SlideShare a Scribd company logo

Cloud Computing Risk Guide and Audit Handbook Project

Download as PPT, PDF
H
harikamahandhra

The document summarizes the development of a cloud computing guide and audit handbook by WGITA from 2010-2013. It describes cloud computing models and key risks that should be managed by organizations and audited by IT auditors. These include service provider risks, technical risks, external/overseas risks, management/oversight risks, and security/connectivity/privacy risks. The handbook provides audit-related questions to help IT auditors evaluate if organizations are properly managing risks and vendors related to cloud computing. Members are asked to share any related audit questions to further update the guide.

Engineering
1 of 23
2 2 2010 WGITA approved the cloud computing project with SAI USA as lead and Canada & India as members 2011 A status report was presented and comments solicited 2012 Final project description and common cloud computing risks were presented Members requested that this work be augmented with a cloud computing guide and audit handbook 2013Guide & handbook completed for CC. 2013 Will be incorporated into the overall IT Audit Guide & Handbook in cooperation with IDI
 Generally speaking, cloud computing can be thought of as anything that involves delivering hosted services over the Internet.  According to NIST Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (Special Publication 800-145) 3 3
 Cloud computing provides shared services as opposed to local servers or storage resources  Enables access to information from most web-enabled hardware  Allows for cost savings – reduced facility, hardware/software investments, support 4 4
 On-demand self-service A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.  Broad network access Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Source: NIST Special Publication 800-145 5 5
 Resource pooling The provider’s computing resources are pooled to serve multiple consumers Resources can be dynamically assigned and reassigned according to customer demand Customer generally may not care where the resources are physically located but should be aware of risks if they are located offshore Source: NIST Special Publication 800-145 6 6
 Rapid elasticity Capabilities can be expanded or released automatically (i.e., more cpu power, or ability to handle additional users) To the customer this appears seamless, limitless, and responsive to their changing requirements  Measured service Customers are charged for the services they use and the amounts There is a metering concept where customer resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service Source: NIST Special Publication 800-145 7 7
Infrastructure Platform Software/ Application 8 8
Infrastructure-as-a-Service (IaaS)  A service model that involves outsourcing the basic infrastructure used to support operations--including storage, hardware, servers, and networking components.  The service provider owns the infrastructure equipment and is responsible for housing, running, and maintaining it. The customer typically pays on a per-use basis.  The customer uses their own platform (Windows, Unix), and applications 9 9
Platform-as-a-Service (PaaS)  A service model that involves outsourcing the basic infrastructure and platform (Windows, Unix)  PaaS facilitates deploying applications without the cost and complexity of buying and managing the underlying hardware and software where the applications are hosted.  The customer uses their own applications 10 10
Software-as-a-Service (SaaS)  Also referred to as “software on demand,” this service model involves outsourcing the infrastructure, platform, and software/applications.  Typically, these services are available to the customer for a fee, pay-as-you-go, or a no charge model.  The customer accesses the applications over the internet. 11 11
 Data resides on servers that the customer cannot physically access  Vendors may store data anywhere at lowest cost if not restrained by agreement 12 12
13 13 The guide is about a 10 page document that describes cloud computing and areas of risk These risks should be managed by the IT organization that chooses to utilize cloud computing For IT Auditors these risks are a roadmap which you can utilize to create your audit program
14 14
What is Cloud Computing?   Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited entities still has control over the application and the data. Outsourcing may also include utilizing the vendor’s computers to store, backup, and provide online access to the organization data. The organization will need to have a robust access to the internet if they want their staff or users to have ready access to the data or even the application that process the data. In the current environment, the data or applications are also available from mobile platforms (laptops with Wi-Fi or cell/mobile cards, smart phones, and tablets). 15 15
Audit Concerns When an organization chooses to utilize cloud computing, they need to be aware of risks that they may face with the service provider, the risk they face if they are unable to effectively oversee the service provider, and other risks related to management and security weaknesses in the service providers approach. As an auditor you will need to understand what the agency has done to mitigate the risks with cloud computing. When we as auditors are asked to appraise whether an entity or organization getting the benefits of cloud computing are managing the vendor to ensure that they get the required services we need to be aware of the risks that they may face. 16 16
 Risk Areas  Service Provider Risks  Technical Risks  External (Overseas) Risks  Management/Oversight Risks  Security / Connectivity / Privacy Risks These were discussed at the last meeting along with some mitigation strategies that the IT organization could use The IT auditor would use those as a road map to frame audit questions 17 17
 The handbook provides the IT Auditor with some audit related questions that begin to explore whether the organization is managing the risks and the vendor 18 18
19 19
20 20
21 21
 As and when members conduct IT Audits that involve Cloud Computing we would like to receive your audit questions so we may update the guide  Members may contact the Chair or SAI USA for additional information 22 22
 niharika India  niharika cse Madhav Panwar panwarm@gao.gov 23 23

