantages that surpass the promises of traditional ITO
like easy scalability, access to new software and reliability
Google, Microsoft, IBM and all other known and unknown cloud providers
offer today's CIO an array of major cost saving alternatives to the
traditional data center and IT department.
But like everything that appears too good to be true, cloud computing
comes with a set of risks that CIOs and CTOs should do well to recognize
before making the decision quickly
3. ISACA’S Survey on cloud computing
ISACA's (Information Systems Audit and Control Association) 2010 survey on cloud computing
adoption presents some interesting findings.
45% of IT professionals think the risks far outweigh the benefits and only 10 percent of
those surveyed said they would consider moving mission critical applications to the cloud.
In a nutshell, ISACA's statistics and other industry published numbers around cloud adoption
indicate that cloud computing is a mainstream choice but definitely not the primary choice.
While some organizations have successfully moved part or all of their information assets into
some form of cloud computing infrastructure, the large majority still haven't done much with
this choice.
In most organizations, there are definitely some areas that could be safely and profitably
moved to the cloud.
The extent to which an organization should move it's information assets to the cloud and take
advantage of the tremendous benefits by doing so is determined by the application of a risk
assessment framework to all candidate information assets.
For this, it's essential to understand the risks and then have a mitigation strategy.
4. Why use a risk approach for
cloud selection?
Many organizations are embracing cloud computing, it’s a rage these days
Data security risks- Do you trust an external third party with your sensitive
data?
Prepared for cloud failure (cloud outages at Microsoft and Amazon) ??
In March 2009, Microsoft Windows Azure was down for 22 hours
In April 2011, a large scale outage hit Amazon, affecting Amazon’s Web
Services' Elastic Compute Cloud (EC2).
The outage took out popular social networking services Foursquare,
FormSpring, Heroku, HootSuite, Quora and Reddit
These outages prevent users from accessing applications or data stored in the
cloud and the financial cost of these outages can be quite high especially
when mission critical- such as accounting information systems are outsourced
6. 25th August 2013
Amazon Web Services (AWS), one of the world's largest cloud provider,
stumbled over on Sunday for 59 minutes, due to issues with its U.S.-EAST
datacenter.
The outage began at about 1 p.m. PT following connectivity issues in the
North Virginia datacenter, which led to elevated API error rates in the
region.
This led to "degraded experience," resulted in a "small number of EC2
instances unreachable due to packet loss in a single"
Last week, AWS suffered downtime that lasted around 25 minutes .
Most websites running on the AWS cloud were unaffected. The biggest
casualty of the outage, however, was Amazon.com itself, which rejected
customers from accessing its site in the U.S. and Canada.
Other Amazon-owned websites also suffered, including Audible.com, while
Netflix continued to power through the problems.
While international sites were unaffected, some crunched the numbers,
and estimated that the company could have lost as much as $1,100 in net
sales per second.
Users of Vine and Instagram, as well as others - Airbnb, Flipboard, just
to name a few — fell at the mercy of its cloud computing parent.
Instagram alerted its users of a fault to its service almost as soon as
it occurred
7. Cloud Mission Risks
The main cloud-related mission risks to consider are:
The solution does not meet its financial objectives.
The solution does not work in the context of the user enterprise’s organization and culture.
The solution cannot be developed due to the difficulty of integrating the cloud services involved.
The solution does not comply with its legal, contractual, and moral obligations.
A disaster occurs from which the solution cannot recover.
An external cloud service used by the solution is inadequate.
The system quality of the solution is inadequate, so that it does not meet its users’ needs.
8. How to evaluate your cloud vendor
Risk Management
Prior to engaging in a partnership with a cloud vendor an organization should
request appropriate documentation and perform a comprehensive review
Investigate the reputation and background of the provider, and the number of
years the provider has been in business.
Request a SSAE 16 report.
In addition, several important steps that an organization should consider
addressing regulatory compliance, privacy, and business continuity are detailed.