Recommended

downtime_solution_sheet
downtime_solution_sheetdowntime_solution_sheet
downtime_solution_sheetDiego Portilla
 
Ahearn Cloud Presentation
Ahearn Cloud PresentationAhearn Cloud Presentation
Ahearn Cloud Presentationjohnjamesahearn
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioDomenico Catalano
 
Smart and Secure Healthcare Administration over Cloud Environment
Smart and Secure Healthcare Administration over Cloud EnvironmentSmart and Secure Healthcare Administration over Cloud Environment
Smart and Secure Healthcare Administration over Cloud EnvironmentIRJET Journal
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingMadhusudan Partani
 
Cloud computing applications for e health
Cloud computing applications for e healthCloud computing applications for e health
Cloud computing applications for e healthHector Martin Garcia
 
Dit yvol3iss44
Dit yvol3iss44Dit yvol3iss44
Dit yvol3iss44Rick Lemieux
 
Cloud computing in healthcare
Cloud computing in healthcareCloud computing in healthcare
Cloud computing in healthcareMithisar Basumatary
 

Recommended

downtime_solution_sheet
downtime_solution_sheetdowntime_solution_sheet
downtime_solution_sheetDiego Portilla
 
Ahearn Cloud Presentation
Ahearn Cloud PresentationAhearn Cloud Presentation
Ahearn Cloud Presentationjohnjamesahearn
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioDomenico Catalano
 
Smart and Secure Healthcare Administration over Cloud Environment
Smart and Secure Healthcare Administration over Cloud EnvironmentSmart and Secure Healthcare Administration over Cloud Environment
Smart and Secure Healthcare Administration over Cloud EnvironmentIRJET Journal
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingMadhusudan Partani
 
Cloud computing applications for e health
Cloud computing applications for e healthCloud computing applications for e health
Cloud computing applications for e healthHector Martin Garcia
 
Dit yvol3iss44
Dit yvol3iss44Dit yvol3iss44
Dit yvol3iss44Rick Lemieux
 
Cloud computing in healthcare
Cloud computing in healthcareCloud computing in healthcare
Cloud computing in healthcareMithisar Basumatary
 
Cloud Computing in Healthcare IT
Cloud Computing in Healthcare ITCloud Computing in Healthcare IT
Cloud Computing in Healthcare ITMahindra Satyam
 
Presentation the internet of things - are organizations ready for a multi-tr...
Presentation the internet of things - are organizations ready for a multi-tr...Presentation the internet of things - are organizations ready for a multi-tr...
Presentation the internet of things - are organizations ready for a multi-tr...Rick Bouter
 
HL7 Releases FHIR 4 - Highlights, Impact and More
HL7 Releases FHIR 4 - Highlights, Impact and MoreHL7 Releases FHIR 4 - Highlights, Impact and More
HL7 Releases FHIR 4 - Highlights, Impact and MoreCitiusTech
 
Redefining Business Mobility and Customer Experience
Redefining Business Mobility and Customer ExperienceRedefining Business Mobility and Customer Experience
Redefining Business Mobility and Customer ExperienceCitrix
 
Impact of cloud computing on health industry
Impact of cloud computing on health industryImpact of cloud computing on health industry
Impact of cloud computing on health industrySuyati Technologies
 
Taking Healthcare to the Cloud
Taking Healthcare to the CloudTaking Healthcare to the Cloud
Taking Healthcare to the CloudJerry Collins
 
Data Governance for End-User Computing
Data Governance for End-User ComputingData Governance for End-User Computing
Data Governance for End-User ComputingDATAVERSITY
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
 
End-user computing is not a trend, it's a transformational shift
End-user computing is not a trend, it's a transformational shiftEnd-user computing is not a trend, it's a transformational shift
End-user computing is not a trend, it's a transformational shiftUni Systems S.M.S.A.
 
Top 5 Healthcare Highlights from Apple WWDC 2019
Top 5 Healthcare Highlights from Apple WWDC 2019Top 5 Healthcare Highlights from Apple WWDC 2019
Top 5 Healthcare Highlights from Apple WWDC 2019CitiusTech
 
Cloud computing in healthcare
Cloud computing in healthcareCloud computing in healthcare
Cloud computing in healthcareMohammad Al-Ubaydli
 
IRDAI - NHA Joint Working Group: Sub Group on IT
IRDAI - NHA Joint Working Group: Sub Group on ITIRDAI - NHA Joint Working Group: Sub Group on IT
IRDAI - NHA Joint Working Group: Sub Group on ITPankaj Gupta
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contractsMeera Kaul
 
MODERNIZATION OF NTUC INCOME
MODERNIZATION OF NTUC INCOMEMODERNIZATION OF NTUC INCOME
MODERNIZATION OF NTUC INCOMEmyteratak
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...IRJET Journal
 
WHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsWHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsSymantec
 
Network barometer report 2014
Network barometer report 2014Network barometer report 2014
Network barometer report 2014Mūniū Karanja
 
GridWorks SOS
GridWorks SOSGridWorks SOS
GridWorks SOSKrystanne
 
Healthcare in the Clouds
Healthcare in the CloudsHealthcare in the Clouds
Healthcare in the CloudsGail Wilcox
 
Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.pptAbhishekMishra498106
 
Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.ppt19JemimaEstherGrace
 
Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.pptssuserf71896
 

More Related Content

What's hot

Cloud Computing in Healthcare IT
Cloud Computing in Healthcare ITCloud Computing in Healthcare IT
Cloud Computing in Healthcare ITMahindra Satyam
 
Presentation the internet of things - are organizations ready for a multi-tr...
Presentation the internet of things - are organizations ready for a multi-tr...Presentation the internet of things - are organizations ready for a multi-tr...
Presentation the internet of things - are organizations ready for a multi-tr...Rick Bouter
 
HL7 Releases FHIR 4 - Highlights, Impact and More
HL7 Releases FHIR 4 - Highlights, Impact and MoreHL7 Releases FHIR 4 - Highlights, Impact and More
HL7 Releases FHIR 4 - Highlights, Impact and MoreCitiusTech
 
Redefining Business Mobility and Customer Experience
Redefining Business Mobility and Customer ExperienceRedefining Business Mobility and Customer Experience
Redefining Business Mobility and Customer ExperienceCitrix
 
Impact of cloud computing on health industry
Impact of cloud computing on health industryImpact of cloud computing on health industry
Impact of cloud computing on health industrySuyati Technologies
 
Taking Healthcare to the Cloud
Taking Healthcare to the CloudTaking Healthcare to the Cloud
Taking Healthcare to the CloudJerry Collins
 
Data Governance for End-User Computing
Data Governance for End-User ComputingData Governance for End-User Computing
Data Governance for End-User ComputingDATAVERSITY
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
 
End-user computing is not a trend, it's a transformational shift
End-user computing is not a trend, it's a transformational shiftEnd-user computing is not a trend, it's a transformational shift
End-user computing is not a trend, it's a transformational shiftUni Systems S.M.S.A.
 