9. How to evaluate your cloud vendor
Regulatory Compliance
Customer organizations are ultimately responsible for the security and integrity of their own
data, even when that data is managed/maintained by a service provider. Therefore, the
customer needs to ensure that the provider has adequate security controls in place and
request evidence of these controls, such as a SSAE 16 report and/or a PCI compliance
attestation.
If the provider has not performed a SSAE 16, the customer will need to gather as much
information as possible about the security controls in place with particular focus on the
people that will manage the data.
The customer should investigate the provider’s hiring process and ensure that it includes
criminal and credit background screenings. It is highly recommended to include in the
contract the level of security expected and the right to audit and/or request audit reports.
Those organizations who decide to use providers located internationally should request the
provider make a contractual commitment to obey local privacy requirements on behalf of
their customers.
10. How to evaluate cloud vendor
Privacy
Data in the cloud is typically in a shared environment alongside with data from
other customers.
Encryption becomes crucial to protect the confidentiality and privacy of the data
while in transit and in storage. Therefore, the client should know whether or not
encryption is utilized.
Also, the client should know the user access and monitoring controls in place,
especially for privileged accounts.
Business Continuity Plan
Should a disaster occur, organizations must ascertain what steps the provider will
take to protect data and continue service.
Does the provider have the ability to do a complete restoration of all data, and
how long it will take? Customers should evaluate the provider’s business continuity
capabilities and ensure they meet the requirements specified in the service level
agreement.
11. How to evaluate cloud vendor
Conclusions
Cloud computing offers organizations a cost effective, competitive and flexible
opportunity to perform their operations.
Nevertheless, cloud computing involves some risks that can be mitigated by taking
two key steps:
(1) Doing due diligence when selecting the provider, and
(2) negotiating a service agreement that covers critical aspects such as
payment, warranty, liability, protection, and security.
The first step should be founded on a methodical approach that addresses policies
and procedures in selecting and overseeing providers. In regards to the second
step, legal advice becomes essential during the contract stipulation
12. A framework for evaluating cloud
computing risk
• Effectiveness of controls
• Auditing and oversight
• Technical security architecture
• Data integrity
• Data encryption
• Operations security
• Standardized procedures
• Business stability
• Intellectual property
• Contractual language
13. Points to be thought of
• Who accesses your sensitive data: The physical, logical and personnel controls that were put in
place when the data was in-house in your data center are no longer valid when you move your
organization's information on the cloud. The cloud provider maintains its own hiring practices,
rotation of individuals, and access control procedures. It's important to ask and understand the
data management and hiring practices of the cloud provider you choose. Large providers like IBM
will walk their clients through the process, how sensitive data moves around the cloud and who
gets to see what.
• Regulatory compliance: Just because your data is now residing on a provider's cloud; you are not
off the hook, you are still accountable to your customers for any security and integrity issues that
may affect your data. The ability of the cloud provider to mitigate your risk is typically done through
a process of regular external audits, PEN tests, compliance with PCI standards, ensuring SAS 70
Type II standards to name a few. You are responsible to weigh the risks to your organization's
information and ensure that the cloud provider has standards and procedures in place to mitigate
them.
• Geographical spread of your data: You may be surprised to know that your data may not be
residing in the same city, state or for that matter country as your organization. While the provider
may be contractually obliged to you to ensure the privacy of your data, they may be even more
obliged to abide by the laws of the state, and or country in which your data resides. So your
organization's rights may get marginalized. Ask the question and weigh the risk.
14. Points to be thought of
• Data loss and recovery: Data on the cloud is almost always encrypted; this is to ensure security of
the data. However, this comes with a price — corrupted encrypted data is always harder to recover
than unencrypted data. It's important to know how your provider plans to recover your data in a
disaster scenario and more importantly how long it will take. The provider must be able to
demonstrate bench-marked scenarios for data recovery in a disaster scenario.