Top 5 Healthcare Highlights from Apple WWDC 2019
Top 5 Healthcare Highlights from Apple WWDC 2019Top 5 Healthcare Highlights from Apple WWDC 2019
Top 5 Healthcare Highlights from Apple WWDC 2019CitiusTech
 
IRDAI - NHA Joint Working Group: Sub Group on IT
IRDAI - NHA Joint Working Group: Sub Group on ITIRDAI - NHA Joint Working Group: Sub Group on IT
IRDAI - NHA Joint Working Group: Sub Group on ITPankaj Gupta
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contractsMeera Kaul
 
MODERNIZATION OF NTUC INCOME
MODERNIZATION OF NTUC INCOMEMODERNIZATION OF NTUC INCOME
MODERNIZATION OF NTUC INCOMEmyteratak
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...IRJET Journal
 
WHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsWHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsSymantec
 
Network barometer report 2014
Network barometer report 2014Network barometer report 2014
Network barometer report 2014Mūniū Karanja
 
Healthcare in the Clouds
Healthcare in the CloudsHealthcare in the Clouds
Healthcare in the CloudsGail Wilcox
 

What's hot (19)

Cloud Computing in Healthcare IT
Cloud Computing in Healthcare ITCloud Computing in Healthcare IT
Cloud Computing in Healthcare IT
 
Presentation the internet of things - are organizations ready for a multi-tr...
Presentation the internet of things - are organizations ready for a multi-tr...Presentation the internet of things - are organizations ready for a multi-tr...
Presentation the internet of things - are organizations ready for a multi-tr...
 
HL7 Releases FHIR 4 - Highlights, Impact and More
HL7 Releases FHIR 4 - Highlights, Impact and MoreHL7 Releases FHIR 4 - Highlights, Impact and More
HL7 Releases FHIR 4 - Highlights, Impact and More
 
Redefining Business Mobility and Customer Experience
Redefining Business Mobility and Customer ExperienceRedefining Business Mobility and Customer Experience
Redefining Business Mobility and Customer Experience
 
Impact of cloud computing on health industry
Impact of cloud computing on health industryImpact of cloud computing on health industry
Impact of cloud computing on health industry
 
Taking Healthcare to the Cloud
Taking Healthcare to the CloudTaking Healthcare to the Cloud
Taking Healthcare to the Cloud
 
Data Governance for End-User Computing
Data Governance for End-User ComputingData Governance for End-User Computing
Data Governance for End-User Computing
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & Netskope
 
End-user computing is not a trend, it's a transformational shift
End-user computing is not a trend, it's a transformational shiftEnd-user computing is not a trend, it's a transformational shift
End-user computing is not a trend, it's a transformational shift
 
Top 5 Healthcare Highlights from Apple WWDC 2019
Top 5 Healthcare Highlights from Apple WWDC 2019Top 5 Healthcare Highlights from Apple WWDC 2019
Top 5 Healthcare Highlights from Apple WWDC 2019
 
Cloud computing in healthcare
Cloud computing in healthcareCloud computing in healthcare
Cloud computing in healthcare
 
IRDAI - NHA Joint Working Group: Sub Group on IT
IRDAI - NHA Joint Working Group: Sub Group on ITIRDAI - NHA Joint Working Group: Sub Group on IT
IRDAI - NHA Joint Working Group: Sub Group on IT
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contracts
 
MODERNIZATION OF NTUC INCOME
MODERNIZATION OF NTUC INCOMEMODERNIZATION OF NTUC INCOME
MODERNIZATION OF NTUC INCOME
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
 
WHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsWHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of Things
 
Network barometer report 2014
Network barometer report 2014Network barometer report 2014
Network barometer report 2014
 
GridWorks SOS
GridWorks SOSGridWorks SOS
GridWorks SOS
 
Healthcare in the Clouds
Healthcare in the CloudsHealthcare in the Clouds
Healthcare in the Clouds
 

Similar to Cloud Computing Risk Guide and Audit Handbook Project

Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.pptssuserf71896
 
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALAFEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALASaikiran Panjala
 
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
 
An Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud ComputingAn Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud ComputingIOSR Journals
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) ijceronline
 
IRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET Journal
 
Cloud computing a services business application challenges
Cloud computing a services business application challengesCloud computing a services business application challenges
Cloud computing a services business application challengesEditor Jacotech
 
Security threats in cloud computing
Security threats in cloud computingSecurity threats in cloud computing
Security threats in cloud computingPuneet Arora
 
Field Data Gathering Services — A Cloud-Based Approach
Field Data Gathering Services — A Cloud-Based ApproachField Data Gathering Services — A Cloud-Based Approach
Field Data Gathering Services — A Cloud-Based ApproachSchneider Electric
 
IRJET- Cloud Computing: Security Issues Challenges and Solution
IRJET- Cloud Computing: Security Issues Challenges and SolutionIRJET- Cloud Computing: Security Issues Challenges and Solution
IRJET- Cloud Computing: Security Issues Challenges and SolutionIRJET Journal
 
Cloud computing charecteristics and types altanai bisht , 2nd year, part iii
Cloud computing charecteristics and types altanai bisht , 2nd year, part iiiCloud computing charecteristics and types altanai bisht , 2nd year, part iii
Cloud computing charecteristics and types altanai bisht , 2nd year, part iiiALTANAI BISHT
 
IRJET- An Ample Analysis of Cloud Computing Assessment Issues and Challenges
IRJET- An Ample Analysis of Cloud Computing Assessment Issues and ChallengesIRJET- An Ample Analysis of Cloud Computing Assessment Issues and Challenges
IRJET- An Ample Analysis of Cloud Computing Assessment Issues and ChallengesIRJET Journal
 

Similar to Cloud Computing Risk Guide and Audit Handbook Project (20)

Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.ppt
 
Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.ppt
 
Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.ppt
 
Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.ppt
 
SECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGSECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTING
 
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALAFEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
 
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
 
An Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud ComputingAn Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud Computing
 
106248842 cc
106248842 cc106248842 cc
106248842 cc
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
IRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and Challenges
 
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
 
The Roles and Challenges of Cloud Computing to Accounting System of Vietnames...
The Roles and Challenges of Cloud Computing to Accounting System of Vietnames...The Roles and Challenges of Cloud Computing to Accounting System of Vietnames...
The Roles and Challenges of Cloud Computing to Accounting System of Vietnames...
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud Concepts
 
Cloud computing a services business application challenges
Cloud computing a services business application challengesCloud computing a services business application challenges
Cloud computing a services business application challenges
 
Security threats in cloud computing
Security threats in cloud computingSecurity threats in cloud computing
Security threats in cloud computing
 
Field Data Gathering Services — A Cloud-Based Approach
Field Data Gathering Services — A Cloud-Based ApproachField Data Gathering Services — A Cloud-Based Approach
Field Data Gathering Services — A Cloud-Based Approach
 
IRJET- Cloud Computing: Security Issues Challenges and Solution
IRJET- Cloud Computing: Security Issues Challenges and SolutionIRJET- Cloud Computing: Security Issues Challenges and Solution
IRJET- Cloud Computing: Security Issues Challenges and Solution
 
Cloud computing charecteristics and types altanai bisht , 2nd year, part iii
Cloud computing charecteristics and types altanai bisht , 2nd year, part iiiCloud computing charecteristics and types altanai bisht , 2nd year, part iii
Cloud computing charecteristics and types altanai bisht , 2nd year, part iii
 
IRJET- An Ample Analysis of Cloud Computing Assessment Issues and Challenges
IRJET- An Ample Analysis of Cloud Computing Assessment Issues and ChallengesIRJET- An Ample Analysis of Cloud Computing Assessment Issues and Challenges
IRJET- An Ample Analysis of Cloud Computing Assessment Issues and Challenges
 

Recently uploaded

High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAbhinavSharma374939
 

Recently uploaded (20)