• What happens when your provider gets acquired: A seamless merger/acquisition on the part of
your cloud provider is not always business as usual for you, the client. The provider should have
clearly acknowledged and addressed this as one of the possible scenarios in their contract with you.
Is there an exit strategy for you as the client — and what are the technical issues you could face to
get your data moved someplace else? In short, what is your exit strategy?
• Availability of data: The cloud provider relies on a combination of network, equipment, application,
and storage components to provide the cloud service. If one of these components goes down, you
won't be able to access your information. Therefore, it is important to understand how much you
can do without a certain kind of information before you make a decision to put it on the cloud. If
you are an online retailer, and your customer order entry system cannot be accessed because your
application resides on the cloud that just went down, that would definitely be unacceptable. It's
important to weigh your tolerance level for unavailability of your information against the vendors
guaranteed uptime.
15. AWS Risk Assessment by IVK
Major Risks
Amazon’s EC2 model is an IaaS (Infrastructure as a Service) which requires systems between companies to
be linked up so data may pass from Amazon’s (rented) servers to IVK’s.
A common fear for this type of IaaS is that this transfer of data weakens security and opens a company
up to a data breach or loss of consumer data.
Privacy Risks
IVK handles 2.2 million customer inquiries, processed in excess of 530,000 applications, and funded
180,000 loans. With this much information being stored on a server, the likelihood of that information
being hacked increases
There is also a greater opportunity for persons to sell the information from the company.
Security Risks
Since the servers are in the cloud, not in a data center, the back end is accessed through application
programming interfaces.
The servers can be launched and shut down through the interface. Hackers could gain access to this
interface and shut down all the servers if they wanted to. This would in turn bring the whole company
down causing major outages and chaos to bring the servers back up.
Even worse than just shutting down the servers is when hackers can delete or change things. Hackers
can do what is called an account hijacking attack.
16. Risk Management- The Amazon
Way!!!
Risk Management AWS management has developed a strategic business plan which includes
risk identification and the implementation of controls to mitigate or manage risks.
AWS management re-evaluates the strategic business plan at least biannually.
AWS’s Compliance and Security teams have established an information security framework
and policies based on the Control Objectives for Information and related Technology (COBIT)
framework and have effectively integrated the ISO 27001 certifiable framework based on
ISO 27002 controls, American Institute of Certified Public Accountants (AICPA) Trust Services
Principles, the PCI DSS v3.0, and the National Institute of Standards and Technology (NIST)
Publication 800-53 Rev 3 (Recommended Security Controls for Federal Information Systems).
AWS maintains the security policy, provides security Amazon Web Services Risk and
Compliance training to employees, and performs application security reviews.
These reviews assess the confidentiality, integrity, and availability of data, as well as
conformance to the information security policy.
AWS Security regularly scans all Internet facing service endpoint IP addresses for
vulnerabilities (these scans do not include customer instances).
AWS Security notifies the appropriate parties to remediate any identified vulnerabilities.
In addition, external vulnerability threat assessments are performed regularly by
independent security firms.
Findings and recommendations resulting from these assessments are categorized and
delivered to AWS leadership.
17. Risk Management- The Amazon
Way!!!
AWS has implemented a formal information
security program designed to protect the
confidentiality, integrity, and availability of
customers’ systems and data.
AWS publishes a security whitepaper that is
available on the public website that addresses
how AWS can help customers secure their data.
18. Applying cloud computing solutions without the proper care, due diligence, and
controls is bound to cause unforeseen problems.
Used appropriately with the necessary precautions and controls in place, cloud
computing could yield a multitude of benefits, some unheard of until now and
some yet to be discovered.
By being aware of the risks and other issues related to cloud computing,
executives are more likely to achieve their organization’s objectives as they
manage the risks in this dynamic and evolving environment that likely will
become the most popular computing model of the future.
Cloud computing is relatively new in its current form, given that, it is best applied
to specific low to medium risk business areas.