High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog Converter
 

Cloud Computing Risk Guide and Audit Handbook Project

  • 1.
  • 2. 2 2 2010 WGITA approved the cloud computing project with SAI USA as lead and Canada & India as members 2011 A status report was presented and comments solicited 2012 Final project description and common cloud computing risks were presented Members requested that this work be augmented with a cloud computing guide and audit handbook 2013Guide & handbook completed for CC. 2013 Will be incorporated into the overall IT Audit Guide & Handbook in cooperation with IDI
  • 3.  Generally speaking, cloud computing can be thought of as anything that involves delivering hosted services over the Internet.  According to NIST Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (Special Publication 800-145) 3 3
  • 4.  Cloud computing provides shared services as opposed to local servers or storage resources  Enables access to information from most web-enabled hardware  Allows for cost savings – reduced facility, hardware/software investments, support 4 4
  • 5.  On-demand self-service A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.  Broad network access Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Source: NIST Special Publication 800-145 5 5
  • 6.  Resource pooling The provider’s computing resources are pooled to serve multiple consumers Resources can be dynamically assigned and reassigned according to customer demand Customer generally may not care where the resources are physically located but should be aware of risks if they are located offshore Source: NIST Special Publication 800-145 6 6
  • 7.  Rapid elasticity Capabilities can be expanded or released automatically (i.e., more cpu power, or ability to handle additional users) To the customer this appears seamless, limitless, and responsive to their changing requirements  Measured service Customers are charged for the services they use and the amounts There is a metering concept where customer resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service Source: NIST Special Publication 800-145 7 7
  • 9. Infrastructure-as-a-Service (IaaS)  A service model that involves outsourcing the basic infrastructure used to support operations--including storage, hardware, servers, and networking components.  The service provider owns the infrastructure equipment and is responsible for housing, running, and maintaining it. The customer typically pays on a per-use basis.  The customer uses their own platform (Windows, Unix), and applications 9 9
  • 10. Platform-as-a-Service (PaaS)  A service model that involves outsourcing the basic infrastructure and platform (Windows, Unix)  PaaS facilitates deploying applications without the cost and complexity of buying and managing the underlying hardware and software where the applications are hosted.  The customer uses their own applications 10 10
  • 11. Software-as-a-Service (SaaS)  Also referred to as “software on demand,” this service model involves outsourcing the infrastructure, platform, and software/applications.  Typically, these services are available to the customer for a fee, pay-as-you-go, or a no charge model.  The customer accesses the applications over the internet. 11 11
  • 12.  Data resides on servers that the customer cannot physically access  Vendors may store data anywhere at lowest cost if not restrained by agreement 12 12
  • 13. 13 13 The guide is about a 10 page document that describes cloud computing and areas of risk These risks should be managed by the IT organization that chooses to utilize cloud computing For IT Auditors these risks are a roadmap which you can utilize to create your audit program
  • 14. 14 14
  • 15. What is Cloud Computing?   Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited entities still has control over the application and the data. Outsourcing may also include utilizing the vendor’s computers to store, backup, and provide online access to the organization data. The organization will need to have a robust access to the internet if they want their staff or users to have ready access to the data or even the application that process the data. In the current environment, the data or applications are also available from mobile platforms (laptops with Wi-Fi or cell/mobile cards, smart phones, and tablets). 15 15
  • 16. Audit Concerns When an organization chooses to utilize cloud computing, they need to be aware of risks that they may face with the service provider, the risk they face if they are unable to effectively oversee the service provider, and other risks related to management and security weaknesses in the service providers approach. As an auditor you will need to understand what the agency has done to mitigate the risks with cloud computing. When we as auditors are asked to appraise whether an entity or organization getting the benefits of cloud computing are managing the vendor to ensure that they get the required services we need to be aware of the risks that they may face. 16 16
  • 17.  Risk Areas  Service Provider Risks  Technical Risks  External (Overseas) Risks  Management/Oversight Risks  Security / Connectivity / Privacy Risks These were discussed at the last meeting along with some mitigation strategies that the IT organization could use The IT auditor would use those as a road map to frame audit questions 17 17
  • 18.  The handbook provides the IT Auditor with some audit related questions that begin to explore whether the organization is managing the risks and the vendor 18 18
  • 19. 19 19
  • 20. 20 20
  • 21. 21 21
  • 22.  As and when members conduct IT Audits that involve Cloud Computing we would like to receive your audit questions so we may update the guide  Members may contact the Chair or SAI USA for additional information 22 22
  • 23.  niharika India  niharika cse Madhav Panwar panwarm@gao.gov 23 23